CN2692926Y - Computer card separated identifying method using CAVE as access identifying algorithm and its device - Google Patents
Computer card separated identifying method using CAVE as access identifying algorithm and its device Download PDFInfo
- Publication number
- CN2692926Y CN2692926Y CN 200420002398 CN200420002398U CN2692926Y CN 2692926 Y CN2692926 Y CN 2692926Y CN 200420002398 CN200420002398 CN 200420002398 CN 200420002398 U CN200420002398 U CN 200420002398U CN 2692926 Y CN2692926 Y CN 2692926Y
- Authority
- CN
- China
- Prior art keywords
- authentication
- dual
- uim
- terminal
- cdma2000
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The utility model provides a computer card separated identifying method using CAVE as access identifying algorithm and device thereof. The hardware structure can comprise an aerial, a wireless module, the master chip of a cdma2000/HRPD double mode, a user identification module (UIM) supporting CAVE arithmetic, a memory, a liquid crystal display, a keyboard and a power module. The terminal of the double mode uses a domain name which is prestored in the terminal of the double mode by an IMSI to form an NAI. The terminal of the double mode makes use of a random text in the messages of an identification command to create random numbers RAND desired by an authentication parameter 1. The UIM card of the terminal command of the double mode makes use of the random numbers RAND and an SSD_A existed on the UIM card to get the authentication parameter 1 by the CAVE arithmetic. The terminal of the double mode bears the authentication parameter 1 by a Result domain in Chap Response messages. The utility model is suitable for solving the problem that the cdma2000/HRPD double mode terminal is deficient when the computer card is separated under the current technical condition, and meanwhile, solving the problem that the UIM card is sequentially used when the UIM card is upgraded to the cdma2000/HRPD network from the cdma2000 network.
Description
Technical field
The utility model relates to CDMA 2000 (Code Division Multiple Access 2000, hereinafter to be referred as cdma2000) and HRPD (high rate packet data) (High Rate Packet Data, hereinafter to be referred as HRPD) dual-mode terminal, be particularly related to a kind of authentication method and device that utilizes wireless authentication and voice encryption algorithm (CellularAuthentication and Voice Encryption is hereinafter to be referred as CAVE) as the separation between machine and card of access authentication algorithm.
Background technology
The cdma2000 network is extensively commercial in the world, in this network, adopted challenge-handshake authentication protocol (Challenge Handshake AuthenticationProtocol is hereinafter to be referred as CHAP) to differentiate to inserting terminal legality based on the CAVE algorithm.In this cover authentication system, the more complete method that prevents rogue attacks is arranged.In the authentication center that the password (A-key) of mobile phone (Mobile Station, abbreviation MS) and CAVE algorithm are stored in mobile phone and cdma2000 net respectively (Authentication Centre is hereinafter to be referred as AuC).Verification process mainly comprises renewal and authentication implementation two parts of shared private data (Shared Secret Data is hereinafter to be referred as SSD).The A part (SSD_A) of sharing private data is used for access authentication.Send the message that carries one section random number to mobile phone and authentication center respectively by network based specified conditions and carry out the renewal of SSD_A, after this message is received by mobile phone and authentication center, random number in the message, A-key and other parameters are imported SSD generator (SSD_GENERATION PROCEDULE) together, the back produces SSD_A as calculated, through confirming that the new SSD_A that produces in correct back replaces old SSD_A, will be used for access authentication as key.When needs authenticated user terminal, network sent the message that requires authentication to mobile phone and authentication center, carries one section random number in this message.After this message is received by mobile phone and authentication center, utilize random number, SSD_A and other parameters input CAVE algorithm in this message, calculate authentication result.Whether mobile phone sends to authentication center with authentication result, decide authentication to pass through by the similarities and differences that compare authentication result.In the actual use of cdma2000 network, the storage place of A-key has dual mode.A kind of is to be stored on the mobile phone, and corresponding CAVE algorithm is also carried out on mobile phone, is called the unseparated mobile phone of machine card; Another kind then is that A-key is left on the subscriber identification module (UserIdentity Module is to call the UIM card in the following text), and corresponding CAVE algorithm is also carried out on the UIM card, and UIM can separate with mobile phone, is called the separation between machine and card mobile phone.China adopts the mobile phone of separation between machine and card at present, the external unseparated mobile phone of employing machine card mostly.HRPD (high rate packet data) (High Rate Packet Data is hereinafter to be referred as HRPD) net is the upgrade of network of cdma2000 network, progressively worldwide begins commercialization.In commercial HRPD network, its terminal is the unseparated terminal of machine card.Third generation partner plans 2 (the Third Generation Partnership Project 2, hereinafter to be referred as 3GPP2) corresponding regulation and stipulation, if the HRPD net adopts access authentication, authentication mode also should be chap authentication, concrete cryptographic algorithm does not explicitly call for, and can be specified by operator.HRPD network and cdma2000 network are two separate networks, except can shared packet data core network, without any information interaction.Because HRPD host will provide data service, the user can enjoy service by the dual-mode terminal that can support cdma2000 network and HRPD network simultaneously, and this type of user is the main users group of HRPD net.Hereinafter, if no special instructions, dual-mode terminal refers to the cdma2000/HRPD dual-mode terminal.
The main operation that current UIM card is carried out has management SSD, carries out authentication calculations etc.
SSD is used for all Authentication Responses calculating and follow-up key generates.SSD is derived by " A-key " that be stored among the UIM.When network sends shared secret data (SSD) update (UPDATESSD) when order of containing the RANDSSD parameter to mobile phone, SSD begins renewal process.User's home network is unique entity that can upgrade user SSD.See Fig. 3.When network was initiated a shared secret data (SSD) update to certain user, user's mobile phone was at first stored the RANDSSD parameter, produces a random number RA NDSeed then.Mobile phone transmits the RANDSeed parameter to the UIM card, beginning base station query manipulation (Base Station Challengefunction).Subsequently, the UIM card produces the RANDBS parameter.The relation of RANDBS and RANDSeed is by the issuer regulation of UIM card.For example, the UIM card can be provided with RANDBS and equals RANDSeed; The RANDBS parameter can be by carrying out the pseudo-random process derivation or ignoring RANDSeed and the independent RANDBS of generation to the RANDSeed parameter.Base station query manipulation order makes the UIM card that the RANDBS parameter is passed to mobile phone and issues network again.
Next, mobile phone upgrades the SSD process by sending command execution to the UIM card, and this order contains the RANDSSD parameter.See Fig. 4.UIM calculates the value AUTHBS of a SSD value and a response RANDBS then.When inserting terminal, the UIM card pre-determined the ESN of use in these calculate and the selection of IMSI (International Mobile Station Identity) according to corresponding indication.
At network side, the RANDSSD parameter is used to selected UIM card to produce a new SSD value.Network is calculated AUTHBS with new SSD after receiving the RANDBS parameter from mobile phone, and network is issued mobile phone with AUTHBS then.Mobile phone confirms to order the parameter of (Confirm SSD) order to issue the UIM card as SSD the AUTHBS that receives.The AUTHBS value that calculate itself AUTHBS that the UIM card is relatively received and it, if two values are identical, then shared secret data (SSD) update process success, SSD deposits the semipermanent internal memory of UIM card in and is used for all authentication calculations in back.If two AUTHBS values are different, UIM just abandons new SSD value and still keeps current value, sees Fig. 5.
Verification process is the discrimination process of network to terminal legality, its basic operation process as shown in Figure 6:
AuC sends authentication command message to mobile phone, the random number RA ND that comprises 32bit in the message, mobile phone is with RAND and the SSD_A input as the CAVE algorithm, calculate the parameters for authentication 1 of 18bit, mobile phone is sent to authentication center with parameters for authentication 1 by authentication response message (Authentication Challenge ResponseMessage), authentication center compares with own the parameters for authentication 1 that mobile phone calculates by the parameters for authentication 2 that calculates with quadrat method, if it is identical, authentication is passed through, if different then refuse the access of mobile phone.
(2) the message flow HRPD access authentication during access authentication comprises following message flow (as shown in Figure 7) in the existing HRPD network:
Access network (AN) sends authentication command (Chap Challenge) message to accessing terminal, and includes random number R andom text in this message; 701
After terminal is received authentication command message, utilize random number to calculate parameters for authentication 1.Be example with the md5 encryption algorithm among the figure; 702
Terminal sends authentication response message (Chap Response) to AN, includes the network insertion identifier (NAI) of terminal in this message, random number text, information such as parameters for authentication 1; 703
AN sends remote authentication request message (Radius Access Request) to AN-AAA after receiving the authentication response message that terminal sends, and includes three parameters in the authentication response message in this message; 704
AN-AAA utilizes the Password (Password in AN-AAA Password and the terminal is same value) of random number and local storage as input, goes out parameters for authentication 2 by the MD5 algorithm computation; 705
AN-AAA is parameters for authentication 1 and parameters for authentication 2 relatively; 706
If identical then send the remote authentication request to AN and receive (Radius Access Accept) message and show that authentication passes through, also include corresponding IMSI in this message with the NAI of this terminal, IMSI will be used for later flow process by AN; 707
Send remote authentication request refusal (Radius Access Reject) message if parameters for authentication 1 and parameters for authentication 2 are different to AN, the refusal terminal inserts; 708
AN receives after the remote authentication request receives message and shows the verification process success to terminal transmission chap authentication success (ChapSuccess) message; 709
AN shows the verification process failure to terminal transmission chap authentication failure (Chap Failure) message after receiving remote authentication request refuse information.710
In actual applications, mostly be by the cdma2000 network voice service is provided, provide data service by the HRPD network.Thereby, both supported the cdma2000 network, support the dual-mode terminal of HRPD network will account for quite great proportion again.Owing to generally be to build the cdma2000 network earlier, build the HRPD network again, the certain customers of HRPD network are upgraded by the cdma2000 network user.
Because existing UIM card is only supported the CAVE algorithm, if the cdma2000/HRPD dual-mode terminal adopts the mode of separation between machine and card, need the multimode UIM card that to support CAVE and md5 authentication algorithm, be limited to technical reason, still there is not multimode UIM card on the market now, in addition, in the separation between machine and card mobile phone, the UIM card is the unique identification of user identity legitimacy.If user's UIM card can not continue to use after being upgraded to the HRPD network, will cause very big waste.And, change the UIM card to the operator business hall and also can make troubles the user.
Therefore, put into effect at the cdma2000 network, have under the prerequisite of a large number of users, when building the HRPD network, how to realize a kind of cdma2000/HRPD dual-mode terminal that can reuse existing UIM card, the access authentication of finishing the HRPD net is a difficult problem.
The utility model content
The purpose of this utility model provides a kind of cdma2000/HRPD dual-mode terminal of separation between machine and card, and this terminal can be reused the existing UIM card of cdma2000, promptly can use the CAVE algorithm to carry out HRPD net access authentication.
For achieving the above object, a kind of cdma2000/HRPD dual-mode terminal that utilizes CAVE as the access authentication algorithm comprises step:
Its hardware configuration should comprise: subscriber identification module (UIM), memory, LCD, keyboard, the power module of antenna, wireless module, cdma2000/HRPD dual-mode chip, support CAVE algorithm;
Dual-mode terminal constitutes the NAI value by following form:
The IMSI@ domain name, wherein IMSI is stored in the UIM card, and domain name is stored in the memory of dual-mode terminal in advance.
Dual-mode terminal utilizes the Random text in the authentication command message to produce to calculate the required random number RA ND of parameters for authentication 1;
Dual-mode terminal order UIM Cali draws parameters for authentication 1 with existing SSD_A on above-mentioned random number RA ND and the UIM card by the CAVE computing;
Dual-mode terminal is by the carrying of the Result territory in authentication response message parameters for authentication 1;
If AN-AAA does not have approach to obtain SSD_A, dual-mode terminal also need intercept the RANDSSD that the cdma2000 network is sent, and is carried to AN-AAA by the Result territory in the authentication response message with parameters for authentication 1
The utility model is applicable to that solution does not have cdma2000/HRPD dual-mode terminal and existing UIM to be stuck in the cdma2000 network upgrade at present and adds the problem that can not continue to use behind the HRPD network for the cdma2000 network.The utility model can allow the user continue to enjoy the facility that the separation between machine and card terminal is brought, and avoids UIM to change the waste that brings.
Description of drawings
Fig. 1 utilizes the hardware configuration of CAVE as the cdma2000/HRPD dual-mode terminal of access authentication algorithm;
Fig. 2 is based on the identifying procedure figure of dual-mode terminal in the HRPD net that the utility model is realized;
Fig. 3 is the base station query manipulation;
Fig. 4 upgrades SSD operation, AuthBS calculating;
Fig. 5 is that SSD confirms operation;
Fig. 6 is the CAVE verification process
Fig. 7 is the HRPD network access authentication message flow of 3GPP2 definition
Fig. 8 is based on the verification process implementation status of dual-mode terminal in the HRPD net that the utility model is realized
Main purpose of the present utility model is to realize cdma2000/HRPD) dual-mode terminal, characteristics are separation between machine and card, and can continue to use the UIM card of a large amount of cdma2000 mobile phones that use on existing network, do not need to change HRPD network authentication flow process.Put it briefly, implement this programme and realized remarkable income with very little cost.
The utility model is based on the following fact: be badly in need of in the market wanting the cdma2000/HRPD dual-mode terminal of separation between machine and card, but do not have to support the bimodulus UIM card of two net authentications.Even if the bimodulus UIM card of two net authentications occurred supporting in the future, the replacing of a large amount of UIM cards that use also can bring huge waste on the cdma2000 existing network.
The main thought of the utility model is by to carrying the processing of parameter in the message flow in the HRPD network, and by the achievement of shared secret data (SSD) update in the cdma2000 network, make dual-mode terminal under the prerequisite of supporting two net access authentications, can realize separation between machine and card, and can continue to use current UIM card.Thereby the problems referred to above have been solved.
In order to support separation between machine and card, reuse current UIM card, support two net access authentications that the each several part of dual-mode terminal should be finished following basic function:
Antenna 101
Be used for receiving and the transmission wireless signal.
Wireless module 102
The conversion of responsible baseband digital signal and radio frequency analog signal, the transmission of radio frequency analog signal and reception etc.
Cdma2000 master chip 103
This is the Main Processor Unit in the terminal, and its function comprises the encoding and decoding of cdma2000 business datum, the spread spectrum of physical channel and despreading, modulation and demodulation.This dual-mode chip also will provide operation platform for the application layer software in the terminal, the carrying application software module is finished transmission, the reception of air interface signaling and is handled the control of calling procedure etc., and each correlation module in the terminal controlled, enable cooperating.
HRPD master chip 104
In realization usually and the cdma2000 master chip be entity of physics.But what carry out is the data of HRPD net, the processing capacity of signaling, and software module of carrying is corresponding with the HRPD net on it.At a time cdma2000 master chip and HRPD master chip can only have one in running order.The function of involved cdma2000/HRPD dual-mode chip in the present patent application, except that the modulation of the encoding and decoding of business datum and physical channel, all the other functions all refer to the software function of this chip bearing.
Interface module
Interface module is to connect cdma2000/HRPD dual-mode chip module and subscriber identification module.This interface module can be embedded in the dual-mode chip, also can design outside dual-mode chip to constitute with the mode of chip interlock.In the utility model diagram, omit.
Support the subscriber identification module 105 of CAVE algorithm
Storage subscriber identity information and other network parameters etc.Support the authentication function of CAVE algorithm, meet the China's communications industry standard that is numbered YD/T1168-2001---" 800MHzCDMA digital mobile cellular telecommunication network users identification module (UIM) specification requirement " or 3GPP2 C.S0023-1 " Removable User Identity Module (R-UIM) for cdma2000 SpreadSpectrum Systems Addendum1 " standard.
Data memory module in the terminal, the data that the storage terminal operate as normal is essential.
LCD 107
Information display unit.
Be used for input information, finish the interface function of user and terminal jointly with LCD.
For each module provides power supply.
Also microphone and receiver etc. should be arranged in addition.
In a normal voice call process, the user sends order by the man-machine interface that keyboard (108) and LCD (107) constitute to cdma2000 master chip (103) or HRPD master chip (104), begins a calling.Master chip is after the instruction of receiving the user, and under the cooperation of the subscriber identification module (105) of supporting the CAVE algorithm and memory module (106), the structure signaling message is finished call establishment jointly with network, and notified the user by (107).Afterwards, the user can begin communication process, and user speech is delivered to master chip by microphone, finishes coded modulation by master chip, is sent to network.Simultaneously, master chip also will carry out demodulation and decoding, and deliver to receiver the wireless channel frame that receives.In this course, wireless module (102), memory module (106) and power module (109) will provide necessary support for it as peripheral support module.
For the authentication process based on the CAVE algorithm, the main modular that relates to is cdma2000/HRPD dual-mode chip (103,104) and the subscriber identification module (105) of supporting the CAVE algorithm, wherein relates to part in the master chip and is the software module of this chip bearing.Master chip will be decoded to the authentication message that receives, and call parameter be delivered (105) and be handled.(105) behind the authentication parameter that receives the master chip submission, the authentication information of utilization storage itself is carried out the calculating of CAVE algorithm, and final calculation result is returned master chip.Master chip according to this result, is constructed corresponding message, and is sent to wireless network after the result of calculation that receives (105).In this process, need wireless module (102), memory module (106) and power module (109) to provide necessary support equally for it.
Be to support the HRPD network authentication, dual-mode terminal also should finish following increase function (as shown in Figure 8):
The utilization of 1 authentication command message
Authentication command message mails to dual-mode terminal by AN, wherein carries random number R andom text.This random number can be used as the random number that needs in the CAVE algorithm after treatment.Random text is a string character of representing with eight hytes, and its length is greater than the required random number of CAVE authentication, eight hytes need be converted to binary form, therefrom produce the required random number of CAVE authentication then, for the required random number of CAVE authentication, dual-mode terminal needs to be consistent with AN-AAA.Producing required the operating in the master chip of random number of CAVE authentication carries out.In realization, terminal antenna receives the signal that network is sent, and is delivered to wireless module, and wireless module carries out signal processing, as finishes the conversion etc. of baseband digital signal and radio frequency analog signal, is delivered to main process chip.Main process chip is finished the identification and the processing of authentication command message.Do not provide the signal of antenna part and wireless module partial function among the figure.
2. order UIM carries out authentication algorithm
The random number input UIM that master chip is required with the CAVE authentication that obtains in the above-mentioned steps, master chip uses Run CAVE order request UIM to carry out authentication algorithm.
3.UIM execution authentication calculations
The random number that UIM utilizes master chip to send here also has the UIM identifier (UIMID), IMS1_S1 (part of IMS1), the SSD_A that store on the UIM card to carry out authentication calculations as input parameter.Parameters for authentication 1 bears results.
4.UIM card authentication output result
Master chip utilizes Get RESPONSE order to make UIM card authentication output parameter 1.
5.NAI the structure of value
The NAI value is the user name of using in the HRPD net, and current UIM card is not supported the storage of NAI value.
For the NAI value that meets HRPD net needs is provided, dual-mode terminal need provide NAI value in the following manner:
A stores domain-name information in memory module
The b main processing block is read IMSI from the UIM card, read domain-name information from memory module
The c main processing block constitutes the NAI value by following form: the IMSI@ domain name.And the NAI value is applied in the respective handling.
6. the generation of authentication response message
The response of the authentication response message authentication command message that to be dual-mode terminal send AN.NAI that the master chip utilization provides in a manner described and parameters for authentication 1 (writing the Result territory) structure authentication response message.Other parameters in the authentication response message are pressed IETF RFC1994, PPP ChallengeHandshake Authentication Protocol (CHAP), and the requirement among the Aug 1996 is filled in.
If AN-AAA needs dual-mode terminal needs oneself to produce SSD_A, dual-mode terminal also needs to increase following function:
After dual-mode terminal is received the shared secret data (SSD) update message that the cdma2000 network sends, will SSD_A be upgraded according to above-mentioned normal process.After each SSD_A successfully upgraded, dual-mode terminal needed the RANDSSD that will come from the cdma2000 network to preserve so that bring HRPD net.Dual-mode terminal will write this territory with the parameters for authentication 1 that goes out by the CAVE algorithm computation with RANDSSD.Concrete form should be appointed with AN-AAA, so that AN-AAA distinguishes.
7. the transmission of authentication response message
Master chip sends to network with authentication response message by wireless module and antenna part.Do not provide the signal of antenna part and wireless module partial function among the figure.
Fig. 2 is based on the identifying procedure figure of dual-mode terminal in the HRPD net that the utility model is realized, describes each operating procedure below in detail.
Access Network sends authentication command message to accessing terminal, and promptly the challenge Challenge-Handshake Authentication Protocol is addressed inquires to (random number) message, comprises random number R andom text in this message; 201
Access terminal and from Random text, obtain 32bit and send into the UIM card as the random number RA ND of verification process; 202
The UIM card uses SSD_A, and RAND and other parameters utilize the CAVE algorithm computation to go out authentication result parameters for authentication 1, give to access terminal; 203
Access terminal and from the UIM card, read IMSI, and constitute the NAI value with the domain name that prestores; 204
Accessing terminal writes authentication answer message with NAI, and promptly the challenge Challenge-Handshake Authentication Protocol is replied the respective regions in (ChapResponse) message, and parameters for authentication 1 is write result (Result) territory of this message, then this authentication answer message is sent to Access Network; 204
If authentication success, Access Network will send authentication success message to accessing terminal; 205
If authentication success, Access Network will send authentification failure message to accessing terminal; 206
Claims (26)
1. an authentication method and device that utilizes CAVE as the separation between machine and card of access authentication algorithm,
Comprise step:
The dual-mode terminal hardware configuration should comprise: antenna, wireless module, master chip, the subscriber identification module (UIM) of support CAVE algorithm, memory, LCD, keyboard, power module;
After receiving the authentication command message that Access Network sends, dual-mode terminal utilizes the Random text in the authentication command message to produce to calculate the required random number RA ND of parameters for authentication 1;
Dual-mode terminal order UIM Cali draws parameters for authentication 1 with existing SSD_A on above-mentioned random number RA ND and the UIM card by the CAVE computing;
Dual-mode terminal is by the carrying of the Result territory in authentication answer message parameters for authentication 1;
Dual-mode terminal constitutes the NAI value by following form: the IMSI@ domain name, and wherein IMSI is stored in the UIM card, and domain name is stored in the memory of dual-mode terminal in advance;
If AN-AAA does not have approach to obtain SSD_A, dual-mode terminal also need intercept the RANDSSD that the cdma2000 network is sent, and is carried to Access Network by the Result territory in the authentication answer message with parameters for authentication 1.
2. by the described method of claim 1, it is characterized in that the master chip in the described hardware configuration should be the cdma2000/HRPD dual-mode chip.
3. by the described method of claim 1, it is characterized in that the UIM card in the described hardware configuration is the single mode card that only can support the CAVE identifying algorithm.
4. by the described method of claim 1, it is characterized in that the UIM card can separate with other parts in the described hardware configuration, be the separation between machine and card terminal.
5. by the described method of claim 1, it is characterized in that the required SSD_A of CAVE algorithm comes from the cdma2000 network in the described UIM card.
7. by the described method of claim 1, it is characterized in that comprising in the described authentication answer message parameter field: NAI, Result etc.Wherein storage is crossed the parameters for authentication 1 that the CAVE algorithm produces by the UIM cartoon in the Result territory;
8. by the described method of claim 7, it is characterized in that described parameter field NAI is combined by IMSI in the UIM card and the domain name that is stored in advance on the terminal.
9. by the described method of claim 4, it is characterized in that if AN-AAA does not obtain the approach of SSD_A, dual-mode terminal can also transmit RANDSSD to AN-AAA by the Result territory in the Chap Response message, utilizes RANDSSD by calculating the mode of the SSD_A identical with the cdma2000 network by AN-AAA;
10. by the described method of claim 9, it is characterized in that described RANDSSD is obtained when the last SSD successfully upgrades in the cdma2000 net by dual-mode terminal.
11. a realization utilizes the device of CAVE as the authentication method of the separation between machine and card of access authentication algorithm, comprises step::
The dual-mode terminal hardware configuration should comprise antenna;
The dual-mode terminal hardware configuration should comprise wireless module;
The dual-mode terminal hardware configuration should comprise master chip;
The dual-mode terminal hardware configuration should comprise the subscriber identification module (UIM) of supporting the CAVE algorithm;
The dual-mode terminal hardware configuration should comprise memory;
The dual-mode terminal hardware configuration should comprise LCD;
The dual-mode terminal hardware configuration should comprise keyboard;
The dual-mode terminal hardware configuration should comprise power module.
12., it is characterized in that described antenna is used for receiving and the transmission wireless signal by the described method of claim 11.
13. by the described method of claim 11, it is characterized in that described wireless module is responsible for the transmission of the conversion of baseband digital signal and radio frequency analog signal, radio frequency analog signal and reception etc.
14. by the described method of claim 11, it is characterized in that described cdma2000 master chip is the Main Processor Unit in the terminal, its function comprises the encoding and decoding of cdma2000 business datum, the spread spectrum of physical channel and despreading, modulation and demodulation.This dual-mode chip also will provide operation platform for the application layer software in the terminal, the carrying application software module is finished transmission, the reception of air interface signaling and is handled the control of calling procedure etc., and each correlation module in the terminal controlled, enable cooperating.
15. by the described method of claim 11, it is characterized in that described HRPD master chip in realization usually and the cdma2000 master chip be entity of physics.But what carry out is the data of HRPD net, the processing capacity of signaling, and software module of carrying is corresponding with the HRPD net on it.At a time cdma2000 master chip and HRPD master chip can only have one in running order.The function of involved cdma2000/HRPD dual-mode chip in the present patent application.
16., it is characterized in that the subscriber identification module of described support CAVE algorithm is stored subscriber identity information and other network parameters etc. by the described method of claim 11.Support the authentication function of CAVE algorithm, meet the China's communications industry standard that is numbered YD/T1168-2001---" 800MHzCDMA digital mobile cellular telecommunication network users identification module (UIM) specification requirement " or 3GPP2 C.S0023-1 " Removable User Identity Module (R-UIM) forcdma2000 Spread Spectrum Systems Addenduml " standard.
17., it is characterized in that the data memory module in the described memory terminal, the data that the storage terminal operate as normal is essential by the described method of claim 11.
18., it is characterized in that described LCD is an information display unit by the described method of claim 11.
19. by the described method of claim 11, it is characterized in that described keyboard is used for input information, finish the interface function of user and terminal jointly with LCD.
19., it is characterized in that described power module provides power supply for each module by the described method of claim 11.
20., it is characterized in that terminal antenna receives the signal that network is sent by the described method of claim 11, be delivered to wireless module, wireless module carries out signal processing, is delivered to main process chip.Main process chip is finished the identification and the processing of authentication command message, and utilizes authentication command message to carry random number R andom text to produce the required random number of CAVE authentication;
21., it is characterized in that master chip authenticates required random number input UIM with CAVE, and require UIM to carry out Run CAVE operation by the described method of claim 11;
22. by the described method of claim 11, it is characterized in that the random number that UIM utilizes master chip to send here, also have the UIM identifier (UIMID), IMS1_S1 (part of IMS1), the SSD_A that store on the UIM card to carry out authentication calculations as input parameter.Parameters for authentication 1 bears results;
23., it is characterized in that master chip utilizes Get RESPONSE order to make UIM card authentication output parameter 1 by the described method of claim 11.
24. by the described method of claim 11, it is characterized in that master chip reads IMSI from the UIM card, from memory module, read domain-name information, and constitute the NAI value: the IMSI@ domain name by following form;
25., it is characterized in that master chip utilizes NAI and parameters for authentication 1 (writing the Result territory) structure authentication response message by the described method of claim 11.Other parameters in the authentication response message are pressed IETF RFC1994, PPP Challenge Handshake AuthenticationProtocol (CHAP), and the requirement among the Aug 1996 is filled in.
26. a dual-mode terminal that is used for CDMA2000/HRPD comprises:
Antenna is used for receiving wireless signal from the HRPD network;
Radio-frequency module is used to receive wireless signal, and wireless signal is converted to baseband signal;
Be connected to the two film modulator-demodulators of CDMA2000/HRPD of radio-frequency module, be used for receiving random number random text from the HRPD network;
UIM with CAVE algorithm is by using part random number random text authentication output parameter signal;
Be connected to the display of the two film modulator-demodulators of CDEMA2000/HRPD, be used to show the message that receives from the HRPD network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200420002398 CN2692926Y (en) | 2004-02-27 | 2004-02-27 | Computer card separated identifying method using CAVE as access identifying algorithm and its device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200420002398 CN2692926Y (en) | 2004-02-27 | 2004-02-27 | Computer card separated identifying method using CAVE as access identifying algorithm and its device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2692926Y true CN2692926Y (en) | 2005-04-13 |
Family
ID=34767183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200420002398 Expired - Fee Related CN2692926Y (en) | 2004-02-27 | 2004-02-27 | Computer card separated identifying method using CAVE as access identifying algorithm and its device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2692926Y (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1661960B (en) * | 2004-02-27 | 2010-04-07 | 北京三星通信技术研究有限公司 | Authentication method of separation between device and card by using CAVE as access authentication algorithm and equipment |
-
2004
- 2004-02-27 CN CN 200420002398 patent/CN2692926Y/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1661960B (en) * | 2004-02-27 | 2010-04-07 | 北京三星通信技术研究有限公司 | Authentication method of separation between device and card by using CAVE as access authentication algorithm and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102440016B (en) | Apparatus and method for over-the-air provisioning of security credentials between two access systems | |
| CN101926151B (en) | Method and communication network system for establishing security conjunction | |
| CN1662092A (en) | Access authentication method and equipment in data packet network at high speed | |
| CN1549526A (en) | Method for realizing radio local area network authentication | |
| CN1523914A (en) | Method for establishing and managing a trust model between a chip card and a radio terminal | |
| CN1601958B (en) | HRPD network access authentication method based on CAVE algorithm | |
| EP3675541B1 (en) | Authentication method and device | |
| CN1812611A (en) | Key setting method | |
| CN1929371A (en) | Method for negotiating key share between user and peripheral apparatus | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN101079703A (en) | System and method for user ID card authentication via Internet | |
| CN1705261A (en) | End-to-end encrypting communication system and method | |
| CN110944319A (en) | 5G communication identity authentication method, equipment and storage medium | |
| CN104507130A (en) | SIM (Subscriber Identity Module) card and system supporting mobile communication network switching | |
| US7649995B2 (en) | Method and device for authenticating MS that has an R-UIM by using CAVE algorithm | |
| CN1835623A (en) | Updating method of controlled secret key | |
| CN101902741B (en) | Mobile terminal and network access method thereof | |
| CN109195139B (en) | Data transmission method, device, platform and medium for M2M management platform and eSIM card | |
| CN2692926Y (en) | Computer card separated identifying method using CAVE as access identifying algorithm and its device | |
| CN1705263A (en) | Validity verification method of mobile terminal user and mobile terminal thereof | |
| CN105959936A (en) | System for recovering cloud data of mobile terminal, and data recovery method | |
| CN1773904A (en) | Universal safety grade consulting method | |
| CN1933650A (en) | CDMA2000 unified authentication platform service access method and system | |
| CN107635218B (en) | Method and device for generating and injecting SIMLOCK password |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |