CN103841558A - Terminal authentication method and system and mobile communication terminal - Google Patents
Terminal authentication method and system and mobile communication terminal Download PDFInfo
- Publication number
- CN103841558A CN103841558A CN201210488227.6A CN201210488227A CN103841558A CN 103841558 A CN103841558 A CN 103841558A CN 201210488227 A CN201210488227 A CN 201210488227A CN 103841558 A CN103841558 A CN 103841558A
- Authority
- CN
- China
- Prior art keywords
- terminal
- identification information
- identification
- module
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a terminal authentication method and system and a mobile communication terminal. The method comprises enabling a first terminal utilizing an SIM/USIM card and a second terminal utilizing a USIM card capable of accessing an LTE communication system to be connected through an interface. The method comprises when the first terminal needs to be accessed to the LTE communication system, a network side receiving an authentication request, including first identification information and second identification information, sent by a terminal side, wherein the first identification information is used for indentifying identity information of the first terminal uniquely; and the second identification information is used for indentifying identity information of the second terminal uniquely; determining whether the first terminal and the second terminal are correlated according to the obtained authentication request and preset correlation identification; and performing authentication processing of accessing the LTE communication system on the second terminal according to the judgment results. Therefore, under the condition of not making any change on the terminal, the terminal can access the LTE communication system at will.
Description
Technical field
The present invention relates to wireless device technology field, especially relate to a kind of terminal authentication method, system and mobile communication terminal.
Background technology
At present, at Time Division-Synchronous Code Division Multiple Access (TD-SCDMA, Time Division-Synchronous CodeDivision Multiple Access) in system, introduce and do not changed card principle, even the user in TD-SCDMA system continues user's identification module (SIM, Subscriber Identity Module) card, and be not replaced by USIM (USIM, Universal SubscriberIdentity Module) card, like this, be convenient to user from two Generation Mobile Communication Systems (as, GSM, Global System of Mobilecommunication) smooth upgrade to 3 g mobile communication system (as, TD-SCDMA system), reduce unnecessary operation, obtain good effect.
And from 3 g mobile communication system to Long Term Evolution (LTE, Long Term Evolution) in system upgrade process, LTE system will not supported SIM card, only support usim card, and in authentication, in employing and three generations's communication system, use the diverse authentication mode of terminal of usim card, it is four-tuple authentication mode, operate for the ease of user, still wish to introduce and do not change card principle, but, the authentication of two Generation Mobile Communication Systems, 3 g mobile communication system and LTE-SAE system, encryption system incomplete same.Wherein, for terminal, in two generation communication systems, authentication process carries out between network equipment and SIM card, and the authentication time is generally in the time that terminal registration networks and call out.As shown in Figure 1, two generation terminal in communication system authentication main process as follows:
Step 11, in two generation communication systems, when authentication starts, terminal sends authentication request to network side, and request network side returns to authentication request vector AV.
Wherein, terminal is carried international mobile subscriber identity (IMSI, the International Mobile SubscriberIdentification Number) information of self in authentication request.
Step 12, network side produces the random parameter RAND of 128 bits, sends terminal to through wireless channel (control channel).
Step 13, the SIM card in terminal, according to key K i and algorithm A3 in card, calculates answer signal SRES to the random parameter RAND receiving, and result is beamed back to network side.
Step 14, the answer signal that network side is sent according to the terminal that receives, finds out the key K i of this terminal in AUC, calculate an answer signal SRES with identical random parameter RAND and algorithm A3.
Step 15, the answer signal SRES that network side is sent the answer signal SERS calculating and the terminal received compares, and judge that whether result is relatively consistent, if judged result is yes, definite this terminal authentication passes through.Otherwise, failed authentication.
Step 16, feeds back to terminal by network side by authenticating result.
In above-mentioned two generation communication systems, can not directly be applied in LTE communication system the authentication mode of terminal, according to agreement regulation, in order to strengthen the fail safe of LTE communication system, LTE communication system is not supported SIM card, only supports usim card.For usim card, add stricter security mechanism (for example adopting the mode of four-tuple authentication), in authentication process, terminal, except receiving the random parameter RAND that network side issues, also can receive the AUTN that network side issues, and terminal is after passing through these two Verifications, returning to response message RES to network side verifies, to complete authentication, after authentication is passed through, terminal access LTE communication system.
Due to two generation communication system, three generations's communication system and LTE communication system in, authentication mode to accessing terminal to network is different, and two generation communication system and LTE communication system in accessing terminal to network is carried out to the mode of authentication, all carry out for stand-alone terminal, want to access LTE communication system if use the terminal of SIM card, need to change terminal, in prior art, also do not provide a solution, realize in the situation that terminal " do not change card, the not number of changing, do not change planes " access LTE communication system or other two generations, three generations's communication system.
Summary of the invention
The embodiment of the present invention provides a kind of terminal authentication method, system and mobile communication terminal, realizes in the situation that terminal not being done to any variation, can access arbitrarily LTE communication system.
The first terminal that a kind of terminal authentication method user identifies SIM card or common user identification usim card is connected by interface with the second terminal that uses the common user identification usim card that can access Long Term Evolution LTE communication system, first terminal comprises: in the time that need to access LTE communication system, network side receives the authentication request that comprises the first identification information and the second identification information that the second terminal is sent, wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal; According to the authentication request obtaining, determine the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system.
A kind of terminal authentication system, comprise: end side and network side, end side comprises that user identifies the first terminal and the second terminal that uses the USIM usim card that can access Long Term Evolution LTE communication system of SIM card or common user identification usim card, first terminal is connected by interface with the second terminal, wherein: described first terminal, for initiating to access the access request of LTE communication system; Described the second terminal, for obtaining the first identification information and the second identification information of self, build authentication request according to the first identification information obtaining and the second identification information, and described authentication request is sent to network side, wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal; Described network side, for according to the authentication request obtaining, determines the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system.
A kind of mobile communication terminal, comprise: for provide to portable handheld terminal transmission channel interface module, store the memory module of the driver of described mobile communication terminal, communication module and the authentication module that comprises common user identification usim card circuit, the interface type of described interface module is one or more in micro USB, miniUSB, 30 needle interfaces and 8 needle interfaces, wherein: described interface module, be connected with authentication module with described memory module, described communication module, the described driver of memory module storage is sent to portable handheld terminal; And data between transmission portable handheld terminal and memory module; And the signal from described communication module is sent to portable handheld terminal; And the signal from portable handheld terminal receiving is sent to described communication module; Described authentication module, be connected with communication module with described interface module, in the time that the portable handheld terminal being connected with described mobile communication equipment need to access LTE communication system, obtain the first identification information and the second identification information, and build authentication request according to the first identification information obtaining and the second identification information, and send to network side by communication module, and receive the network side authenticating result that forwarded by communication module, wherein, network side, according to the authentication request obtaining, is determined the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system, described the first identification information is for the identity information of unique identification portable handheld terminal, and the second identification information is for the identity information of unique identification mobile communication terminal; Described communication module, is connected with described authentication module, carry out, after Base-Band Processing, being transferred to interface module, and the signal of the portable handheld terminal that described interface module is received carries out, after Base-Band Processing, sending to described base station for the signal that base station is sent.
Adopt technique scheme, by by use SIM card first terminal (wherein, this terminal can be the 3G terminal of supporting usim card) be connected by interface with the second terminal that uses the usim card that can access LTE communication system, in the time that first terminal need to access LTE communication system, network side is according to the authentication request of the identification information that includes first terminal and the second terminal receiving, build request authentication vector, then according to the request authentication vector building and the association identification setting in advance, determine that whether first terminal is associated with the second terminal, according to judged result, the second terminal is accessed to the authentication process of LTE communication system.Thereby realize in the situation that terminal " do not change card, the not number of changing, do not change planes " access LTE communication system or other two generations, three generations's communication system.
Accompanying drawing explanation
Fig. 1 is in prior art, in proposition two generations communication system, uses the terminal authentication method schematic flow sheet of SIM card;
Fig. 2 is in the embodiment of the present invention one, the method for authenticating flow chart of proposition;
Fig. 3 is in the embodiment of the present invention one, proposition the second terminal is accessed to LTE communication system method for authenticating flow chart;
Fig. 4 is in the embodiment of the present invention two, the mobile communication terminal structure composition schematic diagram of proposition;
Fig. 5 is in the embodiment of the present invention two, the schematic diagram of the mobile communication terminal transceiver network information of proposition;
Fig. 6 is in the embodiment of the present invention three, the method for authenticating flow chart of proposition.
Embodiment
For also not proposing a kind of technical scheme in prior art, realize terminal and " do not change card, the not number of changing, do not change planes " situation under, access LTE communication system, the technical scheme that the embodiment of the present invention proposes here, by by use SIM card first terminal (wherein, this terminal can be the 3G terminal of supporting usim card) be connected by interface with the second terminal that uses the usim card that can access LTE communication system, in the time that first terminal need to access LTE communication system, network side is according to the authentication request of the identification information that includes first terminal and the second terminal receiving, determine that whether first terminal is associated with the second terminal, according to judged result, the second terminal is accessed to the authentication process of LTE communication system.Thereby realize in the situation that terminal " do not change card, the not number of changing, do not change planes " access LTE communication system or other two generations, three generations's communication system.
Below in conjunction with each accompanying drawing, embodiment of the present invention technical scheme main realized to principle, embodiment and the beneficial effect that should be able to reach is at length set forth.
Embodiment mono-
For guarantee to use the terminal of SIM card in the not number of changing, do not change on the basis of card, also can access in LTE communication system, the Internet resources that use LTE communication system to provide, in the technical scheme that the embodiment of the present invention proposes here, terminal by external use USIM is connected with the terminal that uses SIM card, realizes and uses the terminal of SIM card to access smoothly LTE communication system.For ease of distinguishing, in the terminal authentication scheme that the embodiment of the present invention one proposes here, the terminal that uses SIM card is referred to as to first terminal (wherein, this terminal can be the 3G terminal of support usim card), the terminal that uses USIM is referred to as to the second terminal, use SIM card or use the first terminal that can access three generations's communication system usim card to be connected by interface with the second terminal that uses the usim card that can access LTE communication system, in the authentication scheme that embodiment of the present invention proposes here, in the time that first terminal need to access LTE communication system, need to work in coordination with authentication to first terminal and the second terminal, as shown in Figure 2, its concrete handling process is as following:
Wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal.Particularly, it is the IMSI information of first terminal that the first identification information can be, but not limited to, or the International Mobile Equipment Identity code (IMEI of first terminal, InternationalMobile Equipment Identity), it is the IMSI information of the second terminal that the second identification information can be, but not limited to, or the IMEI information of the second terminal.
One is implementation preferably, the embodiment of the present invention one IMSI information that the first identification information is first terminal here, and the second identification information is the IMSI information of the second terminal.
Particularly, the second terminal obtains the first identification information, and the second identification information of self, according to the first identification information and the second identification information that obtain, builds authentication request and sends to network side.
Wherein, in LTE communication system, the authentication of terminal is being added to stricter security mechanism, therefore, alternatively, network side is receiving after authentication request, also needs to build request authentication vector.
Particularly, obtain the first identification information and the second identification information that in authentication request, comprise, and add for service network identification (SN ID, the Serve Network Identity) information to access network authentication, form request authentication vector.
Wherein, the first identification information comprising in obtaining in authentication request, then according to the first identification information obtaining, in the corresponding relation of pre-stored identification information and association identification, determine that whether the association identification that described the first identification information is corresponding is effective, if described association identification is effective, determine that described first terminal is associated with the second terminal, if described association identification is invalid, determine that described first terminal is not associated with the second terminal.Preferably, for adapting to strict authentication mechanism in LTE communication system, network side can obtain the first identification information and the second identification information in request authentication vector.
Particularly, first terminal is associated with the second terminal, refers to whether first terminal needs to bind with the SIM card of first terminal, if need binding, first terminal is associated with the second terminal, otherwise first terminal is not associated with the second terminal.Association identification can identify with Correlation_Flag, and in the time of Correlation_Flag=1, this association identification is effectively, otherwise, in the time of Correlation_Flag=0, represent that this association identification is invalid.
Particularly, in the time setting in advance association identification corresponding to the first identification information in server, according to the first identification information of determining, further determine whether association identification Correlation_Flag corresponding to the first identification information equals 1, if Correlation_Flag=1, determines that association identification is effective.
If first terminal and the second terminal are associated, according to the corresponding relation between pre-stored the first identification information and the second identification information, determine that whether described association is correct, if, according to the identity information of the second terminal, described the second terminal is accessed to the authentication process of LTE communication system, otherwise, described the second terminal is not accessed the authentication process of LTE communication system.If first terminal is not associated with the second terminal, described the second terminal is accessed the authentication process of LTE communication system.
Wherein, network side accesses the authentication process process of LTE communication system to the second terminal, and as shown in Figure 3, the network element device that network side mainly comprises has the network element devices such as HSS, MME, base station, and its concrete processing procedure is as follows:
Step 31, the second terminal sends the authentication request that comprises the second identification information to base station, and request network side returns to authentication request vector AV.Base station, receiving after the authentication request that the second terminal sends, is pass-through to MME by authentication request, and MME adds SN ID in authentication request, generates key K for network side
aSME.
Step 32, the authentication request of adding SN ID is sent to HSS network element by MME, and HSS, after receiving the authentication request that MME sends, generates one group of authentication vector, and authentication vector is sent to MME.
Wherein, authentication vector comprises random parameter RAND, and the desired value RES that network authentication usim card is required carries the AUTN of LTE access indication and the intermediate key K generating according to CK, IK
aSME.
Step 33, MME receives after the authentication vector that HSS sends, and through wireless channel, sends authentication random number RAND and AUTN to terminal, also comprises for identifying key K simultaneously
aSMEkSI
aSME;
Step 34, terminal is LTE access indication, and RAND and AUTN information are sent to USIM;
Step 35, the AMF field in usim card checking AUTN, after being verified, usim card calculates RES, KC and IK and feeds back to terminal;
Step 36, terminal is according to KC and IK calculating K
aSME, for the subscription authentication of end side;
Step 37, after end side subscription authentication is passed through, end side return network side response message RES;
Step 38, network side is verified RES after receiving response message RES, after checking RES is correct, by network side authentication, completes the bi-directional authentification flow process of LTE.
It should be noted that, in above-mentioned steps 31 ~ step 38, the second terminal access LTE network is carried out to the method for authentication, identical with the authentication mode of terminal access LTE communication network in prior art, repeat no more here.
Alternatively, after above-mentioned steps 24, can also comprise:
After the authentication success that described the second terminal is accessed to LTE communication system, first terminal can access LTE communication system, and the second terminal receives the wireless signal in LTE communication system, and carries out sending to first terminal after Base-Band Processing; And second terminal receive the baseband signal sent of first terminal, and after changing, send to LTE communication system.
Correspondingly, the embodiment of the present invention one proposes a kind of terminal authentication system here, comprise: end side and network side, end side comprise use SIM card first terminal (wherein, this terminal can be also to support the 3G terminal of usim card) and use can access the second terminal of the usim card of LTE communication system, first terminal is connected by interface with the second terminal, wherein:
Described first terminal, for initiating to access the access request of LTE communication system.
Described the second terminal, for obtaining the first identification information and the second identification information of self, build authentication request according to the first identification information obtaining and the second identification information, and described authentication request is sent to network side, wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal.
Particularly, above-mentioned the second terminal, also, in the time that first terminal initiates to access the access request of LTE communication system, obtains the first identification information.
Described network side, for according to the authentication request obtaining, determines the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system.
Particularly, above-mentioned network side, if be associated specifically for first terminal and the second terminal,, according to the corresponding relation between pre-stored the first identification information and the second identification information, determine that whether described association is correct, if, according to the identity information of the second terminal, described the second terminal is accessed to the authentication process of LTE communication system, otherwise, described the second terminal is not accessed the authentication process of LTE communication system; If first terminal is not associated with the second terminal, described the second terminal is accessed the authentication process of LTE communication system.
Particularly, above-mentioned network side, specifically for obtaining the first identification information comprising in authentication request; According to the first identification information obtaining, in the corresponding relation of pre-stored identification information and association identification, determine that whether the association identification that described the first identification information is corresponding is effective; If described association identification is effective, determine that described first terminal is associated with the second terminal; If described association identification is invalid, determine that described first terminal is not associated with the second terminal.
Embodiment bis-
LTE, as unique evolution technology of future generation of various 3G standards, be the inevitable direction of mobile communications network development, but user will enjoy the service of LTE network, must change terminal.LTE terminal Main Morphology comprises data card, mobile phone, CPE, MiFi etc. at present.Wherein, data card is mainly used in notebook computer, desktop computer etc., be connected with notebook computer, desktop computer etc. by generic USB interface, as the external LTE communication module (being a kind of wireless network card with LTE communication module) of the said equipment, the network of realizing notebook computer, desktop computer etc. connects.Customer terminal equipment (CPE, Customer PremiseEquipment) is a kind of the LTE signal receiving to be converted into WiFi signal, for user provides the terminal of service, disposing this terminal area, the access device that user uses, as long as support WiFi, can use LTE network.MiFi is a portable wideband wireless device, and this terminal is converted into the LTE signal receiving equally WiFi signal and provides service for user, difference be this terminal volume little, from charged pool, carry convenient.Mobile phone is one of modal communication terminal form, and its built-in LTE communication module, can directly be used LTE network.
In current mobile network, be personal hand-held Terminal Type (as mobile phone etc.) by the most generally accepted terminal form of user, and along with the develop rapidly of chip for cell phone, the development of smart mobile phone is at present rapid, performance rapidly promotes, with the performance convergence gradually of the terminals such as ordinary individual's computer.Therefore, the embodiment of the present invention two also proposes a kind of mobile communication terminal (being above-mentioned the second terminal) here, as shown in Figure 4, comprise: for providing the interface module 401 of transmission channel, the memory module 402 of storing the driver of described mobile communication terminal, the communication module 403 that comprises usim card circuit and authentication module 404 to portable handheld terminal (being above-mentioned first terminal), the interface type of described interface module 401 is one or more in micro USB, mini USB, 30 needle interfaces and 8 needle interfaces, and the major function of each functional entity is described below:
Described interface module 401, as the Peripheral Interface of this mobile communication terminal, matches with the interface of portable handheld terminal, for providing transmission channel to portable handheld terminal.Mobile communication terminal can be realized with portable handheld terminal (as mobile phone or Pad etc.) and being connected by this interface module 401, thereby realizes the mutual of signaling between this mobile communication terminal and portable handheld terminal, data; In addition, portable handheld terminal can be also mobile communication terminal power supply by this interface module 401.This interface module 401 can be one or more in micro USB, mini USB, 30 needle interfaces and 8 needle interfaces, specifically determine according to the interface of the portable handheld terminal of need access, so that this mobile communication terminal can access all kinds of portable handheld terminals.
Wherein, interface module 401 is connected with described memory module 402, described communication module 403 and authentication module 404 respectively, and the described driver that memory module 402 is stored sends to portable handheld terminal; And data between transmission portable handheld terminal and memory module 402; And will send to portable handheld terminal from the signal of described communication module 403; And the signal from portable handheld terminal receiving is sent to described communication module 403.
Store the memory module 402 of the driver of this mobile communication terminal, after being connected with portable handheld terminal when interface module 401, by interface module 401, driver is installed in portable handheld terminal.Concrete installation process is: after portable handheld terminal detects and is connected with mobile communication terminal, this mobile communication terminal automatic or passive (such as being operated by user) reads driver from memory module 402, and this driver is arranged on portable handheld terminal; Meanwhile, memory module 402 also can be used as the storage area of this portable handheld terminal, the related data of storage portable handheld terminal.
Described communication module 403, be connected with described authentication module 404, carry out, after Base-Band Processing, being transferred to interface module for the signal that base station is sent, and the signal of the portable handheld terminal that described interface module is received carries out, after Base-Band Processing, sending to described base station.
Particularly, communication module 403, can be for receiving and launch the signal of this mobile communication terminal job network (such as the network of LET network or other standards).And for the treatment of the signal (comprising the work such as demodulation, descrambling, despreading and the decoding of wireless signal) of this mobile communication terminal job network, realize the Base-Band Processing functions such as network service.Communication module 403 carries out the radiofrequency signal of reception after Base-Band Processing, to be transferred to interface module 401, and the signal of the portable handheld terminal that interface module 401 is received carries out, after Base-Band Processing, sending to base station.
Wherein, this communication module 403 comprises usim card circuit, can be provided with usim card, for the authentication before access network, and access network after authentication success.This usim card can maybe can plug usim card for built-in usim card.
Described authentication module 404, be connected with communication module 403 with described interface module 401, in the time that the portable handheld terminal being connected with described mobile communication equipment need to access LTE communication system, obtain the first identification information and the second identification information, and build authentication request according to the first identification information obtaining and the second identification information, and send to network side by communication module, and receive the network side authenticating result that forwarded by communication module, wherein, network side is according to the authentication request obtaining, determine the first identification information and the second identification information that in described authentication request, comprise, according to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal, according to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system, described the first identification information is for the identity information of unique identification portable handheld terminal, and the second identification information is for the identity information of unique identification mobile communication terminal.
Optionally, this mobile communication terminal can also comprise: electric supply installation 405, be connected with memory module 402, communication module 403 respectively, and be used to memory module 402, communication module 403 to power, can adopt the mode of reserved charging inlet or the mode from charged pool.
Optionally, this mobile communication terminal can also comprise: switch element 406, and for connection interface module 401 and memory module 402, and interface module 401 and communication module 403, between control interface module 401 and memory module 402, be communicated with or disconnect; And be communicated with or disconnect between control interface module 401 and communication module 403.When between these switch element 406 control interface modules 401 and memory module 402, be communicated with and control interface module 401 and communication module 403 between while being communicated with, this mobile communication terminal is started working; In the time disconnecting between disconnection and control interface module 401 and communication module 403 between these switch element 406 control interface modules 401 and memory module 402, this mobile communication terminal quits work.
Optionally, this mobile communication terminal can also comprise:
Optionally, this mobile communication terminal can also comprise:
Network connection state indicating device 408, is connected with communication module 403, according to the state of the access network of usim card in communication module 403, and the network connection state of indication mobile communication terminal.
Wherein, for the ease of carrying, the shape of this mobile communication terminal can be external NIC shape or the shelly that is provided with the spatial accommodation that holds user terminal.
Flow to and treatment mechanism for the signal between above-mentioned each functional entity, as shown in Figure 5, the schematic diagram of a kind of mobile communication terminal transceiver network information providing for the embodiment of the present invention two, under the application scenarios that is mobile phone terminal, specifically comprises at portable handheld terminal:
1, mobile communication terminal is connected with mobile phone terminal by interface module 401.
2, when between switch element 406 control interface modules 401 and memory module 402, be communicated with and control interface module 401 and communication module 403 between while being communicated with, this mobile communication terminal is started working; In the time disconnecting between disconnection and control interface module 401 and communication module 403 between switch element 406 control interface modules 401 and memory module 402, this mobile communication terminal is not worked; Mode indicator 407 is indicated work at present state.
3, mobile phone terminal is this mobile communication terminal power supply by interface module 401; The electric supply installation 405 that can be also this mobile communication terminal is this mobile communication terminal power supply;
4,, after mobile phone terminal detects and is connected with mobile communication terminal, mobile communication terminal is automatic or passively from memory module 402, read driver, and this driver is arranged on mobile phone terminal;
5, authentication module 404 sends authentication request to network side.
6, mobile communication terminal passes through the usim card arranging in authentication module 404, access network after authentication success; Network connection state indicating device 408 is indicated current network connection status;
7,, in information process, this mobile communication terminal is received and is sent the wireless signal of base station by communication module 403;
8, receive the wireless signal before rear or transmission, all carry out Base-Band Processing;
9, mobile phone terminal sends information, delivers to communication module 403 by interface module 401, sends to base station after Base-Band Processing, completes whole communication process.
The embodiment of the present invention two has proposed a kind of novel mobile communication terminal here, portable handheld terminal mainly and in existing network is used in conjunction with, this mobile communication terminal can be connected with portable handheld terminal by this interface module, and then realize the mutual of data, communicating by letter between the base station of the network of realizing portable handheld terminal and himself do not support, and can not be subject to the interference of other networks, thereby make portable handheld terminal and this mobile communication terminal in the time being used in conjunction with, can " not change card, the not number of changing, do not change planes " prerequisite under, use the network of himself not supporting.
Embodiment tri-
On the basis of above-described embodiment one and embodiment bis-, further, the embodiment of the present invention three is described in detail terminal authentication method with an instantiation, wherein, end side comprises mobile communication terminal and the portable handheld terminal that the embodiment of the present invention proposes here, network side comprises the network element devices such as base station, MME and HSS, as shown in Figure 6, comprising:
Step 61, after mobile communication terminal is connected by interface module with portable handheld terminal, mobile phone terminal detects with mobile communication terminal and is connected.Automatic or the passive driver that reads from memory module of mobile communication terminal, and this driver is arranged on to mobile phone terminal by interface module.
Particularly, the embodiment of the present invention three is here take portable handheld terminal as mobile phone as example is described in detail.Mobile communication terminal is connected with mobile phone terminal by interface module.When between switch element control interface module and memory module, be communicated with and control interface module and communication module between while being communicated with, this mobile communication terminal is started working; In the time disconnecting between disconnection and control interface module and communication module between switch element control interface module and memory module, this mobile communication terminal is not worked; Mode indicator indication work at present state.
Preferably, mobile phone terminal is this mobile communication terminal power supply by interface module; The electric supply installation that can be also this mobile communication terminal is this mobile communication terminal power supply.
Step 62, by being arranged on the driver in mobile phone terminal, mobile communication terminal obtains the IMSI information in mobile phone terminal SIM card, is designated as IMSI1, and delivers to authentication module by the interface module of self.
Wherein, if comprise the usim card of supporting three generations's communication system in mobile phone terminal, mobile communication terminal obtains the IMSI information of the usim card in mobile phone terminal, is designated as IMSI1.If this mobile terminal is dual-mode terminal, in this mobile phone terminal, both included SIM card, included again usim card, after being connected with mobile communication terminal, can be selected by user, specifically want to use the SIM card in mobile phone terminal still to use usim card access LTE network.
Step 63, the authentication module of mobile communication terminal obtains the IMSI information of the usim card of self, is designated as IMSI2, and the IMSI1 information of acquisition and IMSI2 information are carried in authentication request, then sends authentication request to base station eNode B.
Step 64, authentication request is pass-through to MME by eNode B.
Particularly, eNode B is by IMSI(IMSI1, the IMSI2 of two terminals) information is pass-through to MME.
Step 65, MME is after obtaining authentication request, extract IMEI1 information and the IMEI2 information of in authentication request, carrying, and add on this basis SN id information, form request authentication vector AV(IMSI1, IMSI2, SN ID), by the authentication request vector AV(IMSI1 forming, IMSI2, SN ID) send to HSS.
Step 66, HSS receives request authentication vector AV(IMSI1, IMSI2, SN ID) afterwards, according to predefined rule, in HSS, inquire about association identification, and judge that according to Query Result whether described association identification is effective.If so, perform step 67, on the contrary execution step 69.
Wherein, in the technical scheme that the embodiment of the present invention three proposes here, described association identification adopts Correlation_Flag to represent, in the time of Correlation_Flag=1, represent that this association identification is effective, also show that this mobile communication terminal need to bind the SIM card of mobile terminal simultaneously.And the setting of association identification is in the time opening LTE function for user, in HSS, set in advance.
Step 67, association identification is effective, be Correlation_Flag=1, mobile communication terminal and mobile phone terminal are associated,, according to the corresponding relation of the identification information of the identification information of pre-stored mobile communication terminal and mobile phone terminal, determine that whether described association is correct, if, execution step 70, otherwise execution step 68.
In concrete enforcement, if mobile communication terminal needs the SIM card of binding mobile phone terminal,, in the time enabling LTE function for user, in HSS, record association identification (being Correlation_Flag=1), and set up and store the mapping relations of IMSI1 and IMSI2.When HSS receives the request authentication vector AV that MME sends, obtain the IMSI1, the IMSI2 that in request authentication vector, comprise, compare with the mapping relations of the IMSI1 storing and IMSI2, if identical, associated correct judgment, this step authentication link is passed through.
Step 68, described association is incorrect, failed authentication, this authentication link can not be passed through.
Wherein, by the IMSI1, the IMSI2 that obtain in authentication vector in request, and pre-stored IMSI1 compares with the mapping relations of IMSI2, if identical, judgement is correctly associated, otherwise, think that this association is incorrect, this step authentication can not be passed through.Mobile communication terminal is not accessed the authentication process of LTE communication system, i.e. failed authentication, preferably, can feed back failed authentication message to mobile communication terminal.
Step 69, association identification is invalid, i.e. Correlation_Flag=0, mobile communication terminal is not associated mutually with mobile phone terminal, performs step 70.
If mobile communication terminal does not need the SIM card of binding mobile phone terminal, in the time opening LTE function for user, in HSS, record dereferenced mark (Correlation_Flag=0), when mobilephone terminal user uses mobile communication terminal to initiate authentication request, network side is in the time carrying out authentication process, identical with LTE usim card standard authentication flow process in prior art.
Step 70, according to the identification information IMEI2 of mobile communication terminal, accesses the authentication process of LTE communication system to described mobile communication terminal.
Wherein, mobile communication terminal is accessed to the authentication process of LTE communication system, the authentication process process while accessing in LTE communication system with LTE terminal in prior art is identical, repeats no more here.
The technical scheme that adopts the embodiment of the present invention to propose here, authentication problem while having solved preferably more than two terminal associated working, by increasing portable external device (ED), completing user is the function that portable terminal increases access LTE communication system fast, guarantee that user " does not change card, the not number of changing, do not change planes " Internet resources that use LTE communication system to provide, convenience is better.
It will be understood by those skilled in the art that embodiments of the invention can be provided as method, device (equipment) or computer program.Therefore, the present invention can adopt complete hardware implementation example, completely implement software example or the form in conjunction with the embodiment of software and hardware aspect.And the present invention can adopt the form at one or more upper computer programs of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) that wherein include computer usable program code.
The present invention is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present invention, device (equipment) and computer program.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction that makes to carry out by the processor of computer or other programmable data processing device produces the device for realizing the function of specifying at flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of specifying in flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of specifying in flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame on computer or other programmable devices.
Although described the preferred embodiments of the present invention, once those skilled in the art obtain the basic creative concept of cicada, can make other change and modification to these embodiment.So claims are intended to be interpreted as comprising preferred embodiment and fall into all changes and the modification of the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention is also intended to comprise these changes and modification interior.
Claims (15)
1. a terminal authentication method, is characterized in that, the first terminal that user identifies SIM card or common user identification usim card is connected by interface with the second terminal that uses the common user identification usim card that can access Long Term Evolution LTE communication system, comprising:
In the time that first terminal need to access LTE communication system, network side receives the authentication request that comprises the first identification information and the second identification information that the second terminal is sent, wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal;
According to the authentication request obtaining, determine the first identification information and the second identification information that in described authentication request, comprise;
According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal;
According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system.
2. the method for claim 1, is characterized in that, according to judged result, described the second terminal is accessed to the authentication process of LTE communication system, comprising:
If first terminal and the second terminal are associated, according to the corresponding relation between pre-stored the first identification information and the second identification information, determine that whether described association is correct, if, according to the identity information of the second terminal, described the second terminal is accessed to the authentication process of LTE communication system, otherwise, described the second terminal is not accessed the authentication process of LTE communication system;
If first terminal is not associated with the second terminal, described the second terminal is accessed the authentication process of LTE communication system.
3. the method for claim 1, is characterized in that, according to described the first identification information and the second identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal, comprising:
Obtain the first identification information comprising in authentication request;
According to the first identification information obtaining, in the corresponding relation of pre-stored identification information and association identification, determine that whether the association identification that described the first identification information is corresponding is effective;
If described association identification is effective, determine that described first terminal is associated with the second terminal;
If described association identification is invalid, determine that described first terminal is not associated with the second terminal.
4. the method for claim 1, is characterized in that, before the authentication request that comprises the first identification information and the second identification information of sending, also comprises in network side receiving terminal side:
The second terminal obtains the first identification information.
5. the method for claim 1, is characterized in that, after the authentication success that described the second terminal is accessed to LTE communication system, also comprises:
The second terminal receives the wireless signal in LTE communication system, and carries out sending to first terminal after Base-Band Processing; And
The second terminal receives the baseband signal that first terminal is sent, and after changing, sends to LTE communication system.
6. a terminal authentication system, it is characterized in that, comprise: end side and network side, end side comprises that user identifies the first terminal and the second terminal that uses the common user identification usim card that can access Long Term Evolution LTE communication system of SIM card or common user identification usim card, first terminal is connected by interface with the second terminal, wherein:
Described first terminal, for initiating to access the access request of LTE communication system;
Described the second terminal, for obtaining the first identification information and the second identification information of self, build authentication request according to the first identification information obtaining and the second identification information, and described authentication request is sent to network side, wherein, the first identification information is for the identity information of unique identification first terminal, and the second identification information is for the identity information of unique identification the second terminal;
Described network side, for according to the authentication request obtaining, determines the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system.
7. system as claimed in claim 6, it is characterized in that, described network side, if be associated specifically for first terminal and the second terminal, according to the corresponding relation between pre-stored the first identification information and the second identification information, determine that whether described association is correct, if so,, according to the identity information of the second terminal, described the second terminal is accessed to the authentication process of LTE communication system, otherwise, described the second terminal is not accessed the authentication process of LTE communication system; If first terminal is not associated with the second terminal, described the second terminal is accessed the authentication process of LTE communication system.
8. system as claimed in claim 6, is characterized in that, described network side, specifically for obtaining the first identification information comprising in authentication request; According to the first identification information obtaining, in the corresponding relation of pre-stored identification information and association identification, determine that whether the association identification that described the first identification information is corresponding is effective; If described association identification is effective, determine that described first terminal is associated with the second terminal; If described association identification is invalid, determine that described first terminal is not associated with the second terminal.
9. a mobile communication terminal, it is characterized in that, comprise: for provide to portable handheld terminal transmission channel interface module, store the memory module of the driver of described mobile communication terminal, communication module and the authentication module that comprises common user identification usim card circuit, the interface type of described interface module is one or more in micro USB, mini USB, 30 needle interfaces and 8 needle interfaces, wherein:
Described interface module, is connected with authentication module with described memory module, described communication module, and the described driver of memory module storage is sent to portable handheld terminal; And data between transmission portable handheld terminal and memory module; And the signal from described communication module is sent to portable handheld terminal; And the signal from portable handheld terminal receiving is sent to described communication module;
Described authentication module, be connected with communication module with described interface module, in the time that the portable handheld terminal being connected with described mobile communication equipment need to access LTE communication system, obtain the first identification information and the second identification information, and build authentication request according to the first identification information obtaining and the second identification information, and send to network side by communication module, and receive the network side authenticating result that forwarded by communication module, wherein, network side, according to the authentication request obtaining, is determined the first identification information and the second identification information that in described authentication request, comprise; According to described the first identification information, and the association identification corresponding with the first identification information setting in advance, determine that whether described first terminal is associated with the second terminal; According to judged result, according to the second identification information of determining, described the second terminal is accessed to the authentication process of LTE communication system, described the first identification information is for the identity information of unique identification portable handheld terminal, and the second identification information is for the identity information of unique identification mobile communication terminal;
Described communication module, is connected with described authentication module, carry out, after Base-Band Processing, being transferred to interface module, and the signal of the portable handheld terminal that described interface module is received carries out, after Base-Band Processing, sending to described base station for the signal that base station is sent.
10. mobile communication terminal as claimed in claim 9, is characterized in that, being shaped as external NIC shape or being provided with the shelly of the spatial accommodation that holds portable handheld terminal of described mobile communication terminal.
11. mobile communication terminals as claimed in claim 9, is characterized in that, also comprise:
Electric supply installation, is connected with communication module with memory module respectively, is used to memory module and communication module power supply.
12. mobile communication terminals as claimed in claim 9, is characterized in that, also comprise:
Switch element, for connecting described interface module and described memory module, and described interface module and described communication module, control between described interface module and described memory module and be communicated with or disconnect; And control between described interface module and described communication module and be communicated with or disconnect.
13. mobile communication terminals as claimed in claim 12, is characterized in that, also comprise:
Mode indicator, be connected with switch element, according to being communicated with or disconnecting between described interface module and described memory module, and be communicated with or disconnect between described interface module and described communication module, indicating described mobile communication terminal in work or non operating state.
14. mobile communication terminals as claimed in claim 9, is characterized in that, in described communication module, are provided with usim card; Described usim card is that built-in usim card maybe can plug usim card.
15. mobile communication terminals as claimed in claim 14, is characterized in that, also comprise:
Network connection state indicating device, is connected with communication module, according to the state of the access network of usim card in communication module, indicates the network connection state of described mobile communication terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210488227.6A CN103841558B (en) | 2012-11-26 | 2012-11-26 | Terminal authentication method and system and mobile communication terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210488227.6A CN103841558B (en) | 2012-11-26 | 2012-11-26 | Terminal authentication method and system and mobile communication terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103841558A true CN103841558A (en) | 2014-06-04 |
| CN103841558B CN103841558B (en) | 2017-05-03 |
Family
ID=50804595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210488227.6A Active CN103841558B (en) | 2012-11-26 | 2012-11-26 | Terminal authentication method and system and mobile communication terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103841558B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015117514A1 (en) * | 2014-08-20 | 2015-08-13 | 深圳市中兴微电子技术有限公司 | Method for accessing lte network, electronic device, and computing storage medium |
| WO2015188639A1 (en) * | 2014-06-12 | 2015-12-17 | 西安中兴新软件有限责任公司 | Authentication method, network side device and terminal |
| CN105991619A (en) * | 2015-03-05 | 2016-10-05 | 中兴通讯股份有限公司 | Safety authentication method and device |
| WO2019024866A1 (en) * | 2017-08-02 | 2019-02-07 | 华为技术有限公司 | Method, device and system for accessing network |
| WO2019056971A1 (en) * | 2017-09-25 | 2019-03-28 | 华为技术有限公司 | Authentication method and device |
| CN114731731A (en) * | 2019-11-08 | 2022-07-08 | 华为技术有限公司 | Communication method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635909A (en) * | 2008-07-21 | 2010-01-27 | 中国移动通信集团公司 | Method, system and terminal for authenticating terminal roaming among networks with different systems |
| US20110028126A1 (en) * | 2009-07-31 | 2011-02-03 | Samsung Electronics Co., Ltd. | System for managing unregistered terminals with shared authentication information and method thereof |
| CN102378174A (en) * | 2010-08-25 | 2012-03-14 | 大唐移动通信设备有限公司 | Access method, device and system of user terminal of SIM (Subscriber Identity Module) card |
-
2012
- 2012-11-26 CN CN201210488227.6A patent/CN103841558B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635909A (en) * | 2008-07-21 | 2010-01-27 | 中国移动通信集团公司 | Method, system and terminal for authenticating terminal roaming among networks with different systems |
| US20110028126A1 (en) * | 2009-07-31 | 2011-02-03 | Samsung Electronics Co., Ltd. | System for managing unregistered terminals with shared authentication information and method thereof |
| CN102378174A (en) * | 2010-08-25 | 2012-03-14 | 大唐移动通信设备有限公司 | Access method, device and system of user terminal of SIM (Subscriber Identity Module) card |
Non-Patent Citations (2)
| Title |
|---|
| MASOUMEH PURKHIABANI,AHMAD SALAHI: "Enhanced Authentication and Key Agreement Procedure of next Generation Evolved Mobile Networks", 《COMMUNICATION SOFTWARE AND NETWORKS (ICCSN), 2011 IEEE 3RD INTERNATIONAL CONFERENCE ON》 * |
| 何伟俊,等: "CDMA网络用户卡鉴权机制研究与测试", 《移动通信》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323756B (en) * | 2014-06-12 | 2019-05-10 | 西安中兴新软件有限责任公司 | A kind of method for authenticating, network side equipment and terminal |
| WO2015188639A1 (en) * | 2014-06-12 | 2015-12-17 | 西安中兴新软件有限责任公司 | Authentication method, network side device and terminal |
| CN105323756A (en) * | 2014-06-12 | 2016-02-10 | 西安中兴新软件有限责任公司 | Authentication method, network side equipment and terminal |
| CN105472764A (en) * | 2014-08-20 | 2016-04-06 | 深圳市中兴微电子技术有限公司 | Method of being accessed to LTE (Long Term Evolution) network and electronic device |
| WO2015117514A1 (en) * | 2014-08-20 | 2015-08-13 | 深圳市中兴微电子技术有限公司 | Method for accessing lte network, electronic device, and computing storage medium |
| US10349278B2 (en) * | 2014-08-20 | 2019-07-09 | Sanechips Technology Co., Ltd. | Method for accessing LTE network, electronic device, and computer storage medium |
| CN105991619A (en) * | 2015-03-05 | 2016-10-05 | 中兴通讯股份有限公司 | Safety authentication method and device |
| WO2019024866A1 (en) * | 2017-08-02 | 2019-02-07 | 华为技术有限公司 | Method, device and system for accessing network |
| CN109391940A (en) * | 2017-08-02 | 2019-02-26 | 华为技术有限公司 | A kind of method, equipment and system accessing network |
| US11197238B2 (en) | 2017-08-02 | 2021-12-07 | Huawei Technologies Co., Ltd. | Network access method, device, and system |
| WO2019056971A1 (en) * | 2017-09-25 | 2019-03-28 | 华为技术有限公司 | Authentication method and device |
| CN109561429A (en) * | 2017-09-25 | 2019-04-02 | 华为技术有限公司 | A kind of method for authenticating and equipment |
| EP3675541A4 (en) * | 2017-09-25 | 2020-09-23 | Huawei Technologies Co., Ltd. | Authentication method and device |
| CN114731731A (en) * | 2019-11-08 | 2022-07-08 | 华为技术有限公司 | Communication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103841558B (en) | 2017-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9749316B1 (en) | Method for data access using a dynamic SIM credential | |
| CN110278551B (en) | Method and computer-readable storage medium for portable mobile subscription | |
| CN106416331B (en) | Method, unit and the medium of the file in eUICC for accessing storage eSIM | |
| CN104836787B (en) | System and method for Authentication Client website | |
| JP5523632B2 (en) | WiFi communication implementation method, user equipment, and wireless router | |
| CN103841558A (en) | Terminal authentication method and system and mobile communication terminal | |
| US20100211685A1 (en) | Pairing exchange | |
| EP2533485A1 (en) | Methods and devices for OTA management of subscriber identify modules | |
| JP6399408B2 (en) | Wireless local area network configuration method and wireless terminal | |
| CN104584609B (en) | Method and apparatus for the smart card initial personalization locally generated with key | |
| CN102594987A (en) | Method for realizing safe and quick Bluetooth pairing connection | |
| CN103209007A (en) | Bluetooth device quick pairing method and Bluetooth device | |
| US9247425B2 (en) | Security code(s) of apparatus having at least one SIM | |
| CN106030560A (en) | Automatic internet sharing | |
| CN109803350B (en) | Secure communication method and device | |
| KR20160045772A (en) | Method for establishing wireless local area network by mobile terminal, and mobile terminal | |
| CN104735606A (en) | Communication method and system based on wearable equipment | |
| EP3675541A1 (en) | Authentication method and device | |
| AU2016200820A1 (en) | Techniques for dynamically supporting different authentication algorithms | |
| WO2012174722A1 (en) | Method and apparatus for providing a virtual sim for mobile communications | |
| CN103607706B (en) | NFC-technology based conversation method, NFC terminal and far-end server | |
| CN104284331A (en) | Method and system for connecting with portable WLAN hotspot | |
| CN114697058A (en) | Identity authentication method, electronic equipment and computer readable storage medium | |
| CN103152839A (en) | System and method for quickly pairing industrial wireless communication equipment | |
| US9084284B1 (en) | Proximity-based device switching using proxy credentials |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |