CN102149079A - Method, device and system for obtaining user identity identifier - Google Patents

Method, device and system for obtaining user identity identifier Download PDF

Info

Publication number
CN102149079A
CN102149079A CN2010101091368A CN201010109136A CN102149079A CN 102149079 A CN102149079 A CN 102149079A CN 2010101091368 A CN2010101091368 A CN 2010101091368A CN 201010109136 A CN201010109136 A CN 201010109136A CN 102149079 A CN102149079 A CN 102149079A
Authority
CN
China
Prior art keywords
user identity
card terminal
request
authentication
subscriber
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010101091368A
Other languages
Chinese (zh)
Other versions
CN102149079B (en
Inventor
常辉
郭毅峰
卢山
封令隽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201010109136.8A priority Critical patent/CN102149079B/en
Publication of CN102149079A publication Critical patent/CN102149079A/en
Application granted granted Critical
Publication of CN102149079B publication Critical patent/CN102149079B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method for obtaining a user identity identifier, which comprises the steps as follows: a terminal provided with a user identification module receives a user identity request; the terminal provided with the user identification module is served as a card terminal; the card terminal generates a user identity identifier corresponding to the user identity request, and transmits the user identity identifier. The embodiment can provide the user identity identifier to a card-less terminal, so as to save the resource of SIM (subscriber identify module) cards. The embodiment of the invention also discloses a device and a system employing the method.

Description

A kind of methods, devices and systems that obtain User Identity
Technical field
The present invention relates to communication technical field, relate in particular to a kind of methods, devices and systems that obtain User Identity.
Background technology
Along with the fast development of mobile communication technology, as the most frequently used mobile communication equipment, mobile phone is very universal, becomes an indispensable part in people's life.No matter be 2G (2nd Generation, second generation mobile communication technology) GSM (Global System for Mobile Communications, global system for mobile communications) mobile phone and CDMA (Code Division Multiple Access, code division multiple access) mobile phone still is 3G (3rd Generation, the third generation mobile technology) mobile phone, all need to use a SIM (Subscriber Identity Module, subscriber identification module) card or USIM (UniversalSubscriber Identity Module, universal subscriber identity module) card.When mobile phone develops rapidly, the no tape card terminal of other forms also appears, and such as net book, wireless Internet access data card, radio network gateway etc., above-mentioned band card terminal is the same with mobile phone, also needs to use the SIM card or the usim card of an operator.
SIM card is also referred to as smart card, subscriber identification card, and digital mobile phone must be loaded onto this card and can use.SIM card by chip-stored digital mobile phone client's information, contents such as encrypted secret key can be differentiated client identity for the mobile network, and the voice messaging the when client conversed is encrypted.Usim card is the upgrading of SIM card, is applied in UMTS (Universal MobileTelecommunication System, the conventional wireless communication systems) network.SIM card or usim card are the unique identification of mobile operator to the user.Any mobile service all needs the relevant information of SIM card or usim card to authenticate and authentication.In addition, in IMS (IP Multimedia Subsystem, IP multimedia system) network, can pass through ISIM (IMS Subscriber Identity Module, IMS Subscriber Identity Module) card and finish similar function.In present specification, if there is not lay special stress on, SIM card is the general designation to common SIM card, USIM and ISIM card.
Storage user data can be divided into four classes in the SIM card: the first kind is the data of fixedly depositing, such data are at ME (Mobile Equipment, mobile device) quilt is write by the SIM card center before being sold, and comprises international mobile subscriber identifier (IMSI), KI (KI) etc.; Second class is the data of the related network temporarily deposited, for example band of position identification code (LAI), the temporary transient identification code of mobile subscriber (TMSI), forbid public telephone network code that inserts etc.; The 3rd class is the service code of being correlated with, as PIN (PIN), PUK (PUK), charging rate etc.; The 4th class is a telephone directory book, is the telephone number that the cellphone subscriber imports at any time.Relevant information in the SIM card utilization card confirm whether user identity is legal, and authentication process carries out between network and SIM card, and generally is when portable terminal is registered on the net and call out the authentication time to subscriber identity authentication.When authentication began, network produced the random number RA ND of one 128 bit, is sent to travelling carriage through radio control channel, and SIM card calculates answer signal SRES to the RAND that receives, and SRES is beamed back network terminal according to key K i and algorithm A3 in the card.And network terminal is found out in AUC and is calculated this user's key K i SRES with same RAND and algorithm A3, and compare with the SRES that receives, is consistent as comparative result, and then authentication is passed through.
At present, adopt the connected mode of a machine one card between SIM card and the equipment, promptly all will be with a SIM card in each terminal, be used for authentification of user, service authentication etc.Have only the terminal of band SIM card just can obtain the business that mobile operator provides, such as, based on the value-added service of multimedia message/note.Not with the terminal of SIM card, can't obtain the business that mobile operator provides for other.
The inventor finds that there is following defective at least in prior art in realizing process of the present invention:
The waste and APRU (the Average Monthly Revenue Per Unit of SIM card resource can appear in the mode of one machine, one card under some scene, the business income of average each user contribution in every month) reduction of value, such as, in home network, the wireless home gateway of existing band card, data card also have net book.User in the family utilizes the said equipment to carry out certain business by the mobile network, because the user is from same family, but, be fully independently from operational angle owing to adopt independently SIM card, be not used in carrying out of home business, and the lifting of user's business experience.
The business that mobile operator carries out all needs SIM card to identify, the business that the terminal equipment that has only band to block could use mobile operator to provide.For the equipment that does not have SIM card,, be the business that to use mobile operator such as common notebook computer, desktop computer, DPF.But under some occasion,, the band SIM card is arranged, also have and be not with card, kinsfolk that the business of utilizing different terminals to use mobile operator to provide also is provided such as many equipment are arranged in the home network.Prior art then can't satisfy the demand.
Summary of the invention
The embodiment of the invention provides a kind of methods, devices and systems that obtain User Identity, and being used for does not provide User Identity to there being the card terminal.
The embodiment of the invention provides a kind of method of obtaining User Identity, comprising:
The terminal that is provided with subscriber identification module receives the user identity request; The described terminal of subscriber identification module that is provided with is as the card terminal is arranged;
Described have the card terminal to generate and the corresponding User Identity of described user identity request, and send described User Identity.
The embodiment of the invention also provides a kind of device that obtains User Identity, comprising:
Receiver module is used to receive the user identity request;
Subscriber identification module is used to generate and the corresponding User Identity of described user identity request;
Sending module is used to send the User Identity that described subscriber identification module generates.
The embodiment of the invention also provides a kind of system that obtains User Identity, comprising:
The card terminal is arranged, be provided with subscriber identification module, be used to receive the user identity request, generate and the corresponding User Identity of described user identity request, and send described User Identity;
Do not have the card terminal, subscriber identification module is not set, be used for having the card terminal to send the user identity request, and receive the described User Identity that has the card terminal to return to described.
Compared with prior art, the embodiment of the invention has the following advantages: the embodiment of the invention does not provide User Identity by ethernet switch technology for there being the card terminal, can reduce the cost of equipment for a plurality of equipment provide effective User Identity, save the SIM card resource.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in the embodiment of the invention or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of method flow diagram that obtains User Identity in the embodiment of the invention;
Fig. 2 is the User Identity center networking schematic diagram in the embodiment of the invention;
Fig. 3 is the User Identity division center schematic diagram in the embodiment of the invention;
Fig. 4 is for obtaining the User Identity flow chart in the embodiment of the invention application scenarios;
Fig. 5 is a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the invention;
Fig. 6 is a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the invention application scenarios;
Fig. 7 is a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the invention.
Embodiment
In the technical scheme that the embodiment of the invention provides, its core concept is a kind of for non-card equipment provides the device that carries SIM card of User Identity for proposing, and the card terminal is promptly arranged.Form local area network (LAN) by card terminal and nothing card terminal, do not have the card terminal and utilize the mode of Ethernet exchange to be connected with the User Identity center, utilization has the SIM card of card terminal that business is identified.The business that no card terminal in the Ethernet can provide by the User Identity visit mobile operator that has the card terminal to return, utilize User Identity to carry out user identity identification and service authentication etc., thereby make the original SIM card that User Identity only is provided for the business on the terminal, for a plurality of business of a plurality of terminals provide User Identity.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme of the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
As shown in Figure 1, a kind of method flow diagram that obtains User Identity in the embodiment of the invention may further comprise the steps:
Step 101, the terminal that is provided with subscriber identification module receives the user identity request; This terminal that is provided with subscriber identification module is as the card terminal is arranged.
Wherein, the described user identity request that has the card terminal to receive is sent by the no card terminal that subscriber identification module is not set, subscriber identification module can be the general designation of common SIM card, usim card and ISIM card, carries the device identification ID and the traffic ID of described no card terminal in the user identity request.
The above-mentioned method that has the card terminal to generate the User Identity corresponding with described user identity request specifically comprises: have the card terminal according to described device id and described traffic ID described no card terminal to be carried out equipment identities authentication and service authority authentication; The authentication of described equipment identities and described service authority authenticate pass through after, described have the card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and the described subscriber identification module.
Above-mentioned no card terminal is to being provided with the having before the card terminal sends the user identity request of subscriber identification module, there is the card terminal to issue temporary key, so that described no card terminal used described temporary key to have card terminal foundation safety to be connected with described before sending described user identity request to described no card terminal.
Step 102 has the card terminal to generate the User Identity corresponding with the user identity request, and sends this User Identity.
Particularly, can also send the service request of carrying described User Identity to business platform to the no card terminal that has the card terminal to send the user identity request; Described no card terminal receives the subscriber authentication request from described business platform, and carrying business platform in this subscriber authentication request is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information is sent to the described card terminal that has; Described have the card terminal to obtain checking result to described User Identity according to described User Identity and described authorization information, and described checking result is returned to described no card terminal; Described no card terminal sends to described business platform with described checking result, so that described business platform is according to the described User Identity of described checking result verification.
Wherein, above-mentioned have the card terminal to obtain method to the checking result of described User Identity according to described User Identity and described authorization information, specifically comprise: have the card terminal to calculate the summary result of described User Identity according to described User Identity and described authorization information, and with described summary result as described checking result.
Device id and traffic ID are also carried in above-mentioned subscriber authentication request of carrying User Identity and described authorization information; The described summary result who has the card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises: described have the card terminal according to described device id with described no card terminal is carried out the equipment identities authentication to described traffic ID and service authority authenticates; The authentication of described equipment identities and described service authority authenticate pass through after, described have the card terminal according to the business cipher key of storing in described authorization information, described User Identity and the described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
The embodiment of the invention does not provide User Identity by ethernet switch technology for there being the card terminal, can provide effective User Identity for a plurality of equipment, has reduced the cost of equipment, has saved the SIM card resource.
The method of obtaining User Identity in the embodiment of the invention can realize that promptly the card terminal that has that is provided with subscriber identification module in the foregoing description is the user identity identification center by the User Identity center, and not having the card terminal is subscriber equipment.As shown in Figure 2, be the User Identity center networking schematic diagram in the embodiment of the invention.Wherein, User Identity center and subscriber equipment are formed local area network (LAN), can pass through wired connection, also can pass through wireless WIFI (Wireless Fidelity, Wireless Fidelity) and connect.A SIM card is carried at the User Identity center, and subscriber equipment can be not have the card terminal.Local area network users identify label center and subscriber equipment can be visited mutually.When each user equipment access is professional, need to obtain User Identity to the User Identity center.This local area network (LAN) can link to each other with external network by a wired or wireless gateway device.
Particularly; the User Identity center is mainly used in the KI according to the SIM card storage; and from device id and the traffic ID of not having the card terminal; generate with this and do not have the corresponding User Identity of card terminal; business on this nothing card terminal provides this User Identity, and carries out equipment identities authentication management, service authority authentication management, User Identity management and user identity integrity protection.Wherein, the device authentication management mainly is that the equipment of butt joint access customer identify label administrative center is verified, guarantees that it is a legitimate device, has only legitimate device to obtain User Identity from the User Identity center; The service authority authentication management is that the service authority that the user will visit is authenticated, and has only the legal business of legitimate device visit just can obtain the right user identify label; The User Identity management is meant dispatch user identify label when the User Identity center is legal terminal visit legitimate traffic, terminal will be removed the access service platform with the User Identity that obtains from the User Identity center, business platform will be confirmed User Identity for the legitimacy of identifying user identity; The User Identity integrity protection is meant that business platform is in order to verify user's legitimacy; to send the request of user identification confirmation to terminal; terminal receives that this request is forwarded to the User Identity center afterwards and carries out the user identity integrity protection; the User Identity of User Identity center after with integrity protection returns terminal, and the terminal utilization is through the User Identity access service of integrity protection.
Legitimacy for the checking access device, the User Identity center is to after the user equipment registration success, can also adopt the mechanism of certificate distribution, by secure network interface or USB interface device certificate is distributed in the subscriber equipment, the subscriber equipment that receives device certificate does not need to register when User Identity center requests User Identity again.
Particularly, when utilizing secure network interface discharge device certificate, the category-5 cable explicitly can be connected between User Identity center and the subscriber equipment, indicate two end points of mandate, express user's authorization; Connect above-mentioned two equipment with category-5 cable after, the explicit mandate button of pressing the User Identity center, the mind-set subscriber equipment issues device certificate in the User Identity, and subscriber equipment is authorized, after authorizing end, the User Identity center shows authorizes execution result.
When utilizing the USB interface distributing certificates, USB flash disk can be inserted in the User Identity in the heart, the User Identity center writes USB flash disk with temporary key as device certificate, again USB flash disk is inserted in the subscriber equipment, temporary key by the USB flash disk carrying authenticates and sets up encryption channel mutually, utilize this encryption channel, realize mandate subscriber equipment.
As shown in Figure 3, User Identity division center schematic diagram in the embodiment of the invention comprises transmission/receiver module, terminal authentication module, service identification module, business identity identification module, SIM card operational module, certificate distribution module and authentication information database.Wherein, sending module is used for receiving the service-user identify label request that other-end is initiated from Ethernet; The terminal authentication module utilizes the authentication information in the authentication information database that the terminal of initiating request is carried out legitimate verification, if the request that legal terminal is initiated, then enter service identification module and extract service identification, then service identification is delivered to the SIM card operational module; The business identity identification module carries out integrity protection according to SIM card information to the user profile of visit specified services, then this User Identity is returned to terminal by sending module; The certificate distribution module is used for can distributing by network interface to other-end discharge device certificate, also can distribute by USB interface.
Below in conjunction with above-mentioned application scenarios the method for obtaining User Identity in the embodiment of the invention is carried out detailed, concrete description.
As shown in Figure 4, for obtaining the User Identity flow chart in the embodiment of the invention application scenarios, specifically may further comprise the steps:
Step 401, User Identity center and subscriber equipment carry out facility registration.
Particularly, the User Identity center receives the facility registration request from subscriber equipment, according to this facility registration request subscriber equipment is registered.After to the user equipment registration success, the User Identity center can also issue device certificate to this subscriber equipment, and subscriber equipment can use this device certificate to insert the User Identity center.
Step 402, subscriber equipment sends the user identity request to the User Identity center.
Particularly, when certain terminal in the local area network (LAN) is wanted the access service platform, at first to send the user identity request to the User Identity center, carry device id and traffic ID in this user identity request to User Identity center requests User Identity.
Step 403, equipment identities authentication and service authority authentication are carried out to subscriber equipment in the User Identity center.
Particularly, the User Identity center is carried out the equipment identities authentication according to device id to subscriber equipment, according to traffic ID subscriber equipment is carried out the service authority authentication.
Step 404, the mind-set subscriber equipment returns user identity request response in the User Identity.
Particularly, when equipment identities authentication and service authority authenticate when all passing through, the User Identity center is according to the KI in the data of device id, traffic ID and SIM card storage, generate User Identity, and return the user identity request response of carrying this User Identity to subscriber equipment; Otherwise, the user identity request of User Identity center refusing user's equipment.
Step 405, subscriber equipment sends service request to business platform.
Wherein, carry User Identity and traffic ID in the service request.
Step 406, business platform is verified User Identity.
Step 407, business platform sends the subscriber authentication request to subscriber equipment.
Wherein, carry authorization information Nonce in the subscriber authentication request.
Step 408, subscriber equipment sends the subscriber authentication request to the User Identity center.
Wherein, carry device id, traffic ID, User Identity and authorization information Nonce (random number) in the subscriber authentication request.
Step 409, equipment identities authentication and service authority authentication are carried out to subscriber equipment in the User Identity center, and after checking is passed through, according to authorization information User Identity are carried out integrity protection.
Particularly, the User Identity center is carried out the equipment identities authentication according to device id to subscriber equipment, according to traffic ID subscriber equipment is carried out the service authority authentication.When equipment identities authentication and service authority authenticate when all passing through; the User Identity center can utilize MD (Message-Digest Algorithm; md5-challenge) 5; obtain User Identity behind the integrity protection, i.e. the summary result of User Identity according to the authorization information Nonce in business cipher key and the subscriber authentication request.Wherein, business cipher key is that the KI stored in the SIM card according to the User Identity center derives from and obtains, and can be stored in advance in the SIM card at User Identity center, also can generate after receiving the subscriber authentication request.
Step 410, the User Identity center User Identity after with integrity protection returns to subscriber equipment.
Step 411, subscriber equipment sends service request to business platform.
Wherein, carry User Identity behind traffic ID and the integrity protection in the service request.
Step 412, business platform returns the service request response to subscriber equipment.
The embodiment of the invention does not provide User Identity and carries out authentication for there being the card terminal by ethernet switch technology, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved the SIM card resource, improved the ARPU value, be convenient to the deployment of terminal equipment, can make nothing card terminal can visit the business that mobile operator carries out, and utilize the User Identity center to carry out User Identity and service authentication; In addition, owing to, be convenient to operator business carried out unified certification and management based on unified User Identity center dispatch user identify label.
The embodiment of the invention provides the methods and applications that obtain User Identity scene in the above-described embodiment, and correspondingly, the embodiment of the invention also provides above-mentioned device and the system that obtains the method for User Identity that use.
As shown in Figure 5, a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the invention comprises:
Receiver module 510 is used to receive the user identity request.
Subscriber identification module 520 is used to generate and the corresponding User Identity of described user identity request.
Sending module 530 is used to send the User Identity that subscriber identification module 520 generates.
The embodiment of the invention does not provide User Identity by ethernet switch technology for there being the card terminal, can provide effective User Identity for a plurality of equipment, has reduced the cost of equipment, has saved the SIM card resource.
As shown in Figure 6, a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the invention application scenarios comprises:
Receiver module 610 is used to receive the user identity request.
Wherein, above-mentioned user identity request is sent by the no card terminal that subscriber identification module is not set; Carry the device identification ID and the traffic ID of described no card terminal in the described user identity request.
Above-mentioned receiver module 610 also is used to receive the subscriber authentication request from described no card terminal, and described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes.
Subscriber identification module 620 is used to generate and the corresponding User Identity of described user identity request.
Above-mentioned subscriber identification module 620 specifically is used for according to described device id and described traffic ID described no card terminal being carried out equipment identities authentication and service authority authentication; The authentication of described equipment identities and described service authority authenticate pass through after, generate described User Identity according to the KI of storing in described device id, described traffic ID and the described subscriber identification module.
Acquisition module 630 is used for obtaining checking result to described User Identity according to described User Identity and described authorization information.
Particularly, above-mentioned acquisition module 630 specifically is used for calculating according to described User Identity and described authorization information the summary result of described User Identity, and with described summary result as described checking result.
Wherein, device id and traffic ID are also carried in above-mentioned subscriber authentication request;
Above-mentioned acquisition module 630 specifically is used for according to described device id and described traffic ID described no card terminal being carried out equipment identities authentication and service authority authentication; The authentication of described equipment identities and described service authority authenticate pass through after, according to the business cipher key of storing in described authorization information, described User Identity and the described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
Sending module 640 is used to send the User Identity that subscriber identification module 620 generates.
Above-mentioned sending module 640 also is used for issuing temporary key to described no card terminal, so that described no card terminal used described temporary key to have card terminal foundation safety to be connected with described before sending described user identity request.
Above-mentioned sending module 640, the checking result who is used for that also acquisition module 630 is obtained returns to described no card terminal.
The embodiment of the invention does not provide User Identity and carries out authentication for there being the card terminal by ethernet switch technology, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved the SIM card resource, improved the ARPU value, be convenient to the deployment of terminal equipment, can make nothing card terminal can visit the business that mobile operator carries out, and utilize the User Identity center to carry out User Identity and service authentication; In addition, owing to, be convenient to operator business carried out unified certification and management based on unified User Identity center dispatch user identify label.
As shown in Figure 7, a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the invention comprises:
Card terminal 710 is arranged, be provided with subscriber identification module, be used to receive the user identity request, generate and the corresponding User Identity of described user identity request, and send described User Identity.
Do not have card terminal 720, subscriber identification module is not set, be used for to the 710 transmission user identity requests of card terminal are arranged, and receive the described User Identity that has the card terminal to return.
Above-mentioned have a card terminal 710, also is used for not issuing temporary key to there being card terminal 720.
Correspondingly, above-mentioned no card terminal 720 also was used for before sending described user identity request, used described temporary key to be connected with card terminal 710 foundation safety are arranged.
Above-mentioned no card terminal 720 also is used for sending the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and carrying described business platform in the described subscriber authentication request is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information has been sent to card terminal 710, and reception has the checking result of 710 pairs of described User Identity of card terminal, described checking result is sent to described business platform, so that described business platform is according to the described User Identity of described checking result verification.
Correspondingly, above-mentioned have a card terminal 710, also is used for obtaining checking result to described User Identity according to described User Identity and described authorization information, and described checking result is returned to described no card terminal.
The embodiment of the invention does not provide User Identity and carries out authentication for there being the card terminal by ethernet switch technology, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved the SIM card resource, improved the ARPU value, be convenient to the deployment of terminal equipment, can make nothing card terminal can visit the business that mobile operator carries out, and utilize the User Identity center to carry out User Identity and service authentication; In addition, owing to, be convenient to operator business carried out unified certification and management based on unified User Identity center dispatch user identify label.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that the technical scheme of the embodiment of the invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from embodiment of the invention principle; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be integrated in one, and also can separate deployment; A module can be merged into, also a plurality of submodules can be further split into.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.

Claims (15)

1. a method of obtaining User Identity is characterized in that, comprising:
The terminal that is provided with subscriber identification module receives the user identity request; The described terminal of subscriber identification module that is provided with is as the card terminal is arranged;
Described have the card terminal to generate and the corresponding User Identity of described user identity request, and send described User Identity.
2. the method for claim 1 is characterized in that, the described user identity request that has the card terminal to receive is sent by the no card terminal that subscriber identification module is not set; Carry the device identification ID and the traffic ID of described no card terminal in the described user identity request;
The described method that has the card terminal to generate the User Identity corresponding with described user identity request specifically comprises:
Described have the card terminal according to described device id and described traffic ID described no card terminal to be carried out equipment identities authentication and service authority authentication;
The authentication of described equipment identities and described service authority authenticate pass through after, described have the card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and the described subscriber identification module.
3. method as claimed in claim 2 is characterized in that, described no card terminal also comprised before the request of card terminal transmission user identity is arranged:
Described have the card terminal to issue temporary key to described no card terminal, so that described no card terminal used described temporary key to have card terminal foundation safety to be connected with described before sending described user identity request.
4. as claim 2 or 3 described methods, it is characterized in that described method also comprises:
Described no card terminal sends the service request of carrying described User Identity to business platform;
Described no card terminal receives the subscriber authentication request from described business platform, and carrying described business platform in the described subscriber authentication request is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information is sent to the described card terminal that has;
Described have the card terminal to obtain checking result to described User Identity according to described User Identity and described authorization information, and described checking result is returned to described no card terminal;
Described no card terminal sends to described business platform with described checking result, so that described business platform is according to the described User Identity of described checking result verification.
5. method as claimed in claim 4 is characterized in that, described have the card terminal to obtain method to the checking result of described User Identity according to described User Identity and described authorization information, specifically comprises:
Described have the card terminal to calculate the summary result of described User Identity according to described User Identity and described authorization information, and with described summary result as described checking result.
6. method as claimed in claim 5 is characterized in that, device id and traffic ID are also carried in described subscriber authentication request of carrying User Identity and described authorization information;
The described summary result who has the card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises:
Described have the card terminal according to described device id and described traffic ID described no card terminal to be carried out equipment identities authentication and service authority authentication;
The authentication of described equipment identities and described service authority authenticate pass through after, described have the card terminal according to the business cipher key of storing in described authorization information, described User Identity and the described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
7. a device that obtains User Identity is characterized in that, comprising:
Receiver module is used to receive the user identity request;
Subscriber identification module is used to generate and the corresponding User Identity of described user identity request;
Sending module is used to send the User Identity that described subscriber identification module generates.
8. device as claimed in claim 7 is characterized in that, described user identity request is sent by the no card terminal that subscriber identification module is not set; Carry the device identification ID and the traffic ID of described no card terminal in the described user identity request;
Described subscriber identification module specifically is used for according to described device id and described traffic ID described no card terminal being carried out equipment identities authentication and service authority authentication; The authentication of described equipment identities and described service authority authenticate pass through after, generate described User Identity according to the KI of storing in described device id, described traffic ID and the described subscriber identification module.
9. device as claimed in claim 8 is characterized in that,
Described sending module also is used for issuing temporary key to described no card terminal, so that described no card terminal used described temporary key to have card terminal foundation safety to be connected with described before sending described user identity request.
10. install as claimed in claim 8 or 9, it is characterized in that,
Described receiver module also is used to receive the subscriber authentication request from described no card terminal, and described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes;
Described device also comprises:
Acquisition module is used for obtaining checking result to described User Identity according to described User Identity and described authorization information;
Described sending module also is used for described checking result is returned to described no card terminal.
11. device as claimed in claim 10 is characterized in that,
Described acquisition module specifically is used for calculating according to described User Identity and described authorization information the summary result of described User Identity, and with described summary result as described checking result.
12. device as claimed in claim 11 is characterized in that, device id and traffic ID are also carried in described subscriber authentication request;
Described acquisition module specifically is used for according to described device id and described traffic ID described no card terminal being carried out equipment identities authentication and service authority authentication; The authentication of described equipment identities and described service authority authenticate pass through after, according to the business cipher key of storing in described authorization information, described User Identity and the described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
13. a system that obtains User Identity is characterized in that, comprising:
The card terminal is arranged, be provided with subscriber identification module, be used to receive the user identity request, generate and the corresponding User Identity of described user identity request, and send described User Identity;
Do not have the card terminal, subscriber identification module is not set, be used for having the card terminal to send the user identity request, and receive the described User Identity that has the card terminal to return to described.
14. system as claimed in claim 13 is characterized in that,
Described have a card terminal, also is used for issuing temporary key to described no card terminal;
Described no card terminal also was used for before sending described user identity request, used described temporary key to have card terminal foundation safety to be connected with described.
15. as claim 13 or 14 described systems, it is characterized in that,
Described no card terminal also is used for sending the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and carrying described business platform in the described subscriber authentication request is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information is sent to the described card terminal that has, and receive the described checking result that the card terminal is arranged described User Identity, described checking result is sent to described business platform, so that described business platform is according to the described User Identity of described checking result verification;
Described have a card terminal, also is used for obtaining checking result to described User Identity according to described User Identity and described authorization information, and described checking result is returned to described no card terminal.
CN201010109136.8A 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier Expired - Fee Related CN102149079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010109136.8A CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010109136.8A CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Publications (2)

Publication Number Publication Date
CN102149079A true CN102149079A (en) 2011-08-10
CN102149079B CN102149079B (en) 2014-01-29

Family

ID=44423017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010109136.8A Expired - Fee Related CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Country Status (1)

Country Link
CN (1) CN102149079B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102802156A (en) * 2012-08-31 2012-11-28 珠海市魅族科技有限公司 Authentication method and relevant device
CN103024735A (en) * 2011-09-26 2013-04-03 中国移动通信集团公司 Method and equipment for service access of card-free terminal
CN103916516A (en) * 2012-12-30 2014-07-09 联想(北京)有限公司 Data processing method and device
CN103973648A (en) * 2013-01-31 2014-08-06 中兴通讯股份有限公司 Application data push method, device and system
CN107465688A (en) * 2017-09-04 2017-12-12 广西电网有限责任公司电力科学研究院 A kind of identification method of status monitoring evaluation system network application authority

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004021715A2 (en) * 2002-08-29 2004-03-11 Motorola, Inc., A Corporation Of The State Of Delaware Methods and apparatus for simultaneous independent voice and data services using a remote subscriber identity module (sim)
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101563943A (en) * 2006-10-03 2009-10-21 施克莱无线公司 Method and apparatus for sharing cellular account subscription among multiple devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004021715A2 (en) * 2002-08-29 2004-03-11 Motorola, Inc., A Corporation Of The State Of Delaware Methods and apparatus for simultaneous independent voice and data services using a remote subscriber identity module (sim)
CN101563943A (en) * 2006-10-03 2009-10-21 施克莱无线公司 Method and apparatus for sharing cellular account subscription among multiple devices
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024735A (en) * 2011-09-26 2013-04-03 中国移动通信集团公司 Method and equipment for service access of card-free terminal
WO2013044766A1 (en) * 2011-09-26 2013-04-04 中国移动通信集团公司 Service access method and device for cardless terminal
CN103024735B (en) * 2011-09-26 2015-07-01 中国移动通信集团公司 Method and equipment for service access of card-free terminal
CN102802156A (en) * 2012-08-31 2012-11-28 珠海市魅族科技有限公司 Authentication method and relevant device
CN102802156B (en) * 2012-08-31 2015-11-04 魅族科技(中国)有限公司 A kind of method for authenticating and relevant device
CN103916516A (en) * 2012-12-30 2014-07-09 联想(北京)有限公司 Data processing method and device
CN103916516B (en) * 2012-12-30 2018-04-27 联想(北京)有限公司 A kind of data processing method and equipment
CN103973648A (en) * 2013-01-31 2014-08-06 中兴通讯股份有限公司 Application data push method, device and system
CN107465688A (en) * 2017-09-04 2017-12-12 广西电网有限责任公司电力科学研究院 A kind of identification method of status monitoring evaluation system network application authority

Also Published As

Publication number Publication date
CN102149079B (en) 2014-01-29

Similar Documents

Publication Publication Date Title
CN109451446B (en) Number portability method, device and equipment
US7565142B2 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
CN100417274C (en) Certificate based authentication authorization accounting scheme for loose coupling interworking
US9031541B2 (en) Method for transmitting information stored in a tamper-resistant module
CN102017577B (en) Authenticating a wireless device in a visited network
KR101243713B1 (en) Wireless lan access point and method for accessing wireless lan
CN109756889B (en) Block chain-based group number portability method and system
US9270700B2 (en) Security protocols for mobile operator networks
US20050262355A1 (en) Method of providing a signing key for digitally signing verifying or encrypting data and mobile terminal
CN109525983B (en) Information processing method and device, and storage medium
CN102421098A (en) User authentication method, device and system
CN109474926B (en) Block chain-based number portability method and device and storage medium
CN101610241A (en) A kind of mthods, systems and devices of binding authentication
JP2008042862A (en) Wireless lan communication system, method thereof and program
CN101163003A (en) System and method for authenticating network for terminal when SIM card use UMTS terminal and UMTS system
CN102056077A (en) Method and device for applying smart card by key
CN102149079B (en) Method, device and system for obtaining user identity identifier
CN103796151A (en) Advertisement content pushing method and system
CN102984335A (en) Identity authentication method, equipment and system for making fixed-line call
CN101841814A (en) Terminal authentication method and system
WO2005041608A1 (en) Method of user authentication
CN101616407B (en) Pre-authentication method and authentication system
CN102461232B (en) Method for authenticating a universal subscriber identity module and system thereof
CN103607706A (en) NFC-technology based conversation method, NFC terminal and far-end server
CN103124252B (en) Client application access authentication treating method and apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140129

CF01 Termination of patent right due to non-payment of annual fee