CN102149079B - Method, device and system for obtaining user identity identifier - Google Patents

Method, device and system for obtaining user identity identifier Download PDF

Info

Publication number
CN102149079B
CN102149079B CN201010109136.8A CN201010109136A CN102149079B CN 102149079 B CN102149079 B CN 102149079B CN 201010109136 A CN201010109136 A CN 201010109136A CN 102149079 B CN102149079 B CN 102149079B
Authority
CN
China
Prior art keywords
user identity
card terminal
request
authentication
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010109136.8A
Other languages
Chinese (zh)
Other versions
CN102149079A (en
Inventor
常辉
郭毅峰
卢山
封令隽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201010109136.8A priority Critical patent/CN102149079B/en
Publication of CN102149079A publication Critical patent/CN102149079A/en
Application granted granted Critical
Publication of CN102149079B publication Critical patent/CN102149079B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method for obtaining a user identity identifier, which comprises the steps as follows: a terminal provided with a user identification module receives a user identity request; the terminal provided with the user identification module is served as a card terminal; the card terminal generates a user identity identifier corresponding to the user identity request, and transmits the user identity identifier. The embodiment can provide the user identity identifier to a card-less terminal, so as to save the resource of SIM (subscriber identify module) cards. The embodiment of the invention also discloses a device and a system employing the method.

Description

A kind of methods, devices and systems that obtain User Identity
Technical field
The present invention relates to communication technical field, relate in particular to a kind of methods, devices and systems that obtain User Identity.
Background technology
Along with the fast development of mobile communication technology, as the most frequently used mobile communication equipment, mobile phone is very universal, becomes an indispensable part in people's life.No matter be 2G (2nd Generation, second generation mobile communication technology) GSM (Global System for Mobile Communications, global system for mobile communications) mobile phone and CDMA (Code Division Multiple Access, code division multiple access) mobile phone or 3G (3rd Generation, third generation mobile technology) mobile phone, all need to use a SIM (Subscriber Identity Module, subscriber identification module) card or USIM (UniversalSubscriber Identity Module, universal subscriber identity module) card.When mobile phone develops rapidly, also occur other forms without tape card terminal, such as net book, wireless Internet access data card, radio network gateway etc., above-mentioned band card terminal is the same with mobile phone, also needs to use SIM card or the usim card of Yi Zhang operator.
SIM card is also referred to as smart card, subscriber identification card, and digital mobile phone must be loaded onto this card and can use.SIM card by chip-stored digital mobile phone client's information, the contents such as the key of encryption, can differentiate client identity for mobile network, and voice messaging when client is conversed is encrypted.Usim card is the upgrading of SIM card, is applied in UMTS (Universal MobileTelecommunication System, conventional wireless communication systems) network.SIM card or usim card are the unique identification of mobile operator to user.Any mobile service all needs the relevant information of SIM card or usim card to authenticate and authentication.In addition, in IMS (IP Multimedia Subsystem, IP multimedia system) network, can pass through ISIM (IMS Subscriber Identity Module, IMS Subscriber Identity Module) and block similar function.In present specification, if there is no lay special stress on, SIM card is the general designation to common SIM card, USIM and ISIM card.
The user data of storing in SIM card can be divided into four classes: the first kind is the data of fixedly depositing, such data are at ME (Mobile Equipment, mobile device) sold and by SIM card center, write before, comprised international mobile subscriber identifier (IMSI), KI (KI) etc.; Equations of The Second Kind is the data of the related network temporarily deposited, such as band of position identification code (LAI), the temporary transient identification code of mobile subscriber (TMSI), forbid the public telephone network code of access etc.; The 3rd class is relevant service code, as PIN (PIN), PUK (PUK), charging rate etc.; The 4th class is telephone directory book, is the telephone number that cellphone subscriber inputs at any time.Relevant information in SIM card utilization card, to subscriber identity authentication, confirms that whether user identity is legal, and authentication process carries out between network and SIM card, and the authentication time is generally when mobile terminal is registered on the net and call out.When authentication starts, network produces the random parameter RAND of 128 bits, through radio control channel, is sent to travelling carriage, and SIM card, according to key K i and algorithm A3 in card, calculates answer signal SRES to the RAND receiving, and SRES is beamed back to network terminal.And network terminal is found out this user's key K i in AUC, with same RAND and algorithm A3, calculate SRES, and compare with the SRES receiving, if comparative result is consistent, authentication is passed through.
At present, between SIM card and equipment, adopt the connected mode of machine one card, in each terminal, will be with a SIM card, for user authenticate, service authentication etc.Only have the terminal with SIM card just can obtain the business that mobile operator provides, such as, the value-added service based on multimedia message/note.For other, not with the terminal of SIM card, cannot obtain the business that mobile operator provides.
Inventor, in realizing process of the present invention, finds that prior art at least exists following defect:
The mode of one machine one card there will be waste and APRU (the Average Monthly Revenue Per Unit of SIM card resource under some scene, the business income that average each user monthly contributes) reduction of value, such as, in home network, the wireless home gateway of existing band card, data card, also have net book.User in family utilizes the said equipment to carry out certain business by mobile network, because user is from same family, but owing to adopting independently SIM card, from operational angle, be completely independently, be not used in carrying out of home business, and the lifting of user's business experience.
The business that mobile operator carries out all needs SIM card to identify, the business that the terminal equipment that only has band to block could be used mobile operator to provide.For the equipment that there is no SIM card, such as common notebook computer, desktop computer, DPF, be the business that cannot use mobile operator.But under some occasion, such as there being much equipment in home network, have band SIM card, also have and be not with card, kinsfolk is also provided by the business of utilizing different terminals to use mobile operator to provide.Prior art cannot meet the demand.
Summary of the invention
The embodiment of the present invention provides a kind of methods, devices and systems that obtain User Identity, for providing User Identity to nothing card terminal.
The embodiment of the present invention provides a kind of method of obtaining User Identity, comprising:
The terminal that is provided with subscriber identification module receives user identity request; The described terminal that is provided with subscriber identification module is as there being card terminal;
Described have card terminal to generate the User Identity corresponding with described user identity request, and send described User Identity.
The embodiment of the present invention also provides a kind of device that obtains User Identity, comprising:
Receiver module, for receiving user identity request;
Subscriber identification module, for generating the User Identity corresponding with described user identity request;
Sending module, the User Identity generating for sending described subscriber identification module.
The embodiment of the present invention also provides a kind of system of obtaining User Identity, comprising:
There is card terminal, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity;
Without card terminal, subscriber identification module is not set, for having card terminal to send user identity request to described, and the User Identity that has card terminal to return described in receiving.
Compared with prior art, the embodiment of the present invention has the following advantages: the embodiment of the present invention is blocked terminal by ethernet switch technology for nothing provides User Identity, can reduce the cost of equipment for a plurality of equipment provides effective User Identity, save SIM card resource.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in the embodiment of the present invention or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of method flow diagram that obtains User Identity in the embodiment of the present invention;
Fig. 2 is the User Identity center networking schematic diagram in the embodiment of the present invention;
Fig. 3 is the User Identity division center schematic diagram in the embodiment of the present invention;
Fig. 4 obtains User Identity flow chart in embodiment of the present invention application scenarios;
Fig. 5 is a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the present invention;
Fig. 6 is a kind of apparatus structure schematic diagram that obtains User Identity in embodiment of the present invention application scenarios;
Fig. 7 is a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the present invention.
Embodiment
In the technical scheme that the embodiment of the present invention provides, its core concept is a kind of for non-card equipment provides the device of the carrying SIM card of User Identity for proposing, and has card terminal.By card terminal with without card terminal, form local area network (LAN), without card terminal, utilize the mode of Ethernet exchanging to be connected with User Identity center, utilize and have the SIM card of card terminal to identify business.In Ethernet can be by there being the User Identity that card terminal returns to access the business that mobile operator provides without card terminal, utilize User Identity to carry out user identity identification and service authentication etc., thereby make the original SIM card that User Identity is only provided for the business in a terminal, for a plurality of business of a plurality of terminals provide User Identity.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme of the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, a kind of method flow diagram that obtains User Identity in the embodiment of the present invention, comprises the following steps:
Step 101, the terminal that is provided with subscriber identification module receives user identity request; This terminal that is provided with subscriber identification module is as there being card terminal.
Wherein, described have user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set, subscriber identification module can be the general designation of common SIM card, usim card and ISIM card, carries described device identification ID and traffic ID without card terminal in user identity request.
The above-mentioned method that has card terminal to generate the User Identity corresponding with described user identity request, specifically comprises: have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, described in have card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and described subscriber identification module.
Above-mentioned without card terminal to be provided with subscriber identification module have the request of card terminal transmission user identity before, have card terminal without card terminal, to issue temporary key to described so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
Step 102, has card terminal to generate the User Identity corresponding with user identity request, and sends this User Identity.
Particularly, to there being card terminal to send the service request that can also carry described User Identity to business platform transmission without card terminal of user identity request; The described subscriber authentication request from described business platform without the reception of card terminal, in this subscriber authentication request, carrying business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal; Described have card terminal to obtain the result to described User Identity according to described User Identity and described authorization information, and described the result is returned to described without card terminal; Described nothing card terminal sends to described business platform by described the result, so that described business platform is verified described User Identity according to described the result.
Wherein, above-mentioned have card terminal to obtain the method to the result of described User Identity according to described User Identity and described authorization information, specifically comprise: there is card terminal according to described User Identity and described authorization information, to calculate the summary result of described User Identity, and using described summary result as described the result.
Above-mentioned subscriber authentication request of carrying User Identity and described authorization information is Portable device ID and traffic ID also; The described summary result that has card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises: described in have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authenticates according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, described have card terminal according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
The embodiment of the present invention for providing User Identity without card terminal, can provide effective User Identity by ethernet switch technology for a plurality of equipment, has reduced the cost of equipment, has saved SIM card resource.
The method of obtaining User Identity in the embodiment of the present invention, can realize by User Identity center, and the card terminal that has that is provided with subscriber identification module in above-described embodiment is user identity identification center, without card terminal, is subscriber equipment.As shown in Figure 2, be the User Identity center networking schematic diagram in the embodiment of the present invention.Wherein, User Identity center and subscriber equipment form local area network (LAN), can pass through wired connection, also can pass through wireless WIFI (Wireless Fidelity, Wireless Fidelity) and connect.A SIM card is carried at User Identity center, and subscriber equipment can be without card terminal.User Identity center and subscriber equipment in local area network (LAN) can be accessed mutually.During each user equipment access business, need to arrive User Identity center and obtain User Identity.This local area network (LAN) can be connected with external network by a wired or wireless gateway device.
Particularly; User Identity center is mainly used according to the KI of SIM card storage; and from device id and traffic ID without card terminal; generate with this without User Identity corresponding to card terminal; to this, without the business in card terminal, provide this User Identity, and carry out equipment identities authentication management, service authority authentication management, User Identity management and user identity integrity protection.Wherein, device authentication management is mainly that the equipment of access user identify label administrative center is verified, guarantees that it is legal equipment, only has legal equipment to obtain User Identity from User Identity center; Service authority authentication management is that the service authority that will access user authenticates, and only has the legal business of legal device access just can obtain correct User Identity; User Identity management refers to dispatch user identify label when User Identity center is legal terminal access legitimate traffic, terminal removes the User Identity with obtaining from User Identity center to access service platform, business platform, for the legitimacy of identifying user identity, will be confirmed User Identity; User Identity integrity protection refers to that business platform is for the legitimacy of authentication of users; the request of user identification confirmation will be sent to terminal; terminal receives that this request is forwarded to User Identity center afterwards and carries out user identity integrity protection; terminal is returned to the User Identity after integrity protection in User Identity center, and terminal utilization is through the User Identity access service of integrity protection.
Legitimacy for checking access device, User Identity center is to after user equipment registration success, can also adopt the mechanism of credential distribution, by secure network interface or USB interface, device certificate is distributed in subscriber equipment, the subscriber equipment that receives device certificate during to User Identity center requests User Identity, does not need to register again.
Particularly, when utilizing secure network interface discharge device certificate, category-5 cable explicitly can be connected between User Identity center and subscriber equipment, indicate two end points of mandate, express user's authorization; Connect above-mentioned two equipment with category-5 cable after, the explicit mandate button of pressing User Identity center, in User Identity, mind-set subscriber equipment issues device certificate, and subscriber equipment is authorized, after mandate finishes, User Identity center shows Authorization execution result.
When utilizing USB interface distributing certificates, USB flash disk can be inserted in User Identity in the heart, User Identity center writes USB flash disk using temporary key as device certificate, again USB flash disk is inserted in subscriber equipment, the temporary key carrying by USB flash disk authenticates and sets up encryption channel mutually, utilize this encryption channel, realize the mandate to subscriber equipment.
As shown in Figure 3, User Identity division center schematic diagram in the embodiment of the present invention, comprises sending/receiving module, terminal authentication module, service identification module, business identity identification module, SIM card operational module, credential distribution module and authentication information database.Wherein, sending module is for receiving from Ethernet the service-user identify label request that other-end is initiated; Terminal authentication module utilizes the authentication information in authentication information database to carry out legitimate verification to initiating the terminal of request, if the request that legal terminal is initiated, enter service identification module and extract service identification, then service identification is delivered to SIM card operational module; Business identity identification module carries out integrity protection according to SIM card information to the user profile of access specified services, then this User Identity is returned to terminal by sending module; Credential distribution module, for to other-end discharge device certificate, can be distributed by network interface, also can distribute by USB interface.
Below in conjunction with above-mentioned application scenarios, the method for obtaining User Identity in the embodiment of the present invention is carried out to detailed, concrete description.
As shown in Figure 4, for obtaining User Identity flow chart in embodiment of the present invention application scenarios, specifically comprise the following steps:
Step 401, User Identity center and subscriber equipment carry out facility registration.
Particularly, User Identity center receives the facility registration request from subscriber equipment, according to this facility registration request, subscriber equipment is registered.After to user equipment registration success, User Identity center can also issue device certificate to this subscriber equipment, and subscriber equipment can use this device certificate access user identify label center.
Step 402, subscriber equipment sends user identity request to User Identity center.
Particularly, when certain terminal in local area network (LAN) is wanted access service platform, first to, to User Identity center requests User Identity, to User Identity center, send user identity request, Portable device ID and traffic ID in this user identity request.
Step 403, equipment identities authentication and service authority authentication are carried out to subscriber equipment in User Identity center.
Particularly, User Identity center is carried out equipment identities authentication according to device id to subscriber equipment, according to traffic ID, subscriber equipment is carried out to service authority authentication.
Step 404, in User Identity, mind-set subscriber equipment returns to user identity request response.
Particularly, when equipment identities authentication and service authority authenticate while all passing through, User Identity center is according to the KI in the data of device id, traffic ID and SIM card storage, generate User Identity, and return to the user identity request response of carrying this User Identity to subscriber equipment; Otherwise, the user identity request of User Identity center refusal subscriber equipment.
Step 405, subscriber equipment sends service request to business platform.
Wherein, in service request, carry User Identity and traffic ID.
Step 406, business platform is verified User Identity.
Step 407, business platform sends subscriber authentication request to subscriber equipment.
Wherein, in subscriber authentication request, carry authorization information Nonce.
Step 408, subscriber equipment sends subscriber authentication request to User Identity center.
Wherein, Portable device ID, traffic ID, User Identity and authorization information Nonce (random number) in subscriber authentication request.
Step 409, equipment identities authentication and service authority authentication are carried out to subscriber equipment in User Identity center, and after being verified, according to authorization information, User Identity are carried out to integrity protection.
Particularly, User Identity center is carried out equipment identities authentication according to device id to subscriber equipment, according to traffic ID, subscriber equipment is carried out to service authority authentication.When equipment identities authentication and service authority authenticate while all passing through; User Identity center can utilize MD (Message-Digest Algorithm; md5-challenge) 5; according to the authorization information Nonce in business cipher key and subscriber authentication request, obtain the User Identity after integrity protection, i.e. the summary result of User Identity.Wherein, business cipher key is to derive from and obtain according to the KI of storing in the SIM card at User Identity center, can be pre-stored in the SIM card at User Identity center, also can after receiving subscriber authentication request, generate.
Step 410, User Identity center returns to subscriber equipment by the User Identity after integrity protection.
Step 411, subscriber equipment sends service request to business platform.
Wherein, in service request, carry the User Identity after traffic ID and integrity protection.
Step 412, business platform returns to service request response to subscriber equipment.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
The embodiment of the present invention provides the methods and applications scene of obtaining User Identity in the above-described embodiment, and correspondingly, the embodiment of the present invention also provides above-mentioned device and the system of obtaining the method for User Identity of applying.
As shown in Figure 5, a kind of apparatus structure schematic diagram that obtains User Identity in the embodiment of the present invention, comprising:
Receiver module 510, for receiving user identity request.
Subscriber identification module 520, for generating the User Identity corresponding with described user identity request.
Sending module 530, the User Identity generating for sending subscriber identification module 520.
The embodiment of the present invention for providing User Identity without card terminal, can provide effective User Identity by ethernet switch technology for a plurality of equipment, has reduced the cost of equipment, has saved SIM card resource.
As shown in Figure 6, a kind of apparatus structure schematic diagram that obtains User Identity in embodiment of the present invention application scenarios, comprising:
Receiver module 610, for receiving user identity request.
Wherein, above-mentioned user identity request is by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal.
Above-mentioned receiver module 610, also, for receiving from the described subscriber authentication request without card terminal, described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes.
Subscriber identification module 620, for generating the User Identity corresponding with described user identity request.
Above-mentioned subscriber identification module 620, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
Acquisition module 630, for obtaining the result to described User Identity according to described User Identity and described authorization information.
Particularly, above-mentioned acquisition module 630, specifically for calculate the summary result of described User Identity according to described User Identity and described authorization information, and using described summary result as described the result.
Wherein, also Portable device ID and traffic ID of above-mentioned subscriber authentication request;
Above-mentioned acquisition module 630, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
Sending module 640, the User Identity generating for sending subscriber identification module 620.
Above-mentioned sending module 640, also for issuing temporary key to described without card terminal so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
Above-mentioned sending module 640, also returns to described without card terminal for the result that acquisition module 630 is obtained.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
As shown in Figure 7, a kind of system configuration schematic diagram that obtains User Identity in the embodiment of the present invention, comprising:
There is card terminal 710, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity.
Without card terminal 720, subscriber identification module is not set, for to there being card terminal 710 to send user identity requests, and the User Identity that has card terminal to return described in reception.
Above-mentioned have a card terminal 710, also for to issuing temporary key without card terminal 720.
Correspondingly, above-mentioned without card terminal 720, also for before sending described user identity request, use described temporary key to be connected with there being card terminal 710 foundation safety.
Above-mentioned without card terminal 720, also for send the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; The subscriber authentication request of carrying described User Identity and described authorization information has been sent to card terminal 710, and reception has the result of 710 pairs of described User Identity of card terminal, described the result is sent to described business platform, so that described business platform is verified described User Identity according to described the result.
Correspondingly, above-mentioned have a card terminal 710, also for obtaining the result to described User Identity according to described User Identity and described authorization information, and described the result returned to described without card terminal.
The embodiment of the present invention is blocked terminal by ethernet switch technology for nothing to be provided User Identity and carries out authentication, can provide effective User Identity for a plurality of equipment, reduced the cost of equipment, saved SIM card resource, improved ARPU value, be convenient to the deployment of terminal equipment, can make can access without card terminal the business that mobile operator carries out, and utilize User Identity center to carry out User Identity and service authentication; In addition,, due to the User Identity center dispatch user identify label based on unified, be convenient to operator business is carried out to unified certification and management.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that the technical scheme of the embodiment of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, do not departing under the prerequisite of embodiment of the present invention principle; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
It will be appreciated by those skilled in the art that the module in the device in embodiment can be distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from the present embodiment.The module of above-described embodiment can be integrated in one, and also can separatedly dispose; A module can be merged into, also a plurality of submodules can be further split into.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Disclosed is above only several specific embodiment of the present invention, and still, the present invention is not limited thereto, and the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.

Claims (13)

1. a method of obtaining User Identity, is characterized in that, comprising:
The terminal that is provided with subscriber identification module receives user identity request; The described terminal that is provided with subscriber identification module is as there being card terminal;
Described have card terminal to generate the User Identity corresponding with described user identity request, and send described User Identity;
Wherein, described in, there is user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
The described method that has card terminal to generate the User Identity corresponding with described user identity request specifically comprises:
Described have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID;
After the authentication of described equipment identities and described service authority authenticate and pass through, described in have card terminal to generate described User Identity according to the KI of storing in described device id, described traffic ID and described subscriber identification module.
2. the method for claim 1, is characterized in that, described without card terminal to before having the request of card terminal transmission user identity, also comprise:
Described have card terminal without card terminal, to issue temporary key to described so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
3. method as claimed in claim 1 or 2, is characterized in that, described method also comprises:
Described service request of carrying described User Identity to business platform transmission without card terminal;
The described subscriber authentication request from described business platform without the reception of card terminal, in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal;
Described have card terminal to obtain the result to described User Identity according to described User Identity and described authorization information, and described the result is returned to described without card terminal;
Described nothing card terminal sends to described business platform by described the result, so that described business platform is verified described User Identity according to described the result.
4. method as claimed in claim 3, is characterized in that, described in have card terminal to obtain the method to the result of described User Identity according to described User Identity and described authorization information, specifically comprise:
Described have card terminal according to described User Identity and described authorization information, to calculate the summary result of described User Identity, and using described summary result as described the result.
5. method as claimed in claim 4, is characterized in that, described in carry User Identity and described authorization information subscriber authentication request also Portable device ID and traffic ID;
The described summary result that has card terminal to calculate described User Identity according to described User Identity and described authorization information specifically comprises:
Described have card terminal to described, without card terminal, to carry out equipment identities authentication and service authority authentication according to described device id and described traffic ID;
After the authentication of described equipment identities and described service authority authenticate and pass through, described have card terminal according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, uses message digest algorithm to calculate the summary result of described User Identity.
6. a device that obtains User Identity, is characterized in that, comprising:
Receiver module, for receiving user identity request;
Subscriber identification module, for generating the User Identity corresponding with described user identity request;
Sending module, the User Identity generating for sending described subscriber identification module;
Wherein, described user identity request is by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
Described subscriber identification module, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
7. device as claimed in claim 6, is characterized in that,
Described sending module, also for issuing temporary key to described without card terminal so that described without card terminal before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
8. the device as described in claim 6 or 7, is characterized in that,
Described receiver module, also, for receiving from the described subscriber authentication request without card terminal, described User Identity is carried in described subscriber authentication request and business platform is the authorization information that described User Identity distributes;
Described device, also comprises:
Acquisition module, for obtaining the result to described User Identity according to described User Identity and described authorization information;
Described sending module, also described without card terminal for described the result is returned to.
9. device as claimed in claim 8, is characterized in that,
Described acquisition module, specifically for calculate the summary result of described User Identity according to described User Identity and described authorization information, and using described summary result as described the result.
10. device as claimed in claim 9, is characterized in that, described subscriber authentication request is Portable device ID and traffic ID also;
Described acquisition module, specifically for carrying out equipment identities authentication and service authority authentication to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the business cipher key of storing in described authorization information, described User Identity and described subscriber identification module, use message digest algorithm to calculate the summary result of described User Identity.
11. 1 kinds of systems of obtaining User Identity, is characterized in that, comprising:
There is card terminal, be provided with subscriber identification module, for receiving user identity request, generate the User Identity corresponding with described user identity request, and send described User Identity;
Without card terminal, subscriber identification module is not set, for having card terminal to send user identity request to described, and the User Identity that has card terminal to return described in receiving;
Wherein, described in, there is user identity request that card terminal receives by sending without card terminal of subscriber identification module is not set; In described user identity request, carry described device identification ID and traffic ID without card terminal;
Described have a card terminal, specifically for carrying out equipment identities authentication and service authority authenticate to described without card terminal according to described device id and described traffic ID; After the authentication of described equipment identities and described service authority authenticate and pass through, according to the KI of storing in described device id, described traffic ID and described subscriber identification module, generate described User Identity.
12. systems as claimed in claim 11, is characterized in that,
Described have a card terminal, also for issuing temporary key to described without card terminal;
Described without card terminal, also for before sending described user identity request, use described temporary key with described in have the foundation of card terminal to be connected safely.
13. systems as described in claim 11 or 12, is characterized in that,
Described without card terminal, also for send the service request of carrying described User Identity to business platform; Reception is from the subscriber authentication request of described business platform, and in described subscriber authentication request, carrying described business platform is the authorization information that described User Identity distributes; Described in being sent to, the subscriber authentication request of carrying described User Identity and described authorization information has card terminal, and there is the result of card terminal to described User Identity described in receiving, described the result is sent to described business platform, so that described business platform is verified described User Identity according to described the result;
Described have a card terminal, also for obtaining the result to described User Identity according to described User Identity and described authorization information, and described the result returned to described without card terminal.
CN201010109136.8A 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier Expired - Fee Related CN102149079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010109136.8A CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010109136.8A CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Publications (2)

Publication Number Publication Date
CN102149079A CN102149079A (en) 2011-08-10
CN102149079B true CN102149079B (en) 2014-01-29

Family

ID=44423017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010109136.8A Expired - Fee Related CN102149079B (en) 2010-02-08 2010-02-08 Method, device and system for obtaining user identity identifier

Country Status (1)

Country Link
CN (1) CN102149079B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024735B (en) * 2011-09-26 2015-07-01 中国移动通信集团公司 Method and equipment for service access of card-free terminal
CN102802156B (en) * 2012-08-31 2015-11-04 魅族科技(中国)有限公司 A kind of method for authenticating and relevant device
CN103916516B (en) * 2012-12-30 2018-04-27 联想(北京)有限公司 A kind of data processing method and equipment
CN103973648B (en) * 2013-01-31 2017-12-26 深圳开拓者科技有限公司 Application data method for pushing, apparatus and system
CN107465688B (en) * 2017-09-04 2020-09-11 广西电网有限责任公司电力科学研究院 Method for identifying network application permission of state monitoring and evaluating system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101563943A (en) * 2006-10-03 2009-10-21 施克莱无线公司 Method and apparatus for sharing cellular account subscription among multiple devices

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040042442A1 (en) * 2002-08-29 2004-03-04 Pecen Mark E. Methods and apparatus for simultaneous independent voice and data services using a remote subscriber identity module (SIM)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101563943A (en) * 2006-10-03 2009-10-21 施克莱无线公司 Method and apparatus for sharing cellular account subscription among multiple devices
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices

Also Published As

Publication number Publication date
CN102149079A (en) 2011-08-10

Similar Documents

Publication Publication Date Title
CN109451446B (en) Number portability method, device and equipment
CN102017577B (en) Authenticating a wireless device in a visited network
US7565142B2 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
US9031541B2 (en) Method for transmitting information stored in a tamper-resistant module
CN101610241B (en) Method, system and device for authenticating binding
KR101243713B1 (en) Wireless lan access point and method for accessing wireless lan
EP2215747B1 (en) Method and devices for enhanced manageability in wireless data communication systems
CN1209939A (en) Management of authentication keys in mobile communication system
CN103746983A (en) Access authentication method and authentication server
CN101150857A (en) Certificate based authentication authorization accounting scheme for loose coupling interworking
CN102056077B (en) Method and device for applying smart card by key
US20100151822A1 (en) Security Protocols for Mobile Operator Networks
CN102421098A (en) User authentication method, device and system
CN101163003A (en) System and method for authenticating network for terminal when SIM card use UMTS terminal and UMTS system
CN101102186A (en) Method for implementing general authentication framework service push
JP2008042862A (en) Wireless lan communication system, method thereof and program
CN102149079B (en) Method, device and system for obtaining user identity identifier
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN102421097A (en) User authorization method, device and system
CN103796151A (en) Advertisement content pushing method and system
CN102984335A (en) Identity authentication method, equipment and system for making fixed-line call
CN103517339A (en) System for realizing data traffic shunting by WLAN, equipment and method
CN103607706A (en) NFC-technology based conversation method, NFC terminal and far-end server
KR20080093449A (en) Gsm authentication in a cdma network
WO2006079953A1 (en) Authentication method and device for use in wireless communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140129

CF01 Termination of patent right due to non-payment of annual fee