CN101001143A - Method for authenticating system equipment by terminal equipment - Google Patents
Method for authenticating system equipment by terminal equipment Download PDFInfo
- Publication number
- CN101001143A CN101001143A CN 200610000904 CN200610000904A CN101001143A CN 101001143 A CN101001143 A CN 101001143A CN 200610000904 CN200610000904 CN 200610000904 CN 200610000904 A CN200610000904 A CN 200610000904A CN 101001143 A CN101001143 A CN 101001143A
- Authority
- CN
- China
- Prior art keywords
- equipment
- system equipment
- terminal equipment
- parameter
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This invention discloses a method for authenticating system devices by a terminal device, which first of all setting a pair of cryptographic keys in advance between the terminal deice and the system device storing parameter and related cipher of the terminal device, the terminal device sends a request message to the system device with parameter of the terminal device, the system device inquires the corresponding key of the terminal device and enquires the corresponding stored parameter in the system device according to the parameter carried in the request to carry out ciphered operation to the two parameters and compute a cryptograph, the system device sends a response message with the cryptograph to the terminal device to take out the cryptograph and deciphers it, if it is successfully, it shows the terminal device authenticates the system device successfully, otherwise it fails.
Description
Technical field
The present invention relates to the authentication techniques of communication field, specifically, relate to the method that authenticates between a kind of terminal equipment and system equipment.
Background technology
Along with the differentiation of network architecture and the development of broadband technology, traditional telephone network is inevitable main trend to the evolution of NGN (Next Generation Network, next generation network).Carry out the commerce of traditional voice service and multimedia service based on the next generation network of soft switch (SoftSwitch) and use progressively appearance.The NGN terminal is a very important part in the NGN network architecture, and it also will be used on a large scale along with the emergence of NGN.But, since some terminal particularly software terminal all be special the making in order to do business for specific NGN network system equipment, in actual use, the version controllability of these terminals is poor, in a single day version releases, and will be difficult to its purposes of control.
In the security system of present communication system, popular way is that system equipment carries out authentication to user terminal, to guarantee that it is legal using the user terminal under this system equipment.But this can not guarantee that the legal users terminal is not used under the other system equipment, so just can't protect the interests of end product.
Therefore, how can provide the method that authenticates between a kind of terminal equipment and system equipment, can guarantee the legitimacy of the user terminal under the system equipment, can protect end product illegally not used again, become the technical problem that needs to be resolved hurrily.
Summary of the invention
Technical problem to be solved by this invention provides the method that a kind of terminal equipment authenticates system equipment, in the legitimacy of user terminal, can protect end product illegally not used again under guaranteeing system equipment.
For solving the problems of the technologies described above, it is as follows to the invention provides scheme:
A kind of terminal equipment is to the method that system equipment authenticates, and being used for the soft switch is the next generation network architectural framework of core control equipment, stores the parameter of terminal equipment in the system equipment and to password that should parameter, comprises the steps:
Step 1: in terminal equipment and system equipment, set in advance pair of secret keys;
Step 2: terminal equipment sends the request message that has the terminal equipment parameter to system equipment;
Step 3: system equipment is according to the terminal equipment parameter in the request message of receiving, inquire to key that should terminal equipment with to password that should parameter, use this terminal equipment parameter, and corresponding key and password carry out cryptographic calculation, calculate ciphertext;
Step 4: system equipment sends the response message that has described ciphertext to terminal equipment;
Step 5: after terminal equipment is received response message, take out ciphertext, according to the key and the decipherment algorithm of terminal equipment side ciphertext is decrypted, if successful decryption, then terminal equipment is to the system equipment authentication success, otherwise terminal equipment is to the system equipment authentification failure.
Method of the present invention by the transmission of signaling message, has realized the authentication of terminal equipment to system equipment, thereby has guaranteed that terminal equipment can only use under set system equipment, has played the effect that the protection terminal equipment is not illegally used.And described method both can realize in registration process, also can realize in calling procedure, can also use extended message to realize separately, and the use that can mutually combine of above-mentioned implementation procedure, had very strong flexibility.The method of the invention can also be used in combination with the verification process of system equipment to terminal equipment, has further strengthened the fail safe of system.
Description of drawings
Fig. 1 is the schematic diagram of terminal equipment by using extended message that system equipment is authenticated;
The schematic diagram that Fig. 2 authenticates system equipment by register flow path for terminal equipment;
The schematic diagram that Fig. 3 authenticates system equipment by call flow for terminal equipment.
Embodiment
Of the present invention be in the next generation network architectural framework of core control equipment with the soft switch, have at least one core control equipment, i.e. system equipment, plural subscriber terminal equipment (abbreviation terminal equipment).
In the present invention, terminal equipment and system equipment predefined one the sign ID, this is the inner definition of terminal equipment and system equipment manufacturer, be unknown to the external world, in the verification process of terminal equipment to system equipment, this sign ID is used as key, carries out cryptographic calculation with number of the account, the password of terminal and becomes ciphertext to realize authentication.
With reference to Fig. 1, when terminal equipment authenticates system equipment by extended message, the moment initiation identifying procedure that it can in officely be what is the need for and want, concrete verification process is as follows:
Step 101: terminal equipment sends extended request message to system equipment, has some parameters of terminal in the extended request message, as number of the account etc.;
Step 102: system equipment finds out the password of number of the account according to the number of the account in the extended request message, and encrypts operation with key and number of the account, password, calculates ciphertext;
Step 103: system equipment sends response message to terminal, has the ciphertext in 102 steps in the response message body;
Step 104: after terminal equipment is received 103 response message, take out ciphertext wherein, according to the key and the decipherment algorithm of terminal equipment side ciphertext is decrypted, if successful decryption, promptly terminal equipment is to the system equipment authentication success, execution in step 105; Otherwise, execution in step 106;
Step 105: can carry out other business operation, finish;
Step 106: can not carry out other business operation, finish.
With reference to Fig. 2, the process that terminal equipment authenticates system equipment by register flow path has been described:
Step 201: terminal equipment starts, and the registration parameter is set, and prepares to initiate registration to system equipment;
Step 202: terminal equipment sends login request message to system equipment, has the registration parameter in the login request message, as number of the account etc.;
Step 203: system equipment finds out the password of number of the account according to the number of the account in the registration message, and encrypts operation with key and number of the account, password, calculates ciphertext, and adds in the set field of registration reply message and together issue terminal equipment;
Step 204: after terminal equipment is received registration reply message in 203, take out ciphertext wherein, ciphertext is decrypted, promptly authenticate according to the key and the decipherment algorithm of terminal equipment side;
Step 205: terminal equipment to the system equipment authentication success after, terminal will be sent login request message to system equipment once more, has the field identification of terminal to the system equipment authentication success in the message;
Step 206: system equipment carries out respective handling, and returns to the endpoint registration success message according to result after receiving register requirement in 205.
If terminal device authentication failure in said process judges earlier then whether the registration reply message in step 203 is the message that succeeds in registration, if not, terminal equipment registration failure then, flow process stops; If, then on system equipment, succeed in registration owing to terminal equipment, for the terminal equipment account number, this account number is being in line states on the system equipment, and on terminal equipment, be in down status, the state that causes account number not always, at this moment, then terminal equipment need send de-registration request message to system equipment, so that account all is in down status on terminal equipment and system equipment.
With reference to Fig. 3, the process that terminal equipment authenticates system equipment by call flow has been described, in the present embodiment, calling terminal equipment is called as UA, and terminal called equipment is called as UB:
Step 301: calling terminal equipment UA is provided with calling parameter, as called number etc., prepares to make a call;
Step 302: calling terminal equipment UA sends call request message to system equipment, has calling parameter in the call request message, as numbers of calling and called parties etc.;
Step 303: system equipment will correspondingly be handled message related to calls, and according to the calling number in the call request message, find out corresponding password, and encrypt operation with key and number of the account, password, calculate ciphertext; And ciphertext is added in the set field of call message and together issue calling terminal equipment UA;
Step 304: after calling terminal equipment UA receives 303 call message, take out ciphertext wherein, ciphertext is decrypted, promptly authenticate according to the key and the decipherment algorithm of terminal equipment side;
Step 305: calling terminal equipment UA to the system equipment authentication success after, send call request message to system equipment once more, have the field identification of terminal in the call request message to the system equipment authentication success;
Step 306: system equipment carries out respective handling after receiving 305 message again, if all processing are all no abnormal, system equipment is transmitted to terminal called equipment UB to the call request message of calling terminal equipment UA;
Step 307: after terminal called equipment UB received call request message, ring also sent ALERTING message to system equipment;
Step 308: system equipment is transmitted to calling terminal equipment UA with the ALERTING message of terminal called equipment UB;
At this moment, the calling of calling terminal equipment UA and terminal called equipment UB has tentatively been set up, and calling terminal equipment UA is to the authentication success of system equipment.
Terminal equipment can be realized in registration process the authentication of system equipment, also can realize in calling procedure, also can use extended message to realize separately, and their purpose is the same, and the message carrier and the stage that only are to use are different.In actual use, terminal equipment can adopt one of them flow process, also can adopt wherein two flow processs or three flow processs.
In addition, in the method for the present invention, also can store the parameter of system equipment in the terminal equipment and to password that should parameter, like this in the authentication of terminal equipment to system equipment, system equipment also can carry out authentication to terminal equipment, and process is as follows:
System equipment sends the request message that has the system equipment parameter to terminal equipment;
Terminal equipment is according to the system equipment parameter in the request message of receiving, inquire to key that should system equipment with to password that should parameter, use this system equipment parameter, and corresponding key and password carry out cryptographic calculation, calculate ciphertext;
Terminal equipment sends the response message that has described ciphertext to system equipment;
After system equipment is received response message, take out ciphertext, according to the key and the decipherment algorithm of system side ciphertext is decrypted, if successful decryption, then system equipment is to the terminal device authentication success, otherwise system equipment is failed to terminal device authentication.
Said process can carry out when terminal equipment is to the system equipment authentication, realizes it being to realize by the different field transmission in identical message in the time of these two processes; Certainly, these two processes also can be separated separately and carried out, and repeat no more in the present invention.
The method that a kind of terminal equipment of the present invention authenticates system equipment, be not restricted to listed utilization in specification and the execution mode, it can be applied to various suitable the present invention's field fully, for those skilled in the art, can easily realize additional advantage and make amendment, therefore under the situation of the spirit and scope of the universal that does not deviate from claim and equivalency range and limited, the present invention opens the examples shown that is not limited to specific details, representational equipment and illustrates and describe here.
Claims (15)
1, a kind of terminal equipment method that system equipment is authenticated, being used for the soft switch is the next generation network architectural framework of core control equipment, store the parameter of terminal equipment in the system equipment and, it is characterized in that, comprise the steps: password that should parameter
Step 1: in terminal equipment and system equipment, set in advance pair of secret keys;
Step 2: terminal equipment sends the request message that has the terminal equipment parameter to system equipment;
Step 3: system equipment is according to the terminal equipment parameter in the request message of receiving, inquire to key that should terminal equipment with to password that should parameter, use this terminal equipment parameter, and corresponding key and password carry out cryptographic calculation, calculate ciphertext;
Step 4: system equipment sends the response message that has described ciphertext to terminal equipment;
Step 5: after terminal equipment is received response message, take out ciphertext, according to the key and the decipherment algorithm of terminal equipment side ciphertext is decrypted, if successful decryption, then terminal equipment is to the system equipment authentication success, otherwise terminal equipment is to the system equipment authentification failure.
2, method according to claim 1 is characterized in that: key described in the step 1 is the device identification of the inner definition of terminal equipment and system equipment manufacturer.
3, method according to claim 1 is characterized in that: request message described in the step 2 is an extended request message.
4, method according to claim 1 is characterized in that: request message described in the step 2 is a login request message, and the response message described in the step 4 is the registration reply message that has succeed in registration sign or registration failure sign.
5, according to claim 3 or 4 described methods, it is characterized in that: the parameter of terminal equipment described in the step 2 is a number of the account.
6, method according to claim 5 is characterized in that: described in the step 3 according in the request message with the parameter query corresponding parameter of preserving in the system equipment, be the password that inquires the described number of the account correspondence of preserving in the system equipment.
7, method according to claim 4 is characterized in that: described terminal equipment further comprises the steps: after to the system equipment authentication success
Terminal equipment sends to system equipment once more and has the login request message of terminal equipment to system equipment authentication success sign;
System equipment receive described have the login request message of terminal equipment to system equipment authentication success sign after, carry out the location registration process of terminal equipment.
8, method according to claim 4 is characterized in that: described terminal equipment further comprises the steps: after to the system equipment authentification failure
Judge whether have the sign that succeeds in registration in the registration reply message, if, then carry out next step, otherwise, finish;
Terminal equipment sends de-registration request to system equipment, finishes.
9, method according to claim 1 is characterized in that: request message described in the step 2 is a call request message; Response message described in the step 4 is a call message.
10, method according to claim 9 is characterized in that: the parameter of terminal equipment described in the step 2 is a calling number.
11, method according to claim 10 is characterized in that: described in the step 3 according in the request message with the parameter query corresponding parameter of preserving in the system equipment, be the password that inquires the described calling number correspondence of preserving in the system equipment.
12, method according to claim 11 is characterized in that: described terminal equipment further comprises the steps: after to the system equipment authentication success
Terminal equipment sends to system equipment once more and has the call request message of terminal equipment to system equipment authentication success sign;
System equipment receive described have the call request message of terminal equipment to system equipment authentication success sign after, carry out the call treatment of terminal equipment.
13, method according to claim 1 is characterized in that: store the parameter of system equipment in the terminal equipment and to password that should parameter.
14, method according to claim 13 is characterized in that also comprising the steps:
System equipment sends the request message that has the system equipment parameter to terminal equipment;
Terminal equipment is according to the system equipment parameter in the request message of receiving, inquire to key that should system equipment with to password that should parameter, use this system equipment parameter, and corresponding key and password carry out cryptographic calculation, calculate ciphertext;
Terminal equipment sends the response message that has described ciphertext to system equipment;
After system equipment is received response message, take out ciphertext, according to the key and the decipherment algorithm of system equipment side ciphertext is decrypted, if successful decryption, then system equipment is to the terminal device authentication success, otherwise system equipment is failed to terminal device authentication.
15, method according to claim 13 is characterized in that:
Described step 2 comprises simultaneously: system equipment sends the request message that has the system equipment parameter to terminal equipment;
Described step 3 comprises simultaneously: terminal equipment is according to the system equipment parameter in the request message of receiving, inquire to key that should system equipment with to password that should parameter, use this system equipment parameter, and corresponding key and password carry out cryptographic calculation, calculate ciphertext;
Described step 4 comprises simultaneously: terminal equipment sends the response message that has described ciphertext to system equipment;
Described step 5 comprises simultaneously: after system equipment is received response message, take out ciphertext, according to the key and the decipherment algorithm of system equipment side ciphertext is decrypted, if successful decryption, then system equipment is successful to terminal device authentication, otherwise system equipment is failed to terminal device authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610000904 CN101001143A (en) | 2006-01-12 | 2006-01-12 | Method for authenticating system equipment by terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610000904 CN101001143A (en) | 2006-01-12 | 2006-01-12 | Method for authenticating system equipment by terminal equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101001143A true CN101001143A (en) | 2007-07-18 |
Family
ID=38692970
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610000904 Pending CN101001143A (en) | 2006-01-12 | 2006-01-12 | Method for authenticating system equipment by terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101001143A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
CN101127716B (en) * | 2007-09-30 | 2011-01-19 | 杭州华三通信技术有限公司 | A CNU registration method for EOC system and its EOC system |
WO2011022963A1 (en) * | 2009-08-31 | 2011-03-03 | 中兴通讯股份有限公司 | Method for protecting the security of data transmission, authentication server and terminal |
CN106034028A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Terminal equipment authentication method, apparatus and system thereof |
WO2017124419A1 (en) * | 2016-01-22 | 2017-07-27 | 惠州市吉瑞科技有限公司深圳分公司 | Electronic cigarette product authentication method and electronic cigarette product authentication system |
CN107231331A (en) * | 2016-03-23 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Obtain, issue the implementation method and device of electronic certificate |
CN113114624A (en) * | 2016-03-30 | 2021-07-13 | 创新先进技术有限公司 | Identity authentication method and device based on biological characteristics |
-
2006
- 2006-01-12 CN CN 200610000904 patent/CN101001143A/en active Pending
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127716B (en) * | 2007-09-30 | 2011-01-19 | 杭州华三通信技术有限公司 | A CNU registration method for EOC system and its EOC system |
CN101847296B (en) * | 2009-03-25 | 2013-07-10 | 索尼公司 | Integrated circuit, encryption communication apparatus, encryption communication system, information processing method and encryption communication method |
CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
WO2011022963A1 (en) * | 2009-08-31 | 2011-03-03 | 中兴通讯股份有限公司 | Method for protecting the security of data transmission, authentication server and terminal |
CN106034028B (en) * | 2015-03-17 | 2019-06-28 | 阿里巴巴集团控股有限公司 | A kind of terminal device authentication method, apparatus and system |
CN106034028A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Terminal equipment authentication method, apparatus and system thereof |
WO2017124419A1 (en) * | 2016-01-22 | 2017-07-27 | 惠州市吉瑞科技有限公司深圳分公司 | Electronic cigarette product authentication method and electronic cigarette product authentication system |
CN108475379A (en) * | 2016-01-22 | 2018-08-31 | 惠州市吉瑞科技有限公司深圳分公司 | A kind of electronic cigarette product certification method and electronic cigarette product certification system |
CN107231331A (en) * | 2016-03-23 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Obtain, issue the implementation method and device of electronic certificate |
CN107231331B (en) * | 2016-03-23 | 2020-10-27 | 创新先进技术有限公司 | Method and device for realizing acquisition and issuing of electronic certificate |
CN112468506A (en) * | 2016-03-23 | 2021-03-09 | 创新先进技术有限公司 | Method and device for realizing acquisition and issuing of electronic certificate |
CN113114624A (en) * | 2016-03-30 | 2021-07-13 | 创新先进技术有限公司 | Identity authentication method and device based on biological characteristics |
CN113114624B (en) * | 2016-03-30 | 2023-04-25 | 创新先进技术有限公司 | Identity authentication method and device based on biological characteristics |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109728909B (en) | Identity authentication method and system based on USBKey | |
AU777383B2 (en) | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor | |
KR100687455B1 (en) | Method for transferring sensitive information using initially unsecured communication | |
US20020187808A1 (en) | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network | |
US8230218B2 (en) | Mobile station authentication in tetra networks | |
CN1249637A (en) | Method for encryption of wireless communication in wireless system | |
CN106899969A (en) | Specific secrecy terminal system implementation method based on iOS system | |
US20050120248A1 (en) | Internet protocol telephony security architecture | |
CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
JP2005033840A (en) | Method and system establishing key through air transmission | |
KR20130013588A (en) | System for protecting information and method thereof | |
CN102572817A (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
CN101001143A (en) | Method for authenticating system equipment by terminal equipment | |
CN105407467B (en) | Method for encrypting short message, device and system | |
EP1878161A1 (en) | Method and system for electronic reauthentication of a communication party | |
CN101635924A (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
TW200537959A (en) | Method and apparatus for authentication in wireless communications | |
CN111756726A (en) | SIP security authentication method supporting State cipher algorithm | |
JP2008535427A (en) | Secure communication between data processing device and security module | |
CN104683098A (en) | Implementation method, equipment and system of secure communication service | |
CN105119716A (en) | Secret key negotiation method based on SD cards | |
CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
CN106549858A (en) | A kind of instant messaging encryption method based on id password | |
EP1320975B1 (en) | Internet protocol telephony security architecture | |
CN101442656B (en) | Method and system for safe communication between machine cards |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070718 |