CN101060556A - Telephone user ID authentication method - Google Patents
Telephone user ID authentication method Download PDFInfo
- Publication number
- CN101060556A CN101060556A CN 200610161669 CN200610161669A CN101060556A CN 101060556 A CN101060556 A CN 101060556A CN 200610161669 CN200610161669 CN 200610161669 CN 200610161669 A CN200610161669 A CN 200610161669A CN 101060556 A CN101060556 A CN 101060556A
- Authority
- CN
- China
- Prior art keywords
- authentication
- telephone
- user
- distribution
- incoming call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The related telephone user ID certification method comprises: 1. generating Kpub and Kpri by user set Kroot, and generating the certification code for dispatching; 2. when the dialing (B) dials to user (A), first obtaining NB of the dialing (B), and finding the NB in user's access table to trigger the ID certification process; and 3. certifying ID based on the certification code, wherein the relative system comprises a module for ID certification both of incoming call and receive SMS.
Description
[technical field]
The present invention relates to calling user's authentication of (comprise and send note or other initiatively signaling transmission), this authentication method can carry out the identity discriminating with the reception note to certain telephone subscriber's the phone of dialling in, and judges whether phone person of dialling in or note sender are allowed to call or send note to this telephone subscriber.
[background technology]
Along with spreading unchecked of harassing call and note, people begin to regard the telephone number of oneself as a kind of individual privacy, and do not wish open; Yet telephone number is as an important sign in the doings, but has inherent publicity.This publicity and the contradiction between the privacy of telephone number do not have good solution under existing phone system.Whom traditional telephone system can't allow dial at certain telephone number of determining control, and forbids that who dials.
Existing pstn fire wall technology can address this problem to a certain extent.But the pstn fire wall Technology Need is differentiated the telephone number of dialling in artificially, the telephone number that allows incoming call is joined " allowing the incoming call tabulation ", the telephone number that does not allow incoming call is joined " forbidding the incoming call tabulation ".When the phone incoming call, judge that by inquiring about these two tabulations if the telephone number of incoming call is in " allow incoming call tabulation " then produce the shake bell, the prompting user receives calls; If the telephone number of incoming call does not then produce the shake bell in " forbidding the incoming call tabulation ", the user just can not answer this phone yet.
Except the pstn fire wall of resident mobile phone terminal, the network side safety device has following several:
CN00128889.X is the method and apparatus of storing daily record data in communication network, and wherein the user's of access server computer daily record data deposits in by the daily record data memory device that comprises this recording medium and only allows data to be recorded in once the recording medium.Therefore, even a uncommitted user, for example the hacker after the restrict access command expiration that allows by operating system and fire compartment wall generation, has just visited in the absence of server through any approval, and he can not revise and delete daily record data.
CN200310111726.4 is the implementation method of the signaling fire compartment wall in flexible exchanging network, increase the signaling fire compartment wall between soft switch in network configuration and the access device, its implementation may further comprise the steps: between described soft switch and described access device, be provided with at least one borde gateway, be provided with the signaling fire compartment wall thereon, all signalings are transmitted by this borde gateway between this soft switch and this access device; After the signaling of described access device was sent to this borde gateway, this borde gateway was handled respectively according to signaling type, and signaling is filtered, and transmitted the authentication registration signaling, and signaling traffic is controlled.The inventive method can prevent to cause the congestion problems of soft switch effectively when the signaling message amount of access device is excessive, by being transferred to borde gateway, functions such as the online detection of access device, authentication finish, improved performance, the reliability of soft switch effectively, and can prevent of the impact of illegal access device effectively soft switch
CN200410042605.3 is that portable terminal sees through the system that fire compartment wall obtains information server information, comprising: information server, wireless data communication net, information agency gateway and information push gateway; Wherein information server is used for reception information, and is connected with the information agency gateway; The information agency gateway is positioned at after the fire compartment wall, is used for connecting with information propelling movement gateway and being connected with portable terminal foundation safety; Information pushes gateway, links to each other with the wireless data communication net, is used to receive the request with transmitting mobile terminal.The present invention introduces the information agency gateway and information pushes gateway, pushes being connected of gateway by inner the foundation with information of information agency gateway active slave firewall, has solved limit for reading message from fire wall; Simultaneously between information agency gateway and portable terminal, set up safe interface channel, solved information security issue, need not on information server, information to be encrypted, realized the safe transfer of information.
CN02818714.8 is used to realize the method and apparatus of communication data firewall applications, at the first step (S1 that communicates to connect that starts from described first terminal equipment (1) to second terminal equipment (2), S2, S3) send the authorization data that is used for described first terminal equipment (1) is carried out authentication in, and after carrying out authentication, give described firewall box (9) selected address notification.Also disclosed the device that is used to carry out this method in addition.
The fire compartment wall of network equipment adapted is not seen the mechanism that provides based on the authentication of calling the user of telephony gateway.And the pstn fire wall of existing network lacks the mechanism of automatically incoming call person being carried out authentication, when strange phone incoming call was arranged, the telephone subscriber only just can judge and join this phone " allowing the incoming call tabulation " after having answered this phone still be " forbid incoming call tabulate ".Than telephone subscriber big and the emphasis individual privacy, this pstn fire wall technology can't satisfy high-end user or special requirement user's requirement for telephone traffic.
[summary of the invention]
The present invention seeks to: in order to overcome the shortcoming that existing phone (comprising fixed line, mobile phone, PHS, note) firewall technology can't be differentiated automatically to the caller, in telephone system, introduce telephone subscriber identity mandate and identity and differentiated two processes, comprehensively used these two processes can automatically differentiate the identity legitimacy of incoming call or note.
Technical solution of the present invention is: the telephone user ID authentication method, be provided with dialling in phone and receiving the system that note is carried out the identity discriminating to certain telephone subscriber, judge whether phone person of dialling in or note sender are allowed to call or send note to this telephone subscriber, comprise authentication sign indicating number distribution and differentiate, can judge the identity legitimacy of incoming call and note according to this method of authentication sign indicating number automatically based on the identity of authentication sign indicating number; The telephone user ID authentication method step is as follows:
The first step: the distribution of authentication code
The phone initiator at first needed to obtain by " identification authorization " process effective authentication sign indicating number of phone recipient before calling; There is dual mode in the telephone subscriber for the distribution of own telephone number: directly ways of distribution and ways of distribution indirectly;
Directly ways of distribution refers to directly the telephone number of oneself be informed the mode of dialling the hitter by the telephone subscriber; Ways of distribution refers to by the go-between certain user's telephone number be informed third-party mode indirectly;
Direct ways of distribution:
1), need this telephone subscriber a root password to be set with K for each telephone subscriber
RootExpression;
2) according to K
RootThe authentication code set that each telephone subscriber can generate oneself is called Ac; Ac=(a
1, a
2... a
N, a wherein
iBe the authentication code that needs distribution, and N is the authentication code number that authentication code set A c is comprised;
3) telephone subscriber A will distinguish the telephone number N of oneself
AWith an authentication code a
i(a
i∈ Ac) together is distributed to different telephone subscriber B;
Or adopt indirect ways of distribution:
Ways of distribution after go-between B obtains telephone number owner's (A) mandate, is distributed the number (N of A by obtaining the go-between B distribution of telephone subscriber A mandate indirectly indirectly
A).Its process is as follows:
1) the licensing process P of go-between B by distributing indirectly
AMaybe must be to the indirect distribution authorization of the telephone number of A
2) go-between B obtains the telephone number N of user A
AIndirect distribution authorization after, use indirect authentication code generating function F
iGenerate an indirect authentication code S '
AC, and with this authentication code S '
ACWith telephone number N
ABe distributed to telephone subscriber C together; S ' wherein
ACRepresent B to be distributed to C in order to indirect authentication code by user A authentication;
Second step: the triggering of authentication process
When group hitter user B called the phone of user A, system at first obtained the telephone number N of caller B
B, and in " access list " of user A, search N
BIf N
BBe present in " allowing the incoming call tabulation ", then produce the prompting of electroshock bell, do not need to trigger the authentication process this moment; If N
BBe present in " forbid incoming call tabulation ", then B is sent the signaling of forbidding incoming call and discharge with B between signaling is connected, shake bell and A is not produced; If N
BNot in the access list of A (neither in " allowing the incoming call tabulation ", also not in " forbidding the incoming call tabulation "), then A sends ID authentication request to B, thereby triggers the authentication process.
The 3rd step: the identity based on authentication code is differentiated
Telephone subscriber B sends " authentication response " to A after receiving " ID authentication request " of user A; Type according to the authentication code that B had, " the authentication response " that B sent can be divided into " direct identity authentication response " and " authentication response indirectly " two kinds again, A judges according to the content in the response message whether B is that legal authenticated user is then connected phone: if B is a validated user, then with the number N of B
BJoin in " allowing the incoming call tabulation ", when B dials the number of A like this, carried out authentication once more next time with regard to not needing;
Use access list that different phone persons of dialling in or note sender are distinguished.Under the default situations, anyone is the number N of uncommitted indirect dispatch user A
A, whom allows can distribute its number N indirectly by telephone subscriber A decision
A
Which kind of public key algorithm telephone user ID authentication of the present invention can specifically use but clearly specify based on the authentication public key technology.Can adopt any public key algorithm (as RSA Algorithm or elliptic curve) under the framework of these authentication techniques, the security intensity that different public key algorithms brings is different.
Characteristics of the present invention are: described telephone subscriber comprises fixed line, mobile phone, PHS, short-message users, also comprises " phone " user that 3G or 4G support.The present invention on the hardware and the enforcement on the software pay the utmost attention on communication system and implement, as long as the software processes platform is provided, the telephone subscriber is satisfied high-end or special user's demand as long as selecting to open the software processes platform that is made of this method just can serve accordingly.Also this method system can be set on telephone subscriber's the terminal, mainly constitute by corresponding software kit.
Adopt identity identifying method of the present invention, telephone system can automatically be differentiated the legitimacy of dialling in phone or receiving note, compared with prior art, this method has alleviated the participation of telephone subscriber in incoming call (or note) legitimacy differentiation process greatly, thereby from having alleviated deception and the harassing and wrecking to the user of meaningless phone and note to the full extent.
[description of drawings]
Before having described, calls Fig. 1 the incoming call process of user A by the telephone subscriber B of authentication.N wherein
BRepresent the telephone number of telephone subscriber B.
Before having described, Fig. 2 forbidden that the telephone subscriber B of incoming call calls the incoming call process of user A.N wherein
BRepresent the telephone number of telephone subscriber B.
Fig. 3 has described under the direct authentication mode, and telephone subscriber B calls the incoming call process of user A first.N wherein
BRepresent the telephone number of telephone subscriber B, a
iDirectly be distributed to the authentication code of B for A.Dotted line among the figure is represented under the different situations can produce different signaling processes.
Fig. 4 has described under the indirect authentication mode, and telephone subscriber C calls the incoming call process of user A first.N wherein
BRepresent the telephone number of go-between B, N
CRepresent the telephone number of telephone subscriber C, S '
ACRepresent go-between B to be distributed to C in order to indirect authentication code by user A authentication.Dotted line among the figure is represented under the different situations can produce different signaling processes.
Fig. 5 has described the licensing process (situation that T2 is overtime) of indirect authentication
Fig. 6 has described the licensing process (situation that T2 is not overtime) of indirect authentication
[embodiment]
Telephone user ID authentication method of the present invention mainly comprises (1) access list, comprises " allowing the incoming call tabulation " and " forbidding the incoming call tabulation "; (2) identification authorization, the process of distributing the authentication sign indicating number for phone (or note) user who allows incoming call; (3) identity is differentiated, phone (or note) incoming call person is carried out differentiating based on the identity of authentication code.The result of " identity discriminating " is stored in " access list ".
Telephone user ID authentication method of the present invention is as follows: (for phone and note, this identity identifying method is roughly the same, only is that example is introduced with the phone herein)
The first step: the distribution of authentication code
The phone initiator at first needed to obtain by " identification authorization " process effective authentication sign indicating number of phone recipient before calling.
There is dual mode in the telephone subscriber for the distribution of own telephone number: directly ways of distribution and ways of distribution indirectly.Directly ways of distribution refers to directly the telephone number of oneself be informed the mode of dialling hitter's (as distribution of business card) by the telephone subscriber; Ways of distribution refers to by the go-between certain user's telephone number be informed third-party mode indirectly.Corresponding to the ways of distribution of these two kinds of telephone numbers, also there is direct distribution in the distribution of authentication code and distributes dual mode indirectly.The authentication code that telephone subscriber A is distributed to different user should be inequality.
Second step: the triggering of authentication process
When user B dialed the phone of A, system at first obtained the telephone number N of caller B
B, and in " access list " of user A, search N
BIf N
BBe present in " allowing the incoming call tabulation ", then produce the prompting of electroshock bell, do not need to trigger the authentication process this moment; If N
BBe present in " forbid incoming call tabulation ", then B is sent the signaling of forbidding incoming call and discharge with B between signaling is connected, shake bell and A is not produced; If N
BNot in the access list of A (neither in " allowing the incoming call tabulation ", also not in " forbidding the incoming call tabulation "), then A sends ID authentication request to B, thereby triggers the authentication process.
The 3rd step: the identity based on authentication code is differentiated
Telephone subscriber B sends " authentication response " to A after receiving " ID authentication request " of user A.According to the type of the authentication code that B had, " the authentication response " that B sent can be divided into " direct identity authentication response " and " authentication response indirectly " two kinds again.Details to these two kinds of identity discrimination processes will be described in detail in " embodiment ".After A receives " authentication response ", judge according to the content in the response message whether B is legal authenticated user.If B is a validated user, then with the number N of B
BJoin in " allowing the incoming call tabulation ", when B dials the number of A like this, carried out authentication once more next time with regard to not needing.And " forbid incoming call tabulation " need also can set some ad hoc rules certainly this table is safeguarded by user's manual maintenance, insert " forbidding the incoming call tabulation " such as incoming call user with continuous N time authentification failure.
To implementation detail involved in the identity identifying method of the present invention, be described one by one below:
1. the right generation of public key cryptography
Telephone user ID authentication is based on the authentication public key technology, but which kind of public key algorithm appointment specifically uses.Under the framework of these authentication techniques, can adopt any public key algorithm, for example RSA Algorithm or elliptic curve.Determine a pair of PKI and private key as prior art by two relatively prime numbers, the security intensity that different public key algorithms brings is different.Suppose that we adopt public key algorithm Algo,, need this user a root password to be set (with K for each telephone subscriber
RootExpression).Algorithm Algo is according to K
RootGenerate pair of secret keys (K
Pub, K
Pri), K wherein
PubBe PKI, can externally announce; And K
PriBe private key, prevent K
RootAnd K
PriKnown by other people.
With the RSA Algorithm is example, selects to get in [M, N] scope a prime number set C earlier, supposes that set C public affairs comprise L big prime number.With K
RootFor seed generates integer m in two [1, L] scopes and n (this process can referring to next trifle).Select m and n prime number among the set C, be made as p, q.
Calculate N=p*q, establish (N)=(p-1) (q-1).Select e to make 1<e< (N), and GCD (e, (N))=1, wherein GCD is the greatest common divisor computing function.
Taking off establishes an equation obtains d
E*d=1mod (N) and 0≤d≤N Eq.1
Announce PKI: K
Pub={ e, N}
Preserve private key: K
Pri={ d, p, q}
2. direct authentication code generating function F
d
The root password K that is input as the user of this function
Root, be output as this user's direct authentication code set A c.Concrete operations are as follows:
With K
RootBe seed, adopt certain random number generating algorithm to generate the random integers of the individual scope of N (N is the maximum number that Ac comprises authentication code) in [0, M], require N<<M.This N random integers constitute a set, are called set of random numbers R, R={r
1, r
2... r
i... r
N.Element r among the set R
iRepresent i random number in this set.All random numbers among this set of random numbers R are utilized PKI K
PubCarry out computations one by one.If a
iBe r
iCarry out the result of computations, then a
iWith r
iRelation can be expressed as
All a
i, i ∈ [0, N] forms a set, is the direct authentication code set A c of user A.
With K
RootThe algorithm that generates random number for seed is very ripe, in the C language, the seed of random number generator can call function srand (unsigned int) be set, and call function rand (void) generates random number subsequently.
3. the indirect licensing process P that distributes
A
Before can distributing indirectly to the number of A, telephone subscriber B at first to obtain the mandate of A.
Write down each telephone subscriber in telephone subscriber A " allow incoming call tabulation " and whether be authorized to the number of A is distributed indirectly, the structure that should " allow the incoming call tabulation " as shown in Table 1:
Table one allows the incoming call tabulation
| Direct authentication code | Telephone number | Whether be authorized to distribute indirectly authentication code | The indirect authentication PKI that is authorized to |
| a 1 | 13792472279 | Be | K pub1 |
| -- | 0536-6225423 | Not | -- |
| … | … | … | … |
First classifies the pairing direct authentication code of direct authenticated user as, and for indirect authenticated user, the value of these row is empty; Second classifies the subscriber directory number that allows incoming call as; Whether the 3rd this user of row record is authorized to distribute indirectly authentication code; The 4th this user's of row record authentication PKI authenticates indirectly if this user is uncommitted, and then the value that should be listed as is empty.
(number is N if certain telephone subscriber A decision allows B
B) carry out the distribution of indirect authentication code for oneself, then need B is carried out indirect distribution authorization.Its process is as follows:
The authentication module of A sends " authorizing indirect authentication request " message to B, and this request message only comprises the number N of A
A, start timer T2 (value of T2 is configurable, and default value is a minute) simultaneously.After B receives this request, send the authentication module that " authorizing indirect authentication response " message is given A, wherein comprise the number N of B
BPKI K with B
PubB
If the authentication module of A was received " authorizing indirect authentication response " before T2 is overtime, then with the K that carries in the response message
PubBInsert " the indirect authentication PKI that the is authorized to " item in the access list, " whether being authorized to distribute indirectly authentication code " item that B is expert in will " allowing the incoming call tabulation " changes "Yes" into by "No", and send " authorizes successfully and indicate " to telephone subscriber A, as accompanying drawing 5; If the authentication module of A was not received " authorizing indirect authentication response " before T2 is overtime, then think the indirectly authorization failure of distribution of this time, and send " authorization failure indication ", as accompanying drawing 6 to telephone subscriber A.
4. indirect authentication code generating function F
i
Indirect authentication code generating function F
iWith generating indirect authentication code.Its concrete operations are as follows:
Suppose that (number is N to C
C) to the number of B inquiry A, B is at first with the number N of A
ANumber N with C
CBe together in series and generate decimal number string S
AC, S
AC=(L
A, N
A, L
C, N
C), L wherein
AAnd L
CBe respectively N
AAnd N
CLength (if the number of A is 13585112711, the number of B is 13792472279, then the S of Sheng Chenging
ACJust be 11135851127111113792472279, what underscore outpoured is number length), L
AAnd L
CIt all is double-digit decimal integer.B utilizes the private key K of oneself then
PriBTo S
ACCarry out computations, generate S '
AC, S '
AC=F
PriB (S
AC).S '
ACBe that B is distributed to C and is used for indirect authentication code by user A authentication.
5. direct identity verification process
This authentication process as shown in Figure 3.
Telephone subscriber A sends " ID authentication request " to B, starts timer T1 (value of timer T1 is configurable, and default value is 3 minutes) simultaneously; B should in time send " authentication response " to A after receiving this request, and what indicate the B request in the response message of this authentication is direct authentication, carries the direct authentication code a that A is distributed to B simultaneously
i
If A does not also receive " the authentication response " that B sends before timer T1 is overtime, then A sends " authentication failure " message to B, the authentification failure reason shows timer expired in the message, cancels timer T1 (situation of timer expiry is not indicated in accompanying drawing 3) simultaneously;
If A has received " the authentication response " that B sends before timer T1 is overtime, then A cancels timer T1, and according to the response message of receiving B is carried out identity and differentiate operation.If a that in " allowing the incoming call tabulation ", carries in the discovery response message
iUsed by other users, and then judged party B-subscriber's authentication failure, and send " authentication failure " message to B, the authentification failure reason shows authentication code a in the message
iLost efficacy; Otherwise A checks a
iWhether be present among the set A c, if a
iNot in set A c, then judge party B-subscriber's authentication failure, and send " authentication failure " message that the authentification failure reason shows invalid authentication code a in the message to B
iIf a
iIn set A c and not, used, then judge the authentication success of user B, and send " authentication success " message, produce the shake bell simultaneously to B by other users.
Because user terminal has been to having taked corresponding encryption safeguard procedures (encrypting as the data that GSM and the hollow oral instructions of 3G system are passed) between the access office in the existing telephone system, thus in the design process of agreement consideration " man-in-the-middle attack " factor no longer.
6. indirect authentication process
This authentication process is as shown in Figure 4:
Telephone subscriber A sends " ID authentication request " to C, starts timer T1 (value of timer T1 is configurable, and default value is 3 minutes) simultaneously; B should in time send " authentication response " to A after receiving this request, and what indicate the B request in the response message of this authentication is indirect authentication, carries the number N of go-between B simultaneously
BAnd B sends to the indirect authentication code S ' of C
AC
If A does not also receive " the authentication response " that C sends before timer T1 is overtime, then A sends " authentication failure " message to C, the authentification failure reason shows timer expired in the message, cancels timer T1 (situation of timer expiry is not indicated in accompanying drawing 4) simultaneously;
If A has received " the authentication response " that C sends before timer T1 is overtime, then A cancels timer T1, and according to the response message of receiving C is carried out identity and differentiate operation.After A receives " authentication response ", at first according to the N that carries in the response message
BSearch " allowing the incoming call tabulation ", if the uncommitted indirect distribution authentication code of B then sends the incoming call request of " authentication failure " message refusal C to C, the authentification failure reason shows invalid go-between in the message; If B is authorized to distribute indirectly authentication code, then can from access list, obtain the PKI K of B
PubB, utilize K
PubBTo S '
ACThe anti-conversion obtains S
AC, i.e. F
PubB(S '
AC)=F
PubB(F
PriB(S
AC))=S
ACA utilizes the number N of oneself
AAnd the number N of C
CWith S
ACCompare, if numbers match then send " authentication success " message to C, and produce the shake bell, prompting user A receives calls; Otherwise send " authentication failure " message to C, the incoming call request of refusal C, the authentification failure reason shows invalid authentication code S ' in the message
AC
Based on the consideration identical, in the design process of agreement, no longer consider " man-in-the-middle attack " factor with direct verification process.
7. Certificate Authority cancellation indirectly
If for a certain reason, the mandate of the indirect distribution authentication code of A decision cancellation B, then at first to change " whether being authorized to distribute indirectly authentication code " item that B was expert in the access list into "No" by "Yes", delete the authentication PKI of B, and send " forbidding that authentication is indicated indirectly " message to B." forbid indirectly authentication indication " do not need to wait for any answer (the bottom bearing protocol of supposing signaling here is reliable host-host protocol, so the failure retransmit issue of the security protocol on upper strata in no longer considering to communicate by letter)." forbid authenticating indirectly indicating " in the message all only comprising the telephone number of A, and do not comprise any key.B knows just that after receiving " forbidding authentication indication indirectly " oneself is by the authority of the indirect distribution of A cancellation authentication code.
Claims (10)
1. telephone user ID authentication method, be provided with dialling in phone and receiving the system that note is carried out the identity discriminating to certain telephone subscriber, judge whether phone person of dialling in or note sender are allowed to call or send note to this telephone subscriber, it is characterized in that: comprise the distribution of authentication sign indicating number and differentiate, can judge the identity legitimacy of incoming call and note according to this method of authentication sign indicating number automatically based on the identity of authentication sign indicating number;
The telephone user ID authentication method step is as follows:
The first step: the distribution of authentication code
The phone initiator at first needed to obtain by " identification authorization " process effective authentication sign indicating number of phone recipient before calling; There is dual mode in the telephone subscriber for the distribution of own telephone number: directly ways of distribution and ways of distribution indirectly;
Directly ways of distribution refers to directly the telephone number of oneself be informed the mode of dialling the hitter by the telephone subscriber; Ways of distribution refers to by the go-between certain user's telephone number be informed third-party mode indirectly;
Two kinds of ways of distribution all adopt public key algorithm to generate authentication code: the needed PKI K of public key algorithm
PubWith private key K
PriRoot password K by each telephone subscriber's setting
RootGenerate.
Directly under the ways of distribution, the telephone subscriber utilizes the private key K of oneself
PriTo one according to K
RootThe set of random numbers that generates is carried out authentication code set of computations acquisition and is called Ac, Ac={a
1, a
2... a
N, a wherein
iBe the authentication code that needs distribution.When the telephone subscriber distributes the number of oneself, with a
iTogether divide with oneself telephone number and to send out;
Under the ways of distribution, telephone subscriber (A) will authorize a go-between (B) that its number is distributed indirectly earlier indirectly; Can be after go-between B obtains the authorization to third party (C) distribution telephone subscriber's (A) number; Go-between (B) will distribute an indirect authentication code S to A in the lump when the number of distribution (A)
AC', indirect authentication code S
ACThe private key K of ' utilization (B)
PriBNumeric string to the number of (A) and the composition of number (C) carries out the computations acquisition;
Second step: the triggering of authentication process
When group hitter go-between (B) called user's (A) phone, system at first obtained caller's (B) telephone number N
B, and in user (A) " access list ", search N
BIf N
BNot in the access list of (A), then (A) sends ID authentication request to (B), thereby triggers the authentication process; Otherwise according to N
BCorresponding operating carried out in record in access list, produces shake bell or refusal incoming call;
The 3rd step: the identity based on authentication code is differentiated
Telephone subscriber (B) sends " authentication response " to (A) after " ID authentication request " of receiving user (A), carry the direct or indirect authentication sign indicating number for (A) user that (B) had in this response message; (A) judge according to the authentication code in the response message whether (B) is legal authenticated user, and upgrade access list according to the result who judges.
2. telephone user ID authentication method according to claim 1 is characterized in that: the system of using public-key is carried out the generation and the check of authentication code.
3. telephone user ID authentication method according to claim 1 is characterized in that: the distribution of authenticating user identification sign indicating number has direct distribution and distributes two kinds of ways of distribution indirectly.
4. telephone user ID authentication method according to claim 3 is characterized in that: under the authentication mode, go-between (B) is in the process of distribution telephone subscriber's (A) telephone number indirectly, and the authentication code that is distributed to different third parties (C and C ') is inequality.
5. telephone user ID authentication method according to claim 3, it is characterized in that: indirectly under the authentication mode, go-between (B) is in the process of third party (C) distribution telephone subscriber's (A and A ') telephone number, and institute becomes life and the authentication code distributed is inequality.
6. telephone user ID authentication method according to claim 3 is characterized in that: under the authentication mode, the indirect authentication code that telephone subscriber (A) provides by incoming call user (C) is judged as its go-between's who distributes indirect authentication code (B) identity indirectly.
7. telephone user ID authentication method according to claim 3, it is characterized in that: be provided with the mandate that the go-between is distributed indirectly and authorize the cancellation process: " whether being authorized to the distribute indirectly authentication code " item of earlier go-between in the access list (B) being expert at changes "No" into by "Yes", delete the authentication PKI of (B), and send " forbidding authentication indication indirectly " message to (B).
8. telephone user ID authentication method according to claim 7 is characterized in that: under the default situations, and all uncommitted indirect distribution telephone subscriber's of any go-between (B) (A) number (N
A), whom allows can distribute its number (N indirectly by telephone subscriber (A) decision
A).The information stores that has been authorized to distribute indirectly about whom is in access list.
9. telephone user ID authentication method according to claim 1 is characterized in that: use access list that different phone persons of dialling in or note sender are distinguished.
10. telephone user ID authentication method according to claim 9, it is characterized in that: be provided with " forbidding the incoming call tabulation ", if incoming call is present in " forbidding the incoming call tabulation ", then incoming call person is sent the signaling forbid incoming call and discharge with incoming call person between signaling be connected, and the phone recipient is not produced the shake bell; If differentiating incoming call person is validated user, then the number with incoming call person joins in " allowing the incoming call tabulation ", when this incoming call person dials this phone next time, has carried out authentication once more with regard to not needing like this.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610161669 CN101060556A (en) | 2006-12-30 | 2006-12-30 | Telephone user ID authentication method |
| CNA2007101470979A CN101132641A (en) | 2006-12-30 | 2007-09-04 | Authentication method for telephone subscriber identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610161669 CN101060556A (en) | 2006-12-30 | 2006-12-30 | Telephone user ID authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101060556A true CN101060556A (en) | 2007-10-24 |
Family
ID=38866438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610161669 Pending CN101060556A (en) | 2006-12-30 | 2006-12-30 | Telephone user ID authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101060556A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316431A (en) * | 2010-06-29 | 2012-01-11 | 中国移动通信集团公司 | Network signaling congestion control method and device |
| CN102640449A (en) * | 2009-11-06 | 2012-08-15 | 瑞典爱立信有限公司 | System and methods for web-application communication |
| WO2015024279A1 (en) * | 2013-08-23 | 2015-02-26 | 深圳市奥尼视讯技术有限公司 | Method and system for realizing remote access of storage terminal based on cloud service platform |
| CN107423975A (en) * | 2011-03-30 | 2017-12-01 | 欧诺银行 | By submitting number to carry out strong authentication |
-
2006
- 2006-12-30 CN CN 200610161669 patent/CN101060556A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102640449A (en) * | 2009-11-06 | 2012-08-15 | 瑞典爱立信有限公司 | System and methods for web-application communication |
| CN102640449B (en) * | 2009-11-06 | 2016-03-16 | 瑞典爱立信有限公司 | For the system and method for web application communication |
| CN102316431A (en) * | 2010-06-29 | 2012-01-11 | 中国移动通信集团公司 | Network signaling congestion control method and device |
| CN107423975A (en) * | 2011-03-30 | 2017-12-01 | 欧诺银行 | By submitting number to carry out strong authentication |
| WO2015024279A1 (en) * | 2013-08-23 | 2015-02-26 | 深圳市奥尼视讯技术有限公司 | Method and system for realizing remote access of storage terminal based on cloud service platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hwang et al. | A self-encryption mechanism for authentication of roaming and teleconference services | |
| KR0181566B1 (en) | Method and apparatus for efficient real-time authentication and encryption in a communication system | |
| CN100338545C (en) | Integration of secure identification logic into cell phone | |
| CN1146177C (en) | Communication method and device | |
| CN100574511C (en) | The method and system of opposite end identity validation in a kind of mobile terminal communication | |
| CN101132641A (en) | Authentication method for telephone subscriber identity | |
| Lin et al. | Authentication protocols for personal communication systems | |
| CN1132479C (en) | Authentication methods for cellular communicaltions systems | |
| JPH0832575A (en) | Radiocommunication system | |
| EP1929697A2 (en) | Shared key encryption using long keypads | |
| JPH06195024A (en) | Method for establishment of communication channel and customer device | |
| CN1697470A (en) | Telephone number change notification method and telephone number change notification system | |
| CN100441023C (en) | Method to authenticate mobile station, communications system and mobile station | |
| IL162011A (en) | Use of a public key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners | |
| CN100350816C (en) | Method for implementing wireless authentication and data safety transmission based on GSM network | |
| CN112929339B (en) | Message transmitting method for protecting privacy | |
| CN1298620A (en) | Authentication method and authentication device for secured communications between an ATM mobile terminal and an ATM access node of a wireless ATM radio communication network | |
| CN106921633A (en) | Calling number Verification System and method | |
| CN101060556A (en) | Telephone user ID authentication method | |
| CN102883313A (en) | Method for implementing privacy protection during communication, and terminal | |
| CN1601960A (en) | Safety authentication method of cell phone bank system | |
| CN1190318A (en) | Improved security in cellular telephones | |
| TW201101788A (en) | Method and apparatus for exchanging information in a voice communication system | |
| JP2002539489A (en) | Voice and data encryption method using encryption key split combiner | |
| Lee et al. | A new authentication protocol based on pointer forwarding for mobile communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |