CN101330420A - Authentication method and device, mobile terminal - Google Patents
Authentication method and device, mobile terminal Download PDFInfo
- Publication number
- CN101330420A CN101330420A CNA2008101337638A CN200810133763A CN101330420A CN 101330420 A CN101330420 A CN 101330420A CN A2008101337638 A CNA2008101337638 A CN A2008101337638A CN 200810133763 A CN200810133763 A CN 200810133763A CN 101330420 A CN101330420 A CN 101330420A
- Authority
- CN
- China
- Prior art keywords
- authentication
- sequence number
- authentification
- module
- user identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses authentication methods, and devices and mobile terminals thereof. One of the authentication methods comprises the steps of pre-storing user identify identification information which includes a key provided by a service provider for accessing authentication, a digital certificate and an authentication serial number for verifying the validity of an authentication message from a network; acquiring the authentication message from the network, decrypting the authentication token of the authentication message according to a predetermined decryption algorithm to obtain an expected serial number, a random number and an expected authentication value carried in the authentication token; reading the stored user identify identification information to obtain the authentication serial number; comparing the authentication serial number with the expected serial number to verify the validity of the authentication message. The methods can improve user security and operational flexibility.
Description
Technical field
The present invention relates to the broadband wireless access communication field, particularly, relate to method for authenticating and device and portable terminal.
Background technology
WiMAX (World Interoperability for Microwave Access, World Interoperability for Microwave Access, WiMax) is a broadband wireless access metropolitan area network (Wireless Metropolitan Area Network based on IEEE 802.16 series standards, abbreviate WMAN as) technology, be a kind of new air-interface standard that proposes at microwave and millimeter wave frequency band, it will realize seamless fusion with complete IP network in future.
The elementary object of WiMAX is to insert under the environment at metropolitan area network, guarantees that the wireless device of different vendor interconnects.In order to support mobility, WiMAX has added switching, QoS (Quality of Service on the basis of IEEE802.16d, quality of service), MIMO (Multiple Input Multiple Output, multiple-input and multiple-output), AMC (AdaptiveCoding ﹠amp; Modulation, adaptive coding and modulation), new technical characteristic such as safety, formed 802.16e, be used for portable and mobile scene, and support fixed scene simultaneously, wherein, mobile data services are main application of mobile scene.Than other wireless access wide band technologies, the IEEE 802.16e of WiMAX has advantages such as the strong and QoS may command of wide coverage, extensibility.
The WiMAX terminal is also referred to as subscriber station (Subscriber Station abbreviates SS as), according to its purposes and function, can be divided into hand-held station, Vehicle mounted station, fixed wireless access platform, data card etc.
Wherein, 802.16 series standards of WiMAX have only been worked out physical layer (PHY) and media access control layer (Media Access Control, abbreviate MAC as) agreement and standard, but it is less from the consideration of user security and network operation angle, only use SIM card to carry out authentication, there is following shortcoming in this authentication mechanism:
(1) use SIM card to carry out authentication at present, in this pattern, key (Ki) value, the digital certificate (X.509 certificate) that are used for access authentication are changeless, and easy invaded person cracks, and therefore have potential safety hazard;
(2) at present the capacity of the employed SIM card of authentication is fixed, and for what operator released the SIM card capacity is had the new business of requirement, and the user can't use on the basis of old SIM card, therefore is unfavorable for that operator provides new value-added service for the user.
Summary of the invention
Consider the problems referred to above that present use SIM authentication exists and propose the present invention, for this reason, the present invention aims to provide a kind of method for authenticating and device, and portable terminal, in order to address the above problem.
According to an aspect of the present invention, provide a kind of portable terminal.This portable terminal comprises nonvolatile memory, wherein, store user identification information may in the nonvolatile memory, wherein, user identification information may comprises: key that is used for access authentication and the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side.
According to a further aspect in the invention, provide a kind of method for authenticating, be used for network side being carried out authentication in end side.
Method for authenticating according to the present invention comprises: store user identification information may in advance, wherein, user identification information may comprises: the key that is used for access authentication, the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side; Obtain authentication message, the authentication-tokens in the authentication message is decrypted, obtain expectation sequence number, random number, the expectation authentication values of carrying in the authentication-tokens according to the decipherment algorithm of making an appointment from network side; Read the user identification information may of storage, obtain sequence number of authentification; To expect that sequence number compares with sequence number of authentification, with the legitimacy of checking authentication message.
According to a further aspect in the invention, also provide a kind of method for authenticating, be used for network side end side is carried out authentication.
Method for authenticating according to the present invention comprises: obtain digital certificate and Expected Response from end side, wherein, digital certificate and obtain the employed key of Expected Response and be stored in the memory of end side, and, also store sequence number of authentification in the memory; Expected Response is compared with the response of local storage, and under the two consistent situation, verification terminal is legal, otherwise verification terminal is illegal.
In accordance with a further aspect of the present invention, provide a kind of authentication device, be positioned at end side, be used for network side is carried out authentication.
Authentication device according to the present invention comprises: memory module, be used to store user identification information may, wherein, user identification information may comprises: key that is used for access authentication and the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side; Deciphering module is used to obtain the authentication message from network side, and according to the decipherment algorithm of making an appointment the authentication-tokens in the authentication message is decrypted, and obtains expectation sequence number, random number, the expectation authentication values of carrying in the authentication-tokens; Read module is used for reading the user identification information may that memory module is stored; Authentication module is used for the sequence number of authentification that user identification information may that first sequence number of authentification that deciphering module deciphering is obtained and read module read comprises and compares, to verify the legitimacy of authentication message.
According to the present invention, also provide a kind of portable terminal that comprises above-mentioned authentication device.
By such scheme of the present invention, than prior art, can improve user security, strengthen the flexibility of operation simultaneously.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 (a) and Fig. 1 (b) are the logical construction schematic diagrames according to the portable terminal of the embodiment of the invention;
Fig. 2 is that the position of portable terminal in WiMAX network system framework according to the embodiment of the invention concerns schematic diagram;
Fig. 3 (a) is according to the flow chart that in the method for authenticating of the embodiment of the invention authentication message is carried out authentication;
Fig. 3 (b) is according to the flow chart that in the method for authenticating of the embodiment of the invention network side is carried out authentication;
Fig. 4 is the flow chart of method for authenticating according to another embodiment of the present invention;
Fig. 5 is a flow chart of using the method for authenticating realization authentication process of the embodiment of the invention;
Fig. 6 is the structured flowchart according to the authentication device of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
In order to solve the potential potential safety hazard of present terminal, and the convenience in order to strengthen operation and to use, the present invention proposes a kind of software module of in terminal, using and realize the scheme of identity recognition function, below in conjunction with embodiment this is described.
According to the embodiment of the invention, a kind of portable terminal is provided, on the nonvolatile memory (as: EEPROM, Flash) of this portable terminal, mark special storage area and be used to store user identification information may, here the user identification information may of mentioning comprises: key that is used for access authentication (Ki) and the digital certificate (X.509 certificate) that is provided by operator and being used to verified the sequence number of authentification (SQN) etc. of legitimacy of the authentication message of network side, and this will be described in detail hereinafter.
Preferably, also need to be provided with a mechanism that is used for user identification information may is carried out read-write operation and data structure adjustment operation, in this embodiment, the storage area of said structure and setting can constitute user identification module, uses software module to finish user identity identification in the terminal to be implemented in.
By above-mentioned terminal is provided, can not re-use SIM card and carry out authentication, so operator has reduced operating cost of operator with regard to not needing to carry out the buying of SIM card again.In addition, operator can pass through the capacity of OTA (Over The Air eats dishes without rice or wine) flexible allocation user identification information may storage area, so that utilize nonvolatile memory more fully; Simultaneously also be more convenient for operator, expanded the scope of business of terminal for the user provides new value-added service.
Fig. 1 (a) has provided the building-block of logic according to the WiMAX terminal of the embodiment of the invention.Shown in Fig. 1 (a), the hardware configuration of WiMAX terminal is mainly by WiMAX radio-frequency module (WiMAX Radio Frequency, abbreviation WiMAX RF), WiMAX baseband module (WiMAX Baseband, be called for short WiMAX BB), nonvolatile memory (as: EEPROM, Flash) and miscellaneous part composition, its major function is as follows:
(1) WiMAX RF module mainly is responsible for the transmitting-receiving of the wireless signal of terminal;
(2) WiMAX BB module mainly is responsible for Base-Band Processing and higher layer applications;
(3) miscellaneous part is mainly finished the access of functional modules such as keyboard access, LCD demonstration, the realization of MP3/MP4 function, camera, speech processes;
(4) nonvolatile memory (as: EEPROM, Flash) is used to store data, and wherein a part is used to store user identification information may (Soft_SIM), and wherein, user identification information may comprises:
1. authentication ciphering algorithm and key K i: the bi-directional authentification authentication when being used for user access network.The subscription authentication algorithm adopts data encryption standard (DataEncryption Standard the abbreviates DES as) cryptographic algorithm based on symmetric key.Key K i belongs to confidential information, is to register when networking the user, is provided by operator, and same information also is retained in the authentication server of system side, is used for user's access authentication.After realizing the user identity identification function, operator also can periodically change the Ki value by OTA, and then prevents that the invador from cracking this information by the method for exhaustion, theft user profile.
2. certificate X.509: the authentication when being used for user access network.Operator can carry out periodicity to certificate X.509 or aperiodicity is upgraded by OTA, cracks X.509 certificate with better strick precaution invador by the method for exhaustion.
3. the password PIN of user identification module and individual Personal Unlocking Key PUK: be used to protect user identification module, prevent this terminal of invalid user stealing or this user identification module.For example, if can be set to import the PIN value of three mistakes, user identification module is with locked, at this moment, have only the correct PUK value of input, could carry out release this user identification module, if import the PUK value of ten mistakes, this user identification module is with formatted;
4. sequence number of authentification (Sequence Number, abbreviate SQN as), identical SQN value is stored in end side and authentication server side, the legitimacy of the authentication message that is used to judge that network side issues, after the each successful authentication, authentication server and end side all add 1 to this value and handle.If the SQN value that is stored in end side within threshold values necessarily, thinks then that authentication message is effective with the difference of the SQN value that is stored in the authentication server side, simultaneously the SQN value of end side is carried out synchronously with the SQN value of authentication server side;
5. facility information T_ID: be used for unique identification equipment;
6. other user related informations.
Fig. 1 (b) shows the position of user identification module in WiMAX terminal equipment LCP.Main program is by API (Application Interface, application programming interfaces) invoke user identification module program, the user identification module program is by OSAPI (Operation System API, operating system API) calls OS Kenel (OperationSystem Kenel, operating system nucleus), OS Kenel realizes the read-write to storage user identification information may (Soft_SIM) in the nonvolatile memory (as: EEPROM, Flash) by calling I/O Driver (Input/Output Driver, I/O drives).
Fig. 2 has provided portable terminal (WiMAX terminal) according to the embodiment of the invention at the position view of WiMAX network system framework.As shown in Figure 2, the WiMAX network system comprises:
(1) WiMAX terminal (Subscriber Station abbreviates SS as): comprise 202 two logical blocks of user identification module 201 and main program module.SS is connected with Radio Access Network ASN by the 802.16e air interface, connects thereby finish end to end.
(2) access service network (Access Service Network, abbreviate ASN as): comprise base station (Base Station, abbreviate BS as) 203 and Access Service Network Gateway (AccessService Network GateWay, abbreviate ASN GW as) 204, have functions such as access control, RRM, the inner mobile management of ASN and switching controls.
(3) connectivity serving network (Connectivity Service Network, abbreviate CSN as) 205: major function comprise set up user conversation connect, for terminal distribution IP address, authentication, mandate and accounting server (Authentication Authorization and Accounting abbreviates AAA as), the Internet insert, mobile management etc. between ASN.CSN is divided into two kinds of access and local internet service provider'ss (Network ServiceProvider abbreviates NSP as) according to the registered place of user attaching.
Based on above description, below further describe method embodiment provided by the invention.
According to the embodiment of the invention, a kind of method for authenticating is provided, be used for end side network side is carried out authentication.Fig. 3 has provided the flow chart according to the method for authenticating of the embodiment of the invention, as shown in Figure 3, comprises following processing:
Step S302, store user identification information may in advance, X.509 and the sequence number of authentification (SQN) of legitimacy that is used to verify the authentication message of network side wherein, user identification information may comprises: the key K i that is used for access authentication that is provided by operator, digital certificate;
Step S304, obtain authentication message from network side, according to the decipherment algorithm of making an appointment the authentication-tokens in the authentication message (AUTN) is decrypted, obtains expectation sequence number of authentification (XSQN), random number (RAND), the expectation authentication values (XMAC) of carrying among the AUTN;
Step S306 reads the user identification information may of storage, obtains SQN;
Step S308 compares XSQN with SQN, with the legitimacy of checking authentication message.
Particularly, in step S308, under the XSQN situation consistent, judge that authentication message is effective with SQN; Under XSQN and the inconsistent situation of SQN, further the difference of the two is compared with predetermined threshold range, under the situation of difference in predetermined threshold range, judge that authentication message is effective, and can further use XSQN to upgrade SQN, that is, make that XSQN and SQN are synchronous; Not under the situation in predetermined threshold range, judge that authentication message is invalid in difference.
It more than is the authentication process that authentication message is carried out, afterwards, need proceed the authentication process of network, shown in Fig. 3 (b), detailed process is as follows: under the effective situation of checking authentication message, use Ki, XSQN and RAND, obtain authentication values (Message Authentication Code abbreviates MAC as) (step S310) by predetermined authentication arithmetic; MAC and XMAC are compared (step S312), with the legitimacy of checking network, wherein, under the two consistent situation, the checking network is legal, afterwards, and under the legal situation of network also verification terminal, execution adds 1 operation (step S314) to SQN, otherwise the checking network is illegal.
By top processing, realized the authentication process of end side to network side.
According to the embodiment of the invention, a kind of method for authenticating also is provided, be used for network side end side is carried out authentication.Fig. 4 has provided the flow chart according to the method for authenticating of the embodiment of the invention, as shown in Figure 4, comprises following processing:
Step S402 obtains digital certificate and Expected Response (XRES) from end side, wherein, and digital certificate and obtain the employed Ki of XRES and be stored in the memory of end side, and, also store SQN in the memory;
Step S404 compares XRES with the response (RES) of local storage, under the two consistent situation, verification terminal is legal, otherwise verification terminal is illegal.Preferably, under the legal situation of verification terminal, local SQN execution of storing adds 1 operation to network side.
By above process, realized the authentication process of network side to end side.In this process, because be stored in the assigned address of end side after confidential information such as user identification information may and KI are handled by specific cryptographic algorithm, therefore, end side is only according to reading user profile in the memory location, the line data of going forward side by side reports, and does not need these data are decrypted.
By top processing as can be seen, in the present invention, realized separating of network side and the data management of end side bi-directional authentification.Subscriber identity information (this information is by the information after the special algorithm encryption) for the network verification terminal legality, terminal is not decrypted, and only need in authentication process, send to network side, carry out the deciphering of subscriber identity information by network side according to the given enciphering and deciphering algorithm of operator, and finish the checking of network terminal legality.For the user profile of end side checking network legitimacy, terminal can be carried out the encryption and decryption operation, and according to a preconcerted arrangement algorithm by the calculating of SQN, KI Ki value and random number RA ND being verified the legitimacy of network side.
Based on above-mentioned method embodiment, be example with WiMAX terminal and network, Fig. 5 has provided the authentication process that uses the present invention to realize.As shown in Figure 5, comprise following processing:
501, when SS starting up of terminal, authentication server required periodically authentication or updating of terminal position, the end side main program sent authentication request to WiMAX network side authentication server, includes facility information T_ID in the authentication request;
502, authentication server is searched user's personal information (as: Ki and XSQN) by facility information T_ID, and generate random number RA ND, and send authentication message by the WiMAX network to end side then, carry the AUTN after according to a preconcerted arrangement cryptographic algorithm is encrypted in this authentication message;
503, the end side main program can obtain deciphering and obtain XSQN, RAND and XMAC according to the AUTN that receives and the decipherment algorithm of agreement;
504, end side main program deciphering provides the SQN that is stored in end side by API after obtaining XSQN that authentication server issues to the user identification module request;
505, the end side main program compares XSQN and SQN, if the two unanimity, though perhaps the two inconsistent the two difference would think that then this authentication message is effective within limits; If difference surpasses threshold values, think that then this authentication message is illegal, this authentication process finishes;
506, if find that the difference of XSQN and SQN is inconsistent, but difference is within threshold values, and then the end side main program will send to user identification module by API and carry out the SQN synchronization request, and the XSQN that the SQN that is stored in end side is issued with authentication server carries out synchronously;
507, the end side main program sends XSQN and the RAND that receives from authentication server by API to user identification module;
508, user identification module obtains MAC by the authentication arithmetic of arranging, and this MAC is returned to main program according to being stored in the Ki value of end side and receiving XSQN, RAND;
509, the end side main program compares MAC and XMAC value, if the two unanimity thinks that so network is legal; If the two is inconsistent, think that then network is illegal, this authorizing procedure finishes;
510, the end side main program is by X.509 certificate and the XRES of API after user identification module request network side is encrypted, and wherein, XRES can be calculated according to authentication arithmetic by Ki and RAND;
511, X.509 certificate and XRES that the end side main program provides to authentication server report of user identification module by the WiMAX network;
512, authentication server compares XRES that receives and the RES that is stored in this this authentication of user on the authentication server, if the two conforms to, then network thinks that terminal is legal; If the two is not inconsistent, then network thinks that terminal is illegal, and this authorizing procedure finishes;
513, authentication server is decrypted certificate X.509, and issues through the AK behind the public key encryption;
514, authentication server issues the authentication acknowledgement message by the WiMAX network to terminal, and authentication server adds 1 operation to this user SQN that is stored in local terminal simultaneously;
515, after the terminal main program is received the authentication acknowledgement message that authentication server issues,, the SQN that is stored in end side is added 1 handle by the API Calls user identification module;
516, after the terminal authentication success, network is this user subscribed services is provided.
According to the embodiment of the invention, a kind of authentication device is provided, this device is positioned at end side, is used for network side is carried out authentication, and this device can be as the user identification module of above mentioning.
Fig. 6 has provided the structured flowchart according to the authentication device of the embodiment of the invention, as shown in Figure 6, comprises memory module 60, deciphering module 62, read module 64, authentication module 66.The following specifically describes each above-mentioned module.
Memory module 60 is used to store user identification information may, wherein, user identification information may comprises: key that is used for access authentication (Ki) and the digital certificate (X.509 certificate) that is provided by operator and being used to verified the sequence number of authentification (SQN) etc. of legitimacy of the authentication message of network side; This memory module can be to mark special storage area on the nonvolatile memory (as: EEPROM, Flash), and can pass through the storage area size that OTA (Over The Air eats dishes without rice or wine) adjusts this memory module by operator.
In addition, as mentioned above, can also store the password PIN and the individual Personal Unlocking Key PUK of authentication device in this memory module, be used to protect this authentication device, can prevent invalid user stealing terminal or authentication device.
Deciphering module 62 is used to obtain the authentication message from network side, and according to the decipherment algorithm of making an appointment the authentication-tokens in the authentication message (AUTN) is decrypted, and obtains XSQN, the RAND, the XMAC that carry in the authentication-tokens;
Read module 64 is used for reading the user identification information may of memory module 60 storages;
Authentication module 66 is used for the sequence number of authentification that user identification information may that first sequence number of authentification that deciphering module 62 deciphering is obtained and read module 64 read comprises and compares, to verify the legitimacy of authentication message.
Wherein, deciphering module also is used for obtaining authentication values according to the key that the user identification information may that XSQN and random number and read module read comprises, and authentication values and expectation authentication values are offered authentication module; Authentication values and expectation authentication values that authentication module also is used for deciphering module is provided compare, with the legitimacy of checking network.
Preferably, this device also comprises a update module, is used for the SQN that memory module is stored is upgraded operation, mainly is the simultaneous operation of carrying out with the XSQN of network side.
Need to prove that the terminal that comprises above-mentioned authentication device can be understood and implements equally within protection scope of the present invention with reference to above embodiment, is not repeated at this.In addition, more than be that example describes mainly with the WiMAX terminal, obviously, for those of ordinary skills, be appreciated that the present invention goes for other standard networks outside the WiMAX network equally, is not repeated at this.
By embodiment described above as can be seen,, reduced the maintenance cost of operator, and the fail safe of terminal use's personal-machine confidential information obtains prompting, and can support the new business that operator releases easily by means of the present invention.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. portable terminal, comprise nonvolatile memory, it is characterized in that, store user identification information may in the described nonvolatile memory, wherein, described user identification information may comprises: key that is used for access authentication and the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side.
2. a method for authenticating is used in end side network side being carried out authentication, it is characterized in that described method comprises:
Store user identification information may in advance, wherein, described user identification information may comprises: the key that is used for access authentication, the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side;
Obtain authentication message, the authentication-tokens in the described authentication message is decrypted, obtain expectation sequence number, random number, the expectation authentication values of carrying in the described authentication-tokens according to the decipherment algorithm of making an appointment from network side;
Read the described user identification information may of storage, obtain described sequence number of authentification;
Described expectation sequence number is compared with described sequence number of authentification, to verify the legitimacy of described authentication message.
3. method according to claim 2 is characterized in that, described expectation sequence number is compared with described sequence number of authentification, is specially with the operation of the legitimacy of verifying described authentication message:
Under the described expectation sequence number situation consistent, judge that described authentication message is effective with described sequence number of authentification;
Inconsistent at described expectation sequence number and described sequence number of authentification, further the difference of the two is compared with predetermined threshold range,
Under the situation of described difference in described predetermined threshold range, judge that described authentication message is effective;
Not under the situation in described predetermined threshold range, judge that described authentication message is invalid in described difference.
4. method according to claim 3 is characterized in that, and is inconsistent at described expectation sequence number and described sequence number of authentification, and under the situation of the difference of the two in described predetermined threshold range, further comprises:
Use the described sequence number of authentification of described expectation sequence number update.
5. method according to claim 3 is characterized in that, is judging under the effective situation of described authentication message, further comprises:
Use described key, described expectation sequence number and described random number, obtain authentication values by predetermined authentication arithmetic;
Described authentication values and described expectation authentication values are compared, and with the legitimacy of checking network, wherein, under the two consistent situation, the checking network is legal, otherwise the checking network is illegal.
6. method according to claim 5 is characterized in that, further comprises:
Legal at the checking network, and network is also under the legal situation of verification terminal, described sequence number of authentification carried out add 1 operation.
7. a method for authenticating is used for network side end side is carried out authentication, it is characterized in that described method comprises:
Obtain digital certificate and Expected Response from end side, wherein, described digital certificate and obtain the employed key of described Expected Response and be stored in the memory of described end side, and, also store sequence number of authentification in the described memory;
Described Expected Response is compared with the response of local storage, and under the two consistent situation, verification terminal is legal, otherwise verification terminal is illegal.
8. method according to claim 7 is characterized in that, under the legal situation of verification terminal, further comprises:
Sequence number of authentification execution to this locality storage adds 1 operation.
9. an authentication device is positioned at end side, is used for network side is carried out authentication, it is characterized in that described device comprises:
Memory module is used to store user identification information may, and wherein, described user identification information may comprises: key that is used for access authentication and the digital certificate that is provided by operator and being used to verified the sequence number of authentification of legitimacy of the authentication message of network side;
Deciphering module is used to obtain the authentication message from network side, and according to the decipherment algorithm of making an appointment the authentication-tokens in the described authentication message is decrypted, and obtains expectation sequence number, random number, the expectation authentication values of carrying in the described authentication-tokens;
Read module is used for reading the described user identification information may that described memory module is stored;
Authentication module is used for the described sequence number of authentification that described user identification information may that described first sequence number of authentification that the deciphering of described deciphering module is obtained and described read module read comprises and compares, to verify the legitimacy of described authentication message.
10. device according to claim 9 is characterized in that,
Described deciphering module also is used for obtaining authentication values according to the described key that the described user identification information may that described expectation sequence number and described random number and described read module read comprises, and described authentication values and described expectation authentication values are offered described authentication module;
Described authentication values and described expectation authentication values that described authentication module also is used for described deciphering module is provided compare, with the legitimacy of checking network.
11. device according to claim 8 is characterized in that,
Update module is used for the described sequence number of authentification that described memory module is stored is upgraded operation.
12. a portable terminal comprises according to each described authentication device in the claim 9 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101337638A CN101330420A (en) | 2008-07-24 | 2008-07-24 | Authentication method and device, mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101337638A CN101330420A (en) | 2008-07-24 | 2008-07-24 | Authentication method and device, mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101330420A true CN101330420A (en) | 2008-12-24 |
Family
ID=40206026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101337638A Pending CN101330420A (en) | 2008-07-24 | 2008-07-24 | Authentication method and device, mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101330420A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685720A (en) * | 2011-03-16 | 2012-09-19 | 瑞铭科技股份有限公司 | Integrated operation communication device |
| CN103024090A (en) * | 2011-09-20 | 2013-04-03 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN103415017A (en) * | 2013-08-23 | 2013-11-27 | 深圳市中兴物联科技有限公司 | Method, device and mobile terminal of virtual SIM card |
| CN103841560A (en) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | Method and equipment to enhance SIM card reliability |
| CN103905192A (en) * | 2012-12-26 | 2014-07-02 | 重庆重邮信科通信技术有限公司 | Encryption authentication method, device and system |
| WO2015165325A1 (en) * | 2014-04-28 | 2015-11-05 | 华为技术有限公司 | Secure terminal authentication method, device and system |
| CN105577612A (en) * | 2014-10-11 | 2016-05-11 | 中兴通讯股份有限公司 | Identity authentication method, third party server, merchant server, and user terminal |
| CN105657694A (en) * | 2015-05-21 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Control method, controller and electronic equipment |
| CN106982432A (en) * | 2017-03-29 | 2017-07-25 | 中国联合网络通信集团有限公司 | It is a kind of to authenticate synchronous method and device |
| CN107113172A (en) * | 2015-12-10 | 2017-08-29 | 深圳市大疆创新科技有限公司 | Unmanned plane authentication method, safety communicating method and correspondence system |
| CN107888541A (en) * | 2016-09-29 | 2018-04-06 | 成都鼎桥通信技术有限公司 | The permanent distant method and apparatus for closing SIM card |
| CN108769043A (en) * | 2018-06-06 | 2018-11-06 | 中国联合网络通信集团有限公司 | Trusted application Verification System and trusted application authentication method |
| CN109919635A (en) * | 2019-02-26 | 2019-06-21 | 河北泊松信息科技有限公司 | A kind of article method for authenticating and device |
| CN110493773A (en) * | 2019-08-23 | 2019-11-22 | 中国联合网络通信集团有限公司 | The acquisition methods and its equipment of mobile device authentication capability |
| WO2020198991A1 (en) * | 2019-03-29 | 2020-10-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and apparatus relating to authentication of a wireless device |
| CN114298724A (en) * | 2021-12-30 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Intelligent equipment management method and server |
| WO2023198519A1 (en) | 2022-04-14 | 2023-10-19 | Isp Investments Llc | Crocus sativus flower extracts, compositions comprising same, and uses thereof in oral care |
-
2008
- 2008-07-24 CN CNA2008101337638A patent/CN101330420A/en active Pending
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685720A (en) * | 2011-03-16 | 2012-09-19 | 瑞铭科技股份有限公司 | Integrated operation communication device |
| CN103024090A (en) * | 2011-09-20 | 2013-04-03 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN103024090B (en) * | 2011-09-20 | 2015-07-01 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN103905192A (en) * | 2012-12-26 | 2014-07-02 | 重庆重邮信科通信技术有限公司 | Encryption authentication method, device and system |
| CN103415017A (en) * | 2013-08-23 | 2013-11-27 | 深圳市中兴物联科技有限公司 | Method, device and mobile terminal of virtual SIM card |
| CN103841560A (en) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | Method and equipment to enhance SIM card reliability |
| CN103841560B (en) * | 2014-02-28 | 2017-12-26 | 深圳市中兴物联科技有限公司 | Strengthen the method and apparatus of SIM card reliability |
| WO2015165325A1 (en) * | 2014-04-28 | 2015-11-05 | 华为技术有限公司 | Secure terminal authentication method, device and system |
| CN105101194A (en) * | 2014-04-28 | 2015-11-25 | 华为技术有限公司 | Terminal security authentication method, device and system |
| CN105101194B (en) * | 2014-04-28 | 2019-07-09 | 华为技术有限公司 | Terminal security authentication method, apparatus and system |
| CN105577612A (en) * | 2014-10-11 | 2016-05-11 | 中兴通讯股份有限公司 | Identity authentication method, third party server, merchant server, and user terminal |
| CN105657694A (en) * | 2015-05-21 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Control method, controller and electronic equipment |
| WO2016183873A1 (en) * | 2015-05-21 | 2016-11-24 | 宇龙计算机通信科技(深圳)有限公司 | Control method, controller and electronic device |
| CN105657694B (en) * | 2015-05-21 | 2019-08-23 | 宇龙计算机通信科技(深圳)有限公司 | A kind of control method, controller and electronic equipment |
| CN107113172A (en) * | 2015-12-10 | 2017-08-29 | 深圳市大疆创新科技有限公司 | Unmanned plane authentication method, safety communicating method and correspondence system |
| CN107113172B (en) * | 2015-12-10 | 2019-03-29 | 深圳市大疆创新科技有限公司 | Unmanned plane authentication method, safety communicating method and correspondence system |
| CN107888541A (en) * | 2016-09-29 | 2018-04-06 | 成都鼎桥通信技术有限公司 | The permanent distant method and apparatus for closing SIM card |
| CN106982432B (en) * | 2017-03-29 | 2019-06-14 | 中国联合网络通信集团有限公司 | A kind of method and device that authentication is synchronous |
| CN106982432A (en) * | 2017-03-29 | 2017-07-25 | 中国联合网络通信集团有限公司 | It is a kind of to authenticate synchronous method and device |
| CN108769043A (en) * | 2018-06-06 | 2018-11-06 | 中国联合网络通信集团有限公司 | Trusted application Verification System and trusted application authentication method |
| CN109919635A (en) * | 2019-02-26 | 2019-06-21 | 河北泊松信息科技有限公司 | A kind of article method for authenticating and device |
| WO2020198991A1 (en) * | 2019-03-29 | 2020-10-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and apparatus relating to authentication of a wireless device |
| CN110493773A (en) * | 2019-08-23 | 2019-11-22 | 中国联合网络通信集团有限公司 | The acquisition methods and its equipment of mobile device authentication capability |
| CN110493773B (en) * | 2019-08-23 | 2022-09-02 | 中国联合网络通信集团有限公司 | Method and equipment for acquiring authentication capability of mobile equipment |
| CN114298724A (en) * | 2021-12-30 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Intelligent equipment management method and server |
| WO2023198519A1 (en) | 2022-04-14 | 2023-10-19 | Isp Investments Llc | Crocus sativus flower extracts, compositions comprising same, and uses thereof in oral care |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101330420A (en) | Authentication method and device, mobile terminal | |
| KR101500825B1 (en) | Wireless network authentication apparatus and methods | |
| CN101006739B (en) | Reuse of identity data from an identity module in a user equipment by a peripheral device | |
| US7630495B2 (en) | Method for protecting electronic device, and electronic device | |
| US6408175B1 (en) | Method of managing mobile station operational parameters | |
| US8407769B2 (en) | Methods and apparatus for wireless device registration | |
| CN101366299B (en) | Bootstrapping authentication using distinguished random challenges | |
| CN108471610B (en) | Bluetooth connection control system | |
| CN102859964B (en) | Network personalized method and apparatus for subscriber device | |
| KR100755394B1 (en) | Method for fast re-authentication in umts for umts-wlan handover | |
| EP2630816A1 (en) | Authentication of access terminal identities in roaming networks | |
| CN101682931A (en) | The production method of traffic encryption keys (tek) | |
| KR20060135003A (en) | Method and apparatus for access authentication in wireless mobile communication system | |
| US20110271101A1 (en) | Method, system and terminal device for realizing locking network by terminal device | |
| CN102668609B (en) | For the treatment of the method for encryption key in travelling carriage | |
| US20120289198A1 (en) | Authentication in a Roaming Environment | |
| AU1828001A (en) | Method and apparatus for performing a key update using update key | |
| CN114268943A (en) | Authorization method and device | |
| CN104660567A (en) | D2D terminal access authentication method as well as D2D terminal and server | |
| CN106465116A (en) | Access control for a wireless network | |
| CN104902473A (en) | Wireless network access authentication method and device based on CPK (Combined Public Key Cryptosystem) identity authentication | |
| CN109743716A (en) | A kind of Wireless LAN Verification System and method based on NFC | |
| CN104283689A (en) | Wireless verification system and method | |
| CN106792687A (en) | The connection method of mobile terminal WIFI network and system | |
| KR101603476B1 (en) | Method for Dual Certification by using Dual Channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20081224 |