CN109963281B - Authentication method, device and system - Google Patents

Authentication method, device and system Download PDF

Info

Publication number
CN109963281B
CN109963281B CN201711421636.3A CN201711421636A CN109963281B CN 109963281 B CN109963281 B CN 109963281B CN 201711421636 A CN201711421636 A CN 201711421636A CN 109963281 B CN109963281 B CN 109963281B
Authority
CN
China
Prior art keywords
authentication
terminal device
core network
authentication value
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711421636.3A
Other languages
Chinese (zh)
Other versions
CN109963281A (en
Inventor
胡力
靳维生
陈璟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201711421636.3A priority Critical patent/CN109963281B/en
Publication of CN109963281A publication Critical patent/CN109963281A/en
Application granted granted Critical
Publication of CN109963281B publication Critical patent/CN109963281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application discloses an authentication method, equipment and a system, wherein the method comprises the following steps: the core network equipment receives the information of the first terminal equipment and the authentication parameter of the second terminal equipment from the management node; the core network equipment generates an authentication value according to the authentication parameter of the second terminal equipment and the authentication parameter of the core network equipment; the core network equipment sends an authentication value to the first terminal equipment according to the information of the first terminal equipment; and the core network equipment receives an authentication result returned by the first terminal equipment, wherein the authentication result is used for indicating the success or failure of authentication of the second terminal equipment. The authentication method provided by the embodiment of the application is suitable for authentication of smart homes.

Description

Authentication method, device and system
Technical Field
The embodiment of the application relates to the technical field of communication, in particular to an authentication method, device and system.
Background
In the smart home network, a smart home may be connected to a management node (e.g., a bluetooth gateway, a Residential Gateway (RG), or a Customer Premise Equipment (CPE)) through a short-range communication technology (e.g., a bluetooth technology), the management node accesses a public network, and remote control of the smart home may be implemented through the management node.
When the smart home is connected to the management node, the smart home can be registered on the management node through a Bluetooth authentication protocol. However, such bluetooth authentication protocol is only suitable for authentication between the smart home and devices communicating in a short distance, and is not suitable for authentication between the smart home and devices in a longer distance (e.g., operator devices).
Disclosure of Invention
The embodiment of the application provides an authentication method, equipment and a system, so as to realize authentication between smart home and operator equipment.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, an embodiment of the present application provides an authentication method. The method comprises the following steps: the core network equipment receives information of the first terminal equipment from the management node and authentication parameters of the second terminal equipment; the core network equipment generates an authentication value according to the authentication parameter of the second terminal equipment and the authentication parameter of the core network equipment; the core network equipment sends an authentication value to the first terminal equipment according to the information of the first terminal equipment; the core network equipment receives an authentication result from the first terminal equipment, wherein the authentication result is used for indicating that the authentication of the second terminal equipment is successful or failed.
Based on the above scheme, the core network device receives the authentication parameter of the second terminal device (such as the smart home) and the information of the first terminal device, which are sent by the management node, the core network device generates an authentication value according to the authentication parameter of the core network device and the authentication parameter of the second terminal device, and sends the authentication value to the first terminal device according to the information of the first terminal device, so that the first terminal device sends an authentication result to the core network device according to the authentication value received by the first terminal device and the authentication value of the second terminal device, thereby implementing authentication of the second terminal device, that is, the problem of authentication between the smart home and the core network device in remote communication is solved through the technical scheme provided by the embodiment of the present application.
In a possible implementation manner, with reference to the first aspect, the information of the first terminal device includes at least one of the following information: identification information of the first terminal device, user information of the first terminal device, application identification information of the first terminal device, and the like. Therefore, the flexibility of the information of the first terminal device configured on the management node can be improved, and the diversity of the mode of sending the authentication value to the first terminal device by the core network device according to the information of the first terminal device is improved.
In another possible implementation manner, with reference to the first aspect or the one possible implementation manner of the first aspect, the sending, by the core network device, the authentication value to the first terminal device according to the information of the first terminal device includes: the core network equipment carries the authentication value in a short message and sends the authentication value to the first terminal equipment; or, the core network device carries the authentication value in the application message and sends the authentication value to the first terminal device. Therefore, the authentication value can be sent to the first terminal equipment in different modes, and the flexibility of sending the authentication value is improved.
In a second aspect, an embodiment of the present application provides a communication apparatus, including:
the receiving unit is used for receiving information of the first terminal equipment from the management node and authentication parameters of the second terminal equipment;
the generating unit is used for generating an authentication value according to the authentication parameter of the second terminal equipment and the authentication parameter of the core network equipment received by the receiving unit;
the sending unit is used for sending an authentication value to the first terminal equipment according to the information of the first terminal equipment;
and the receiving unit is further used for receiving an authentication result from the first terminal device, wherein the authentication result is used for indicating that the authentication of the second terminal device is successful or failed.
The communication apparatus may be the core network device described in the first aspect or the possible implementation manner of the first aspect, and the specific implementation manner of the core network device may refer to a behavior function of the core network device in the authentication method provided by the first aspect or the possible design of the first aspect, which is not described herein again. Therefore, the communication apparatus provided in this aspect can achieve the same advantageous effects as those of the above-described aspect.
In a third aspect, an embodiment of the present application provides a core network device, where the core network device may solve a function performed by the core network device in the foregoing method embodiment, and the function may be implemented by hardware or by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions.
In one possible design, the core network device includes a processor and a communication interface, and the processor is configured to support the core network device to perform the corresponding functions in the above method. The communication interface is used for supporting communication between the core network device and other network elements. The core network device may also include a memory, coupled to the processor, that stores program instructions and data necessary for the core network device.
In a fourth aspect, an embodiment of the present application provides a computer storage medium, configured to store computer software instructions for the core network device, where the computer software instructions include a program for executing the solution described in the first aspect.
In a fifth aspect, an embodiment of the present application provides a computer program product, where the computer program product stores computer software instructions for the core network device, and the computer software instructions include a program for executing the solution of the first aspect.
In a sixth aspect, the present invention provides an apparatus, which exists in the form of a chip product, and the apparatus includes a processor and a memory, where the memory is configured to be coupled to the processor and store necessary program instructions and data of the apparatus, and the processor is configured to execute the program instructions stored in the memory, so that the apparatus performs the functions corresponding to the core network device in the foregoing method.
In a seventh aspect, an embodiment of the present application provides an authentication method, including: the first terminal equipment receives an authentication value from the core network equipment; the first terminal equipment sends an authentication result to the core network equipment; when the received authentication value is the same as the authentication value of the second terminal device, the authentication result is used for indicating that the authentication of the second terminal device is successful; and when the received authentication value is different from the authentication value of the second terminal equipment, the authentication result is used for indicating that the authentication of the second terminal equipment fails.
Based on the scheme, the first terminal device receives the authentication value from the core network device, and returns the authentication result of successful (or failed) authentication of the second terminal device to the core network device when the authentication value of the core network device is the same (or different) with the authentication value of the second terminal device, so that authentication of the second terminal device is realized, namely the problem of authentication between the smart home and the core network device in remote communication is solved through the technical scheme provided by the embodiment of the application.
In a possible implementation manner, with reference to the seventh aspect, the received authentication value is carried in a short message or an application message. Therefore, the flexibility of sending the authentication value is improved.
In another possible implementation manner, with reference to the seventh aspect or the foregoing possible implementation manner of the seventh aspect, the authentication result is carried in a short message or an application message, that is, the first terminal device sends the authentication result to the core network device through the short message or the application message, so that flexibility of sending the authentication result is improved.
In an eighth aspect, an embodiment of the present application provides a communication apparatus, including:
a receiving unit, configured to receive an authentication value sent by a core network device;
a sending unit, configured to return an authentication result to the core network device;
when the received authentication value is the same as the authentication value of the second terminal device, the authentication result is used for indicating that the authentication of the second terminal device is successful; and when the received authentication value is different from the authentication value of the second terminal equipment, the authentication result is used for indicating that the authentication of the second terminal equipment fails.
The communication apparatus may be the first terminal device described in the seventh aspect or the possible implementation manners of the seventh aspect, and the specific implementation manner of the first terminal device may refer to the behavior function of the first terminal device in the authentication method provided in the seventh aspect or the possible design of the seventh aspect, which is not described herein again. Therefore, the communication apparatus provided in this aspect can achieve the same advantageous effects as those of the above-described aspect.
In a ninth aspect, an embodiment of the present application provides a first terminal device, where the first terminal device may solve the function executed by the first terminal device in the foregoing method embodiment, and the function may be implemented by hardware or may be implemented by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions.
In one possible design, the first terminal device includes a processor and a communication interface, and the processor is configured to support the first terminal device to execute the corresponding functions of the method. The communication interface is used for supporting communication between the first terminal equipment and other network elements. The first terminal device may also include a memory for coupling with the processor that retains program instructions and data necessary for the first terminal device.
In a tenth aspect, an embodiment of the present application provides a computer storage medium for storing computer software instructions for the first terminal device, where the computer software instructions include a program for executing the solution of the seventh aspect.
In an eleventh aspect, the present application provides a computer program product, where the program product stores computer software instructions for the first terminal device, and the computer software instructions include a program for executing the solution of the seventh aspect.
In a twelfth aspect, the present invention provides an apparatus, which exists in the form of a chip product, and the apparatus includes a processor and a memory, the memory is configured to be coupled with the processor and stores program instructions and data necessary for the apparatus, and the processor is configured to execute the program instructions stored in the memory, so that the apparatus performs the functions corresponding to the first terminal device in the above method.
In a thirteenth aspect, an embodiment of the present application provides an authentication method, where the method is performed by a management node, and the management node is configured with information of a first terminal device, where the method includes: acquiring authentication parameters of second terminal equipment; and sending the user information of the first terminal equipment and the authentication parameters of the second terminal equipment to the core network equipment.
Based on the scheme, the management node sends the user information of the first terminal device and the authentication parameter of the second terminal device to the core network device, so that the core network device generates an authentication value according to the authentication parameter of the second terminal device and the authentication parameter of the core network device, and sends the authentication value to the first terminal device according to the information of the first terminal device, so that the first terminal device returns the authentication result to the core network device according to the authentication result of the network side and the authentication result of the second terminal device, and thus, the authentication of the second terminal device is realized, namely, the problem of the authentication between the smart home and the core network device in remote communication is solved through the technical scheme provided by the embodiment of the application.
In a possible implementation manner, with reference to the thirteenth aspect, the acquiring, by the management node, an authentication parameter of the second terminal device includes: and the management node receives a pairing request message from the second terminal equipment, wherein the pairing request message carries the authentication parameter of the second terminal equipment. Therefore, the management node determines that the second terminal equipment needs to be authenticated with the core network equipment according to the pairing request message, and acquires the authentication parameter of the second terminal equipment from the pairing request message.
In yet another possible implementation manner, with reference to the thirteenth aspect or the foregoing possible implementation manner of the thirteenth aspect, the information of the first terminal device includes at least one of the following information: identification information of the first terminal device, user information of the first terminal device, and application identification information of the first terminal device. Therefore, the flexibility of the information of the first terminal equipment can be improved, and the diversity of the mode of sending the authentication value to the first terminal equipment by the core network equipment according to the information of the first terminal equipment is improved.
In a fourteenth aspect, an embodiment of the present application provides a communication apparatus, including:
the acquiring unit is used for acquiring the authentication parameters of the second terminal equipment;
and the sending unit is used for sending the user information of the first terminal equipment and the authentication parameters of the second terminal equipment to core network equipment.
The communication device may be a management node described in any possible implementation manner of the thirteenth aspect or the thirteenth aspect, and a specific implementation manner of the management node may refer to a behavior function of the management node in the authentication method provided by the possible design of the thirteenth aspect or the thirteenth aspect, which is not described herein again. Therefore, the communication apparatus provided in this aspect can achieve the same advantageous effects as those of the above-described aspect.
In a fifteenth aspect, an embodiment of the present application provides a management node, where the management node may solve the function performed by the management node in the foregoing method embodiment, where the function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions.
In one possible design, the structure of the management node includes a processor and a communication interface, and the processor is configured to support the management node to perform the corresponding functions in the above method. The communication interface is used to support communication between the management node and other network elements. The management node may also include a memory, coupled to the processor, that stores program instructions and data necessary for the management node.
In a sixteenth aspect, the present application provides a computer storage medium for storing computer software instructions for the management node, where the computer software instructions include a program for executing the solution of the thirteenth aspect.
In a seventeenth aspect, the present application provides a computer program product, where the computer program product stores computer software instructions for the management node, where the computer software instructions include a program for executing the solution of the thirteenth aspect.
In an eighteenth aspect, the present application provides an apparatus, which exists in the form of a chip product, and the apparatus includes a processor and a memory, where the memory is configured to be coupled to the processor and store necessary program instructions and data of the apparatus, and the processor is configured to execute the program instructions stored in the memory, so that the apparatus performs the functions corresponding to the management node in the above method.
In a nineteenth aspect, an embodiment of the present application provides an authentication system, including the core network device in any one of the second to sixth aspects, the first terminal device in any one of the eighth to twelfth aspects, the management node in any one of the fourteenth to eighteenth aspects, and the second terminal device.
Drawings
Fig. 1 is a schematic diagram of a network architecture according to an embodiment of the present application;
fig. 1a is a schematic diagram of another network architecture provided in the embodiment of the present application;
fig. 2 is a schematic diagram illustrating a communication device according to an embodiment of the present disclosure;
fig. 3 is a flowchart of an authentication method according to an embodiment of the present application;
fig. 4 is a flowchart of another authentication method provided in the embodiment of the present application;
fig. 5 is a schematic composition diagram of a core network device according to an embodiment of the present application;
fig. 6 is a schematic composition diagram of a first terminal device according to an embodiment of the present application;
fig. 7 is a schematic composition diagram of a management node according to an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
The embodiment of the present application may be applied to a network shown in fig. 1, where as shown in fig. 1, the network may include a first terminal device, a second terminal device, a management node, an access network device, and a core network device. The first terminal device and the second terminal device can access the network through the management node, and the first terminal device can manage the second terminal device through the management node. It is understood that fig. 1 is only an exemplary architecture diagram, and that the system may include other nodes in addition to the nodes shown in fig. 1, without limitation.
The first terminal device may be a User Equipment (UE), such as: the first terminal equipment can be accessed to a wireless network through a management node, then is communicated with core network equipment through access network equipment, and can also be remotely controlled to second terminal equipment through the management node. The first terminal device may be provided with an output means such as a display screen.
The second terminal device may be a device that may employ short-range communication (such as bluetooth communication or Near Field Communication (NFC) or wireless fidelity (Wi-Fi)) with the management node, such as: the device can be a smart home with a Bluetooth communication function, an NFC device, a Wi-Fi device and the like. The second terminal device is provided with an output device such as a display screen.
In the embodiment of the present application, the second terminal device may access the wireless network through the management node, and may also receive the control command issued by the first terminal device through the management node.
The management node may have a function of managing devices connected thereto, such as: context information of devices connected thereto can be managed, and a relay function can be provided, such as: the first terminal device and the second terminal device may be provided with a relay service so that the first terminal device and the second terminal device access the wireless network through the management node. Specifically, the management node may be a bluetooth gateway, or a home gateway, or a client device, and the management node may be configured with information of the first terminal device.
The access network device may be configured to provide network access services for the first terminal device and the second terminal device, such as: the access network device may be AN Access Network (AN) node, a Radio Access Network (RAN) device, a base station (nodeB), a next generation base station (gbb), a Transmission Reception Point (TRP), a Transmission Point (TP), or some other access network device.
The core network device may be a device for mobility management of the terminal device, for example, a Mobility Management Entity (MME), or an access and mobility management function (AMF) entity, and may also be an application server that provides a third party application service for the first terminal device, without limitation.
As shown in fig. 1, the core network device may include an application service module or a short message service module, where the application service module may provide a function of providing an application service for the terminal device, and when the core network device includes the application service module, the core network device may be regarded as an application server, and the short message service module has a Short Message Service Function (SMSF) and may provide a short message service for the terminal device.
It should be noted that the application service module or the short message service module in the core network device shown in fig. 1 may be integrated in the core network device, or may be deployed as an independent component in the network shown in fig. 1, without limitation, for example, as shown in fig. 1a, the network may further include an application server/a short message server, where the application server has a function of providing an application service for the terminal device, and the short message server has a function of providing a short message service for the terminal device.
In a possible design, the second terminal device performs authentication with the core network device by: the second terminal equipment sends the authentication parameters of the second terminal equipment to the management node; when the management node receives the authentication parameter of the second terminal equipment, triggering the management node to send the information of the first terminal equipment and the authentication parameter of the second terminal equipment to the core network equipment through the access network equipment; after receiving the authentication parameter of the second terminal equipment, the core network equipment sends the authentication parameter of the core network equipment to the second terminal equipment, calculates an authentication value according to the authentication parameter of the core network equipment and the authentication parameter of the second terminal equipment, and sends the calculated authentication value to the first terminal equipment according to the information of the first terminal equipment; when the authentication value received by the first terminal equipment is the same as the authentication parameter of the second terminal equipment, the first terminal equipment sends an authentication result for indicating the successful authentication of the second terminal equipment to the core network equipment, and when the authentication value received by the first terminal equipment is different from the authentication parameter of the second terminal equipment, the first terminal equipment sends an authentication result for indicating the failed authentication of the second terminal equipment to the core network equipment.
In the authentication process, the core network device may carry the authentication value in a short message or an application message (for example, a short message carrying the authentication value is generated by a short message service module in the core network device, or an application message carrying the authentication value is generated by an application service module in the core network device) to the first terminal device, and may also send the authentication value and information of the first terminal device to the short message server, the short message server carries the authentication value in the short message according to the information of the first terminal device to the first terminal device, and may also send the authentication value and the information of the first terminal device to the application server, and the application server carries the authentication value in the application message according to the information of the first terminal device to the first terminal device without limitation.
Specifically, in order to implement the above technical solution, the first terminal device, the second terminal device, the management node, the core network device, and other devices shown in fig. 1 may have the components shown in fig. 2. As shown in fig. 2, a schematic diagram of a communication device 200 according to an embodiment of the present disclosure may include at least one processor 201, a communication line 202, a memory 203, and at least one communication interface 204.
The processor 201 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more Digital Signal Processors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
The communication link 202 may include a path for transmitting information between the aforementioned components.
The memory 203 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory may be separate and coupled to the processor via communication line 202. The memory may also be integral to the processor.
The memory 203 is used for storing computer execution instructions for executing the scheme of the application, and is controlled by the processor 201 to execute. The processor 201 is configured to execute the computer-executable instructions stored in the memory 203, so as to implement the authentication method provided by the embodiment of the present application, such as: when the communication apparatus 200 is the core network device in fig. 1, the processor 201 may be configured to generate an authentication value and generate an application message or a short message carrying the authentication value. Optionally, the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
Communication interface 204, using any transceiver or the like, is used for communicating with other devices or communication networks (e.g., ethernet, RAN, Wireless Local Area Networks (WLAN), etc.).
In particular implementations, processor 201 may include one or more CPUs such as CPU0 and CPU1 in fig. 2, for example, as one embodiment. In particular implementations, communication apparatus 200 may include multiple processors, such as processor 201 and processor 207 in fig. 2, for example, as an example. Each of these processors may be a single core processor or a multi-CPU processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
In one implementation, the communications apparatus 200 may further include an output device 205 and an input device 206. The output device 205 is in communication with the processor 201 and may display information in a variety of ways. For example, the output device 205 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device 206 is in communication with the processor 201 and may receive user input in a variety of ways. For example, the input device 206 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.
The following describes the authentication method provided in the embodiment of the present application in detail with reference to the network architecture shown in fig. 1.
Fig. 3 is a flowchart of an authentication method according to an embodiment of the present application, and a device involved in the method may refer to the related description in fig. 1. For example, the management node may be a management node in the network shown in fig. 1, the first terminal device may be a first terminal device in the network shown in fig. 1, and the first terminal device accesses the network through the management node.
As shown in fig. 3, the method is specifically described below.
Step 301: and the management node acquires the authentication parameters of the second terminal equipment.
The second terminal device may be a second terminal device in the network shown in fig. 1, the authentication parameter of the second terminal device is used to generate an authentication value, and the authentication parameter of the second terminal device may include a random number Na selected by the second terminal device and a public key pka generated by the second terminal device.
Specifically, the management node receives a pairing request message from the second terminal device, where the pairing request message carries an authentication parameter of the second terminal device. The pairing request message may be used to request that the second terminal device be paired with the core network device.
It should be noted that the pairing request message may also be replaced by other messages, such as a feature exchange message, without limitation.
Step 302: and the management node sends the information of the first terminal device and the authentication parameter of the second terminal device to the core network device.
The information of the first terminal device may include at least one of identification information of the first terminal device, user information of the first terminal device, application identification information of the first terminal device, and the like.
The identification information of the first terminal device is used to identify the first terminal device, and may be a Serial Number (SN) of the first terminal device, or an International Mobile Equipment Identity (IMEI) of the first terminal device, or an Internet Protocol (IP) address of the first terminal device, and the like, for example: suppose the SN number of the first terminal device is: MXX1LKHRX, the information of the first terminal device configured on the management node may be MXX1 LKHRX.
The user information of the first terminal device may be a user name of a user to which the first terminal device belongs, or a phone number of the user to which the first terminal device belongs, for example: assuming that the first terminal device is a smartphone, and the phone number of the smartphone used by the user a is 135xxxxxxxx, the information of the first terminal device configured on the management node may be 135 xxxxxxxx.
The Application (APP) identification information of the first terminal device may be an account corresponding to the Application, for example: assuming that an APP1 is deployed on the first terminal device, and an account number when the user logs in the APP1 is zhanghao1, the information of the first terminal device configured on the management node may be an account number zhanghao1 corresponding to the APP 1.
Wherein, the information of the first terminal device can be configured on the management node in advance. For example, in the initialization configuration of the management node, the information of the first terminal device may be written in the configuration information of the management node in advance, and when the first terminal device accesses the management node to realize access to the public network through the management node, the management node may receive the information of the first terminal device input by the user through the man-machine input interface, and store the information of the first terminal device in the configuration information of the management node to inform the network side device of the home of the management node, where the first terminal device may access the management node through a network cable, or may access the management node wirelessly, without limitation.
Optionally, the management node uses the pairing request message as a trigger condition of step 302, for example, when the management node receives the pairing request message carrying the authentication parameter of the second terminal device, the management node sends the information of the first terminal device and the authentication parameter of the second terminal device to the core network device.
The management node may carry the information of the first terminal device and the authentication parameter of the second terminal device in the same message, and send the same message to the core network device, for example: the information of the first terminal device and the Authentication parameter of the second terminal device may be carried in an Extensible Authentication Protocol (EAP) message or a Non-access stratum (NAS) protocol message to the core network device. The management node may also carry the information of the first terminal device and the authentication parameter of the second terminal device in different messages to the core network device, such as: and carrying the information of the first terminal equipment in an EAP message to send the EAP message to the core network equipment, and carrying the authentication parameter of the second terminal equipment in other messages different from the EAP message to send the EAP message to the core network equipment. The management node may also directly send the information of the first terminal device and the authentication parameter of the second terminal device to the core network device through the access network device, without limitation.
Step 303: the core network equipment generates an authentication value according to the authentication parameter of the second terminal equipment and the authentication parameter of the core network equipment, and sends the authentication value to the first terminal equipment according to the information of the first terminal equipment.
The authentication parameters of the core network device may include a random number Ns selected by the core network device and a public key PKsx generated by the core network device. For example, the core network device may generate an authentication value Vs ═ g (pka, PKsx, Ns, Na) according to a following calculation model, where g () is an authentication value generation function, which may be a function specified in an existing bluetooth authentication protocol, and is not described herein again.
The authentication value generated by the core network device is used for authentication between the core network device and the second terminal device.
Optionally, the core network device is a core network device in the network shown in fig. 1, and the sending, by the core network device, the authentication value to the first terminal device according to the information of the first terminal device includes the following three ways:
the first method is as follows: the information of the first terminal device is identification information of the first terminal device, the core network device stores context information of the first terminal device, and the context information of the first terminal device comprises the identification information of the first terminal device, and user information of the first terminal device or application identification information of the first terminal device;
the core network device obtains user information of the first terminal device or application identification information of the first terminal device from the context of the first terminal device according to the identification information of the first terminal device, and further sends an authentication value to the first terminal device according to the following mode two or three.
The second method comprises the following steps: the information of the first terminal equipment is the user information of the first terminal equipment, a short message service module in the core network equipment generates a short message carrying an authentication value, and the short message is sent to the first terminal equipment; the short message comprises message content and message receiver information, the message content comprises an authentication value and other contents, and the message receiver information is user information of the first terminal device.
For example, if the phone number of the user to which the first terminal device belongs is 135xxxxxxxx and the authentication value generated by the core network device is 20, the message receiver in the short message generated by the core network device is 135xxxxxxxx, and the message content includes the authentication value 20.
The third method comprises the following steps: the information of the first terminal device is application identification information of the first terminal device, an application service module in the core network device generates an application message carrying an authentication value, and the application message is sent to the first terminal device according to the application identification information.
For example, assuming that the information of the first terminal device is the account zhanghao1 corresponding to the application, and the authentication value generated by the core network device is 20, the application message generated by the core network device includes the authentication value 20, and the application message is pushed to the user corresponding to zhanghao 1.
It should be noted that, when the core network device is the core network device of the network shown in fig. 1a, the core network device may send the authentication value to the first terminal device in the above manner. The core network device may also send the user information of the first terminal device and the authentication value of the core network device to the short message server, and the short message server generates a short message carrying the authentication value of the core network device and sends the short message to the first terminal device according to the user information of the first terminal device. The core network device may also send the application identifier information of the first terminal device and the authentication value of the core network device to the application server, and the application server generates an application message carrying the authentication value of the core network device and sends the application message to the first terminal device according to the application identifier information of the first terminal device, without limitation.
Step 304: the first terminal equipment receives the authentication value from the core network equipment and sends an authentication result to the core network equipment.
The authentication result may be carried in a short message generated by the first terminal device or in an application message, where the authentication result is used to indicate that the second terminal device has successfully or failed to authenticate, and the authentication result may be a 1-bit (bit) information indication, such as: the bit number 0 may indicate that the authentication of the second terminal device fails, and the bit number 1 may indicate that the authentication of the second terminal device succeeds.
Specifically, when the authentication value received by the first terminal device is the same as the authentication value of the second terminal device, the authentication result is used to indicate that the authentication of the second terminal device is successful; or, when the authentication value received by the first terminal device is different from the authentication value of the second terminal device, the authentication result is used to indicate that the authentication of the second terminal device fails.
Optionally, the first terminal device receives a short message or an application message from the core network device, where the short message or the application message carries an authentication value, and the first terminal device obtains the authentication value from the short message or the application message.
In one example, the first terminal device may display the authentication value via the output device for viewing by the user, compare the authentication value from the core network device with the authentication value of the second terminal device, wherein the authentication value of the second terminal device may be generated by the second terminal device and displayed to the user via the output device. The first terminal device may receive indication information input by a user through the man-machine interface, and send an authentication result to the core network device according to the indication information, where the indication information may be used to indicate whether the authentication of the second terminal device is successful, and the indication information may be sent to the first terminal device by a user through operations such as keyboard input, or clicking a button on a screen, or voice input, without limitation.
In another example, the first terminal device may obtain an authentication value of the second terminal device and compare the authentication value received from the core network device with the authentication value of the second terminal device. If the two are the same, the first terminal equipment sends an authentication result for indicating that the authentication of the second terminal equipment is successful to the core network equipment; or, if the two are different, the first terminal device sends an authentication result for indicating that the authentication of the second terminal device fails to the core network device.
It should be noted that the authentication value of the second terminal device may also be generated according to the following calculation model:
Va=g(PKax,PKsx,Ns,Na)
the PKsx and Ns may be sent to the second terminal device by the core network device through the management node.
It should be noted that the first terminal device may directly send the authentication result to the core network device, or send the authentication result to the core network device through the application server/short message server shown in fig. 1a, which is not limited.
Compared with the prior art, in the scheme shown in fig. 3, when a second terminal device (such as a smart home) authenticates a core network device, a management node sends an authentication parameter of the second terminal device and information of a first terminal device to the core network device, the core network device generates an authentication value according to the authentication parameter of the core network device and the authentication parameter of the second terminal device, sends the authentication value to the first terminal device according to the information of the first terminal device, and the first terminal device receives the authentication value from the core network device and sends an authentication result to the core network device, where: when the authentication value received by the first terminal equipment is the same as that of the second terminal equipment, the authentication result is used for indicating that the authentication of the second terminal equipment is successful; or, when the authentication value received by the first terminal device is different from the authentication value of the second terminal device, the authentication result is used to indicate that the authentication of the second terminal device fails. Therefore, the authentication of the second terminal device is realized, namely, the problem of the authentication between the devices in remote communication is solved through the technical scheme provided by the embodiment of the application.
Optionally, after the authentication between the second terminal device and the core network device is successful, the second terminal device and the core network device further interact with each other through the management node, so that an opposite side can calculate a link key (link key) according to the link parameter, link connection of the second terminal device is realized, and then the second terminal device and the core network device communicate with each other. Specifically, the implementation process may refer to the prior art, and is not described herein again.
It should be noted that each communication device mentioned in the embodiment of fig. 3 may have the components shown in fig. 2, and will not be described again.
With reference to the network shown in fig. 1a, the scheme shown in fig. 3 is described in detail below by taking the second terminal device as an intelligent home configured with a display screen, the management node as a home gateway, the first terminal device as an intelligent mobile phone with a display screen used by a user, and the core network device as an AMF entity.
Fig. 4 is a flowchart of another authentication method provided in the embodiment of the present application, as shown in fig. 4, including:
step 401: and the intelligent home sends the authentication parameters of the intelligent home to the home gateway.
Optionally, the smart home carries the authentication parameter of the smart home in a pairing request message (or a feature exchange message) and sends the pairing request message to the home gateway, where the description of the pairing request message may refer to the related description in step 301, and is not described herein again.
Step 402: and the home gateway receives the authentication parameters of the smart home and sends the information of the smart phone and the authentication parameters of the smart home to the AMF entity.
The home gateway can be configured with information of the smart phone. The information of the smart phone may include user information of the smart phone, identification information of the smart phone, and application identification information of the smart phone, which are described in the embodiment shown in fig. 3 and are not described again.
Specifically, the process of configuring the information of the smart phone on the home gateway may be described with reference to the embodiment shown in fig. 3, and is not described herein again.
The description of the authentication parameters of the smart home may refer to the description of the authentication parameters of the second terminal device, which is not described herein again.
The implementation of step 402 can be described with reference to step 301, and is not described herein again.
Step 403: and the AMF entity receives the information of the smart phone and the authentication parameters of the smart home and sends the authentication parameters of the AMF entity to the smart home.
Optionally, the AMF entity sends the authentication parameter of the AMF entity to the smart home through the home gateway.
Step 404: and the smart home generates an authentication value according to the authentication parameters of the AMF entity and the authentication parameters of the smart home.
The implementation process of step 404 may refer to the process of generating the authentication value by the second terminal device, which is not described herein again.
Step 405: and the AMF entity generates an authentication value according to the authentication parameter of the smart home and the authentication parameter of the AMF entity, and sends the information and the authentication value of the smart phone to the application server/the short message server.
The process of generating the authentication value by the AMF entity may refer to the process of generating the authentication value by the core network device, which is not described herein again.
Step 406: and the application server/short message server carries the authentication value in the application message or the short message according to the information of the smart phone and sends the authentication value to the smart phone.
Step 407: and the smart phone sends an authentication result to the application server/the short message server.
Optionally, after receiving the authentication value, the smart phone displays the authentication value on a display screen of the smart phone, and after the smart home generates the authentication value, the smart home displays the authentication value on the display screen of the smart home, and the user checks and compares the authentication value sent by the AMF entity with the authentication value on the smart home, and sends an indication message to the smart phone according to the comparison result, and the smart phone sends the authentication result to the application server/short message server according to the indication message.
Step 408: and the application server/short message server receives the authentication result and sends the authentication result to the AMF entity.
Thus, in the scheme shown in fig. 4, the home gateway sends the authentication parameter of the smart home and the information of the smart phone to the AMF entity, the AMF entity generates an authentication value according to the authentication parameter of the AMF entity and the authentication parameter of the smart home, sends the authentication value to the smart phone according to the information of the smart phone, so that the user can check and compare the authentication value received by the smart phone and the authentication value generated by the smart home, and sends the authentication result to the AMF entity according to the comparison result. Therefore, authentication of the smart home is achieved.
The above-mentioned scheme provided by the embodiments of the present application is mainly introduced from the perspective of interaction between the nodes. It is understood that, in order to implement the above functions, the first terminal device, the management node, and the core network device include hardware structures and/or software modules corresponding to the respective functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative algorithm steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, according to the above method example, the first terminal device, the management node, and the core network device may be divided into functional modules, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
In the case of dividing each functional module by corresponding functions, fig. 5 shows a schematic diagram of a possible composition of a core network device, which may be used to execute the functions of the core network device in the foregoing embodiments. As shown in fig. 5, the core network device may include: receiving section 51, generating section 52, and transmitting section 53.
The receiving unit 51 is configured to support the core network device to perform step 302, step 304, step 402, and step 408.
The generating unit 52 is configured to support the core network device to execute step 303 and step 405.
The sending unit 53 is configured to support the core network device to execute step 303, step 403, and step 405.
It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The core network device provided by the embodiment of the application is used for executing the authentication method, so that the same effect as the authentication method can be achieved.
Where integrated units are employed, the receiving unit 51 and the transmitting unit 53 shown in fig. 5 may be integrated into a communication module in a device, and the generating unit 52 in fig. 5 may be integrated into a processing module in the device, the processing module being configured to control and manage the actions of the device, e.g., the processing module being configured to support the device to perform step 304, step 406, and/or other processes for the techniques described herein. The communication module is used to support communication of the device with other network entities. And the apparatus may further include a storage module for storing the program code and data of the apparatus. The processing module may be a processor or a controller. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like. The communication module may be a communication interface, a transceiving circuit, a communication interface, or the like. The storage module may be a memory. When the processing module is a processor, the communication module is a communication interface, and the storage module is a memory, the apparatus may be the communication apparatus shown in fig. 2.
In the case of dividing the functional modules by corresponding functions, fig. 6 shows a schematic diagram of a possible composition of a first terminal device, which can be used to execute the functions of the first terminal device referred to in the above embodiments. As shown in fig. 6, the first terminal device may include: a receiving unit 61 and a transmitting unit 62.
Wherein, the receiving unit 61 is configured to support the first terminal device to perform step 303 and step 406.
The sending unit 62 is configured to support the first terminal device to perform step 304 and step 407.
It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The first terminal device provided in the embodiment of the present application is configured to execute the authentication method, so that the same effect as the authentication method can be achieved.
In case of integrated units, the receiving unit 61 and the sending unit 62 shown in fig. 6 may be integrated into a communication module in a device, the communication module being used to support the communication of the device with other network entities. The device may further include a processing module for controlling and managing the operation of the device, and a storage module for storing program codes and data of the device. The processing module may be a processor or a controller. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like. The communication module may be a communication interface, a transceiving circuit, a communication interface, or the like. The storage module may be a memory. When the processing module is a processor, the communication module is a communication interface, and the storage module is a memory, the apparatus may be the communication apparatus shown in fig. 2.
In the case of dividing the functional modules by corresponding functions, fig. 7 shows a schematic diagram of a possible composition of a management node, which may be used to perform the functions of the management node referred to in the above embodiments. As shown in fig. 7, the management node may include: an acquisition unit 71 and a transmission unit 72.
The obtaining unit 71 is configured to support the management node to perform step 301 and step 401.
The sending unit 72 is configured to support the management node to perform step 302 and step 402.
It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The management node provided by the embodiment of the application is used for executing the authentication method, so that the same effect as the authentication method can be achieved.
In case of an integrated unit, the acquiring unit 71 and the sending unit 72 shown in fig. 7 may be integrated into a communication module in a device, and the communication module is used for supporting the communication between the device and other network entities. The device may further include a processing module for controlling and managing the operation of the device, and a storage module for storing program codes and data of the device. The processing module may be a processor or a controller. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like. The communication module may be a communication interface, a transceiving circuit, a communication interface, or the like. The storage module may be a memory. When the processing module is a processor, the communication module is a communication interface, and the storage module is a memory, the apparatus may be the communication apparatus shown in fig. 2.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip microcomputer, a chip, or the like) or a processor to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (14)

1. An authentication method, comprising:
the core network equipment receives information of the first terminal equipment from the management node and authentication parameters of the second terminal equipment;
the core network equipment generates an authentication value according to the authentication parameter of the second terminal equipment and the authentication parameter of the core network equipment;
the core network equipment sends the authentication value to the first terminal equipment according to the information of the first terminal equipment;
the core network equipment receives an authentication result from the first terminal equipment, the authentication result is obtained by the first terminal equipment according to the authentication value and the authentication value of the second terminal equipment, and the authentication value of the second terminal equipment can be sent to the first terminal equipment or directly displayed for user comparison; and the authentication result is used for indicating the success or failure of the authentication of the second terminal equipment.
2. The method of claim 1, wherein the information of the first terminal device comprises at least one of the following information: the identification information of the first terminal device, the user information of the first terminal device, and the application identification information of the first terminal device.
3. The method of claim 2, wherein the sending, by the core network device, the authentication value to the first terminal device according to the information of the first terminal device comprises:
the core network equipment carries the authentication value in a short message and sends the authentication value to the first terminal equipment; alternatively, the first and second electrodes may be,
and the core network equipment carries the authentication value in an application message and sends the application message to the first terminal equipment.
4. A method of authentication, the method comprising:
the method comprises the steps that a first terminal device receives an authentication value from a core network device, wherein the authentication value is generated by the core network device according to an authentication parameter of a second terminal device and the authentication parameter of the core network device;
the first terminal device accepts an authentication value from a second terminal device, or the second terminal device displays the authentication value for user comparison;
the first terminal equipment sends an authentication result to the core network equipment;
when the received authentication value is the same as the authentication value of the second terminal device, the authentication result is used for indicating that the authentication of the second terminal device is successful; or, when the received authentication value is different from the authentication value of the second terminal device, the authentication result is used to indicate that the authentication of the second terminal device fails.
5. The method according to claim 4, wherein the received authentication value is carried in a short message or in an application message.
6. The method according to claim 4 or 5, characterized in that the authentication result is carried in a short message or an application message.
7. A communications apparatus, comprising:
the receiving unit is used for receiving information of the first terminal equipment from the management node and authentication parameters of the second terminal equipment;
a generating unit, configured to generate an authentication value according to the authentication parameter of the second terminal device and the authentication parameter of the core network device received by the receiving unit;
a sending unit, configured to send the authentication value to the first terminal device according to the information of the first terminal device;
the receiving unit is further configured to receive an authentication result from the first terminal device, where the authentication result is obtained by comparing the authentication value with an authentication value of the second terminal device, and the authentication value of the second terminal device may be sent to the first terminal device or directly displayed for user comparison; and the authentication result is used for indicating the success or failure of the authentication of the second terminal equipment.
8. The apparatus according to claim 7, wherein the information of the first terminal device comprises at least one of the following information: the identification information of the first terminal device, the user information of the first terminal device, and the application identification information of the first terminal device.
9. The communications apparatus as claimed in claim 8, wherein the sending unit is specifically configured to:
carrying the authentication value in a short message and sending the authentication value to the first terminal equipment; alternatively, the first and second electrodes may be,
and carrying the authentication value in an application message and sending the application message to the first terminal equipment.
10. A communications apparatus, comprising:
a receiving unit, configured to receive an authentication value from a core network device, where the authentication value is generated by the core network device according to an authentication parameter of a second terminal device and an authentication parameter of the core network device;
the receiving unit is also used for receiving the authentication value from the second terminal equipment; or the second terminal equipment displays the authentication value for user comparison;
a sending unit, configured to send an authentication result to the core network device;
when the received authentication value is the same as the authentication value of the second terminal device, the authentication result is used for indicating that the authentication of the second terminal device is successful; and when the received authentication value is different from the authentication value of the second terminal equipment, the authentication result is used for indicating that the authentication of the second terminal equipment fails.
11. The communication device of claim 10,
the received authentication value is carried in a short message or an application message.
12. The communication device according to claim 10 or 11,
the authentication result is carried in the short message or the application message.
13. A computer storage medium on which a computer program is stored, which program, when being executed by a processor, carries out the authentication method according to any one of claims 1-3.
14. A computer storage medium on which a computer program is stored, which program, when being executed by a processor, carries out the authentication method according to any one of claims 4-6.
CN201711421636.3A 2017-12-25 2017-12-25 Authentication method, device and system Active CN109963281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711421636.3A CN109963281B (en) 2017-12-25 2017-12-25 Authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711421636.3A CN109963281B (en) 2017-12-25 2017-12-25 Authentication method, device and system

Publications (2)

Publication Number Publication Date
CN109963281A CN109963281A (en) 2019-07-02
CN109963281B true CN109963281B (en) 2021-05-11

Family

ID=67020985

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711421636.3A Active CN109963281B (en) 2017-12-25 2017-12-25 Authentication method, device and system

Country Status (1)

Country Link
CN (1) CN109963281B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116530119A (en) * 2021-03-04 2023-08-01 中兴通讯股份有限公司 Method, device and system for protecting serial numbers in wireless network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111075A (en) * 2007-04-16 2008-01-23 华为技术有限公司 Method, system and device for admittance judgment and paging user in mobile communication system
CN101848440A (en) * 2010-04-30 2010-09-29 中山大学 Digital family remote control method, mobile terminal, digital family receiver and digital family remote control system
CN103108377A (en) * 2011-11-15 2013-05-15 中国移动通信集团公司 Communication method, system and center control node of machine-type communication (MTC) terminal
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8817699B2 (en) * 2008-11-21 2014-08-26 At&T Intellectual Property I, L.P. Service continuity during local breakout in a femtocell

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111075A (en) * 2007-04-16 2008-01-23 华为技术有限公司 Method, system and device for admittance judgment and paging user in mobile communication system
CN101848440A (en) * 2010-04-30 2010-09-29 中山大学 Digital family remote control method, mobile terminal, digital family receiver and digital family remote control system
CN103108377A (en) * 2011-11-15 2013-05-15 中国移动通信集团公司 Communication method, system and center control node of machine-type communication (MTC) terminal
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system

Also Published As

Publication number Publication date
CN109963281A (en) 2019-07-02

Similar Documents

Publication Publication Date Title
CN111865598B (en) Identity verification method and related device for network function service
US10785216B2 (en) Method for accessing network by internet of things device, apparatus, and system
US10237263B2 (en) Method and apparatus of providing messaging service and callback feature to mobile stations
US11451950B2 (en) Indirect registration method and apparatus
US10225710B2 (en) Cross-layer context management
US9467499B2 (en) Method and management apparatus for performing operation on device resource
CN104767715A (en) Network access control method and equipment
KR102258608B1 (en) Apparatus for providing home network service and method thereof
KR20120072557A (en) Mobile terminal, server and information providing method using the same
US20140059643A1 (en) Wireless communication apparatus, recording medium, and method
CN110808942B (en) Subscription information configuration method, network equipment and terminal equipment
US10601830B2 (en) Method, device and system for obtaining local domain name
CN114124452B (en) Terminal authentication method, related equipment and authentication system
JP2017535122A (en) Sensor code verification processing method, apparatus, network platform device, and Internet gateway of things
CN111328060B (en) Bluetooth equipment mesh networking method and system and equipment thereof
CN114071452B (en) Method and device for acquiring user subscription data
TW202112101A (en) Key generation and terminal provisioning method and apparatus, and devices
US20230199502A1 (en) Apparatus and Method for Remotely Managing Devices, and Program Therefor
CN107113615B (en) Authentication method and system for Access Point (AP) and related equipment
US8897447B1 (en) Burst tethering for mobile communication devices
CN109963281B (en) Authentication method, device and system
WO2015139401A1 (en) Establishment method and system for wireless network, and wireless routing device
CN104540183A (en) Control method and control device for wireless hotspots
CN104683219A (en) Information interaction method and device
CN109792612A (en) Synchronous method, equipment and the system of terminal monitoring information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant