CN106686594A - EVDO network authentication method and device - Google Patents

EVDO network authentication method and device Download PDF

Info

Publication number
CN106686594A
CN106686594A CN201710035024.4A CN201710035024A CN106686594A CN 106686594 A CN106686594 A CN 106686594A CN 201710035024 A CN201710035024 A CN 201710035024A CN 106686594 A CN106686594 A CN 106686594A
Authority
CN
China
Prior art keywords
authentication
target
enumerator
failed authentication
failed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710035024.4A
Other languages
Chinese (zh)
Inventor
林锋
金雪霖
付朝印
李学春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING CAPITEK CO Ltd
Original Assignee
BEIJING CAPITEK CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING CAPITEK CO Ltd filed Critical BEIJING CAPITEK CO Ltd
Priority to CN201710035024.4A priority Critical patent/CN106686594A/en
Publication of CN106686594A publication Critical patent/CN106686594A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an EVDO network authentication method and a device, and solves the problem of a collision of network accessing between ATs corresponding to a cancelled old UIM card and a new UIM card carrying the same IMSI number. The EVDO network authentication method comprises a failure counter of target authentication and authentication of a memorized mechanism. The failure counter of target authentication comprises information about a target IMSI number of a target AT and about a target MEID number. The authentication of the memorized mechanism searches the failure counter of target authentication in the memory and judges whether the counter surpasses a threshold value. If so, then authentication to the target AT fails, and the authentication is marked and locked.

Description

A kind of method for authenticating and device of EVDO networks
Technical field
The present invention relates to EVDO (Code Division Multiple Access 20001x Evolution Data Only, CDMA data system) network access technique field, and in particular to a kind of method for authenticating and device of EVDO networks.
Background technology
With the development of mobile communication business, existing cellphone subscriber usually needs more for each identical or different purpose UIM cards are changed, for example, in order to experience Added Business project, in this case, original UIM cards will be canceled, it is now, mobile logical Letter operator will not generally reclaim the old UIM cards nullified, however, they can reclaim the entrained IMSI of the old UIM cards (International Mobile Subscriber Identification Number, international mobile subscriber identity) number Code, and will reactivate in the new UIM cards of the IMSI number typing.In this case, cancellation along with old UIM cards and new The registration of UIM cards, in AN-AAA (Access Network-Authentication, Accounting, Authorization Server, access network is authenticated, authorizes accounting server) in, the relevant information of the IMSI number and its corresponding old UIM cards is just Can be deleted, and the relevant information of the IMSI number and its corresponding new UIM cards can be added.
If the old UIM cards are still left on ME1 (mobile device) the insides after nullifying, by the old UIM cards and its place ME The AT1 (access terminal) of composition still can initiate the request for accessing EVDO networks, and in this case, the old UIM clampings enter EVDO The signaling process of network refers to Fig. 1.
Step a, AN (access network controller) initiates the negotiations process of air interface PPP-LCP, consults CHAP authentication protocol classes Type, sets up PPP connections.
Step b, AN produces authentication random number, and to AT1 CHAP query messages are sent.
Step c, AT 1 is calculated using MD5 algorithms and reflected according to the authentication random number+(old UIM cards) user cipher pwd1 Power result, authenticating result constitutes KI together with authentication mark, and to AN CHAP response messages are sent, and includes in the message and uses Name in an account book NAI (i.e. IMSI number), authentication random number CHAP_Challenge and KI CHAP-Password1 etc..
D, AN to AN-AAA forwards the response message as access request message.
E, AN-AAA are authenticated.(1), user information authentication.Specially:AN-AAA is according to the IMSI number for receiving in data Make a look up in storehouse, due to the IMSI number of new, old UIM cards it is consistent, therefore, old UIM cards terminal uses identical IMSI number This user (actual for the new user of IMSI number identical) can be inquired in AN-AAA, therefore user profile is authenticated successfully. (2), key authentication.Specially:The failed authentication enumerator comprising the IMSI number information is searched from AN-AAA data bases (the failed authentication enumerator just has stored in the data base of AN-AAA and suffers failtime1 when user's registration, initially It is worth for 0), and the value of the failed authentication enumerator is not above threshold value (artificial to arrange);AN-AAA use authentication mark trifoliate oranges+ (the new UIM cards stored during registration) user cipher pwd2+ authentication random numbers, as the |input paramete of MD5 algorithms knot is calculated Really, i.e. authorization key, because the user cipher pwd1 of old UIM cards is not equal to the user cipher pwd2 of new UIM cards, so authentication is close Key is not equal to authorization key, therefore old UIM cards place AT1 key authentications fail;Failed authentication enumerator adds 1, and AN-AAA is to AN Send refusal and access message.
CHAP failed authentication message informing AT1, the access terminal that old UIM cards are constituted are completed access authentication flow process by f, AN.
During the corresponding AT1 of old UIM cards repeats to access, can make comprising the entrained IMSI number of the old UIM cards The failed authentication enumerator failtime1 of information exceedes threshold value, causes the labeled lockings of AT1.
Now, if the new corresponding AT2 of UIM cards attempts access to EVDO networks, its access signaling flow process refers to Fig. 2.
Step a, AN initiates the negotiations process of air interface PPP-LCP, consults CHAP authentication protocol types, sets up PPP connections.
Step b, AN produces authentication random number, and to AT2 CHAP query messages are sent.
Step c, AT 2 is calculated using MD5 algorithms and reflected according to the authentication random number+(new UIM cards) user cipher pwd2 Power result, authenticating result constitutes KI together with authentication mark, and to AN CHAP response messages are sent, and wraps in the response message NAI containing user name (i.e. IMSI number), authentication random number CHAP_Challenge and KI CHAP-Password1 etc..
Step d, AN to AN-AAA forwards the response message as access request message.
Step e, AN-AAA authentications.(1), user information authentication.Specially:AN-AAA exists according to the IMSI number for receiving Make a look up in data base, the user with the IMSI number can be inquired in AN-AAA, therefore user profile is authenticated into Work(.(2), key authentication.Specially:The failed authentication enumerator comprising the IMSI number information is searched from AN-AAA data bases Failtime2, it is identical with failtime1, because failed authentication enumerator failtime1 is as the labelling of AT1 is locked It is locked, causes key authentication to fail, so that AT2 failed authentications, AN-AAA is to AN transmission refusal access message.
CHAP failed authentication message informing AT2, new UIM cards terminal are completed access authentication flow process by f, AN.
Can be seen that because the failed authentication that the entrained IMSI number of the new UIM cards is constituted is counted with reference to Fig. 1 and Fig. 2 Device because the labelling locking of old UIM cards place AT1 is locked, causes the new UIM cards place AT2 to access EVDO network development process Middle failed authentication, causes AT2 to access EVDO networks, affects the online experience of new user.
The content of the invention
In view of this, the method for authenticating and device of a kind of EVDO networks are embodiments provided, is solved and is carried The pintle hook lock of the old UIM cards being canceled of identical IMSI number causes new UIM cards to access the problem of EVDO networks.
The invention provides a kind of method for authenticating of EVDO networks, including, target failed authentication enumerator, the target mirror Power fail counter is specifically included:The target IMSI number information and target MEID number information of target AT.
Present invention also offers a kind of authentication device of EVDO networks, including target failed authentication enumerator, the target Failed authentication enumerator is specifically included:The target IMSI number information and target MEID number information of target AT.
The method for authenticating and device of a kind of EVDO networks provided in an embodiment of the present invention, according to IMSI number and MEID numbers Combined information build failed authentication enumerator, due to the corresponding mobile terminal of new, old UIN cards it is different, i.e. MEID numbers difference, So operation of locking the labelling of old UIM cards place AT1 does not interfere with the access of new UIM cards, can avoid carrying identical The online collision problem of the respective place AT of the old UIM cards being canceled of IMSI number and new UIM cards.
Description of the drawings
Fig. 1 show the authentication process schematic diagram that the UIM clampings being canceled in prior art enter EVDO networks.
Fig. 2 show the new UIM clampings of carrying IMSI number identical with the UIM cards being canceled in prior art and enters EVDO The authentication process schematic diagram of network.
Fig. 3 show the flow chart of the memorization mechanism verification process of one embodiment of the invention offer.
Fig. 4 show the authentication process schematic diagram that the UIM cards being canceled adopt the access EVDO networks of the present invention.
Fig. 5 show the access for carrying the new UIM cards of IMSI number identical with the UIM cards being canceled using the present invention The authentication process schematic diagram of EVDO networks.
Fig. 6 show the structured flowchart of the memorization mechanism authentication module of one embodiment of the invention offer.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.Based on this Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made Example is applied, the scope of protection of the invention is belonged to.
The invention provides a kind of method for authenticating of EVDO networks, including target failed authentication enumerator, the target authentication Fail counter is specifically included, the target IMSI number information and target MEID number information of target AT.
According to the method for authenticating of the EVDO networks of embodiment of the present invention, in changing existing target failed authentication enumerator Counting factor, be that operating basis introduce different physical parameters, in the authentication process of EVDO networks, by using this The target failed authentication enumerator of bright offer, can avoid carrying old UIM cards being canceled of identical IMSI number and new The online collision problem of the respective place AT of UIM cards.
In one embodiment, a kind of method for authenticating of the EVDO networks for being provided according to the present invention, the method is specifically included Memorization mechanism verification process, Fig. 3 show the flow chart of the memorization mechanism verification process of one embodiment of the invention offer.From As can be seen that the memorization mechanism verification process includes in figure:
Step S101, searches target failed authentication enumerator in internal memory.The target failed authentication enumerator includes target The target IMSI number information and target MEID number information of AT, target AT includes target ME and target UIM, and wherein target ME is taken With target MEID number information, target UIM carries target IMSI number information.
IMSI be distinguish mobile subscriber mark, in being stored in UIM cards, to recognize a certain mobile radio communication in movement User.MEID (Mobile Equipment Identifier, mobile device identification code), is that globally unique 56bit movements set Standby identification number, the identification number is stored in mobile device, can be used to carry out identification and tracking to mobile unit. The combination of IMSI and MEID can be with one AT of unique mark.
In one embodiment, target failed authentication enumerator is stored using red-black tree algorithm.Red-black tree algorithm Time complexity be O (log n), possess higher lookup, delete and insert efficiency, while save memory headroom.And, it is real Test result to show, the resource load of AN-AAA certificate servers will not be increased based on the memorization administrative mechanism of red-black tree algorithm, The service feature of AN-AAA is had little to no effect.
Step S102, judges whether target failed authentication enumerator exceedes threshold value;If it is, execution step S103.Extremely This flow process terminates.If not, execution step S104 or step S105.
The threshold value can artificially be arranged according to practical situation, for example, threshold value is set to into 2,3,4 or 5, and the present invention is to this It is not construed as limiting.
Step 103, to the simultaneously labelling locking of target AT failed authentication.That is, when an AT attempts access to EVDO networks When, if the corresponding target failed authentication enumerators of the AT are locked, the AT cannot just access EVDO networks.
According to the cut-in method of the EVDO networks of embodiment of the present invention, simultaneously comprising UIM cards in failed authentication enumerator IMSI number information and mobile device MEID number informations, in this case, the failed authentication of the old UIM cards being canceled Enumerator and different from the failed authentication enumerator that the old UIM carries the new UIM cards of identical IMSI number, therefore, old UIM cards institute The mandate of the failed authentication enumerator for not interfering with new UIM cards of locking of the failed authentication enumerator for causing, therefore do not interfere with new UIM clampings enter the process of EVDO networks.
In one embodiment, the method for authenticating of EVDO networks as shown in Figure 3, further includes:
Step S104, in the presence of target AT failed authentication and target failed authentication enumerator, more fresh target failed authentication Enumerator.That is, target failed authentication enumerator can be found in internal memory, and the value of target failed authentication enumerator When being not above threshold value, more fresh target failed authentication enumerator, its value cumulative 1.
In one embodiment, the method for authenticating of EVDO networks as shown in Figure 3, further includes:
Step S105, when target AT failed authentication and when target failed authentication enumerator is not present, creates target authentication and loses Lose enumerator and store in internal memory.That is, searching in internal memory less than the target failed authentication enumerator, now, wound Build target failed authentication enumerator and set the value of the target failed authentication enumerator as 1.So, it is necessary to create target in real time Failed authentication enumerator is used for subsequent operation.
In this case, because target failed authentication enumerator is to create in real time, therefore, in one embodiment, can To carry out periodic cleaning to target failed authentication enumerator.As such, it is possible to internal memory is saved, speed up processing.Specifically, for example Can be, AN-AAA according to the creation time of target failed authentication enumerator, with reference to the default max-timeout time, to having surpassed When target failed authentication enumerator carry out cleaning operation.The default max-timeout time needs the reality in real network Depending on the portfolio size of border, such as default value is set to 10 minutes.
It will be understood by those skilled in the art that the method for authenticating of EVDO networks of the invention, can only include step S104 and step S105, it is also possible to while including step S104 and step S105.
The method for authenticating of the EVDO networks for providing according to embodiments of the present invention, according to the combination of IMSI number and MEID numbers Information architecture failed authentication enumerator, because the corresponding mobile terminal of new, old UIN cards is different, i.e., MEID numbers are different, so right The labelling lock operation of old UIM cards place AT1 does not interfere with the access of new UIM cards place AT2, can avoid carrying identical The online collision problem of the respective place AT of the old UIM cards being canceled of IMSI number and new UIM cards.
In one embodiment, the method for authenticating of EVDO networks as shown in Figure 1, before memorization mechanism certification, enters One step includes user information authentication, and in this case, the concrete implementation procedure of step S104 can be, when user information authentication loses Lose and in the presence of target failed authentication enumerator, just more fresh target failed authentication enumerator.The concrete implementation procedure of step S105 Can, when user information authentication fails and target failed authentication enumerator does not exist, just create target failed authentication and count Device, target failed authentication enumerator initial value is 1.Due to setting up when target failed authentication enumerator, user information authentication loses Lose and already lead to access failure once, therefore, the initial value of target failed authentication enumerator is set to 1.In the present embodiment, if user Authentification of message is also successful, that is to say, that target AT once accesses EVDO network successes, it is also possible to do not create target authentication Fail counter.
In one embodiment, before user information authentication, key authentication, in this case, step are further included The concrete implementation procedure of S104 can be, under the premise of user information authentication is successful, when key authentication failure and target authentication In the presence of fail counter, just more fresh target failed authentication enumerator.The concrete implementation procedure of step S105 can be, in user Under the premise of authentification of message is successful, when key authentication fails and target failed authentication enumerator does not exist, target mirror is just created Power fail counter, target failed authentication enumerator initial value is 1.In the present embodiment, if key authentication is also successful, also It is to say, target AT once accesses EVDO network successes, it is also possible to do not create target failed authentication enumerator.People in the art Whether also member is appreciated that no matter follow-up other verification process, as long as target AT can once access EVDO network successes, all Target failed authentication enumerator can not be created.
Below by taking the old UIM cards (canceled) with identical IMSI number and new UIM cards (registered) as an example, to such as Fig. 3 The method for authenticating of shown EVDO networks is described in detail.
Fig. 4 show the method for authenticating signaling that the old UIM cards place AT1 of one embodiment of the invention offer accesses EVDO networks Schematic flow sheet.It can be seen that the method includes:
First, access first.
Step a, AN initiates the negotiations process of air interface PPP-LCP, consults CHAP authentication protocol types, sets up PPP connections.
Step b, AN produces authentication random number, and to AT1 CHAP query messages are sent.
Step c, AT1 is calculated using MD5 algorithms and authenticated according to the authentication random number+(old UIM cards) user cipher pwd1 As a result, authenticating result constitutes KI together with authentication mark, and to AN CHAP response messages are sent, and user is included in the message Name NAI (i.e. IMSI number), authentication random number CHAP_Challenge and KI CHAP-Password1 etc..
Step d, AN to AN-AAA forwards access request message, comprising NAI, authentication random number, KI etc. in message Parameter.
Step e, AN-AAA authentications.(1), memorization mechanism certification.Target failed authentication enumerator is searched in internal memory No. MEID of failtime1, IMSI number information of the target failed authentication enumerator comprising the old UIM cards and its place ME1 Code information, does not as a result find, it is believed that the value of target failed authentication enumerator failtime1 is zero, statistics target authentication The value of fail counter failtime1 is not above threshold value (can artificially be arranged, for example, be set to 1), memorization mechanism is recognized Demonstrate,prove successfully.(2), user information authentication.Specially:AN-AAA makes a look up according to the IMSI number for receiving in data base, Due to the IMSI number of new, old UIM cards it is consistent, therefore, old UIM cards terminal can be in AN-AAA using identical IMSI number This user is inquired, therefore user profile is authenticated successfully.(3), key authentication.Specially:AN-AAA use authentication mark trifoliate oranges+(new UIM cards) user cipher pwd2+ authentication random numbers, result, i.e. authorization key are calculated as the |input paramete of MD5 algorithms, by It is not equal to pwd2 in pwd1, so KI is not equal to authorization key, therefore old UIM cards place AT1 key authentications fail;Wound Build target failed authentication enumerator failtime1 and be stored in internal memory, initial value is set to 1, while send refusal access to AN disappearing Breath.
F, AN are by CHAP failed authentication message informing AT1.
2nd, access for second.
Step a- step d is identical with the operating process for accessing first.
Step e, AN-AAA authentications.(1), memorization mechanism certification.Target failed authentication enumerator is searched in internal memory Failtime1, the numerical value for counting target failed authentication enumerator failtime1 is 1, is not above threshold value 1, memorization mechanism Certification success.(2), user information authentication.Specially:AN-AAA is looked into according to the IMSI number for receiving in data base Look for, due to the IMSI number of new, old UIM cards it is consistent, therefore, old UIM cards terminal can be in AN- using identical IMSI number This user is inquired in AAA, therefore user profile is authenticated successfully.(3), key authentication.Specially:AN-AAA uses authentication mark trifoliate orange + (new UIM cards) user cipher pwd2+ authentication random numbers, as the |input paramete of MD5 algorithms result is calculated, that is, authorize close Key, because pwd1 is not equal to pwd2, so KI is not equal to authorization key, therefore the corresponding AT1 key authentications of old UIM cards Failure;Target failed authentication enumerator failtime1 adds one, while sending refusal to AN accesses message.
F, AN are by CHAP failed authentication message informing AT1.
3rd, third time is accessed.
Step a- step d is identical with the operating process for accessing (or accessing for second) first.
Step e, AN-AAA authentications.(1), memorization mechanism certification.Target failed authentication enumerator is searched in internal memory Failtime1, the numerical value for counting target failed authentication enumerator is 2, has exceeded threshold value 1, and to AT1 failed authentications, simultaneously labelling is locked It is fixed, while sending refusal to AN accesses message.
Step f, by CHAP failed authentication message informing AT1, the corresponding AT1 of old UIM cards completes access authentication flow process to AN.
According to the method for authenticating of the access EVDO networks of present embodiment, after locking to AT1 labellings, if the old UIM Block corresponding AT1 to attempt to access EVDO networks again, in AN-AAA authentication processes, it is only necessary to recognize by a memorization mechanism Card just can be denied access, and without order follow-up user information authentication and key authentication is performed, and it is unnecessary to save Access operation, mitigates the burden of AN-AAA.
When the labeled lockings of AT1, if the corresponding another AT2 of new UIM cards with identical IMSI number attempts to connect Enter EVDO networks, its access signaling flow process refers to Fig. 5.
Step a, AN initiates the negotiations process of air interface PPP-LCP, consults CHAP authentication protocol types, sets up PPP connections.
Step b, AN produces authentication random number, and to AT2 CHAP query messages are sent.
Step c, AT 2 is calculated using MD5 algorithms and reflected according to the authentication random number+(new UIM cards) user cipher pwd2 Power result, authenticating result constitutes KI together with authentication mark, and to AN CHAP response messages are sent, and includes in the message and uses Name in an account book NAI (i.e. IMSI number), authentication random number CHAP_Challenge and KI CHAP-Password1 etc..
Step d, AN to AN-AAA sends access request message, comprising NAI, authentication random number, KI etc. in message Parameter.
Step e, AN-AAA authentications.(1), memorization mechanism certification.Target failed authentication enumerator is searched in internal memory The IMSI number information of failtime2, target failed authentication enumerator failtime2 comprising the new UIM cards and its place ME2 MEID number informations, as a result do not find, it is believed that the value of target failed authentication enumerator failtime2 is zero, count The value of target failed authentication enumerator failtime2 is not above threshold value, memorization mechanism certification success.(2), user profile Certification.AN-AAA makes a look up according to the IMSI number for receiving in data base, because new UIM cards have been completed registration, Therefore, new UIM cards place AT2 can inquire this user in AN-AAA, therefore user profile is authenticated successfully.(3), key is recognized Card.AN-AAA is joined using authentication mark trifoliate orange+(new UIM cards) user cipher pwd2+ authentication random numbers, the input as MD5 algorithms Number calculates result, i.e. authorization key, so KI is equal to authorization key, therefore the corresponding AT2 key authentications of new UIM cards Success;AN-AAA sends to AN to be allowed to access message.
CHAP authentication successful messages are notified that AT2, the corresponding AT2 of new UIM cards complete access authentication flow process by f, AN.
The method for authenticating of the EVDO networks according to present embodiment is can be seen that with reference to Fig. 4 and Fig. 5, according to IMSI number Build failed authentication enumerator with the combined information of MEID numbers, due to the corresponding ME of new, old UIN cards it is different, i.e. MEID numbers Difference, so not interfering with the access of new UIM cards place AT2 to the labelling lock operation of old UIM cards place AT1, can avoid Carry the online collision problem of the respective place AT of the old UIM cards being canceled and new UIM cards of identical IMSI number.
Present invention also offers a kind of authentication device of EVDO networks, the device includes target failed authentication enumerator, institute State target failed authentication enumerator to specifically include:The target IMSI number information and target MEID number information of target AT.
In one embodiment, the method for authenticating of EVDO networks of the invention, specifically includes memorization mechanism certification Module, Fig. 6 show the structured flowchart of the memorization mechanism authentication module of one embodiment of the invention offer.Can from figure Go out, the memorization mechanism authentication module 60 includes:
Searching modul 61, for searching target failed authentication enumerator in internal memory.The target failed authentication enumerator Including the IMSI number information and target MEID number information of target AT.
Judge module 62, for judging whether target failed authentication enumerator exceedes threshold value.
Upper lock module 63, for when target failed authentication enumerator exceedes threshold value, to target AT failed authentication and marking Note locking.
In one embodiment, memorization authentication module as shown in Figure 6 is further included:
Update module 64, in the presence of target AT failed authentication and target failed authentication enumerator, more fresh target to reflect Power fail counter.
In one embodiment, memorization authentication module as shown in Figure 6 is further included:
Creation module 65, for when target AT failed authentication and when target failed authentication enumerator is not present, creating target Failed authentication enumerator is simultaneously stored in internal memory.
In one embodiment, according to the authentication device of the EVDO networks of embodiment of the present invention, further include:User Authentification of message module, in this case, update module 64, for when the failure of user information authentication module authentication and target authentication mistake In the presence of losing enumerator, more fresh target failed authentication enumerator;Creation module 65, for losing when user information authentication module authentication Lose and when target failed authentication enumerator does not exist, create target failed authentication enumerator.
In one embodiment, according to the authentication device of the EVDO networks of embodiment of the present invention, in user information authentication On the basis of module, further include:Key authentication module, in this case, update module 64, in user information authentication Under the premise of successfully, in the presence of the failure of key authentication module authentication and target failed authentication enumerator, more fresh target authentication is lost Lose enumerator;Creation module 65, under the premise of user information authentication is successful, when the failure of key authentication module authentication and mesh When mark failed authentication enumerator is not present, target failed authentication enumerator is created.
The authentication device of the EVDO networks for providing according to embodiments of the present invention, according to the combination of IMSI number and MEID numbers Information architecture failed authentication enumerator, because the corresponding mobile terminal of new, old UIN cards is different, i.e., MEID numbers are different, so right The labelling of old UIM cards place AT1 is locked and operates the access for not interfering with new UIM cards, can avoid carrying identical IMSI number The old UIM cards being canceled and the respective place AT of new UIM cards online collision problem.
Presently preferred embodiments of the present invention is the foregoing is only, not to limit the present invention, all essences in the present invention Within god and principle, any modification, equivalent for being made etc. should be included within the scope of the present invention.

Claims (10)

1. a kind of method for authenticating of EVDO networks, it is characterised in that include, target failed authentication enumerator, the target authentication Fail counter is specifically included:
The target IMSI number information and target MEID number information of target AT.
2. the method for authenticating of EVDO networks as claimed in claim 1, it is characterised in that specifically include, memorization mechanism certification, The memorization mechanism certification is specifically included:
Target failed authentication enumerator is searched in internal memory, judges whether target failed authentication enumerator exceedes threshold value, if It is, to the simultaneously labelling locking of target AT failed authentication.
3. the method for authenticating of EVDO networks as claimed in claim 2, it is characterised in that further include:If not,
In the presence of target AT failed authentication and target failed authentication enumerator, more fresh target failed authentication enumerator;And/or,
When target AT failed authentication and when target failed authentication enumerator is not present, create target failed authentication enumerator and including Deposit middle storage.
4. the method for authenticating of EVDO networks as claimed in claim 3, it is characterised in that after memorization mechanism certification, enter One step includes user information authentication, in this case,
In the presence of user information authentication failure and target failed authentication enumerator, just more fresh target failed authentication enumerator;With/ Or,
When user information authentication fails and target failed authentication enumerator does not exist, target failed authentication enumerator is just created, Target failed authentication enumerator initial value is 1.
5. the method for authenticating of EVDO networks as claimed in claim 4, it is characterised in that after user information authentication, enter Step includes key authentication, in this case, under the premise of user information authentication is successful,
In the presence of key authentication failure and target failed authentication enumerator, just more fresh target failed authentication enumerator;And/or,
When key authentication fails and target failed authentication enumerator does not exist, target failed authentication enumerator, target are just created Failed authentication enumerator initial value is 1.
6. the method for authenticating of the EVDO networks as described in arbitrary in claim 1-5, it is characterised in that using red-black tree algorithm pair The target failed authentication enumerator is stored.
7. a kind of authentication device of EVDO networks, it is characterised in that including target failed authentication enumerator, the target authentication is lost Lose enumerator to specifically include:
The target IMSI number information and target MEID number information of target AT.
8. the authentication device of EVDO networks as claimed in claim 7, it is characterised in that specifically include memorization mechanism certification mould Block, the memorization mechanism authentication module is specifically included:
Searching modul, for searching target failed authentication enumerator in internal memory;
Judge module, for judging whether target failed authentication enumerator exceedes threshold value;
Upper lock module, for when target failed authentication enumerator exceedes threshold value, to the simultaneously labelling locking of target AT failed authentication.
9. the authentication device of EVDO networks as claimed in claim 8, it is characterised in that further include:
Update module, in the presence of target AT failed authentication and target failed authentication enumerator, more fresh target failed authentication Enumerator;And/or,
Creation module, loses for when target AT failed authentication and when target failed authentication enumerator is not present, creating target authentication Lose enumerator and store in internal memory.
10. the authentication device of EVDO networks as claimed in claim 9, it is characterised in that further include user information authentication Module, in this case,
In the presence of the failure of user information authentication module authentication and target failed authentication enumerator, update module, just for updating Target failed authentication enumerator;And/or,
When the failure of user information authentication module authentication and when target failed authentication enumerator is not present, creation module, just for creating Target failed authentication enumerator is built, target failed authentication enumerator initial value is 1.
CN201710035024.4A 2017-01-17 2017-01-17 EVDO network authentication method and device Withdrawn CN106686594A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710035024.4A CN106686594A (en) 2017-01-17 2017-01-17 EVDO network authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710035024.4A CN106686594A (en) 2017-01-17 2017-01-17 EVDO network authentication method and device

Publications (1)

Publication Number Publication Date
CN106686594A true CN106686594A (en) 2017-05-17

Family

ID=58860202

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710035024.4A Withdrawn CN106686594A (en) 2017-01-17 2017-01-17 EVDO network authentication method and device

Country Status (1)

Country Link
CN (1) CN106686594A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1599315A (en) * 2004-08-04 2005-03-23 中国联合通信有限公司 Access discrimination method and device for EV-DO network
US20050185623A1 (en) * 2004-02-20 2005-08-25 Telefonaktiebolaget L M Ericsson Method and apparatus to reduce mobile switching center involvement in packet data call support
CN101039312A (en) * 2006-03-17 2007-09-19 华为技术有限公司 Method and apparatus for preventing service function entity of general authentication framework from attack
CN101232638A (en) * 2007-01-24 2008-07-30 中兴通讯股份有限公司 System and method for remote protecting mobile terminal data
CN101287298A (en) * 2008-05-29 2008-10-15 德信无线通讯科技(北京)有限公司 Authentication method and system for mobile communication terminal
CN101330756A (en) * 2008-07-14 2008-12-24 中国联合通信有限公司 Intelligent network business implementing system and method for preventing user identification from being stolen
CN102026195A (en) * 2010-12-17 2011-04-20 北京交通大学 One-time password (OTP) based mobile terminal identity authentication method and system
CN104144407A (en) * 2013-05-10 2014-11-12 中国电信股份有限公司 Method for dealing with illegal users and mobile switching center (MSC)

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050185623A1 (en) * 2004-02-20 2005-08-25 Telefonaktiebolaget L M Ericsson Method and apparatus to reduce mobile switching center involvement in packet data call support
CN1599315A (en) * 2004-08-04 2005-03-23 中国联合通信有限公司 Access discrimination method and device for EV-DO network
CN101039312A (en) * 2006-03-17 2007-09-19 华为技术有限公司 Method and apparatus for preventing service function entity of general authentication framework from attack
CN101232638A (en) * 2007-01-24 2008-07-30 中兴通讯股份有限公司 System and method for remote protecting mobile terminal data
CN101287298A (en) * 2008-05-29 2008-10-15 德信无线通讯科技(北京)有限公司 Authentication method and system for mobile communication terminal
CN101330756A (en) * 2008-07-14 2008-12-24 中国联合通信有限公司 Intelligent network business implementing system and method for preventing user identification from being stolen
CN102026195A (en) * 2010-12-17 2011-04-20 北京交通大学 One-time password (OTP) based mobile terminal identity authentication method and system
CN104144407A (en) * 2013-05-10 2014-11-12 中国电信股份有限公司 Method for dealing with illegal users and mobile switching center (MSC)

Similar Documents

Publication Publication Date Title
KR102325912B1 (en) Holistic module authentication with a device
KR101075713B1 (en) Method and apparatus for access authentication in wireless mobile communication system
EP1430640B1 (en) A method for authenticating a user in a terminal, an authentication system, a terminal, and an authorization device
EP2215747B1 (en) Method and devices for enhanced manageability in wireless data communication systems
US20080293377A1 (en) Reuse of Identity Data from a User Equipment Identity Module by a Peripheral Device
US20040162998A1 (en) Service authentication in a communication system
CN108737381A (en) A kind of extended authentication method of Internet of things system
US20120108295A1 (en) Access data provisioning apparatus and methods
US20190289463A1 (en) Method and system for dual-network authentication of a communication device communicating with a server
US20180014190A1 (en) Method of providing mobile communication provider information and device for performing the same
CN107835204A (en) The security control of configuration file policing rule
CN109561429B (en) Authentication method and device
CN104185179A (en) Control apparatus and method for subscriber identity module, and subscriber identity module
CN108024241A (en) Terminal accessing authentication method, system and authentication server
US20220279471A1 (en) Wireless communication method for registration procedure
CN101730096A (en) Safety management method, device and equipment for number portability
CN110086839B (en) Dynamic access method and device for remote equipment
JP3704312B2 (en) Authentication method for mobile station of wireless communication network, wireless communication network and mobile station
KR100876556B1 (en) Integrated Authentication Method and System for Handover Support in Wireless Access Network
CN113709729B (en) Data processing method, device, network equipment and terminal
CN110351721A (en) Access method and device, the storage medium, electronic device of network slice
WO2018007461A1 (en) Method, server and system for sending data from a source device to a destination device
CN109729515B (en) Method for realizing machine-card binding, user identification card and Internet of things terminal
US11064344B2 (en) Physical address-based communication method, mobile terminal and communication database
CN106686594A (en) EVDO network authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170517

WW01 Invention patent application withdrawn after publication