CN104469766A - Terminal authentication method and device used in mobile communication system - Google Patents

Terminal authentication method and device used in mobile communication system Download PDF

Info

Publication number
CN104469766A
CN104469766A CN201410364838.9A CN201410364838A CN104469766A CN 104469766 A CN104469766 A CN 104469766A CN 201410364838 A CN201410364838 A CN 201410364838A CN 104469766 A CN104469766 A CN 104469766A
Authority
CN
China
Prior art keywords
terminal
authentication
information
mobile communication
authentication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410364838.9A
Other languages
Chinese (zh)
Inventor
周明宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baicells Technologies Co Ltd
Original Assignee
Baicells Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baicells Technologies Co Ltd filed Critical Baicells Technologies Co Ltd
Priority to CN201410364838.9A priority Critical patent/CN104469766A/en
Publication of CN104469766A publication Critical patent/CN104469766A/en
Priority to PCT/CN2015/079305 priority patent/WO2016015510A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a terminal authentication method and device used in a mobile communication system. The terminal authentication method used in the mobile communication system includes the steps that a terminal obtains first certificate information input by a user, wherein the first certificate information is authenticated through target software; the terminal determines first authentication information according to the first certificate information; the terminal sends the first authentication information to an authentication terminal, wherein the authentication terminal is used for authenticating the terminal according to the first authentication terminal; after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal has access to a mobile communication network. Through the terminal authentication method and device used in the mobile communication system, the problem that an SIM card in the related technologies restricts thin and light trend development of the terminal is resolved.

Description

For the terminal authentication method in mobile communication system and device
Technical field
The present invention relates to the communications field, in particular to a kind of for the terminal authentication method in mobile communication system and device.
Background technology
At present, in the related, user is in order to obtain Mobile Communication Service, often need first to mobile communication service provider (as China Mobile, CHINAUNICOM, China Telecom etc.) application subscriber identification module (Subscriber IdentityModule, referred to as SIM) card, then the communication service payment corresponding to SIM card, like this, insert SIM card in terminal, just can obtain Mobile Communication Service (as make a phone call, send short messages, surf the Internet).Mobile communication service provider carries out charging according to user to the use amount of mobile communication or occupation condition.Wherein, SIM card information may be used for mobile communications network certification terminal.
Along with the development of mobile broadband service and the appearance of increasing intelligent terminal (as smart mobile phone), user can enjoy the Intelligent Service that mobile broadband service brings more fully.
Such as, at present, smart mobile phone is just towards lighter and thinner future development.And in the related, the mobile communication based on SIM card needs to pre-set SIM card slot on mobile phone, this restrict the lightening development of smart mobile phone.
In order to alleviate the restriction of SIM card to the lightening development of smart mobile phone, in the related, provide the size Micro SIM card less than traditional SIM card size and Nano SIM card, but such scheme can not tackle the problem at its root.
Constrain the problem of the lightening development of terminal for SIM card in correlation technique, not yet propose effective solution at present.
Summary of the invention
Main purpose of the present invention is to provide a kind of for the terminal authentication method in mobile communication system and device, to solve the problem that SIM card in correlation technique constrains the lightening development of terminal.
To achieve these goals, according to an aspect of the present invention, provide a kind of for the terminal authentication method in mobile communication system.The method comprises: terminal obtains the first credential information of user's input, and wherein, the first credential information is the information verified by target software; Terminal determines the first authentication information according to the first credential information; First authentication information is sent to certification end by terminal, and wherein, certification end is used for carrying out certification according to the first authentication information to terminal; And after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network.
Further, terminal comprises first terminal and the second terminal, the first credential information that terminal obtains user's input comprises: first terminal obtains the first credential information of user's input, according to the first credential information, terminal determines that the first authentication information comprises: first terminal determines the first authentication information according to the first credential information, first authentication information is sent to certification end and comprises by terminal: the first authentication information is sent to certification end by first terminal, after the first authentication information is sent to certification end by first terminal, terminal authentication method also comprises: certification end receives the first authentication information that first terminal sends, the first authentication information that certification end sends according to first terminal carries out certification to first terminal, certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success, if certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then mobile communications network interrupts the connection of the second terminal and mobile communications network, wherein, the first credential information sent according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network.
Further, before the connection of the second terminal aborts and mobile communications network, this terminal authentication method comprises: certification end judges that the networking priority of first terminal is whether higher than the networking priority of the second terminal, wherein, if the networking priority of networking priority higher than the second terminal of first terminal is judged in certification end, then the connection of the second terminal aborts and mobile communications network; And if certification end judges that the networking priority of first terminal is not higher than the networking priority of the second terminal, then the interruption that certification end sends according to the second terminal indicates first terminal authentification failure.
Further, terminal comprises first terminal and the second terminal, the second terminal accessing mobile communication network in the following manner: first terminal obtains the first credential information of user's input; First terminal determines the first authentication information according to the first credential information; First authentication information is sent to certification end by first terminal; Certification end receives the first authentication information that first terminal sends; The first authentication information that certification end sends according to first terminal carries out certification to first terminal; Certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success; If certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then the second terminal keeps the connection with mobile communications network; The first credential information sent according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network; First terminal obtains the first kind Mobile Communication Service that mobile communications network provides; And second terminal the Equations of The Second Kind Mobile Communication Service that provides of mobile communications network is provided.
Further, according to the first credential information, terminal determines that the first authentication information comprises: terminal is according to the first credential information determination identification data; And terminal generates the first authentication information according to identification data.
Further, obtain the first credential information of user's input in terminal before, this terminal authentication method also comprises: terminal receives the authentication request comprising random number that certification end sends, and according to the first credential information, terminal determines that the first authentication information comprises: terminal determines the first authentication information according to the first credential information and random number.
Further, obtain the first credential information of user's input in terminal before, this authentication method also comprises: terminal obtains the second credential information by the subscriber identification module SIM be connected with terminal; And/or terminal obtains the second credential information by the memory module of itself inline; Terminal determines the second authentication information according to the second credential information; And the second authentication information is sent to certification end by terminal, certification end is used for carrying out certification according to the second authentication information to terminal, wherein, after certification end is successful to terminal authentication according to the second authentication information, terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
Further, terminal by LIPA agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And terminal by SIPTO agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.
Further, at terminal accessing mobile communication network with after obtaining the 3rd class Mobile Communication Service, this terminal authentication method also comprises: terminal generates the first prompting message, at terminal accessing mobile communication network with after obtaining the 4th class Mobile Communication Service, terminal authentication method also comprises: terminal generates the second prompting message.
To achieve these goals, according to another aspect of the present invention, another kind is provided for the terminal authentication apparatus in mobile communication system.This device comprises: the first acquiring unit, and be provided for the first credential information that terminal obtains user's input, wherein, the first credential information is the information verified by target software; First determining unit, is provided for terminal and determines the first authentication information according to the first credential information; First transmitting element, is provided for terminal and the first authentication information is sent to certification end, and wherein, certification end is used for carrying out certification according to the first authentication information to terminal; And access unit, be provided for after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network.
Further, terminal comprises first terminal and the second terminal, first acquiring unit is also provided for the first credential information that first terminal obtains user's input, first determining unit is also provided for terminal and determines that the first authentication information comprises according to the first credential information: first terminal determines the first authentication information according to the first credential information, first transmitting element is also provided for terminal and the first authentication information is sent to certification end comprises: the first authentication information is sent to certification end by first terminal, this terminal authentication apparatus also comprises: the first receiving element, be provided for after the first authentication information is sent to certification end by first terminal, certification end receives the first authentication information that first terminal sends, first authentication ' unit, is provided for the first authentication information that certification end sends according to first terminal and carries out certification to first terminal, first judging unit, is provided for certification end and judges whether successful to the second terminal authentication according to the first authentication information of first terminal transmission, first interrupt location, if it is successful to the second terminal authentication to be provided for the first authentication information judging to have sent according to first terminal in certification end, then mobile communications network interrupts the connection of the second terminal and mobile communications network, wherein, access unit be also provided for the first credential information of sending according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network.
Further, before the connection of the second terminal aborts and mobile communications network, this terminal authentication apparatus comprises: the second judging unit, be provided for certification end and judge that the networking priority of first terminal is whether higher than the networking priority of the second terminal, wherein, if the first interrupt location is also provided for the networking priority of networking priority higher than the second terminal that first terminal is judged in certification end, then the connection of the second terminal aborts and mobile communications network; And if the first authentication ' unit is also provided for certification end and judges that the networking priority of first terminal is not higher than the networking priority of the second terminal, then the interruption instruction that sends according to the second terminal of certification end is to first terminal authentification failure.
Further, terminal comprises first terminal and the second terminal, and terminal authentication apparatus also comprises: second acquisition unit, is provided for the first credential information that first terminal obtains user's input; Second determining unit, is provided for first terminal and determines the first authentication information according to the first credential information; Second transmitting element, is provided for first terminal and the first authentication information is sent to certification end; Second receiving element, is provided for the first authentication information that certification end receives first terminal transmission; Second authentication ' unit, is provided for the first authentication information that certification end sends according to first terminal and carries out certification to first terminal; 3rd judging unit, is provided for certification end and judges whether successful to the second terminal authentication according to the first authentication information of first terminal transmission; Holding unit, if it is successful to the second terminal authentication to be provided for the first authentication information judging to have sent according to first terminal in certification end, then the second terminal keeps the connection with mobile communications network; Access unit, be provided for the first credential information of sending according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network; 3rd acquiring unit, is provided for the first kind Mobile Communication Service that first terminal acquisition mobile communications network provides; And the 4th acquiring unit, be provided for the second terminal and obtain the Equations of The Second Kind Mobile Communication Service that mobile communications network provides.
Further, the first determining unit comprises: determination module, is provided for terminal according to the first credential information determination identification data; And generation module, be provided for terminal and generate the first authentication information according to identification data.
Further, this terminal authentication apparatus also comprises: the 3rd receiving element, be provided for before terminal obtains the first credential information of user's input, terminal receives the authentication request comprising random number that certification end sends, and the first determining unit is also provided for terminal and determines the first authentication information according to the first credential information and random number.
Further, this authenticate device also comprises: the 5th acquiring unit, and be provided for before terminal obtains the first credential information of user's input, terminal obtains the second credential information by the subscriber identification module SIM be connected with terminal; And/or the 6th acquiring unit, be provided for terminal and obtain the second credential information by the memory module of itself inline; 3rd determining unit, is provided for terminal and determines the second authentication information according to the second credential information; And the 3rd transmitting element, be provided for terminal and the second authentication information is sent to certification end, certification end is used for carrying out certification according to the second authentication information to terminal, wherein, access unit is also provided for after certification end is successful to terminal authentication according to the second authentication information, and terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And certification end according to the first authentication information to terminal authentication success after, terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
Further, access unit is also provided for terminal by LIPA agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And terminal by SIPTO agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.
Further, this terminal authentication apparatus also comprises: the first generation unit, be provided at terminal accessing mobile communication network with after obtaining the 3rd class Mobile Communication Service, terminal generates the first prompting message, second generation unit, be provided at terminal accessing mobile communication network with after obtaining the 4th class Mobile Communication Service, terminal generates the second prompting message.
By the present invention, adopt terminal to obtain the first credential information of user's input, wherein, the first credential information is the information verified by target software; Terminal determines the first authentication information according to the first credential information; First authentication information is sent to certification end by terminal, and wherein, certification end is used for carrying out certification according to the first authentication information to terminal; And after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network, solves the problem that SIM card in correlation technique constrains the lightening development of terminal, and then reaches the effect of the lightening development being beneficial to terminal.
Accompanying drawing explanation
The accompanying drawing forming a application's part is used to provide a further understanding of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart for the terminal authentication method in mobile communication system according to the embodiment of the present invention;
Fig. 2 is the schematic diagram for the terminal authentication system in mobile communication system according to the embodiment of the present invention;
Fig. 3 is the schematic diagram arranging the interface of termination function according to the embodiment of the present invention;
Fig. 4 is the schematic diagram of the authentication information generative process according to the embodiment of the present invention;
Fig. 5 is the schematic diagram of another authentication information generative process according to the embodiment of the present invention;
Fig. 6 is schematic diagram terminal being carried out to certification according to the embodiment of the present invention;
Fig. 7 is for the terminal authentication method flow chart in mobile communication system according to another of the embodiment of the present invention;
Fig. 8 is to the schematic diagram of the verification process of terminal according to the mobile communication server of the embodiment of the present invention;
Fig. 9 is to the schematic diagram of the verification process of terminal according to the third party software server of the embodiment of the present invention;
Figure 10 is the schematic diagram for the terminal authentication apparatus in mobile communication system according to the embodiment of the present invention; And
Figure 11 is another schematic diagram for the terminal authentication apparatus in mobile communication system according to the embodiment of the present invention.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the present invention in detail in conjunction with the embodiments.
Better the present invention program is understood in order to make those skilled in the art, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment obtained under those of ordinary skill in the art do not make creative work prerequisite, all should belong to protection scope of the present invention.
It should be noted that, term " first ", " second " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, and intention is to cover not exclusive comprising.
According to embodiments of the invention, provide a kind of for the terminal authentication method in mobile communication system, this terminal authentication method be used in mobile communication system carries out authentication for the authentication information according to target software to the terminal in mobile communication system.This terminal authentication method in mobile communication system may operate in computer-processing equipment.
Fig. 1 is the flow chart for the terminal authentication method in mobile communication system according to the embodiment of the present invention.
As shown in Figure 1, the method comprises following step S102 to step S108:
Step S102, terminal obtains the first credential information of user's input.Wherein, the first credential information is the information verified by target software.
Step S104, terminal determines the first authentication information according to the first credential information.
Step S106, the first authentication information is sent to certification end by terminal.Wherein, certification end is used for carrying out certification according to the first authentication information to terminal.
Step S108, after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network.
Particularly, when terminal enters the mobile communications network area of coverage, this terminal can automatically be carried out communicating according to the first credential information and mobile communications network and carry out certification to terminal identity.After authentication, authentication result can be sent to mobile communications network by certification end.Wherein, if certification is passed through, then terminal can accessing mobile communication network, and obtains Mobile Communication Service; If authentification failure, then terminal cannot accessing mobile communication network, and then can not obtain Mobile Communication Service.Wherein, before the first authentication information is sent to certification end by terminal, mobile communications network can send authentication information request to terminal, and the first authentication information, after receiving authentication information request, is sent to certification end according to authentication information request by terminal.
It should be noted that, can judge whether terminal enters the mobile communications network area of coverage based on the detection of terminal.Such as, base station periodically sends CRS (Common Reference Signal, public reference signal), terminal can detect the intensity of CRS (as LTE (Long Term Evolution, Long Term Evolution) calculate RSRP (Reference Signal Received Power according to the measurement to CRS in system, Reference Signal Received Power) or RSRQ (ReferenceSignal Received Quality, Reference Signal Received Quality)), after the intensity of CRS reaches certain thresholding, determine that terminal has entered mobile network's area of coverage.Again such as, the base station that certain operator disposes periodically sends and carries system related information (as physical layer related information such as frequency bandwidth, antenna for base station numbers, PLMN (Public Land MobileNetwork, or the network related information such as public land mobile network) signal, terminal can detect this signal, when the information that this signal carries accurately being detected, determine that terminal has entered the network's coverage area of this operator.
User only need input a credential information to terminal, as long as terminal enters mobile communications network overlay area, will automatically communicate and terminal described in certification with mobile communications network according to the first credential information; Preferably, user is to after terminal input document information, and this credential information will be stored is convenient to subsequent authentication in the terminal.Like this, terminal different time enter two do not overlap each other mobile network overlay area time, will automatically carry out communicating and terminal described in certification according to credential information and mobile communications network, improve the Experience Degree of user.
It should be noted that, in practice, be improve degree of safety, when terminal such as, can also to be restarted in terminal according to pre-conditioned reminding user input document information, its offline mode is converted to closed condition by opening, and can reminding user input document information.It should be noted that at this, still do not need user to enter new network's coverage area at every turn and all will re-enter a credential information.
It should be noted that, terminal not only can comprise mobile phone or mobile phone, can also comprise the equipment that other could send and receive wireless signal.Such as, terminal can be intelligent appliance, or can be other obstructed operation unusually just spontaneous equipment carrying out communicating with mobile communications network of energy.
First authentication information may be used for certification terminal in the target software developed the third party except user and Mobile Communication Service supplier.Such as, target software can be " micro-letter " software developed of company of Tengxun or " QQ " software, or " rice is chatted " software etc. that millet company develops.User can input the first credential information to terminal in several ways, and such as, user by the mode keyed in by physical keyboard or dummy keyboard in terminal or can input the first credential information by the mode scanned.
It is different networks that mobile communications network and third party's target software are in different networks, by gateway control transfer of data between two networks, ensures the fail safe of each self information.As shown in Figure 2, terminal communicates with base station in mobile communications network, and base station is connected to third party's network by the gateway in mobile communications network, and wherein, third party's network comprises third party software server and third party's gateway.
Further, the first authentication information can be the user name of target software, password or both combinations.Such as, the first credential information can be micro-letter ID (Identity, mark), or micro-letter ID and password, or ID chatted by rice, or rice chats ID and password.The form of username and password can comprise multiple, does not limit at this.Such as, it can be biological information (as finger print information, retinal information, palmprint information, iris information, face feature information, voice characteristics information, signature character information, DNA (Deoxyribonucleic acid, DNA (deoxyribonucleic acid)) information etc.); It also can be certificate information; It can also be sound, audio frequency, symbol, lines etc.It should be noted that, the first credential information can be the combination in any of above-mentioned message form, and such as, user also can typing face feature information while input finger print information, or can also typing acoustic information after input finger print information.
It should be noted that, the first credential information is as the authenticated information of target software, and it can carry out certification to target software, and obtains service.Such as, user can use the first credential information at the upper client software using Tencent QQ of PC (Personal Computer, PC).
By the embodiment of the present invention, using biological informations such as fingerprint, retina, sound as credential information, user can be made to depart from the constraint of SIM card and free communication.And using the certification foundation of the credential information of the software of third-party design as terminal accessing mobile communication network, like this, without the need to arranging SIM slot again in terminal, and without the need to inserting SIM card, avoid the restriction that traditional large scale SIM card is brought the lightening development of terminal, be conducive to the lightening design of terminal, and the credential information of the software of third-party design is used for certification mobile communications network, enable the software of third-party design become the entrance of mobile communications network, be conducive to development and the innovation of mobile Internet.
Preferably, in embodiments of the present invention, terminal can comprise one or more terminal, and such as, terminal can comprise first terminal and the second terminal, like this, such as, after when user inputs identical credential information respectively on first terminal and the second terminal, the second terminal is passed through according to this credential information certification, if first terminal also carries out certification according to identical credential information, then pass-through mode one or mode two pairs of first terminals and the second terminal can carry out authentication processing:
Mode one:
S2, first terminal obtains the first credential information of user's input.
S4, first terminal determines the first authentication information according to the first credential information.
S6, the first authentication information is sent to certification end by first terminal.
S8, certification end receives the first authentication information that first terminal sends.
S10, the first authentication information that certification end sends according to first terminal carries out certification to first terminal.
S12, certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success.
S14, if certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then mobile communications network interrupts the connection of the second terminal and mobile communications network.
S16, the first credential information sent according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network.
In mode one, the second terminal, after first terminal passes through the certification of mobile communications network, cannot keep the communication with mobile communications network.Namely, if the second terminal is first by a certain credential information authentication success in the mobile communication network, mobile communications network detects this credential information not only but also be used to certification first terminal subsequently, then after first terminal authentication success, mobile communications network mandate first terminal communicates with mobile communications network, and interrupts the communication of the second terminal and mobile communications network.
Preferably, after the communication of the second terminal and mobile communications network, the user profile that the second terminal stores can be deleted automatically, or can user profile on first terminal in long-range deletion second terminal.Wherein, user profile can comprise one of at least following information: the data etc. that note, message registration, address list, photo, mail, memorandum, user store in application software.
Further, on the basis of mode one, before S14 " connection of the second terminal aborts and mobile communications network ", can also following steps be performed:
S18, certification end judges that the networking priority of first terminal is whether higher than the networking priority of the second terminal.
S20, if the networking priority of networking priority higher than the second terminal of first terminal is judged in certification end, then the connection of the second terminal aborts and mobile communications network.
S22, if certification end judges that the networking priority of first terminal is not higher than the networking priority of the second terminal, then the interruption that certification end sends according to the second terminal indicates first terminal authentification failure.
Wherein, the foundation that priority judges can be: mobile communications network can send request response to first terminal and the second terminal, and authorizes the terminal responded at first to have higher priority.
Mode two:
S24, first terminal obtains the first credential information of user's input.
S26, first terminal determines the first authentication information according to the first credential information.
S28, the first authentication information is sent to certification end by first terminal.
S30, certification end receives the first authentication information that first terminal sends.
S32, the first authentication information that certification end sends according to first terminal carries out certification to first terminal.
S34, certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success.
S36, if certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then the second terminal keeps the connection with mobile communications network.
S38, the first credential information sent according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network.
S40, first terminal obtains the first kind Mobile Communication Service that mobile communications network provides.
S42, the second terminal obtains the Equations of The Second Kind Mobile Communication Service that mobile communications network provides.
In mode two, first terminal can keep communicating with mobile communications network with the second terminal simultaneously.It should be noted that, in mode two, mobile communications network can send message to these two terminals and also have other terminal to use identical credential information to carry out certification with prompting simultaneously.
It should be noted that, first kind Mobile Communication Service and Equations of The Second Kind Mobile Communication Service can be different.The class of service of first kind Mobile Communication Service can more than the class of service of Equations of The Second Kind Mobile Communication Service.Such as, first kind Mobile Communication Service can comprise the business in CS (Circuit Switch, circuit switching) territory and PS (Packet Switch, packet switching) territory, Equations of The Second Kind Mobile Communication Service only can comprise the business in PS territory, otherwise or.Wherein, the business in CS territory can be voice call, and others can be avoided like this to have multiple terminal when this credential information of paging can answer.Or first terminal can carry out the communications such as voice, video, transfer of data with mobile communications network, and the second terminal can carry out voice communication with mobile communications network.
It should be noted that, first terminal has the function of checking the second terminal geographic position, and the second terminal does not have the function of checking first terminal geographical position.And first terminal has the function of the fail safe of control second terminal, and the second terminal does not have the function of the fail safe controlling first terminal, and such as, first terminal can authorize the function of the information that the second terminal access credential information is corresponding.
Preferably, user can be that first terminal and the second terminal select communication function and communication service in terminal, and can arrange arranging on interface of terminal, or can log in the application software of mobile communication business provider or webpage is arranged.Such as, in the second terminal, user can be the dissimilar business of first terminal and the second terminal On/Off, and as shown in Figure 3, " √ " represents and open corresponding business.
Preferably, mobile communications network can according to credential information to for Mobile Communication Service charging.Multiple terminal is when different time sections uses same credential information certification, and whole Mobile Communication Services that mobile communications network can use according to multiple terminal are to same voucher charging.Such as, the second terminal has downloaded the content of 100M bit in the first period, and first terminal has downloaded the content of 200M bit in the second period, then mobile communications network just carries out charging to this voucher at the flow of the 300M bit of these two periods.Like this, user experience can be improved.
Without the need to reporting the loss: if the terminal of certain user (as mobile phone) is lost, without the need to making up SIM card, as long as the credential information that user inputs oneself in another terminal just can continue to obtain Mobile Communication Service.
Intelligent anti-theft: if the hand-set from stolen of certain user, then this user can input the credential information of oneself in another terminal, check the geographical position of the terminal using same credential information, thus to the credential information on the mobile phone that stolen mobile phone is located and long-range deletion is stolen, avoid information leakage.
Flow is shared: multiple terminal can input identical credential information simultaneously, thus can share flow corresponding to same credential information.
Security credence: when first terminal uses certain credential information to obtain Mobile Communication Service, if network detects that the second terminal also uses same credential information access network, then send out message informing first terminal, remind the user holding first terminal to note the safety of the credential information of oneself.
Communication is convenient: as long as there is terminal, can uses above-mentioned credential information accessing mobile communication network easily and enjoy Mobile Communication Service.Such as, user can not carry with mobile phone, and when needs communicate, only need press finger in common communication terminal just can accessing mobile communication network; Wherein, common communication terminal can only support CS voice calling service, can not reveal too many personal information like this, thus is beneficial to the constraint that user departs from mobile terminal.Again such as, when first user uses the terminal of the second user to communicate, first user can pass through retinal information accessing mobile communication network, the retina credential information of mobile communications network to first user carries out charging, like this, second user can not produce cost issues, is beneficial to terminal and shares.
Again such as, user can carry with the small screen terminal, when needs video communication, can use public large-screen terminal, and by face recognition information access mobile communications network, mobile communications network carries out charging for the credential information that flow on this large-screen is corresponding to this face recognition information, after the communication of end large-screen, re-use identical face recognition authentification of message the small screen terminal, like this, the personal information that large-screen terminal is preserved will be deleted automatically.
The credential information that user may directly input by terminal is as authentication information, and all or part of information of authentication information can be sent to mobile communications network, credential information also can first process by terminal, obtain authentication information, again all or part of information of authentication information is sent to mobile communications network, such as, credential information can be encrypted by terminal.
Particularly, in embodiments of the present invention, terminal can determine the first authentication information according to the first credential information in several ways:
Example 1
First, terminal is according to the first credential information determination identification data.
Then, terminal generates the first authentication information according to identification data.
Particularly, end side can comprise an identification data generating apparatus, this identification data generating apparatus is used for generating corresponding identification data according to the first credential information of user's input, and identification data is used for carrying out producing authentication information by terminal authentication information generating apparatus, as shown in Figure 4.
Because the form of the credential information that can be used for the target software of certification third-party design is irregular, such as, credential information can be email address, string number symbol etc., and in communication authentication, identification data needs set form, such as, the key K i code stored in traditional SIM card is that the code of regular length is (if length is the two-stage system code of 64 or 128, international mobile subscriber identity (IMSI:International Mobile Subscriber IdentificationNumber) total length be no more than 15 0 ~ 9 numeral), therefore by example 1, arbitrary credential information can be converted into the identification data of uniform format.Such as, this identification data generating apparatus can be converted into the code identical with Ki code form the credential information of user's input.
In addition, because the authentication information of user needs in transmission over networks, therefore there is insecurity.And in embodiments of the present invention, owing to adopting " identification data generating apparatus ", network need only transmit the authentication information generated according to identification data, and the credential information of user's input cannot be obtained, the biological information of such as user, avoid the leakage of the biological information of user, eliminate the worry of user.
Alternatively, identification data generating apparatus can according to current credential information in-time generatin identification data, or one or more identification data can be prestored in terminal, when user's input document information, terminal can search corresponding identification data according to the first credential information, and the identification data producing authentication information found is sent to mobile communications network.When user input credential information cannot match prestore one or more identification data time, then terminal can not producing authentication information.The identification data of multiple credential information can be stored in terminal, be convenient to terminal and change credential information flexibly.Such as, multiple identification data of kinsfolk in terminal, can be stored, be convenient to use terminal instead between kinsfolk.
Here, the mode that the identification data of tag memory storage can be inputted by user or download is stored in terminal.Such as, user manually inputs identification data corresponding to this credential information; Or user is in the environment having wifi to connect after input document information, and terminal downloads corresponding identification data according to this credential information automatically; Or identification data is downloaded to terminal by the mode that user can pass through NFC (Near Field Communication, near-field communication).Particularly, first identification data can be downloaded to identification data device, terminal reads identification data by NFC again from identification data device.It should be noted that, this operation can only perform once.
Alternatively, identification data generating apparatus can be that credential information for inputting according to user and preset function are determined, the function that dissimilar credential information is corresponding different.Such as, if the form of the credential information of user's input is email address, then the first function is adopted; If the form of the credential information of user's input is string number, then adopt the second function;Or corresponding function can be set by the target software corresponding to credential information, such as, if credential information is micro-letter ID, then corresponding first function, if credential information is rice chat ID, then corresponding second function.Like this, by controlling different functions corresponding to dissimilar credential information, to any credential information, the identification data of same form can be generated, and not causing the conflict of identification data.Such as, the identification data that arbitrary micro-letter ID is corresponding all can not chat identification data conflict corresponding to ID with arbitrary rice, like this, can ensure the uniqueness of the identity of credential information.Aforesaid different function can prestore in the terminal, also can immediately download in terminal.
Example 2
First, terminal receives the authentication request comprising random number that certification end sends.
Wherein, this step can perform before aforesaid step S102.
Then, terminal determines the first authentication information according to the first credential information and random number.
Wherein, in order to the safety of Internet Transmission, a random number can be comprised in the authentication information request that mobile communications network sends to terminal, terminal can according to this random number and user input the first credential information, use the first verification function determination authentication information, and authentication information is sent to mobile communications network, as shown in Figure 5, in terminal authentication information generating apparatus, the first verification function is achieved.Mobile communication network side has information and first verification function of random number, have received again the authentication information of terminal, just can this terminal of certification accordingly.Like this, because random number is only used to this certification, even if the authentication information that terminal sends is intercepted and captured by others, but do not know this random number due to interceptor, just oppositely cannot obtain the credential information of user's input yet, ensure that the fail safe of user's credential information.
Preferably, in embodiments of the present invention, except passing through aforesaid a kind of credential information (namely, first credential information) carry out outside certification to user terminal, can also to be combined with the first credential information by another kind of credential information (as the second credential information) and certification is carried out to user terminal.Such as, before carrying out certification according to the first credential information, first can carry out preliminary certification by the second credential information.Particularly, before aforesaid step S102 " terminal obtains the first credential information of user's input ", following steps can be performed:
S44, terminal obtains the second credential information by the subscriber identification module SIM be connected with terminal.And/or
S46, terminal obtains the second credential information by the memory module of itself inline.
S48, terminal determines the second authentication information according to the second credential information.
S50, the second authentication information is sent to certification end by terminal.Now, certification end may be used for carrying out certification according to the second authentication information to terminal.
S52, after certification end is successful to terminal authentication according to the second authentication information, terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service.
S54, after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
Further, in embodiments of the present invention, terminal can pass through LIPA (Local IP Access, local IP (Internet Protocol, network interconnection agreement) access) agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service.Terminal can pass through SIPTO (Selected IP Traffic Offload selects the unloading of IP flow) agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.
Terminal is by LIPA agreement, can directly access in base station coverage area other possess the equipment of IP ability, to HeNB (Home evolved Node B, Home eNodeB), terminal is by LIPA agreement can directly other possess the equipment of IP ability in calling party home network or enterprise network, thus without the need to by core net transfer, be conducive to the burden alleviating core net.
Terminal, by SIPTO agreement, directly can be accessed the Internet by HeNB or macro base station, be conducive to the burden alleviating core net equally.Different from LIPA, terminal can access other network except local network by SIPTO agreement.
As shown in Figure 6, " terminal 1 " and the communication of internet are for needs are through core net traditional communication; " terminal 2 " and the communication of internet are the communication through SIPTO agreement; " terminal 3 " and the communication of local device are the communication through LIPA agreement.
Preferably, in embodiments of the present invention, in terminal according to different credential information accessing mobile communication networks and when obtaining different classes of Mobile Communication Service, terminal can generate corresponding prompting message and carry out the current available Mobile Communication Service of reminding user.Such as, after " terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service ", terminal can generate the first prompting message; After " terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service ", terminal can generate the second prompting message.Wherein, the first prompting message can be different from the second prompting message.
Wherein, the second credential information can be SIM card information, and when terminal is passed through according to SIM card information certification, terminal sends the first prompting message; When passing through according to the first credential information certification, terminal sends the second prompting message, is convenient to user and knows current available Mobile Communication Service type.
Such as, user not yet inputs the first credential information in certain terminal, then, when terminal enters the overlay area of mobile communications network, this user only can use the 3rd class Mobile Communication Service, and now terminal can send the first prompting message.Such as, mobile phone shows " welcome enters xx and moves overlay area, and you can obtain xx service "; If terminal does not send the second prompting message, user just can know oneself service status, like this, if when expecting acquisition the 4th class Mobile Communication Service, can be applied for by payment, after applying for successfully, terminal will send the second prompting message, such as, mobile phone shows " you are that xx moves advanced level user; free internet access flow is surplus xx also ", or mobile phone A PP (Application, application) is by grey variable color.
It should be noted that, in actual applications, do not limit method proposed by the invention and the combination based on the method for the communication of traditional SIM card, such as, use terminal of the present invention may comprise traditional SIM card slot simultaneously and insert traditional SIM card for user, also the first credential information of user's input can be obtained, wherein, terminal according to the certification of traditional SIM card by conventional mobile communications network, also can use the certification of the Novel movable communication network of method the application of the invention of the present invention.
3rd class Mobile Communication Service can be at least following one of them: access home base stations buffer memory, viewing advertisement, obtain geographical vicinity information, for acquisition the 4th class Mobile Communication Service payment, access portion enterprise website.Like this, any eligible users (no matter whether paying or arrearage) adding mobile communications network, as long as enter mobile communications network overlay area, the 3rd class Mobile Communication Service can be enjoyed, thus more users can be attracted to add mobile communications network, and ad revenue can be brought for Mobile Communication Service supplier, simultaneously can bring more how facility for user, such as, when user enters a market, it can obtain the row number situation in all restaurants in this market, thus avoid restaurant inquiry in turn whether can have dinner immediately, improve the Experience Degree of user.And the user that anyly ought add mobile communications network can be the payment of acquisition the 4th class Mobile Communication Service, then can reduce the restriction of subscriber payment, be convenient to user self-help payment.When any eligible users adding mobile communications network can the website of access portion enterprise, then can contribute to Mobile Communication Service supplier and help business enterprise expand business, also contribute to the value of lifting mobile communications service providers for these enterprises.
According to embodiments of the invention, provide another kind of for the terminal authentication method in mobile communication system.
Fig. 7 is for the terminal authentication method flow chart in mobile communication system according to another of the embodiment of the present invention.
As shown in Figure 7, the method comprises following step S702 to step S706:
Step S702, certification end obtains the first authentication information that terminal sends.Terminal may be used for the first credential information obtaining user's input, and determines the first authentication information according to the first credential information, and wherein, the first credential information is the information verified by target software.
Step S704, certification end carries out certification according to the first authentication information to terminal.
Step S706, after certification end is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network.
The first authentication information that the first credential information that certification end receiving terminal inputs according to user sends, and carries out certification according to the first authentication information to this terminal, if certification is passed through, mobile communications network provides Mobile Communication Service for this terminal.Wherein, the first credential information may be used for authenticated user in the software (target software) developed the third party except user and Mobile Communication Service supplier.
It should be noted that, aforesaid operations can be performed by different mobile communication network device, and such as, base station may be used for receiving authentication information, and provides Mobile Communication Service for terminal, and AUC is used for carrying out certification to terminal; Aforesaid operations also can be performed by same mobile communication network device, and such as, base station may be used for communication, certification, receiving and transmitting signal.
Preferably, in embodiments of the present invention, certification end can be the AUC in mobile communications network, or it can be that mobile communication server in mobile communications network is (as AAA (Authentication, Authorization, Accounting, checking, mandate, book keeping operation) server), or it can for having the cloud platform of certification end function in mobile communications network.Or the software server (hereinafter referred to as third party software server) corresponding to target software that certification end can also be developed for third party.Wherein, AUC, mobile communication server and software server can carry out certification respectively by with under type to terminal:
AUC:
S56, AUC obtains target software for verifying the user data of the first credential information.
S58, the first authentication information that AUC's receiving terminal sends.
S60, AUC carries out certification according to user data and the first authentication information to terminal.
S62, AUC according to the first authentication information and user data to terminal authentication success after, certification end authorization terminal accessing mobile communication network.
Mobile communication server:
Wherein, authentication mode and the AUC of mobile communication server are similar, do not repeat them here.
Because AUC, mobile communication server (as aaa server) and cloud platform all carry out certification in mobile communications network inside, without the need to completing through being repeatedly forwarded to third party software server, verification process is rapid, contributes to improving Consumer's Experience.Especially, third party software server uses the first double secret key user data to be encrypted operation, then sends to mobile communications network.Like this, because Mobile Communication Service supplier does not know the first key, also just oppositely cannot obtain the user data information that third party software server is grasped, protect the fail safe of the user data that third party grasps.
Terminal is sent to the first credential information of mobile communications network, the first key can be used equally to be encrypted, like this, matching through the user data encrypted that mobile communication network device only need judge whether credential information that user sends send with third party software server just can realize verification process; In this case, the software of user in terminal involved by input document information is equally also that third party (such as company of Tengxun) develops, such as, micro-letter APP that user is developed by company of Tengxun on mobile phone inputs username and password, this APP uses the first double secret key username and password to be encrypted automatically, send to mobile communication network device again, the information after the latter just can directly use encryption carrys out certification terminal.
Terminal is sent to the credential information of mobile communications network, second key different from the first key can also be used to be encrypted, thus there is higher confidentiality.Such as, the identifying algorithm that mobile communications network adopts is relevant with the second key to the first key, thus can realize certification, because mobile communications network does not know the first key and the second key, just cannot obtain user data.Different third-party credential informations uses different keys, can have higher confidentiality.Such as micro-letter and rice merely use different keys.
In embodiments of the present invention, mobile communication server is to the verification process of terminal, specifically can comprise: first, mobile communications network obtains user data from third party, such as, obtain the user data that the username and password of user is relevant, then, user inputs username and password in terminal, when terminal enters mobile communications network overlay area, terminal just sends credential information according to the username and password of user's input from trend mobile communications network, mobile communications network carries out certification according to the user data obtained from third party with from the authentication information that terminal obtains to terminal, and provide Mobile Communication Service according to authentication result to terminal.Whole process as shown in Figure 8, completes verification process according to number order.
Software server:
First, software server obtains the first authentication information that terminal sends.
Then, software server carries out certification according to the first authentication information to terminal.
Then, after software server is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network.
When completing on third party software server the certification of terminal, third party software server sends to mobile communications network authentication result, and mobile communications network provides Mobile Communication Service according to authentication result to terminal.
Particularly, terminal sends after authentication information to mobile communications network, authentication information directly sends to or sends to third party's network equipment (as third party software server) again after processing by mobile communications network, finally carries out certification (when being registered as third party software user before this procedure according to user, reserved user data carries out certification) by third party's network equipment to terminal; If certification is passed through, then notify mobile communications network, mobile communications network will provide Mobile Communication Service for terminal.Whole process as shown in Figure 9, completes verification process according to number order.
Wherein, credential information 1, credential information 2, credential information 3 can be identical or different.Such as, in various process, carry out different encryptions etc., the second credential information is generated by the first credential information, and the 3rd credential information is generated by the second credential information.
Preferably, in embodiments of the present invention, terminal can comprise multiple terminal, and such as, terminal can comprise first terminal and the second terminal, and like this, certification pass-through mode one or mode two pairs of first terminals and the second terminal can be carried out in certification end:
Mode one:
S64, certification end obtains the first authentication information that first terminal sends.
S66, the first authentication information that certification end sends according to first terminal carries out certification to first terminal.
S68, certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success.
S70, if certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then the connection of the second terminal aborts and mobile communications network.
S72, the first credential information sent according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network is authorized in certification end.
Further, in embodiments of the present invention, before " connection of the second terminal aborts and mobile communications network ", can also comprise the steps:
S74, certification end judges that the networking priority of first terminal is whether higher than the networking priority of the second terminal,
S76, if the networking priority of networking priority higher than the second terminal of first terminal is judged in certification end, then the connection of the second terminal aborts and mobile communications network.
S78, if certification end judges that the networking priority of first terminal is not higher than the networking priority of the second terminal, then the first credential information of sending according to first terminal of certification end is to first terminal authentification failure.
Mode two:
S80, certification end receives the first authentication information that first terminal sends.
S82, the first authentication information that certification end sends according to first terminal carries out certification to first terminal.
S84, certification end judges whether that the first authentication information sent according to first terminal is to the second terminal authentication success.
S86, if certification end judges that the first authentication information sent according to first terminal is to the second terminal authentication success, then the second terminal keeps the connection with mobile communications network.
S88, the first credential information sent according to first terminal in certification end to first terminal authentication success after, mobile communications network mandate first terminal accessing mobile communication network.
Wherein, first terminal may be used for the first kind Mobile Communication Service that acquisition mobile communications network provides.Second terminal may be used for the Equations of The Second Kind Mobile Communication Service that acquisition mobile communications network provides.
Preferably, in embodiments of the present invention, obtain the first authentication information of terminal transmission in certification end before, this terminal authentication method can also comprise: certification end sends the authentication request comprising random number to terminal, wherein, terminal may be used for the first credential information according to obtaining user's input, and determines the first authentication information according to the first credential information and random number.
The detailed introduction of the verification process of first terminal and the second terminal, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, (namely certification end except passing through aforesaid a kind of credential information, first credential information) carry out outside certification to user terminal, can also to be combined with the first credential information by another kind of credential information (as the second credential information) and certification is carried out to user terminal.Such as, before carrying out certification according to the first credential information, first can carry out preliminary certification by the second credential information.Particularly, terminal may be used for acquisition second credential information, and determine the second authentication information according to the second credential information, and the second authentication information is sent to certification end, like this, before aforesaid step S202 " certification end obtains the first authentication information that terminal sends ", can following steps be performed:
S90, certification end obtains the second authentication information that terminal sends.Wherein, the terminal subscriber identification module SIM that may be used for by being connected with terminal obtains the second credential information; And/or terminal can obtain the second credential information by the memory module of itself inline.
S92, certification end carries out certification according to the second authentication information to terminal.
S94, after certification end is successful to terminal authentication according to the second authentication information, mobile communications network authorization terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service.
S96, after certification end is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
Above-mentioned authentication method is the authentication method of two-stage certification: terminal prestores second credential information of user, and obtaining the first credential information of user's input, the first credential information is used in authenticated user in the software that the third party except user and Mobile Communication Service supplier develops; When terminal enters mobile communications network overlay area, elder generation is automatic to carry out communicating and certification terminal according to the second credential information and mobile communications network, then carries out communicating and certification terminal according to the first credential information and mobile communications network; If the certification according to user second credential information is passed through, then obtain the 3rd class Mobile Communication Service by mobile communications network; If the certification according to the first credential information is passed through, then obtain the 4th class Mobile Communication Service further by mobile communications network.
Wherein, the source of the second authentication information, as aforementioned, does not repeat them here.Second authentication information at least comprises one of following: international mobile subscriber identifier (IMSI, International Mobile Subscriber IdentificationNumber), KI (Ki), secret algorithm is (as A3, A8 algorithm), other key information (the Kc information as derived by Ki), band of position identification code (LAI, Location Area Identity), temporary transient identification code (the TMSI of mobile subscriber, Temporary Mobile Subscriber Identity), forbid the public telephone network code accessed, PIN (PIN, Personal Identification Number), PUK (PUK, PIN Unlocking Key), charging rate, the telephone number information of user.
In the present invention, based on the certification of the first credential information or based on can be two-way authentication with the certification of the second authentication information like the info class included by traditional SIM card, namely mobile communications network can pass through this authenticates terminal, and certification provides communication service by rear ability to terminal; Terminal also can pass through this authenticates network, and certification sends user profile by rear ability to mobile communications network.The mechanism of two-way authentication makes terminal and these two Correspondent Nodes of network set up higher trust, thus improves the fail safe of communication.
It should be noted that, the 3rd class Mobile Communication Service that mobile communications network provides can be free service, thus more users can be attracted to add mobile communications network; The 4th class Mobile Communication Service that mobile communications network provides is paid service, wherein, paying object can be user and third party, such as, user pays the fees directly to mobile communications network, or after user reaches certain condition by viewing advertisement, third party, for this subscriber payment, makes this user enjoy Mobile Communication Service.
Preferably, in embodiments of the present invention, mobile communications network can by LIPA agreement authorizes terminal accessing mobile communication network to obtain the 3rd class Mobile Communication Service.Mobile communications network can by SIPTO agreement authorizes terminal accessing mobile communication network to obtain the 4th class Mobile Communication Service.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, the present invention uses unauthorized (Unlicensed) frequency range to provide mobile communication business.Existing radio communication comprises is authorizing in (Licensed) frequency range and the radio communication of carrying out in Unlicensed frequency range, the communication that the such as present mobile communication carrier of the radio communication that Licensed frequency range is carried out provides, the frequency range shared by this kind of radio communication is used alone by certain mobile communication carrier; And the wifi that the radio communication that Unlicensed frequency range is carried out is such as present, this section of frequency spectrum can be used freely according to the predefined recording format.Because Unlicensed has opening frequently, therefore when carrying out certification by software server, mobile communications network can by Unlicensed frequency range for terminal provides mobile communication business, from frequency spectrum and verification process, all there is good opening, be conducive to opening and the business innovation of communication services platform.
According to embodiments of the invention, provide a kind of for the terminal authentication apparatus in mobile communication system, this terminal authentication apparatus be used in mobile communication system carries out authentication for the authentication information according to target software to the terminal in mobile communication system.It should be noted that, what the embodiment of the present invention provided can performing for the terminal authentication apparatus in mobile communication system by the embodiment of the present invention for the terminal authentication method in mobile communication system, the embodiment of the present invention for the terminal authentication apparatus in mobile communication system also may be used for performing the embodiment of the present invention for the terminal authentication method in mobile communication system.
As shown in Figure 10, this device comprises: the first acquiring unit 10, first determining unit 20, first transmitting element 30 and access unit 40.
First acquiring unit 10 may be used for making terminal obtain the first credential information of user's input, and wherein, the first credential information is the information verified by target software.
First determining unit 20 may be used for making terminal determine the first authentication information according to the first credential information.
First transmitting element 30 may be used for making terminal that the first authentication information is sent to certification end, and wherein, certification end is used for carrying out certification according to the first authentication information to terminal.
Access unit 40 may be used for making after certification end is successful to terminal authentication according to the first authentication information, terminal accessing mobile communication network.
Particularly, when terminal enters the mobile communications network area of coverage, this terminal can automatically be carried out communicating according to the first credential information and mobile communications network and carry out certification to terminal identity.After authentication, authentication result can be sent to mobile communications network by certification end.Wherein, if certification is passed through, then terminal can accessing mobile communication network, and obtains Mobile Communication Service; If authentification failure, then terminal cannot accessing mobile communication network, and then can not obtain Mobile Communication Service.Wherein, before the first authentication information is sent to certification end by terminal, mobile communications network can send authentication information request to terminal, and the first authentication information, after receiving authentication information request, is sent to certification end according to authentication information request by terminal.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, terminal can comprise one or more terminal, and such as, terminal can comprise first terminal and the second terminal, like this, such as, after when user inputs identical credential information respectively on first terminal and the second terminal, the second terminal is passed through according to this credential information certification, if first terminal also carries out certification according to identical credential information, then pass-through mode one or mode two pairs of first terminals and the second terminal can carry out authentication processing:
Mode one:
First acquiring unit 10 can also be provided for the first credential information that first terminal obtains user's input.
First determining unit 20 can also be provided for terminal and determine that the first authentication information comprises according to the first credential information: first terminal determines the first authentication information according to the first credential information.
First transmitting element 30 can also be provided for terminal and the first authentication information is sent to certification end comprises: the first authentication information is sent to certification end by first terminal.
This terminal authentication apparatus can also comprise: the first receiving element, the first authentication ' unit, the first judging unit and the first interrupt location.
First receiving element may be used for making after the first authentication information is sent to certification end by first terminal, and certification end receives the first authentication information that first terminal sends.The first authentication information that first authentication ' unit may be used for certification end is sent according to first terminal carries out certification to first terminal; The first authentication information that first judging unit may be used for making certification end judge whether to have sent according to first terminal is to the second terminal authentication success; If the first authentication information that the first interrupt location may be used for making certification end judge to have sent according to first terminal is to the second terminal authentication success, then mobile communications network interrupts the connection of the second terminal and mobile communications network, wherein, access unit can also be provided for the first credential information of sending according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network.
In mode one, the second terminal, after first terminal passes through the certification of mobile communications network, cannot keep the communication with mobile communications network.Namely, if the second terminal is first by a certain credential information authentication success in the mobile communication network, mobile communications network detects this credential information not only but also be used to certification first terminal subsequently, then after first terminal authentication success, mobile communications network mandate first terminal communicates with mobile communications network, and interrupts the communication of the second terminal and mobile communications network.The detailed introduction of content, with preceding method part, does not repeat them here.
Further, on the basis of mode one, this terminal authentication apparatus can comprise: the second judging unit.
Second judging unit may be used for making before the connection of the second terminal aborts and mobile communications network, this certification end judges that the networking priority of first terminal is whether higher than the networking priority of the second terminal, wherein, first interrupt location can also be provided for when the networking priority of the networking priority of first terminal higher than the second terminal is judged in certification end, the connection of the second terminal aborts and mobile communications network; And first authentication ' unit can also be provided for when the networking priority of the networking priority of first terminal not higher than the second terminal is judged in certification end, the interruption instruction that certification end sends according to the second terminal is to first terminal authentification failure.Wherein, the foundation that priority judges can be: mobile communications network can send request response to first terminal and the second terminal, and authorizes the terminal responded at first to have higher priority.
Mode two:
This terminal authentication apparatus can also comprise: second acquisition unit, the second determining unit, the second transmitting element, the second receiving element, the second authentication ' unit, the 3rd judging unit, holding unit, access unit, the 3rd acquiring unit and the 4th acquiring unit.Second acquisition unit may be used for making first terminal obtain the first credential information of user's input; Second determining unit may be used for making first terminal determine the first authentication information according to the first credential information; Second transmitting element may be used for making first terminal that the first authentication information is sent to certification end; Second receiving element may be used for making certification end receive the first authentication information of first terminal transmission; The first authentication information that second authentication ' unit may be used for certification end is sent according to first terminal carries out certification to first terminal; The first authentication information that 3rd judging unit may be used for making certification end judge whether to have sent according to first terminal is to the second terminal authentication success; If the first authentication information that holding unit may be used for making certification end judge to have sent according to first terminal is to the second terminal authentication success, then the second terminal keeps the connection with mobile communications network; Access unit may be used for the first credential information of making to send according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network; 3rd acquiring unit may be used for the first kind Mobile Communication Service that first terminal acquisition mobile communications network is provided; And the 4th acquiring unit Equations of The Second Kind Mobile Communication Service of may be used for making the second terminal to obtain mobile communications network providing.
In mode two, first terminal can keep communicating with mobile communications network with the second terminal simultaneously.It should be noted that, in mode two, mobile communications network can send message to these two terminals and also have other terminal to use identical credential information to carry out certification with prompting simultaneously.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, terminal can determine the first authentication information according to the first credential information in several ways.
Example 3
First determining unit 20 can comprise: determination module and generation module.Determination module may be used for making terminal according to the first credential information determination identification data; And generation module may be used for making terminal generate the first authentication information according to identification data.Particularly, end side can comprise an identification data generating apparatus, this identification data generating apparatus is used for generating corresponding identification data according to the first credential information of user's input, and identification data is used for carrying out producing authentication information by terminal authentication information generating apparatus.The detailed introduction of content, with preceding method part, does not repeat them here.
Example 4
Preferably, in embodiments of the present invention, this terminal authentication apparatus can also comprise: the 3rd receiving element.3rd receiving element may be used for making before terminal obtains the first credential information of user's input, terminal receives the authentication request comprising random number that certification end sends, and the first determining unit can also be provided for terminal and determine the first authentication information according to the first credential information and random number.
Wherein, in order to the safety of Internet Transmission, a random number can be comprised in the authentication information request that mobile communications network sends to terminal, terminal can according to this random number and user input the first credential information, use the first verification function determination authentication information, and authentication information is sent to mobile communications network, as shown in Figure 5, in terminal authentication information generating apparatus, the first verification function is achieved.Mobile communication network side has information and first verification function of random number, have received again the authentication information of terminal, just can this terminal of certification accordingly.Like this, because random number is only used to this certification, even if the authentication information that terminal sends is intercepted and captured by others, but do not know this random number due to interceptor, just oppositely cannot obtain the credential information of user's input yet, ensure that the fail safe of user's credential information.
Preferably, in embodiments of the present invention, except passing through aforesaid a kind of credential information (namely, first credential information) carry out outside certification to user terminal, can also to be combined with the first credential information by another kind of credential information (as the second credential information) and certification is carried out to user terminal.Such as, before carrying out certification according to the first credential information, first can carry out preliminary certification by the second credential information.Particularly, this authenticate device can also comprise: the 5th acquiring unit, the 6th acquiring unit, the 3rd determining unit and the 3rd transmitting element.
5th acquiring unit may be used for making before terminal obtains the first credential information of user's input, and terminal obtains the second credential information by the subscriber identification module SIM be connected with terminal; And/or the 6th acquiring unit may be used for making terminal obtain the second credential information by the memory module of itself inline; 3rd determining unit may be used for making terminal determine the second authentication information according to the second credential information; And the 3rd transmitting element may be used for making terminal that the second authentication information is sent to certification end, certification end is used for carrying out certification according to the second authentication information to terminal, wherein, access unit can also be provided for after certification end is successful to terminal authentication according to the second authentication information, and terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And certification end according to the first authentication information to terminal authentication success after, terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
Further, in embodiments of the present invention, access unit can also be provided for terminal by LIPA agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And terminal by SIPTO agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.Wherein, the detailed introduction of LIPA agreement and SIPTO protocol contents, with preceding method part, does not repeat them here.
Further, in embodiments of the present invention, this terminal authentication apparatus can also comprise: the first generation unit and the second generation unit.First generation unit may be used for making at terminal accessing mobile communication network with after obtaining the 3rd class Mobile Communication Service, terminal generates the first prompting message, second generation unit may be used for making at terminal accessing mobile communication network with after obtaining the 4th class Mobile Communication Service, and terminal generates the second prompting message.
Wherein, the second credential information can be SIM card information, and when terminal is passed through according to SIM card information certification, terminal sends the first prompting message; When passing through according to the first credential information certification, terminal sends the second prompting message, is convenient to user and knows current available Mobile Communication Service type.The detailed introduction of content, with preceding method part, does not repeat them here.
According to embodiments of the invention, provide another kind of for the terminal authentication apparatus in mobile communication system.
As shown in figure 11, this device comprises: the 7th acquiring unit 50, the 3rd authentication ' unit 60 and granted unit 70.
7th acquiring unit may be used for making certification end obtain the first authentication information of terminal transmission, terminal may be used for the first credential information obtaining user's input, and determine the first authentication information according to the first credential information, wherein, the first credential information is the information verified by target software; 3rd authentication ' unit may be used for making certification end carry out certification according to the first authentication information to terminal; And granted unit may be used for making after certification end is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network.
The first authentication information that the first credential information that certification end receiving terminal inputs according to user sends, and carries out certification according to the first authentication information to this terminal, if certification is passed through, mobile communications network provides Mobile Communication Service for this terminal.Wherein, the first credential information may be used for authenticated user in the software (target software) developed the third party except user and Mobile Communication Service supplier.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, certification end can be the AUC in mobile communications network, or it can be the mobile communication server (as aaa server) in mobile communications network, or it can for having the cloud platform of certification end function in mobile communications network.Or the software server corresponding to target software that certification end can also be developed for third party.Wherein, AUC, mobile communication server and software server can carry out certification respectively by with under type to terminal: certification end can comprise the AUC in mobile communications network, and the 3rd authentication ' unit 60 can comprise: the first acquisition module, the first receiver module and the first authentication module.
AUC: the first acquisition module may be used for making AUC for obtaining target software for verifying the user data of the first credential information; First receiver module may be used for the first authentication information that AUC is sent for receiving terminal; First authentication module may be used for making AUC carry out certification according to user data and the first authentication information to terminal, wherein, granted unit can also be provided for AUC according to the first authentication information and user data to terminal authentication success after, certification end authorization terminal accessing mobile communication network.It is introduced in detail with aforesaid method part, does not repeat them here.
Mobile communication server: wherein, authentication mode and the AUC of mobile communication server are similar, do not repeat them here.The detailed introduction of content, with preceding method part, also repeats no more at this.
Or this certification end can comprise the software server corresponding with target software, the 3rd authentication ' unit can comprise: the second acquisition module and the second authentication module.Second acquisition module may be used for making software server obtain the first authentication information of terminal transmission; Second authentication module may be used for making software server carry out certification according to the first authentication information to terminal; And wherein, granted unit can also be provided for after software server is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network.
When completing on third party software server the certification of terminal, third party software server sends to mobile communications network authentication result, and mobile communications network provides Mobile Communication Service according to authentication result to terminal.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, terminal can comprise multiple terminal, and such as, terminal can comprise first terminal and the second terminal, and like this, certification pass-through mode one or mode two pairs of first terminals and the second terminal can be carried out in certification end:
In mode one, the 7th acquiring unit can also be provided for the first authentication information that certification end obtains first terminal transmission, and wherein, terminal authentication apparatus can also comprise: the 4th authentication ' unit, the 4th judging unit and the second interrupt location.
4th authentication ' unit may be used for making after certification end obtains the first authentication information of first terminal transmission, and the first authentication information that certification end sends according to first terminal carries out certification to first terminal; The first authentication information that 4th judging unit may be used for making certification end judge whether to have sent according to first terminal is to the second terminal authentication success; If it is successful to the second terminal authentication that the second interrupt location can also be provided for the first authentication information judging to have sent according to first terminal in certification end, the then connection of the second terminal aborts and mobile communications network, wherein, granted unit can also be provided for the first credential information of sending according to first terminal in certification end to first terminal authentication success after, first terminal accessing mobile communication network is authorized in certification end.
Further, this authenticate device can also comprise: the 5th judging unit.5th judging unit may be used for making before the connection of the second terminal aborts and mobile communications network, certification end judges that the networking priority of first terminal is whether higher than the networking priority of the second terminal, wherein, if the second interrupt location can also be provided for the networking priority of networking priority higher than the second terminal that first terminal is judged in certification end, then the connection of the second terminal aborts and mobile communications network; And if the 3rd authentication ' unit can also be provided for certification end and judges that the networking priority of first terminal is not higher than the networking priority of the second terminal, then the first credential information of sending according to first terminal of certification end is to first terminal authentification failure.
In mode two, this granted unit can comprise: the second receiver module, the second authentication module, judge module, maintenance module and the 3rd authorization module.
Second receiver module may be used for making certification end receive the first authentication information of first terminal transmission; The first authentication information that second authentication module may be used for certification end is sent according to first terminal carries out certification to first terminal; The first authentication information that judge module may be used for making certification end judge whether to have sent according to first terminal is to the second terminal authentication success; If the first authentication information keeping module to may be used for making certification end judge to have sent according to first terminal is successful to the second terminal authentication, then the second terminal keeps the connection with mobile communications network; 3rd authorization module may be used for the first credential information of making to send according to first terminal in certification end to first terminal authentication success after, mobile communications network mandate first terminal accessing mobile communication network, wherein, first terminal may be used for the first kind Mobile Communication Service that acquisition mobile communications network provides; And second terminal may be used for obtaining the Equations of The Second Kind Mobile Communication Service that provides of mobile communications network.
Preferably, in embodiments of the present invention, this terminal authentication apparatus can also comprise: the 4th transmitting element.4th transmitting element may be used for making before certification end obtains the first authentication information of terminal transmission, certification end sends the authentication request comprising random number to terminal, wherein, terminal may be used for the first credential information according to obtaining user's input, and determines the first authentication information according to the first credential information and random number.The detailed introduction of the detailed verification process of first terminal and the second terminal, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, (namely certification end except passing through aforesaid a kind of credential information, first credential information) carry out outside certification to user terminal, can also to be combined with the first credential information by another kind of credential information (as the second credential information) and certification is carried out to user terminal.Such as, before carrying out certification according to the first credential information, first can carry out preliminary certification by the second credential information.Particularly, terminal may be used for acquisition second credential information, and determines the second authentication information according to the second credential information, and the second authentication information is sent to certification end, and this authenticate device can also comprise: the 8th acquiring unit and the 4th authentication ' unit.
8th acquiring unit may be used for making before certification end obtains the first authentication information of terminal transmission, certification end obtains the second authentication information that terminal sends, wherein, terminal is used for obtaining the second credential information by the subscriber identification module SIM be connected with terminal and/or obtaining the second credential information by the memory module of itself inline; 4th authentication ' unit may be used for making certification end carry out certification according to the second authentication information to terminal, wherein, granted unit can also be provided for after certification end is successful to terminal authentication according to the second authentication information, and mobile communications network authorization terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And after certification end is successful to terminal authentication according to the first authentication information, mobile communications network authorization terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.Granted unit can also be used for mobile communications network by LIPA agreement authorizes terminal accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And mobile communications network by SIPTO agreement authorizes terminal accessing mobile communication network to obtain the 4th class Mobile Communication Service.
Above-mentioned authentication method is the authentication method of two-stage certification: terminal prestores second credential information of user, and obtaining the first credential information of user's input, the first credential information is used in authenticated user in the software that the third party except user and Mobile Communication Service supplier develops; When terminal enters mobile communications network overlay area, elder generation is automatic to carry out communicating and certification terminal according to the second credential information and mobile communications network, then carries out communicating and certification terminal according to the first credential information and mobile communications network; If the certification according to user second credential information is passed through, then obtain the 3rd class Mobile Communication Service by mobile communications network; If the certification according to the first credential information is passed through, then obtain the 4th class Mobile Communication Service further by mobile communications network.The detailed introduction of content, with preceding method part, does not repeat them here.
Preferably, in embodiments of the present invention, mobile communications network can by LIPA agreement authorizes terminal accessing mobile communication network to obtain the 3rd class Mobile Communication Service.Mobile communications network can by SIPTO agreement authorizes terminal accessing mobile communication network to obtain the 4th class Mobile Communication Service.Wherein, introduce with aforementioned in detail, do not repeat them here.
By foregoing description, the embodiment of the present invention can reach following technique effect:
User does not need to buy SIM card to Mobile Communication Service supplier, and direct input document information in the terminal; When terminal enters the overlay area of mobile communications network, automatically carry out communicating and this terminal of certification according to this credential information and mobile communications network, certification is by then enjoying Mobile Communication Service.Therefore, without the need to arranging SIM card slot in terminal, reducing the design complexities of terminal, being also conducive to the lightening development of terminal.Further, in use, only a credential information need be inputted in terminal, like this, when terminal enters the distinct coverage region of mobile communications network, can automated validation.
The credential information of user's input not only may be used for the authentication operation in accessing mobile communication network process, authenticated user in the software can also developed third party, eliminate the trouble that a user needs to have multimeshed network identity, such as, micro-credit household can input micro-letter ID and password in terminal, and when terminal enters mobile communications network overlay area, automatically carry out communicating and this terminal of certification according to inputted credential information and mobile communications network, thus this user just only need have the network identity of a micro-letter ID, user can obtain more convenient information service by third-party social resource, such as, after user inputs micro-letter ID and password, can directly be connected to Internet by mobile communications network and communicate with friend.
Improve the value of the software that third party develops.Such as, when user can enjoy Mobile Communication Service by the micro-letter ID of input and password, micro-letter will attract more users, thus promotes the value of micro-letter; Mobile Communication Service supplier also activates business by cooperating with third party scope, such as, can be worth by promoting for third party and get a profit.
It should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (18)

1. for the terminal authentication method in mobile communication system, it is characterized in that, comprising:
Terminal obtains the first credential information of user's input, and wherein, described first credential information is the information verified by target software;
Described terminal determines the first authentication information according to described first credential information;
Described first authentication information is sent to certification end by described terminal, and wherein, described certification end is used for carrying out certification according to described first authentication information to described terminal; And
After described certification end is successful to described terminal authentication according to described first authentication information, described terminal accessing mobile communication network.
2. terminal authentication method according to claim 1, is characterized in that, described terminal comprises first terminal and the second terminal,
The first credential information that terminal obtains user's input comprises: described first terminal obtains the first credential information of user's input,
According to described first credential information, described terminal determines that the first authentication information comprises: described first terminal determines the first authentication information according to described first credential information,
Described first authentication information is sent to certification end and comprises by described terminal: described first authentication information is sent to described certification end by described first terminal,
After described first authentication information is sent to described certification end by described first terminal, described terminal authentication method also comprises: described certification end receives the first authentication information that described first terminal sends; The first authentication information that described certification end sends according to described first terminal carries out certification to described first terminal; Described certification end judges whether that the first authentication information sent according to described first terminal is to described second terminal authentication success; If described certification end judges that the first authentication information sent according to described first terminal is to described second terminal authentication success, then described mobile communications network interrupts the connection of the second terminal and described mobile communications network,
Wherein, the first credential information sent according to described first terminal in described certification end to described first terminal authentication success after, described first terminal accesses described mobile communications network.
3. terminal authentication method according to claim 2, is characterized in that, in the second terminal before the disconnected connection with described mobile communications network, described terminal authentication method comprises:
Described certification end judges that the networking priority of described first terminal is whether higher than the networking priority of described second terminal,
Wherein, if the networking priority of the networking priority of described first terminal higher than described second terminal is judged in described certification end, then the connection of described second terminal aborts and described mobile communications network; And if described certification end judges that the networking priority of described first terminal is not higher than the networking priority of described second terminal, then the interruption that described certification end sends according to described second terminal indicates described first terminal authentification failure.
4. terminal authentication method according to claim 1, is characterized in that, described terminal comprises first terminal and the second terminal, described second terminal accessing mobile communication network in the following manner:
Described first terminal obtains the first credential information of user's input;
Described first terminal determines the first authentication information according to described first credential information;
Described first authentication information is sent to described certification end by described first terminal;
Described certification end receives the first authentication information that described first terminal sends;
The first authentication information that described certification end sends according to described first terminal carries out certification to described first terminal;
Described certification end judges whether that the first authentication information sent according to described first terminal is to described second terminal authentication success;
If described certification end judges that the first authentication information sent according to described first terminal is to described second terminal authentication success, then described second terminal keeps the connection with described mobile communications network;
The first credential information sent according to described first terminal in described certification end to described first terminal authentication success after, described first terminal accesses described mobile communications network;
Described first terminal obtains the first kind Mobile Communication Service that described mobile communications network provides; And
Described second terminal obtains the Equations of The Second Kind Mobile Communication Service that described mobile communications network provides.
5. terminal authentication method according to claim 1, is characterized in that, according to described first credential information, described terminal determines that the first authentication information comprises:
Described terminal is according to described first credential information determination identification data; And
Described terminal generates described first authentication information according to described identification data.
6. terminal authentication method according to claim 1, is characterized in that,
Obtain the first credential information of user's input in terminal before, described terminal authentication method also comprises: described terminal receives the authentication request comprising random number that described certification end sends,
According to described first credential information, described terminal determines that the first authentication information comprises: described terminal determines described first authentication information according to described first credential information and described random number.
7. terminal authentication method according to claim 1, is characterized in that, obtain the first credential information of user's input in terminal before, described authentication method also comprises:
Described terminal obtains the second credential information by the subscriber identification module SIM be connected with described terminal; And/or
Described terminal obtains described second credential information by the memory module of itself inline;
Described terminal determines the second authentication information according to described second credential information; And
Described second authentication information is sent to described certification end by described terminal, and described certification end is used for carrying out certification according to described second authentication information to described terminal,
Wherein, after described certification end is successful to described terminal authentication according to described second authentication information, described terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And after described certification end is successful to described terminal authentication according to described first authentication information, described terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
8. terminal authentication method according to claim 7, is characterized in that,
Described terminal by LIPA agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And
Described terminal by SIPTO agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.
9. terminal authentication method according to claim 7, is characterized in that,
At described terminal accessing mobile communication network with after obtaining the 3rd class Mobile Communication Service, described terminal authentication method also comprises: described terminal generates the first prompting message,
At described terminal accessing mobile communication network with after obtaining the 4th class Mobile Communication Service, described terminal authentication method also comprises: described terminal generates the second prompting message.
10. for the terminal authentication apparatus in mobile communication system, it is characterized in that, comprising:
First acquiring unit, be provided for the first credential information that terminal obtains user's input, wherein, described first credential information is the information verified by target software;
First determining unit, is provided for described terminal and determines the first authentication information according to described first credential information;
First transmitting element, is provided for described terminal and described first authentication information is sent to certification end, and wherein, described certification end is used for carrying out certification according to described first authentication information to described terminal; And
Access unit, is provided for after described certification end is successful to described terminal authentication according to described first authentication information, described terminal accessing mobile communication network.
11. terminal authentication apparatus according to claim 10, is characterized in that, described terminal comprises first terminal and the second terminal,
Described first acquiring unit is also provided for the first credential information that described first terminal obtains user's input,
Described first determining unit is also provided for described terminal and determines that the first authentication information comprises according to described first credential information: described first terminal determines the first authentication information according to described first credential information,
Described first transmitting element is also provided for described terminal and described first authentication information is sent to certification end comprises: described first authentication information is sent to described certification end by described first terminal,
Described terminal authentication apparatus also comprises: the first receiving element, is provided for after described first authentication information is sent to described certification end by described first terminal, and described certification end receives the first authentication information that described first terminal sends; First authentication ' unit, is provided for the first authentication information that described certification end sends according to described first terminal and carries out certification to described first terminal; First judging unit, is provided for the first authentication information that described certification end judges whether to have sent according to described first terminal to described second terminal authentication success; First interrupt location, if it is successful to described second terminal authentication to be provided for the first authentication information judging to have sent according to described first terminal in described certification end, then described mobile communications network interrupts the connection of the second terminal and described mobile communications network,
Wherein, described access unit is also provided for the first credential information of sending according to described first terminal in described certification end to after described first terminal authentication success, and described first terminal accesses described mobile communications network.
12. terminal authentication apparatus according to claim 11, is characterized in that, described terminal authentication apparatus also comprises:
Second judging unit, before being provided for the disconnected connection with described mobile communications network in the second terminal, described certification end judges that the networking priority of described first terminal is whether higher than the networking priority of described second terminal,
Wherein, if described first interrupt location is also provided for described certification end judge the networking priority of the networking priority of described first terminal higher than described second terminal, then the connection of described second terminal aborts and described mobile communications network; And if described first authentication ' unit is also provided for described certification end and judges that the networking priority of described first terminal is not higher than the networking priority of described second terminal, then the interruption instruction that sends according to described second terminal of described certification end is to described first terminal authentification failure.
13. terminal authentication apparatus according to claim 11, is characterized in that, described terminal comprises first terminal and the second terminal, and described terminal authentication apparatus also comprises:
Second acquisition unit, is provided for the first credential information that described first terminal obtains user's input;
Second determining unit, is provided for described first terminal and determines the first authentication information according to described first credential information;
Second transmitting element, is provided for described first terminal and described first authentication information is sent to described certification end;
Second receiving element, is provided for the first authentication information that described certification end receives the transmission of described first terminal;
Second authentication ' unit, is provided for the first authentication information that described certification end sends according to described first terminal and carries out certification to described first terminal;
3rd judging unit, is provided for the first authentication information that described certification end judges whether to have sent according to described first terminal to described second terminal authentication success;
Holding unit, if it is successful to described second terminal authentication to be provided for the first authentication information judging to have sent according to described first terminal in described certification end, then described second terminal keeps the connection with described mobile communications network;
Described access unit, be provided for the first credential information of sending according to described first terminal in described certification end to after described first terminal authentication success, described first terminal accesses described mobile communications network;
3rd acquiring unit, is provided for described first terminal and obtains the first kind Mobile Communication Service that described mobile communications network provides; And
4th acquiring unit, is provided for described second terminal and obtains the Equations of The Second Kind Mobile Communication Service that described mobile communications network provides.
14. terminal authentication apparatus according to claim 10, is characterized in that, described first determining unit comprises:
Determination module, is provided for described terminal according to described first credential information determination identification data; And
Generation module, is provided for described terminal and generates described first authentication information according to described identification data.
15. terminal authentication apparatus according to claim 10, is characterized in that,
Described terminal authentication apparatus also comprises: the 3rd receiving element, and be provided for before terminal obtains the first credential information of user's input, described terminal receives the authentication request comprising random number that described certification end sends,
Described first determining unit is also provided for described terminal and determines described first authentication information according to described first credential information and described random number.
16. terminal authentication apparatus according to claim 10, is characterized in that, described authenticate device also comprises:
5th acquiring unit, be provided for before terminal obtains the first credential information of user's input, described terminal obtains the second credential information by the subscriber identification module SIM be connected with described terminal; And/or
6th acquiring unit, is provided for described terminal and obtains described second credential information by the memory module of itself inline;
3rd determining unit, is provided for described terminal and determines the second authentication information according to described second credential information; And
3rd transmitting element, is provided for described terminal and described second authentication information is sent to described certification end, and described certification end is used for carrying out certification according to described second authentication information to described terminal,
Wherein, described access unit is also provided for after described certification end is successful to described terminal authentication according to described second authentication information, and described terminal accessing mobile communication network is to obtain the 3rd class Mobile Communication Service; And described certification end according to described first authentication information to after the success of described terminal authentication, described terminal accessing mobile communication network is to obtain the 4th class Mobile Communication Service.
17. terminal authentication apparatus according to claim 16, is characterized in that, described access unit is also provided for described terminal by LIPA agreement accessing mobile communication network to obtain the 3rd class Mobile Communication Service; And described terminal by SIPTO agreement accessing mobile communication network to obtain the 4th class Mobile Communication Service.
18. terminal authentication apparatus according to claim 16, is characterized in that, described terminal authentication apparatus also comprises:
First generation unit, be provided at described terminal accessing mobile communication network with after obtaining the 3rd class Mobile Communication Service, described terminal generates the first prompting message;
Second generation unit, be provided at described terminal accessing mobile communication network with after obtaining the 4th class Mobile Communication Service, described terminal generates the second prompting message.
CN201410364838.9A 2014-07-28 2014-07-28 Terminal authentication method and device used in mobile communication system Pending CN104469766A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410364838.9A CN104469766A (en) 2014-07-28 2014-07-28 Terminal authentication method and device used in mobile communication system
PCT/CN2015/079305 WO2016015510A1 (en) 2014-07-28 2015-05-19 Method and device for terminal authentication for use in mobile communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410364838.9A CN104469766A (en) 2014-07-28 2014-07-28 Terminal authentication method and device used in mobile communication system

Publications (1)

Publication Number Publication Date
CN104469766A true CN104469766A (en) 2015-03-25

Family

ID=52914978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410364838.9A Pending CN104469766A (en) 2014-07-28 2014-07-28 Terminal authentication method and device used in mobile communication system

Country Status (2)

Country Link
CN (1) CN104469766A (en)
WO (1) WO2016015510A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208545A (en) * 2015-08-31 2015-12-30 宇龙计算机通信科技(深圳)有限公司 Virtual SIM card-based communication data management method, device and server
WO2016015509A1 (en) * 2014-07-28 2016-02-04 北京佰才邦技术有限公司 Method and device for terminal authentication for use in mobile communication system
WO2016015510A1 (en) * 2014-07-28 2016-02-04 北京佰才邦技术有限公司 Method and device for terminal authentication for use in mobile communication system
CN105631675A (en) * 2015-11-30 2016-06-01 东莞酷派软件技术有限公司 Information acquisition method, device, terminal
WO2017049598A1 (en) * 2015-09-25 2017-03-30 广东欧珀移动通信有限公司 Terminal authentication method and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111263361B (en) * 2020-01-10 2023-04-18 中国联合网络通信集团有限公司 Connection authentication method and device based on block chain network and micro base station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102149170A (en) * 2011-04-11 2011-08-10 宇龙计算机通信科技(深圳)有限公司 Network access method and device for wireless communication device
US8594628B1 (en) * 2011-09-28 2013-11-26 Juniper Networks, Inc. Credential generation for automatic authentication on wireless access network
CN103428696A (en) * 2012-05-22 2013-12-04 中兴通讯股份有限公司 Virtual SIM card achieving method and system and relevant device
CN103582178A (en) * 2012-08-08 2014-02-12 广州三星通信技术研究有限公司 Mobile communication terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469766A (en) * 2014-07-28 2015-03-25 北京佰才邦技术有限公司 Terminal authentication method and device used in mobile communication system
CN104469765B (en) * 2014-07-28 2020-10-23 北京佰才邦技术有限公司 Terminal authentication method and apparatus for use in mobile communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102149170A (en) * 2011-04-11 2011-08-10 宇龙计算机通信科技(深圳)有限公司 Network access method and device for wireless communication device
US8594628B1 (en) * 2011-09-28 2013-11-26 Juniper Networks, Inc. Credential generation for automatic authentication on wireless access network
CN103428696A (en) * 2012-05-22 2013-12-04 中兴通讯股份有限公司 Virtual SIM card achieving method and system and relevant device
CN103582178A (en) * 2012-08-08 2014-02-12 广州三星通信技术研究有限公司 Mobile communication terminal

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016015509A1 (en) * 2014-07-28 2016-02-04 北京佰才邦技术有限公司 Method and device for terminal authentication for use in mobile communication system
WO2016015510A1 (en) * 2014-07-28 2016-02-04 北京佰才邦技术有限公司 Method and device for terminal authentication for use in mobile communication system
US10045213B2 (en) 2014-07-28 2018-08-07 Baicells Technologies Co. Ltd Method and apparatus for authenticating terminal in mobile communications system
CN105208545A (en) * 2015-08-31 2015-12-30 宇龙计算机通信科技(深圳)有限公司 Virtual SIM card-based communication data management method, device and server
CN105208545B (en) * 2015-08-31 2019-01-15 宇龙计算机通信科技(深圳)有限公司 Communication data management method, device and server based on virtual SIM card
WO2017049598A1 (en) * 2015-09-25 2017-03-30 广东欧珀移动通信有限公司 Terminal authentication method and device
CN107852603A (en) * 2015-09-25 2018-03-27 广东欧珀移动通信有限公司 The method and apparatus of terminal authentication
US10798570B2 (en) 2015-09-25 2020-10-06 Gunagdong Oppo Mobile Telecommunications Corp. Ltd. Terminal authentication method and device
CN105631675A (en) * 2015-11-30 2016-06-01 东莞酷派软件技术有限公司 Information acquisition method, device, terminal
CN105631675B (en) * 2015-11-30 2019-06-11 东莞酷派软件技术有限公司 Information acquisition method and device, terminal

Also Published As

Publication number Publication date
WO2016015510A1 (en) 2016-02-04

Similar Documents

Publication Publication Date Title
JP6668407B2 (en) Terminal authentication method and apparatus used in mobile communication system
US10237732B2 (en) Mobile device authentication in heterogeneous communication networks scenario
US8261078B2 (en) Access to services in a telecommunications network
US10769615B2 (en) Device and method in wireless communication system and wireless communication system
CN108476223B (en) Method and apparatus for SIM-based authentication of non-SIM devices
CN104469766A (en) Terminal authentication method and device used in mobile communication system
WO2017219673A1 (en) Vowifi network access method and system, and terminal
DK2924944T3 (en) Presence authentication
WO2009000206A1 (en) Method and system for access control of home node b
JP6997886B2 (en) Non-3GPP device access to core network
JP2008042862A (en) Wireless lan communication system, method thereof and program
JP7564919B2 (en) NON-3GPP DEVICE ACCESS TO CORE NETWORK - Patent application
US11848926B2 (en) Network authentication
US10390226B1 (en) Mobile identification method based on SIM card and device-related parameters
CN106105131B (en) Electronic device, method, apparatus, and computer medium pairing a plurality of devices
US10425812B2 (en) Method and apparatus for establishment of private communication between devices
JP2015517747A (en) Authentication method, apparatus and system for mobile device
Nguyen et al. An SDN‐based connectivity control system for Wi‐Fi devices
JP5670926B2 (en) Wireless LAN access point terminal access control system and authorization server device
Alam et al. A Secret Sim Switching Technique to Adapt the Upcoming Technology Trends
WO2024199678A1 (en) Secure allocation of a user terminal emulator for authenticated user who is registered to another user terminal emulator
KR20030092851A (en) Method for generating packet-data in wireless-communication and method and apparatus for wireless-communication using that packet-data
Stakenburg Managing the Client-side Risks of IEEE 802.11 Networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150325

RJ01 Rejection of invention patent application after publication