CN102149079B - Method, device and system for obtaining user identity identifier - Google Patents
Method, device and system for obtaining user identity identifier Download PDFInfo
- Publication number
- CN102149079B CN102149079B CN201010109136.8A CN201010109136A CN102149079B CN 102149079 B CN102149079 B CN 102149079B CN 201010109136 A CN201010109136 A CN 201010109136A CN 102149079 B CN102149079 B CN 102149079B
- Authority
- CN
- China
- Prior art keywords
- user identity
- card terminal
- request
- authentication
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000013475 authorization Methods 0.000 claims description 36
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 10
- 238000010295 mobile communication Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a method for obtaining a user identity identifier, which comprises the steps as follows: a terminal provided with a user identification module receives a user identity request; the terminal provided with the user identification module is served as a card terminal; the card terminal generates a user identity identifier corresponding to the user identity request, and transmits the user identity identifier. The embodiment can provide the user identity identifier to a card-less terminal, so as to save the resource of SIM (subscriber identify module) cards. The embodiment of the invention also discloses a device and a system employing the method.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of methods, devices and systems that obtain User Identity.
Background technology
Along with the fast development of mobile communication technology, as the most frequently used mobile communication equipment, mobile phone is very universal, becomes an indispensable part in people's life.No matter be 2G (2nd Generation, second generation mobile communication technology) GSM (Global System for Mobile Communications, global system for mobile communications) mobile phone and CDMA (Code Division Multiple Access, code division multiple access) mobile phone or 3G (3rd Generation, third generation mobile technology) mobile phone, all need to use a SIM (Subscriber Identity Module, subscriber identification module) card or USIM (UniversalSubscriber Identity Module, universal subscriber identity module) card.When mobile phone develops rapidly, also occur other forms without tape card terminal, such as net book, wireless Internet access data card, radio network gateway etc., above-mentioned band card terminal is the same with mobile phone, also needs to use SIM card or the usim card of Yi Zhang operator.
SIM card is also referred to as smart card, subscriber identification card, and digital mobile phone must be loaded onto this card and can use.SIM card by chip-stored digital mobile phone client's information, the contents such as the key of encryption, can differentiate client identity for mobile network, and voice messaging when client is conversed is encrypted.Usim card is the upgrading of SIM card, is applied in UMTS (Universal MobileTelecommunication System, conventional wireless communication systems) network.SIM card or usim card are the unique identification of mobile operator to user.Any mobile service all needs the relevant information of SIM card or usim card to authenticate and authentication.In addition, in IMS (IP Multimedia Subsystem, IP multimedia system) network, can pass through ISIM (IMS Subscriber Identity Module, IMS Subscriber Identity Module) and block similar function.In present specification, if there is no lay special stress on, SIM card is the general designation to common SIM card, USIM and ISIM card.
The user data of storing in SIM card can be divided into four classes: the first kind is the data of fixedly depositing, such data are at ME (Mobile Equipment, mobile device) sold and by SIM card center, write before, comprised international mobile subscriber identifier (IMSI), KI (KI) etc.; Equations of The Second Kind is the data of the related network temporarily deposited, such as band of position identification code (LAI), the temporary transient identification code of mobile subscriber (TMSI), forbid the public telephone network code of access etc.; The 3rd class is relevant service code, as PIN (PIN), PUK (PUK), charging rate etc.; The 4th class is telephone directory book, is the telephone number that cellphone subscriber inputs at any time.Relevant information in SIM card utilization card, to subscriber identity authentication, confirms that whether user identity is legal, and authentication process carries out between network and SIM card, and the authentication time is generally when mobile terminal is registered on the net and call out.When authentication starts, network produces the random parameter RAND of 128 bits, through radio control channel, is sent to travelling carriage, and SIM card, according to key K i and algorithm A3 in card, calculates answer signal SRES to the RAND receiving, and SRES is beamed back to network terminal.And network terminal is found out this user's key K i in AUC, with same RAND and algorithm A3, calculate SRES, and compare with the SRES receiving, if comparative result is consistent, authentication is passed through.
At present, between SIM card and equipment, adopt the connected mode of machine one card, in each terminal, will be with a SIM card, for user authenticate, service authentication etc.Only have the terminal with SIM card just can obtain the business that mobile operator provides, such as, the value-added service based on multimedia message/note.For other, not with the terminal of SIM card, cannot obtain the business that mobile operator provides.
Inventor, in realizing process of the present invention, finds that prior art at least exists following defect:
The mode of one machine one card there will be waste and APRU (the Average Monthly Revenue Per Unit of SIM card resource under some scene, the business income that average each user monthly contributes) reduction of value, such as, in home network, the wireless home gateway of existing band card, data card, also have net book.User in family utilizes the said equipment to carry out certain business by mobile network, because user is from same family, but owing to adopting independently SIM card, from operational angle, be completely independently, be not used in carrying out of home business, and the lifting of user's business experience.
The business that mobile operator carries out all needs SIM card to identify, the business that the terminal equipment that only has band to block could be used mobile operator to provide.For the equipment that there is no SIM card, such as common notebook computer, desktop computer, DPF, be the business that cannot use mobile operator.But under some occasion, such as there being much equipment in home network, have band SIM card, also have and be not with card, kinsfolk is also provided by the business of utilizing different terminals to use mobile operator to provide.Prior art cannot meet the demand.
Summary of the invention
The embodiment of the present invention provides a kind of methods, devices and systems that obtain User Identity, for providing User Identity to nothing card terminal.
The embodiment of the present invention provides a kind of method of obtaining User Identity, comprising:
The terminal that is provided with subscriber identification module receives user identity request; The described terminal that is provided with subscriber identification module is as there being card terminal;
Described have card terminal to generate the User Identity corresponding with described user identity request, and send described User Identity.
The embodiment of the present invention also provides a kind of device that obtains User Identity, comprising:
Receiver module, for receiving user identity request;
Subscriber identification module, for generating the User Identity corresponding with described user identity request;
Sending module, the User Identity generating for sending described subscriber identification module.
The embodiment of the present invention also provides a kind of system of obtaining User Identity, comprising:
There is card terminal, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity;
Without card terminal, subscriber identification module is not set, for having card terminal to send user identity request to described, and the User Identity that has card terminal to return described in receiving.
Compared with prior art, the embodiment of the present invention has the following advantages: the embodiment of the present invention is blocked terminal by ethernet switch technology for nothing provides User Identity, can reduce the cost of equipment for a plurality of equipment provides effective User Identity, save SIM card resource.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in the embodiment of the present invention or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of method flow diagram that obtains User Identity in the embodiment of the present invention;
Fig. 2 is the User Identity center networking schematic diagram in the embodiment of the present invention;
Fig. 3 is the User Identity division center schematic diagram in the embodiment of the present invention;
Fig. 4 obtains User Identity flow chart in embodiment of the present invention application scenarios;
Fig. 5 is a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the present invention;
Fig. 6 is a kind of apparatus structure schematic diagram that obtains User Identity in embodiment of the present invention application scenarios;
Fig. 7 is a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the present invention.
Embodiment
In the technical scheme that the embodiment of the present invention provides, its core concept is a kind of for non-card equipment provides the device of the carrying SIM card of User Identity for proposing, and has card terminal.By card terminal with without card terminal, form local area network (LAN), without card terminal, utilize the mode of Ethernet exchanging to be connected with User Identity center, utilize and have the SIM card of card terminal to identify business.In Ethernet can be by there being the User Identity that card terminal returns to access the business that mobile operator provides without card terminal, utilize User Identity to carry out user identity identification and service authentication etc., thereby make the original SIM card that User Identity is only provided for the business in a terminal, for a plurality of business of a plurality of terminals provide User Identity.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme of the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, a kind of method flow diagram that obtains User Identity in the embodiment of the present invention, comprises the following steps:
Wherein, described have user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set, subscriber identification module can be the general designation of common SIM card, usim card and ISIM card, carries described device identification ID and traffic ID without card terminal in user identity request.
The above-mentioned method that has card terminal to generate the User Identity corresponding with described user identity request, specifically comprises: have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, described in have card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and described subscriber identification module.
Above-mentioned without card terminal to be provided with subscriber identification module have the request of card terminal transmission user identity before, have card terminal without card terminal, to issue temporary key to described so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
Particularly, to there being card terminal to send the service request that can also carry described User Identity to business platform transmission without card terminal of user identity request; The described subscriber authentication request from described business platform without the reception of card terminal, in this subscriber authentication request, carrying business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal; Described have card terminal to obtain the result to described User Identity according to described User Identity and described authorization information, and described the result is returned to described without card terminal; Described nothing card terminal sends to described business platform by described the result, so that described business platform is verified described User Identity according to described the result.
Wherein, above-mentioned have card terminal to obtain the method to the result of described User Identity according to described User Identity and described authorization information, specifically comprise: there is card terminal according to described User Identity and described authorization information, to calculate the summary result of described User Identity, and using described summary result as described the result.
Above-mentioned subscriber authentication request of carrying User Identity and described authorization information is Portable device ID and traffic ID also; The described summary result that has card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises: described in have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authenticates according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, described have card terminal according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
The embodiment of the present invention for providing User Identity without card terminal, can provide effective User Identity by ethernet switch technology for a plurality of equipment, has reduced the cost of equipment, has saved SIM card resource.
The method of obtaining User Identity in the embodiment of the present invention, can realize by User Identity center, and the card terminal that has that is provided with subscriber identification module in above-described embodiment is user identity identification center, without card terminal, is subscriber equipment.As shown in Figure 2, be the User Identity center networking schematic diagram in the embodiment of the present invention.Wherein, User Identity center and subscriber equipment form local area network (LAN), can pass through wired connection, also can pass through wireless WIFI (Wireless Fidelity, Wireless Fidelity) and connect.A SIM card is carried at User Identity center, and subscriber equipment can be without card terminal.User Identity center and subscriber equipment in local area network (LAN) can be accessed mutually.During each user equipment access business, need to arrive User Identity center and obtain User Identity.This local area network (LAN) can be connected with external network by a wired or wireless gateway device.
Particularly; User Identity center is mainly used according to the KI of SIM card storage; and from device id and traffic ID without card terminal; generate with this without User Identity corresponding to card terminal; to this, without the business in card terminal, provide this User Identity, and carry out equipment identities authentication management, service authority authentication management, User Identity management and user identity integrity protection.Wherein, device authentication management is mainly that the equipment of access user identify label administrative center is verified, guarantees that it is legal equipment, only has legal equipment to obtain User Identity from User Identity center; Service authority authentication management is that the service authority that will access user authenticates, and only has the legal business of legal device access just can obtain correct User Identity; User Identity management refers to dispatch user identify label when User Identity center is legal terminal access legitimate traffic, terminal removes the User Identity with obtaining from User Identity center to access service platform, business platform, for the legitimacy of identifying user identity, will be confirmed User Identity; User Identity integrity protection refers to that business platform is for the legitimacy of authentication of users; the request of user identification confirmation will be sent to terminal; terminal receives that this request is forwarded to User Identity center afterwards and carries out user identity integrity protection; terminal is returned to the User Identity after integrity protection in User Identity center, and terminal utilization is through the User Identity access service of integrity protection.
Legitimacy for checking access device, User Identity center is to after user equipment registration success, can also adopt the mechanism of credential distribution, by secure network interface or USB interface, device certificate is distributed in subscriber equipment, the subscriber equipment that receives device certificate during to User Identity center requests User Identity, does not need to register again.
Particularly, when utilizing secure network interface discharge device certificate, category-5 cable explicitly can be connected between User Identity center and subscriber equipment, indicate two end points of mandate, express user's authorization; Connect above-mentioned two equipment with category-5 cable after, the explicit mandate button of pressing User Identity center, in User Identity, mind-set subscriber equipment issues device certificate, and subscriber equipment is authorized, after mandate finishes, User Identity center shows Authorization execution result.
When utilizing USB interface distributing certificates, USB flash disk can be inserted in User Identity in the heart, User Identity center writes USB flash disk using temporary key as device certificate, again USB flash disk is inserted in subscriber equipment, the temporary key carrying by USB flash disk authenticates and sets up encryption channel mutually, utilize this encryption channel, realize the mandate to subscriber equipment.
As shown in Figure 3, User Identity division center schematic diagram in the embodiment of the present invention, comprises sending/receiving module, terminal authentication module, service identification module, business identity identification module, SIM card operational module, credential distribution module and authentication information database.Wherein, sending module is for receiving from Ethernet the service-user identify label request that other-end is initiated; Terminal authentication module utilizes the authentication information in authentication information database to carry out legitimate verification to initiating the terminal of request, if the request that legal terminal is initiated, enter service identification module and extract service identification, then service identification is delivered to SIM card operational module; Business identity identification module carries out integrity protection according to SIM card information to the user profile of access specified services, then this User Identity is returned to terminal by sending module; Credential distribution module, for to other-end discharge device certificate, can be distributed by network interface, also can distribute by USB interface.
Below in conjunction with above-mentioned application scenarios, the method for obtaining User Identity in the embodiment of the present invention is carried out to detailed, concrete description.
As shown in Figure 4, for obtaining User Identity flow chart in embodiment of the present invention application scenarios, specifically comprise the following steps:
Step 401, User Identity center and subscriber equipment carry out facility registration.
Particularly, User Identity center receives the facility registration request from subscriber equipment, according to this facility registration request, subscriber equipment is registered.After to user equipment registration success, User Identity center can also issue device certificate to this subscriber equipment, and subscriber equipment can use this device certificate access user identify label center.
Step 402, subscriber equipment sends user identity request to User Identity center.
Particularly, when certain terminal in local area network (LAN) is wanted access service platform, first to, to User Identity center requests User Identity, to User Identity center, send user identity request, Portable device ID and traffic ID in this user identity request.
Step 403, equipment identities authentication and service authority authentication are carried out to subscriber equipment in User Identity center.
Particularly, User Identity center is carried out equipment identities authentication according to device id to subscriber equipment, according to traffic ID, subscriber equipment is carried out to service authority authentication.
Step 404, in User Identity, mind-set subscriber equipment returns to user identity request response.
Particularly, when equipment identities authentication and service authority authenticate while all passing through, User Identity center is according to the KI in the data of device id, traffic ID and SIM card storage, generate User Identity, and return to the user identity request response of carrying this User Identity to subscriber equipment; Otherwise, the user identity request of User Identity center refusal subscriber equipment.
Step 405, subscriber equipment sends service request to business platform.
Wherein, in service request, carry User Identity and traffic ID.
Step 406, business platform is verified User Identity.
Step 407, business platform sends subscriber authentication request to subscriber equipment.
Wherein, in subscriber authentication request, carry authorization information Nonce.
Step 408, subscriber equipment sends subscriber authentication request to User Identity center.
Wherein, Portable device ID, traffic ID, User Identity and authorization information Nonce (random number) in subscriber authentication request.
Step 409, equipment identities authentication and service authority authentication are carried out to subscriber equipment in User Identity center, and after being verified, according to authorization information, User Identity are carried out to integrity protection.
Particularly, User Identity center is carried out equipment identities authentication according to device id to subscriber equipment, according to traffic ID, subscriber equipment is carried out to service authority authentication.When equipment identities authentication and service authority authenticate while all passing through; User Identity center can utilize MD (Message-Digest Algorithm; md5-challenge) 5; according to the authorization information Nonce in business cipher key and subscriber authentication request, obtain the User Identity after integrity protection, i.e. the summary result of User Identity.Wherein, business cipher key is to derive from and obtain according to the KI of storing in the SIM card at User Identity center, can be pre-stored in the SIM card at User Identity center, also can after receiving subscriber authentication request, generate.
Step 410, User Identity center returns to subscriber equipment by the User Identity after integrity protection.
Step 411, subscriber equipment sends service request to business platform.
Wherein, in service request, carry the User Identity after traffic ID and integrity protection.
Step 412, business platform returns to service request response to subscriber equipment.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
The embodiment of the present invention provides the methods and applications scene of obtaining User Identity in the above-described embodiment, and correspondingly, the embodiment of the present invention also provides above-mentioned device and the system of obtaining the method for User Identity of applying.
As shown in Figure 5, a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the present invention, comprising:
Sending module 530, the User Identity generating for sending subscriber identification module 520.
The embodiment of the present invention for providing User Identity without card terminal, can provide effective User Identity by ethernet switch technology for a plurality of equipment, has reduced the cost of equipment, has saved SIM card resource.
As shown in Figure 6, a kind of apparatus structure schematic diagram that obtains User Identity in embodiment of the present invention application scenarios, comprising:
Receiver module 610, for receiving user identity request.
Wherein, above-mentioned user identity request is by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal.
Above-mentioned receiver module 610, also, for receiving from the described subscriber authentication request without card terminal, described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes.
Above-mentioned subscriber identification module 620, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
Particularly, above-mentioned acquisition module 630, specifically for calculate the summary result of described User Identity according to described User Identity and described authorization information, and using described summary result as described the result.
Wherein, also Portable device ID and traffic ID of above-mentioned subscriber authentication request;
Above-mentioned acquisition module 630, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
Sending module 640, the User Identity generating for sending subscriber identification module 620.
Above-mentioned sending module 640, also for issuing temporary key to described without card terminal so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
Above-mentioned sending module 640, also returns to described without card terminal for the result that acquisition module 630 is obtained.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
As shown in Figure 7, a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the present invention, comprising:
There is card terminal 710, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity.
Without card terminal 720, subscriber identification module is not set, for to there being card terminal 710 to send user identity requests, and the User Identity that has card terminal to return described in reception.
Above-mentioned have a card terminal 710, also for to issuing temporary key without card terminal 720.
Correspondingly, above-mentioned without card terminal 720, also for before sending described user identity request, use described temporary key to be connected with there being card terminal 710 foundation safety.
Above-mentioned without card terminal 720, also for send the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information has been sent to card terminal 710, and reception has the result of 710 pairs of described User Identity of card terminal, described the result is sent to described business platform, so that described business platform is verified described User Identity according to described the result.
Correspondingly, above-mentioned have a card terminal 710, also for obtaining the result to described User Identity according to described User Identity and described authorization information, and described the result returned to described without card terminal.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that the technical scheme of the embodiment of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, do not departing under the prerequisite of embodiment of the present invention principle; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
It will be appreciated by those skilled in the art that the module in the device in embodiment can be distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from the present embodiment.The module of above-described embodiment can be integrated in one, and also can separatedly dispose; A module can be merged into, also a plurality of submodules can be further split into.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Disclosed is above only several specific embodiment of the present invention, and still, the present invention is not limited thereto, and the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (13)
1. a method of obtaining User Identity, is characterized in that, comprising:
The terminal that is provided with subscriber identification module receives user identity request; The described terminal that is provided with subscriber identification module is as there being card terminal;
Described have card terminal to generate the User Identity corresponding with described user identity request, and send described User Identity;
Wherein, described in, there is user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
The described method that has card terminal to generate the User Identity corresponding with described user identity request specifically comprises:
Described have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID;
After the authentication of described equipment identities and described service authority authenticate and pass through, described in have card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and described subscriber identification module.
2. the method for claim 1, is characterized in that, described without card terminal to before having the request of card terminal transmission user identity, also comprise:
Described have card terminal without card terminal, to issue temporary key to described so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
3. method as claimed in claim 1 or 2, is characterized in that, described method also comprises:
Described service request of carrying described User Identity to business platform transmission without card terminal;
The described subscriber authentication request from described business platform without the reception of card terminal, in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal;
Described have card terminal to obtain the result to described User Identity according to described User Identity and described authorization information, and described the result is returned to described without card terminal;
Described nothing card terminal sends to described business platform by described the result, so that described business platform is verified described User Identity according to described the result.
4. method as claimed in claim 3, is characterized in that, described in have card terminal to obtain the method to the result of described User Identity according to described User Identity and described authorization information, specifically comprise:
Described have card terminal according to described User Identity and described authorization information, to calculate the summary result of described User Identity, and using described summary result as described the result.
5. method as claimed in claim 4, is characterized in that, described in carry User Identity and described authorization information subscriber authentication request also Portable device ID and traffic ID;
The described summary result that has card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises:
Described have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID;
After the authentication of described equipment identities and described service authority authenticate and pass through, described have card terminal according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
6. a device that obtains User Identity, is characterized in that, comprising:
Receiver module, for receiving user identity request;
Subscriber identification module, for generating the User Identity corresponding with described user identity request;
Sending module, the User Identity generating for sending described subscriber identification module;
Wherein, described user identity request is by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
Described subscriber identification module, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
7. device as claimed in claim 6, is characterized in that,
Described sending module, also for issuing temporary key to described without card terminal so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
8. the device as described in claim 6 or 7, is characterized in that,
Described receiver module, also, for receiving from the described subscriber authentication request without card terminal, described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes;
Described device, also comprises:
Acquisition module, for obtaining the result to described User Identity according to described User Identity and described authorization information;
Described sending module, also described without card terminal for described the result is returned to.
9. device as claimed in claim 8, is characterized in that,
Described acquisition module, specifically for calculate the summary result of described User Identity according to described User Identity and described authorization information, and using described summary result as described the result.
10. device as claimed in claim 9, is characterized in that, described subscriber authentication request is Portable device ID and traffic ID also;
Described acquisition module, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
11. 1 kinds of systems of obtaining User Identity, is characterized in that, comprising:
There is card terminal, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity;
Without card terminal, subscriber identification module is not set, for having card terminal to send user identity request to described, and the User Identity that has card terminal to return described in receiving;
Wherein, described in, there is user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
Described have a card terminal, specifically for carrying out equipment identities authentication and service authority authenticate to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
12. systems as claimed in claim 11, is characterized in that,
Described have a card terminal, also for issuing temporary key to described without card terminal;
Described without card terminal, also for before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
13. systems as described in claim 11 or 12, is characterized in that,
Described without card terminal, also for send the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal, and there is the result of card terminal to described User Identity described in receiving, described the result is sent to described business platform, so that described business platform is verified described User Identity according to described the result;
Described have a card terminal, also for obtaining the result to described User Identity according to described User Identity and described authorization information, and described the result returned to described without card terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010109136.8A CN102149079B (en) | 2010-02-08 | 2010-02-08 | Method, device and system for obtaining user identity identifier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010109136.8A CN102149079B (en) | 2010-02-08 | 2010-02-08 | Method, device and system for obtaining user identity identifier |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102149079A CN102149079A (en) | 2011-08-10 |
CN102149079B true CN102149079B (en) | 2014-01-29 |
Family
ID=44423017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010109136.8A Expired - Fee Related CN102149079B (en) | 2010-02-08 | 2010-02-08 | Method, device and system for obtaining user identity identifier |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102149079B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103024735B (en) * | 2011-09-26 | 2015-07-01 | 中国移动通信集团公司 | Method and equipment for service access of card-free terminal |
CN102802156B (en) * | 2012-08-31 | 2015-11-04 | 魅族科技(中国)有限公司 | A kind of method for authenticating and relevant device |
CN103916516B (en) * | 2012-12-30 | 2018-04-27 | 联想(北京)有限公司 | A kind of data processing method and equipment |
CN103973648B (en) * | 2013-01-31 | 2017-12-26 | 深圳开拓者科技有限公司 | Application data method for pushing, apparatus and system |
CN107465688B (en) * | 2017-09-04 | 2020-09-11 | 广西电网有限责任公司电力科学研究院 | Method for identifying network application permission of state monitoring and evaluating system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
CN101563943A (en) * | 2006-10-03 | 2009-10-21 | 施克莱无线公司 | Method and apparatus for sharing cellular account subscription among multiple devices |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040042442A1 (en) * | 2002-08-29 | 2004-03-04 | Pecen Mark E. | Methods and apparatus for simultaneous independent voice and data services using a remote subscriber identity module (SIM) |
-
2010
- 2010-02-08 CN CN201010109136.8A patent/CN102149079B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101563943A (en) * | 2006-10-03 | 2009-10-21 | 施克莱无线公司 | Method and apparatus for sharing cellular account subscription among multiple devices |
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
Also Published As
Publication number | Publication date |
---|---|
CN102149079A (en) | 2011-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109451446B (en) | Number portability method, device and equipment | |
CN102017577B (en) | Authenticating a wireless device in a visited network | |
US7565142B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
US9031541B2 (en) | Method for transmitting information stored in a tamper-resistant module | |
CN101610241B (en) | Method, system and device for authenticating binding | |
KR101243713B1 (en) | Wireless lan access point and method for accessing wireless lan | |
EP2215747B1 (en) | Method and devices for enhanced manageability in wireless data communication systems | |
CN1209939A (en) | Management of authentication keys in mobile communication system | |
CN103746983A (en) | Access authentication method and authentication server | |
CN101150857A (en) | Certificate based authentication authorization accounting scheme for loose coupling interworking | |
CN102056077B (en) | Method and device for applying smart card by key | |
US20100151822A1 (en) | Security Protocols for Mobile Operator Networks | |
CN102421098A (en) | User authentication method, device and system | |
CN101163003A (en) | System and method for authenticating network for terminal when SIM card use UMTS terminal and UMTS system | |
CN101102186A (en) | Method for implementing general authentication framework service push | |
JP2008042862A (en) | Wireless lan communication system, method thereof and program | |
CN102149079B (en) | Method, device and system for obtaining user identity identifier | |
CN111132305B (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN102421097A (en) | User authorization method, device and system | |
CN103796151A (en) | Advertisement content pushing method and system | |
CN102984335A (en) | Identity authentication method, equipment and system for making fixed-line call | |
CN103517339A (en) | System for realizing data traffic shunting by WLAN, equipment and method | |
CN103607706A (en) | NFC-technology based conversation method, NFC terminal and far-end server | |
KR20080093449A (en) | Gsm authentication in a cdma network | |
WO2006079953A1 (en) | Authentication method and device for use in wireless communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140129 |
|
CF01 | Termination of patent right due to non-payment of annual fee |