TWI252649B - A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM - Google Patents
A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM Download PDFInfo
- Publication number
- TWI252649B TWI252649B TW92124084A TW92124084A TWI252649B TW I252649 B TWI252649 B TW I252649B TW 92124084 A TW92124084 A TW 92124084A TW 92124084 A TW92124084 A TW 92124084A TW I252649 B TWI252649 B TW I252649B
- Authority
- TW
- Taiwan
- Prior art keywords
- user
- network
- password
- gsm
- management center
- Prior art date
Links
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
1252649 五、發明說明(1) 發明所屬之技術領域 本發明係有關於一種整合GSM簡訊機制之簡易益 線區域網路認證方法與系統,尤指一種以使用者行王兩… 裝置的電話號碼當做使用者帳號,並根據該使用g =產 生-密碼’且以簡訊的方式將該密碼發送至該使用 2裝置號碼’使用者再於可攜式電腦上輸入該密碼,經 =迅正確’即可正常地與網際網路連線以使資 俾達到提供簡便、安全之無線上網者。 貝源 先前技術 f J線區域網路乃是提供使用者不被線牽制 士兄,免除佈線的困擾,香服四 、’同衣 使用者一 障礙,並能提供漫遊 線區域網路與一 d,隨地上網的網路環境。無 部分化為無線傳輪之===路的線路傳輸 場、飯;^:ί區5上網已經十分普及,例如許多國際機 使用者只要二【的;啡連鎖店等,都有類似的服務。 卡後’即可悠遊於網路世^電:或,,插入無線網路 用可以說是零時差、等,網路資源的汲取與運 無線區域上網雖上/尤/’既迅速又便利。 …、十刀方便,但由於用戶端接取網路 1252649 五、發明說明(2) 的線路僖齡M y^ 制^ ^刀為無線傳輪之形式,若沒有完善的認證機 Γ7 ’)^右> 未經授權的使用者入侵,如此將帶來極大的安全 1 : 1、商業利益的損失。目前在1EEE Standard 802. lx 域網路架構中,Radius〜〇1〇(:〇1是最主要用來提 二=祖機制的協定,可以辨認使用者的身份與密碼,在確 二ί之後即授權使用者登入網域使用相關資源,並可提 二二二機制,保存使用者在網路上的活動記錄,以提供系 矛力業者完整認證收費機制的一個基礎。在此機制下, w=需的證明有下列三種來源: =一是使用所在地租借來的專用無線網路卡,使用者 田1、^所在地(如中正機場)櫃檯租用該網管中心所提供專 爲郎;ί:路卡’插入自己的筆記型電腦,不需帳號與密 罟满^ ΑΓ仃無線上網。此種方式採取鎖昱網路卡之硬體配 £:i(MAC address) , ~ ^ Mt ^ ^ ^ ^ + 士此,田使用者上網完畢後,必須歸還該無線網路 卞’所在地的櫃檯透過網管中 μ丰,、,< ^ μ 1 边、同吕Τ ^侍知使用者使用網路的時 Ξ = 使用者收取費用。此種方式會面臨如租 。契約必須詳列租賃雙方的權利義務,例 Ϊ室m無線網路卡使用前後完好如初,若使用後有 必須理賠,對使用者而t,也許只是臨時要 :<牛,有必要簽個契約嗎?再來’如何避免使 η】,卡時填寫假冒的資料,使得使用者在使用 :右不歸還網路卡…追縱到使用者要求歸 逛網路卡亚收取網路使用費用。這些問題均會造成租賃雙1252649 V. INSTRUCTION DESCRIPTION OF THE INVENTION (1) Field of the Invention The present invention relates to a simple benefit line area network authentication method and system for integrating a GSM newsletter mechanism, and more particularly to a telephone number of a user's device... User account, and according to the use of g = generate - password ' and send the password to the use of 2 device number in the form of a short message 'user and then enter the password on the portable computer, after = fast correct ' Normally connect to the Internet to enable individuals to access wireless Internet access that provides easy and secure access. Beiyuan's previous technology, the J-line area network, is to provide users with no troubles in wiring, eliminating the trouble of wiring, fragrant clothes, four users of the same clothes, and can provide roaming line area network with a d , the Internet environment where you can go online. No part of the wireless transmission of the === road transmission line, rice; ^: ί area 5 Internet has been very popular, for example, many international users only need two [; brown chain stores, etc., have similar services. After the card, you can travel to the Internet. Or, plug in the wireless network. It can be said that it is zero time difference, etc., and the network resources are captured and transported. The wireless area Internet is fast and convenient. ..., ten knives are convenient, but because the user terminal accesses the network 1252649. 5. The invention description (2) The line age M y ^ system ^ ^ knife is in the form of wireless transmission, if there is no perfect authentication machine ' 7 ') ^ Right > Unauthorized user intrusion, this will bring great security 1: 1. Loss of commercial interests. Currently in the 1EEE Standard 802. lx domain network architecture, Radius ~ 〇 1 〇 (: 〇 1 is the most important agreement to mention the two = ancestor mechanism, can identify the user's identity and password, after the second Authorized users log in to the domain to use the relevant resources, and can provide a mechanism to save the user's activity record on the network to provide a basis for the full authentication fee mechanism of the spears. Under this mechanism, w= There are three sources of proof: = one is to use the local wireless network card leased by the local area, the user field 1, the location (such as the Zhongzheng Airport) counter is rented by the network management center to provide the special lang; ί: road card 'insert Your own laptop does not require an account and password. ^Wireless Internet access. This method uses the hardware of the lock network card: i (MAC address), ~ ^ Mt ^ ^ ^ ^ + After the Internet users have finished surfing the Internet, they must return the wireless network to the counter of the local location. Through the network management system, μ, , < ^ μ 1 side, with Lu Wei ^When the user uses the network Ξ = use Charges. This way will face Rent. The contract must detail the rights and obligations of both parties to the lease. The wireless network card of the room must be in good condition before and after use. If it is necessary to make a claim after use, it may be temporary for the user: t, it is necessary to sign Is there a contract? Then, 'How to avoid making η】, fill in the fake information when the card is used, so that the user is using: Right does not return the network card... Tracking the user's request to return to the network card to charge the network usage fee These problems will cause rental double
1252649 五、發明說明(3) 方的:方便f困擾,使得消費者上網的意願降低。 弟一種疋使用預付使用點數的方式。 賭買上網使用點數,此時會得到-組帳號與密碼,在ίΐ 型電腦插入自行配備-般無線網路卡,輸 ^己 後,即可於所在地點無線上網。此種方式,由^馬 在地網管中心有商業上的合作,當所在地網管中心收到斤使 用者所輸入的帳號與密碼後’必須連線到業者的資料中心 去查詢該組帳號與密碼是否合法。上網費用則由該帳號内 的儲值金額中扣除,當上網一定時間後,金額會使用完 畢,=時必須續削吏用隸以增添儲冑金額彳㊣繼續使用 網路貧源。此種方式也會面臨一些問題:由於使用者必須 先付費,因此使用者必須隨時注意儲值餘額,'以免因點數 不足而無法上網。再者由於帳號與密碼會重複使用,因此 使用者必須妥善保存以免被盜用造成損失,同理該帳號與 密碼也必須安全地存於業者的伺服器資料庫中,一但茂漏 出去也會造成損失。此外,使用者可能只是偶而去咖啡館 或臨時心企來潮想使用網路,因此可能不會刻意去申請個 帳號’因而降低使用的意願。 苐一種方式疋事先登記為業者會員的方式如申請 Hinet或Seednet的會員,此種方式使得在家上網與在外上 網使用相同一組帳號與密碼’其上網的方式與第—種方式 相同,但收費方式不同,上網費用將合併於電信帳單事後 收費。此種方式的問題是必須要成為該業者的會員才能上 網’使用者可能沒有意願或因某些因素不願意二又會員b,1252649 V. Description of invention (3) Fang: Convenient f trouble, making consumers less willing to go online. A kind of way to use prepaid points. Gambling to buy Internet access points, you will get a group account and password, insert a self-equipped wireless network card in your computer, and then you can wirelessly access the Internet at your location. In this way, there is commercial cooperation between the local network management center and the network management center. After the local network management center receives the account number and password entered by the user, it must be connected to the data center of the operator to check whether the account and password are in the group. legitimate. The cost of the Internet is deducted from the stored value in the account. After a certain period of time on the Internet, the amount will be used up. If you need to continue to use the amount of the deposit, you will continue to use the network. This method also faces some problems: since the user must pay first, the user must pay attention to the stored value balance at any time, 'to avoid being unable to access the Internet due to insufficient points. In addition, since the account number and password will be reused, the user must save it properly to avoid loss caused by theft. Similarly, the account and password must be safely stored in the server database of the operator. loss. In addition, users may only occasionally go to a coffee shop or make a temporary use of the Internet, so they may not deliberately apply for an account number, thus reducing their willingness to use.苐 One way to register as a member of the industry in advance, such as applying for a member of Hinet or Seednet, this way makes the same set of accounts and passwords used at home and online. The way to access the Internet is the same as the first way, but the way of charging Differently, the Internet access fee will be combined with the telecom bill after the event. The problem with this approach is that it must be a member of the industry to be online. The user may not have the will or may not be willing to be a member b due to certain factors.
第6頁 1252649 五、發明說明(4) 便不能享有此項服務,例如 定繳納月費才能成為會員。 碼,安全性也是一個令人擔 業者的客戶資料,就商業機 簡單的事。 ’業者可能要求使用者每月固 再者’在外地使用此帳號與密 心的困擾。而業者要整合各家 役與市場考量下,也不是一件Page 6 1252649 V. Inventions (4) This service cannot be enjoyed, for example, a monthly fee is required to become a member. Code, security is also a customer's customer information, simple business things. The operator may ask the user to use the account and the secret in the field. And the industry has to integrate the various domestic and market considerations, it is not a piece.
根據以上的敘述可知,雖然無線區域網路上網十分便 利,但對認證上網的權限時仍存在一些問題與困擾,造成 使用者不方便,因而降低上網意願。《了解決這些問題, 本發明乃提出-個結合數位行動通訊裝置系統_ (Gbbal System for Moblie c〇mmunicati〇ns)之簡訊系 統的無線區域上網認證機制,任何人只要是數位行動通訊 裝置系統GSM的合法使用者’均可透過本機制來上網。讓 數位行動通訊裝置系統G S Μ的廣大客戶都成為無線區域上 網的潛在使用者,本發明可解決以上所述三種方式的所 缺點,建制一個方便安全的無線上網機制,方便性是推廣 無線網路應用的最有力推手’因此本發明對無線網路的推 廣是極關鍵的。 内容 本發明之主要目的,在於提供一種簡便安全之益線區 域網路認證方法·,其係使用者將自己的無線網路卡插入可 移動的可攜式電腦後’自動尋找最近的存取橋接器,並要 求上網’存取橋接器要求使用者在可攜式電腦上輸入—使 用者行動通訊裝置的電話號碼以當做使用者帳號,使用者 之所在地的網管中心的伺服器收到該使用者帳號時,便為According to the above description, although the wireless local area network access is very convenient, there are still some problems and problems in verifying the right to access the Internet, which is inconvenient for the user, thereby reducing the willingness to access the Internet. "To solve these problems, the present invention proposes a wireless area Internet authentication mechanism that combines the digital communication system of the digital mobile communication device system (Gbbal System for Moblie c〇mmunicati〇ns), anyone who is a digital mobile communication device system GSM The legitimate users of the Internet can use this mechanism to access the Internet. The majority of customers of the digital mobile communication device system GS 成为 become potential users of the wireless area Internet access. The present invention can solve the shortcomings of the above three methods, and establish a convenient and secure wireless Internet access mechanism, and the convenience is to promote the wireless network. The most powerful push for applications' is therefore critical to the promotion of wireless networks. The main purpose of the present invention is to provide a simple and secure benefit line area network authentication method, which is to automatically find the nearest access bridge after the user inserts his own wireless network card into the portable portable computer. And request the Internet access bridge to require the user to enter on the portable computer - the phone number of the user's mobile communication device to be used as the user account, the server of the network management center where the user is located receives the user When the account number is
!252649 五、發明說明(5) ϋ亥使用者產生一密碼,使用者之所在地的地網管中、、 ,器根據使用者所輸入之使用者帳號,以簡訊的方的伺 山瑪發送至該使用者行動通訊裝置,使用者在該 ^〕亥 =通訊裝置上收到該簡訊而得知該密碼後,再於可: 腦上輸入該密碼,使用者之所在地的網管中心的=:電 到該密碼時,先驗證該密碼是否正確,若為正確,^, 使用者通過驗證,使通過驗證的使用者伽疋 網路連線以使用網路資源。 吊地與網際 實施方式 請配合參看第一、二圖所示(註:第二圖中,每 不有線傳輸,虛線表示無線傳輸),本發明整人員 機制之簡易安全無線區域網路認證方法流程包含:間枭 (一) 使用者將自己的無線網路卡(1 1 )插入可移動 ^式電腦UG)後,自動尋找最近的存取橋接器,並要求1 (二) 存取橋接器(13)要求使用者在可攜 輸入一使用者行動通訊裝置(12)的電 ) 帳號。 ^幻也居旒碼以當做使用者 (三) 使用者之所在地的網管中 使用者帳號時’便為該使用者產生一密】服器(14)收到該 (四) 使用者之所在地的地網管中二 使用者所輸入之使用者帳號,=服器⑽根據 至該使用者行動通訊裝置(12)。 、式將忒饴碼發运 (五) 使用者在該使用者行動通訊裝置(⑴上收到該簡 1252649!252649 V. Invention Description (5) The user of Yuhai generates a password, and the local network management device of the user's location is sent to the user via the user's account number entered by the user. The user mobile communication device, after the user receives the short message on the communication device and knows the password, the user can enter the password in the brain: the network management center of the user's location =: In the case of the password, first verify that the password is correct. If it is correct, ^, the user authenticates to enable the authenticated user to connect to the network to use the network resources. Please refer to the first and second diagrams for the sling and internet implementation. (Note: In the second figure, each line is not wired, the dotted line indicates wireless transmission.) The simple and safe wireless area network authentication method flow of the whole human mechanism of the present invention Including: 枭 (1) After the user inserts his wireless network card (1 1 ) into the removable computer UG), he automatically finds the nearest access bridge and requires 1 (2) access bridge ( 13) The user is required to enter an account of a user mobile communication device (12). ^ 幻 旒 旒 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以 以The user account entered by the user in the network management pipe, and the server (10) is based on the user mobile communication device (12). , the code is shipped (5) the user receives the Jane 1252649 on the user mobile communication device ((1)
訊而得^知該密碼後,再於可攜式電腦(1〇)上輸入該密碼。 ^ (六)使用者之所在地的網管中心的伺服器(1 4 )收到該 在碼時,先驗證該密碼是否正確,若為正確,則判定使用 者通過驗證。 (七)使通過.¼證的使用者可以正常地與網際網路連線 以使用網路資源。 、 _其中,本發明實施時,使用者之所在地網管中心伺服 杰(1 4)收到該使用者帳號時而為該使用者所產生之密碼可 為s品時密碼。After you know the password, you can enter the password on the portable computer (1〇). ^ (6) When the server (1 4) of the network management center where the user is located receives the code, first verify that the password is correct. If it is correct, it is determined that the user has passed the verification. (7) Users who pass the .1⁄4 certificate can normally connect to the Internet to use network resources. In the implementation of the present invention, when the user's local network management center server (1 4) receives the user account, the password generated for the user may be the password of the product.
其中,本發明實施時,使用者結束上網的同時,使用 者所在地網管中心之伺服器(14)會再發送一次簡訊至該使 用者行動通訊裝置(1 2)以表示該次上網的時段已結束。其 中,本發明實施時,該簡訊顯示有使用者使用網路的時八 其中,本發明實施時,使 中心根據使用者使用網路時間 電話帳單中,數位行動通訊裝 給使用者予以收費。 用者使用網路完畢後,網管 計算費用且併入該使用者的 置系統GSM業者再將帳單寄In the implementation of the present invention, when the user ends the Internet access, the server (14) of the network management center at the user's location will send a short message to the user mobile communication device (1 2) to indicate that the time period of the Internet access has ended. . In the implementation of the present invention, the short message shows that the user uses the network. In the implementation of the present invention, the center charges the user according to the user's use of the network time telephone bill and the digital mobile communication. After the user finishes using the network, the network administrator calculates the fee and incorporates the user's system. The GSM operator then sends the bill.
其中,本發明實施時,可攜式電腦(丨〇 )之螢幕 有:放棄"之選項,當使用者收到密碼而臨時放棄該次:: 日守 則可選擇輸入”放棄”選項,該網管中心收到”放棄"琴 項汛心日了,再發送第二次簡訊予使用者行動通訊裝置、 (1 2 )丄亚於該簡訊内容顯示網路使用時間為零。 明苓看第二圖所示,本發明之整體架構系統,其主要Wherein, in the implementation of the present invention, the screen of the portable computer (丨〇) has the option of “abandoning”, and the user temporarily gives up the password when the user receives the password:: The daily code may select the input “abandon” option, the network management The center received the "Abandonment" and the second newsletter was sent to the user's mobile communication device. (1 2) The content of the newsletter showed that the network usage time was zero. The figure shows the overall architecture system of the present invention, which is mainly
第9頁 1252649 五、發明說明(7) 包含有: 使用者可攜式電腦(丨〇 ); 之網路卡⑴),用以與可攜式電腦。〇)連,士. ,、有接收簡訊功能之使用者行動通訊裝 J, 接收簡訊; ,用以 網管中心之區域網路伺服器(丨4),用以產生使用 碼、使用者身份認證,以及以簡訊方式發送密 : (一般伺服器經設定後即具有發送簡訊功能,而叙吏用者 系統來發送簡單); …、而電話 網官中心之存取橋接器(13),用以與該區 器(14)連線。 服 其中,本發明實施時,其系統中該行動通訊裝 一行動電話。 罝』為 其中,本發明實施時,其系統中之該使用者 腦可為一筆記型電腦。 u ^式電 八中本I明貝施時,其系統中之該使用者可攜 腦可為一個人數位助理器(p D A )。 』鐫式電 本發明架構牵涉到GSM業者、網管中心與使用 的微妙關係,所以我們將分料對這三者與這三者之= 能發生的安全威脅做—完整的安全性分析。 日1 有些詐騙行為對本發明架構確有一點潛在的安 =。但-般來呪無線區域上網低廉,每 用並:多,因此本發明架構攻擊者必須累計多次成::: 騙才月匕獲取更多利潤,而且本架構所採取的防範措施會使Page 9 1252649 V. Invention Description (7) Contains: User portable computer (丨〇); network card (1)) for use with portable computers. 〇), 士, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, And sending the secret by means of a short message: (the general server has the function of sending a short message after being set, and the user system is simple to send); and the access bridge (13) of the telephone network official center is used to The zone (14) is connected. Wherein, in the implementation of the present invention, the mobile communication system is equipped with a mobile phone. In the implementation of the present invention, the user's brain in the system can be a notebook computer. u ^式电八八本本明贝施, in the system of the user can be a brain position assistant (p D A). 』镌式电 The architecture of the invention involves the subtle relationship between GSM operators, network management centers and usage, so we will do a complete security analysis on the security threats that these three and these three can occur. Day 1 Some frauds do have some potential security for the architecture of the present invention. However, in general, the wireless area has low Internet access, and each use is more: therefore, the attacker of the present invention must accumulate multiple times::: fraudulently earning more profits, and the precautions taken by this architecture will
第10頁 1252649 五、 發明說明(8) 得 攻 擊 者 詐 騙 成 功 的 困 難 度變 高, 而且母次失敗的詐騙行 為 都 會 被 本發 明 架 構採 取 的安 全機 制察覺,使得攻擊者基 於 成 本 與 風 險 考 量 要 從 事 如此 炸編 行為的機率將降到可容 忍 的 程 度 〇 業 針 對GSM行動通訊業者的安全性分析:以目前實際 狀 況 使 用 者 必 須 將 個 人的 私密 資料提供給GSM業者, 才 能 登 記 為 該 業 者 之 合 法 使用 者, 所以可以合理假設GSM 業 者 是 可 信 賴 的 〇 因 此GSM業者不會與所在地網管中心丘 謀 榨 取 使 用 者 上 網 的 費 用 ,同 樣的 ’ GSM業者也不會與使 用 者 串 通 來 欺 編 網 管 中 心 〇由 於使 用者透過GSM簡訊來收 彳 取 密 碼 並 於 所 在 地 網 管 中 心伺 服器 上網,所以GSM業者必 須 慎 重 選 擇 信 譽 佳 的 網 管 中心 合作 或簽訂合約以法律途徑 防 止 所 在 地 網 管 中 心 假 造 通聯 紀錄 向GSM業者訛詐金錢。 GSM行動通訊裝置簡訊傳輸的安全性是架構在GSM的安 全 協 定(Secur i ty P r 〇 t 〇 c ο 1 )之上, •目前GSM的安全性雖然 - 直 有 爭 議 但 其 方 便 且 兼具 基本 保護的特色確實為一般 大 眾 所 接 受 〇 因 前 也 有 很 多在 不影 響GSM運作效率下去改 善 其 安 全 性 的 技 術 被提 出 來。 況且 ,本架構一旦密碼被 竊 J 損 失 也 不 過 是 一 次 上 網費 用。 當然,一旦GSM安全系 丨 統 被破 解 則 本 系 統 一一 樣 被破 解。 因此我們假設GSM業者 可 以 信 賴 且 系 統 仍 是 安 全 的。 針 對 使 用 者 之 安 全 性 分析 :由 於使用者與所在地網管 中 心 伺 服 器 間 訊 息 傳 送 的 安全 ,不 是本文的重點,因此我 們 假 合又 它 已 使 用 如 加 解 密 等保 護機 制保障通訊的内容。至Page 10 1252649 V. Description of invention (8) The difficulty of successful attacker fraud becomes higher, and the fraudulent behavior of mother-failure failure is detected by the security mechanism adopted by the framework of the invention, so that the attacker is engaged in cost and risk considerations. The probability of such an explosive behavior will be reduced to a tolerable level. The security analysis of the GSM mobile communication industry: In the current situation, the user must provide the private information of the individual to the GSM industry in order to register as legitimate use of the business. Therefore, it can be reasonably assumed that the GSM industry is trustworthy, so the GSM industry will not use the local network management center to extract the user's Internet access fee. The same 'GSM industry' will not collude with the user to deceive the network management center. Users use the GSM newsletter to collect passwords and access the Internet at the local network management center server. Therefore, GSM operators must carefully choose the network management center with good reputation or sign The contract is legally prevented from spoofing the record in the local network management center to swindle money to the GSM industry. The security of GSM mobile communication device transmission is based on the GSM security protocol (Secur ty P r 〇t 〇c ο 1). • The current GSM security is straightforward but convenient and basic. The characteristics of protection are indeed accepted by the general public. There are also many techniques for improving the security of GSM operations without affecting the efficiency of GSM operations. Moreover, once the password is stolen, the password is lost. This is a network charge. Of course, once the GSM security system is broken, the system is completely destroyed. So we assume that the GSM industry can trust and the system is still secure. Security analysis for the user: The security of the message transmission between the user and the local network management server is not the focus of this article. Therefore, we have used the protection mechanism such as encryption and security to ensure communication. to
III· 第11頁 1252649 五、發明說明(9) 於使用者本身可能詐騙或遭人詐騙的行為,分析如下。 (1 )行動通讯裝置遺失或遭竊:本發明架曰 2安:,制在於只有合法電信使用者才會收到網管:心以 傳來的密碼,所以一旦行動通訊裝置遭竊或遣 η:能遭有心人士冒名上網,造成使用者金錢的二 ,的-1使用者必須迅速通知自己所屬的gsm業者,停用遭 =此:用ί訊ΐ置電話號碼。由於不是昂貴的服務項目, ——勤、a f就算有金錢的損失也是报有限。此外,藉由設 =仃I汛裝置密碼(PIN number)也可初步防止遭^盜 只能‘I)自:3攻f :使用者要使用本發明之機制上網, 所在地網管中心m备妓置電活唬碼s帳唬,才能收到 配合參看第一 B:間”、、、先所發送的密碼而順利上網。請 给使用者^圖所不,右使用者甲想惡意將上網費用移轉 ; = 意::=__置電話號= :㈡:、碼會傳送給使用者乙,使用者甲無法收到 巧@ ^ 7¾ S6· U在步驟(6)驗證密碼時無法輸入正確的宓 碼而通過驗證,因此此 作妁在III· Page 11 1252649 V. INSTRUCTIONS (9) The behavior of the user itself may be defrauded or defrauded as follows. (1) Loss or theft of the mobile communication device: The invention is based on the following: The system is that only legitimate telecommunications users will receive the password from the network management system, so if the mobile communication device is stolen or sent: Users who can be impersonated by the minded person to surf the Internet, causing the user's money, the user must promptly notify the gsm operator to which they belong, and disable it = this: use the ΐ to set the phone number. Because it is not an expensive service project, - Qin, a f even if there is a loss of money is also limited. In addition, by setting the 仃 汛 I 汛 device PIN (PIN number) can also be initially prevented from being hacked only to 'I) from: 3 attack f: the user should use the mechanism of the present invention to access the Internet, the local network management center m backup device The e-living s account can only receive the password with the first B: ",", and the password sent first. Please give the user a picture. The right user A wants to maliciously move the Internet fee. =; meaning::=__set the phone number = : (two):, the code will be transmitted to user B, user A can not receive the smart @ ^ 73⁄4 S6 · U can not enter the correct password in step (6) Pass the verification and pass the verification
Attack)不會成功。種偽衣攻擊(1叩⑽nating 由所在地L ^=或重达攻擊:使用者上網所輸入的密碼是 因此使用者每次上姻张你田服时在田日寸才Ik思產生的, 攻擊者要使用猜測用的密碼都不會-樣,所以若有 月』文擎(Guessing Attack)來猜測該使用Attack) will not succeed. A kind of fake clothing attack (1叩(10)nating is located by the location L ^= or heavy attack: the password entered by the user on the Internet is generated by the user every time when the user is married to your field, I attacked the attacker. The password to use guessing will not be the same, so if there is a month, Guessing Attack will guess the use.
第12頁 1252649 五、發明說明(10) ~---- 者的密碼或截取前一次密碼重複使用來進行重送攻擊Page 12 1252649 V. Invention Description (10) ~---- The password of the person or the previous password is used repeatedly for resend attack
Ueplay Attack)都不會成功的。 針對網管中心之安全性分析:在本發明架構中,Gsm業 者必須儲存網管中心發給使用者上網密碼簡訊的記錄以確 定網管中心曾經發送密碼簡訊給該使用者,若沒有發送成 功’也會留下發送失敗的記錄’以作為將來如果使用者對 於帳單有爭議時的依據。 由於網管中心可能是區域性的小公司,可信賴的程度 不可能像GSM業者一般,所以如何降低網管中心向gsm業者 轨砟金錢的風險是一個很重要的課題。我們將盡可能討論 網管中心可能出現的詐騙行為,並提出防範之道。 明 (1 )網管中心假造使用者上網紀錄:網管中心可以 透過間Λ ’故意發送费碼給G S Μ公司之合法使用者,在g s μ 公司會留下簡訊發送記錄以便成功訛詐使用者而不被gsm 業者察覺。然而,簡訊系統在發簡訊時,可查知使用者所 在地的基地台,因此GSM業者可在與網管中心簽約時,即 限定只有在網管中心附近的基地台才可以提供收發使用者 上網的密碼簡訊(一般簡訊的收發不在此限)。因此,若簡 訊系統察覺非屬於這些基地台,便不接受密碼簡訊收發服 務,並留下發送失敗記錄。除非使用者剛好在網管中心附 近的這些基地台所能涵蓋的範圍内漫遊,才有可能在GSM 業者留下發送成功的記錄,但是這時候卻會發生使用者沒 有要上網卻收到網官中心所傳來密碼簡訊的意外事件。 由於網管中心沒有能力判斷哪些使用者剛好在網管中Ueplay Attack) will not succeed. Security analysis for the network management center: In the framework of the present invention, the Gsm operator must store a record sent by the network management center to the user's Internet password briefing to determine that the network management center has sent a password message to the user, and if not successfully sent, Send a failed record 'as a basis for future users if there is a dispute over the bill. Since the network management center may be a small regional company, the degree of trustworthiness cannot be as good as that of the GSM industry. Therefore, how to reduce the risk of the network management center to the gsm operators is an important issue. We will discuss as much as possible the possible fraudulent behaviors in the network management center and propose ways to prevent it. Ming (1) Network management center fake user online record: The network management center can deliberately send a fee code to the legitimate users of GS ,, and the gs μ company will leave a message to send a record to successfully swindle the user without being Gsm operators are aware. However, when the short message system sends a text message, the base station of the user's location can be found. Therefore, when signing the contract with the network management center, the GSM industry can only provide the base station near the network management center to provide the password message for the user to access the Internet. (Generally, the sending and receiving of SMS is not limited to this). Therefore, if the SMS system detects that it is not part of these base stations, it does not accept the cryptographic message delivery service and leaves a transmission failure record. Unless the user roams within the range covered by these base stations near the network management center, it is possible to leave a record of successful transmissions in the GSM industry, but at this time, the user does not have to go online but receives the network official center. An accident with a password message. Because the network management center has no ability to determine which users are just in the network management.
弟13頁 1252649 五、發明說明 心附^的這些基地台所能涵蓋的區域内,因此要成功困難 度很冋,而且一旦攻擊失敗就會在GSm公司留下記錄,若 失敗記錄過多就會引起GSM業者的注意,就算攻擊成功也 會被f用者察覺,即使使用者沒有察覺,所賺取的金額也 不過疋一—人上網的費用。以成本效益的角度來看,由於高 風險,高成本又沒什麼利益可圖,網管中心要從事此種 擊可能性不高。 ^ ( 2 )網管中心浮報使用者上網時間:該如何防範網Brother 13 Page 1252649 V. Inventions in the area that these base stations can cover, so the difficulty of success is very embarrassing, and once the attack fails, it will leave a record in GSm company. If the failure record is too much, it will cause GSM. The attention of the industry, even if the attack is successful, will be noticed by the user. Even if the user does not notice, the amount earned will not be the same as the cost of the Internet. From a cost-effective point of view, due to high risks and high costs, there is no profit, and it is unlikely that the network management center will engage in such a strike. ^ (2) Network management center floating users online time: how to prevent the network
苔中。以浮報使用者上網時間“”以丨⑽七丨^)訛詐使用 者。GfM#業者可以要求網管中心在使用者結束上網同時再 發一次簡訊給使用者以表示該次上網的時段(5“3i〇n)已 經結束,並顯不使用者用了多少網路時間。若使用者對於 ,用時間有疑問,可向GSM業者詢問,GSM業者根據這兩次 簡=1錄發送的時間也可以計算出該次時段(sessi⑽)的 持績日π間’這個時間與使用者使用網路的時間的差距必須 在合理的範圍内,否則GSM業者必須查明是否有網管中心y、 浮報使用者上網時間的情形發生。 =網管中心故意沒有在使用者結束上網第一時間發放 ,關簡訊,藉以簡訊發放時間來訛詐使用者金錢。根^贫 節所述’此攻擊要成功必須使用者結束上網後尚未離 管中:附近的這些基地台所能涵蓋的範圍,一旦離開這範 圍’第二次簡訊發放會失敗而在GSM公司留下記錄,非曰乾 收不到使用者上網的費用而造成自身財務的損失且备一 GSM業者的注意。然而,為了訛詐使用者更多的金錢曰,/In the moss. To swindle users by whistling (10) seven 丨 ^). The GfM# operator can ask the network management center to send a short message to the user at the same time that the user ends the Internet to indicate that the time period of the Internet access (5 "3i〇n" has ended, and shows how much network time the user has used. The user is in doubt about the time, and can ask the GSM industry, the GSM industry can also calculate the time of the period (the sessi (10)) of the performance period based on the time of the two simple transmissions. The time gap between the use of the network must be within a reasonable range. Otherwise, the GSM industry must find out whether there is a network management center y or a floating user's online time. The network management center deliberately did not release the user the first time. , the newsletter, by the time of the newsletter to swindle the user's money. The roots of the poor said that 'this attack must be successful after the user has finished the Internet and has not left the management: the range that can be covered by these nearby base stations, once they leave this range 'The second newsletter will fail and leave a record in the GSM company. It will not receive the user's Internet access fee and cause its own financial losses. The attention of the SM industry. However, in order to blackmail users more money, /
1252649 五、發明說明(12) __ 遲發送的時間必須越久越 開此範圍之前才行,因為 ^但發送時間必須在使用者離 增加攻擊成功的機率,第^ ^,是無法評估的,所以為了 大,所賺取的利益當然就f訊發放能延遲的空間並不 行為,此種攻擊困難度復古對、交少。由於難以臆測使用者 網管中心要從事此種二^尚,所以在成本效益的考量下, 另外,若使用者經由m不?。# 所傳送來的密碼,臨時決* t訊裝置簡訊收到網管中心 網管中心冒充該使用者上^放棄该次上網,此時也會給予 網連線之前在電腦螢幕讯機^我們可以在使用者上 決定放棄該次上網, 二疋放棄選項,若使用者臨時 項,當網管中心收到放^f而選擇輸入’’放棄”選 訊給使用者,簡訊内容時,發送第二次簡 示使用者沒有使用網路n不網路使用時間為零,以表 以上我們討論了 ϊ,总不Φ此向使用者索取費用。 出了防範的機制,這些機欺的幾種方式,並提 困難度變高。除此之外制m官/心要訛詐使用者的 網管中心從事說詐使用者訂相關法律 管更是降低-詐行者 的,事此項攻將及法律責任 -合本郎叙述,我們做 /,低到可容忍的程度。 &在本架構原先的機制範y"大部分的些詐騙行 ^_ 防靡,使得這些砟4;= 第15頁 12526491252649 V. Description of invention (12) __ The time of late delivery must be longer before the range is opened, because ^ but the sending time must be in the user's chance of increasing the attack success, the ^ ^, is not evaluated, so in order to Large, the benefits earned are of course not the behavior of the delay in the issuance of the space, and the difficulty of such attacks is retro and less. Since it is difficult to speculate that the user's network management center is going to engage in such a second-hand, so in the cost-effective consideration, in addition, if the user does not pass m? . # The password sent, the temporary device* telecommunication device newsletter received the network management center network management center posing as the user ^ abandon the Internet access, this time will also give the network connection before the computer screen machine ^ we can use The person decides to give up the Internet access, and the second option is to abandon the option. If the user temporarily receives the option, the network management center chooses to input the ''abandon'' message to the user, and the second message is sent. The user does not use the network n, the network usage time is zero, and we have discussed the above table. It is not Φ to ask the user for the fee. The mechanism of prevention, several ways of bullying these, and difficulties The degree becomes higher. In addition to this, the system administrator who wants to swindle the user to engage in fraudulent users to set up the relevant legal control is to reduce the fraudsters, the attack and legal responsibility - the book , we do /, as low as tolerable. & In the original mechanism of this architecture, y" Most of the scams ^_ Flood prevention, make these 砟4;= Page 15 1252649
1252649 五 、發明說明〇4) 夠的間題。 話號碼,❿密馬工::::::使用^仃動通訊裝置的電 >產生,再以^ 官中心伺服器在當時才臨時隨 二心當下:發送給使用*,所在地 者資料中心去驗證二= = = 用者的帳號與密碼,而日蚪# m = f十厍云儲存所有使 而㈣又是好C 用者來說’也不須記憶密碼 而帳唬又疋子s己的電話號碼 脅與維護負擔。 八八拽季工一方的女全威 GSM業者簽約負責方法使付所在地網官中心只需與-家1252649 V. Description of invention 〇 4) Enough questions. The number of the call, the secret horseman:::::: Use the power of the communication device to generate the power, and then use the server of the official center at the time to temporarily accompany the second heart: send to use*, the data center of the location To verify the second == = user's account and password, and the future #m = f 十厍云Save all and (4) is good C, the user does not need to remember the password and the account is 疋子Phone number threat and maintenance burden. The female servant of the quarter-on-eighth GSM industry is responsible for the method of signing the responsibility for the local network official center.
章者约不1二 达即可,而所有參與協議的GSM ΚΚΐΓ:料庫去儲存使用者的帳號與密,,因此就 :ί:i:隱私與商業利益等問題,所以純粹只是討 Ιίίΐΐ二用的分攤就顯得單純容易多了,而且對業 保障’使得更多㈣業者更願意參與協 在i菸M i夕的商機。因此最複雜的計費及收費機制 在本發明中都極為容易。 ,上所述,本發明利用⑽本身為大眾所接受的安全 方便性,使得GSM合法使用者可以方便的使用無線 路服務’其簡易的管理及收費機制,可以達成廠家 ^提供服務且人人均願上網的雙臝目標,本發明所具體 二於申請專利範圍之技術特徵,未見於同類技術,具新 實用㈣進步性,並能供產業充份利用,已符合發 要件,爰依法具文提出申請,謹請貴局依法核予The chapters are not about two, and all the GSM ports that participate in the agreement: store the user's account and password, so: ί:i: privacy and business interests, so it is purely just Ιίίΐΐ The use of apportionment is simple and easy, and the industry security has made more (four) players more willing to participate in the business opportunities of the i-Min. Therefore, the most complicated billing and charging mechanism is extremely easy in the present invention. As described above, the present invention utilizes (10) the security convenience accepted by the public itself, so that GSM legitimate users can conveniently use the wireless road service's simple management and charging mechanism, and can reach the manufacturer and provide services and everyone can The dual-naked target of the Internet, the technical characteristics of the invention in the scope of the patent application, is not found in the same technology, has a new practical (four) progressive, and can be fully utilized by the industry, has met the requirements, and has been proposed according to law. Application, I ask you to approve it according to law.
第17頁 1252649 五、發明說明(15) 專利,以維護本申請人合法之權益。Page 17 1252649 V. INSTRUCTIONS (15) Patents to protect the lawful rights and interests of this applicant.
1HH11 第18頁 1252649 圖式簡單說明 (一) 圖式說明 第一圖為本發明之方法流程示意圖。 第二圖為本發明系統架構暨方法流程簡單示意圖。 (二) 圖號說明 (1 0 )可攜式電腦 (11)網路卡 (1 2 )行動通訊裝置 (1 3 )橋接器 (1 4 )區域網路伺服器1HH11 Page 18 1252649 Brief Description of the Drawings (I) Schematic Description The first figure is a schematic flow chart of the method of the present invention. The second figure is a simplified schematic diagram of the system architecture and method flow of the present invention. (2) Description of the number (1 0) Portable computer (11) Network card (1 2) Mobile communication device (1 3) Bridge (1 4) Regional network server
第19頁Page 19
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW92124084A TWI252649B (en) | 2003-09-01 | 2003-09-01 | A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW92124084A TWI252649B (en) | 2003-09-01 | 2003-09-01 | A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW200511764A TW200511764A (en) | 2005-03-16 |
| TWI252649B true TWI252649B (en) | 2006-04-01 |
Family
ID=37565485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW92124084A TWI252649B (en) | 2003-09-01 | 2003-09-01 | A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI252649B (en) |
-
2003
- 2003-09-01 TW TW92124084A patent/TWI252649B/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| TW200511764A (en) | 2005-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7490062B2 (en) | Method of payment by means of an electronic communication device | |
| JP4444327B2 (en) | Data communication fee billing system, program, recording medium, and data communication fee billing method | |
| US7756748B2 (en) | Application of automatic internet identification methods | |
| CN101496344B (en) | Method and system having self-setting authentication formula for webs bank payment and identification confirmation | |
| CN103020825B (en) | A kind of secure payment authentication method based on software client | |
| AU2006312456B2 (en) | Authentication for service server in wireless internet and settlement using the same | |
| US20070006286A1 (en) | System and method for security in global computer transactions that enable reverse-authentication of a server by a client | |
| CN109039652B (en) | Digital certificate generation and application method | |
| US20060005024A1 (en) | Dual-path pre-approval authentication method | |
| JP2008282393A (en) | Non-repudiation for digital content delivery | |
| CN101919219A (en) | Method and apparatus for preventing phishing attacks | |
| CN102906776A (en) | A method for mutual authentication of a user and service provider | |
| GB2384069A (en) | Transferring user authentication for first to second web site | |
| US9137241B2 (en) | Method and system using a cyber ID to provide secure transactions | |
| JP2004102872A (en) | Online commerce system for personal information protection | |
| JP4276022B2 (en) | User authentication method, user authentication system, computer program, and program storage medium in WWW service | |
| KR101321829B1 (en) | Method and system for site visitor authentication | |
| WO2009065417A1 (en) | M. currency- net sense | |
| TWI252649B (en) | A convenient and secure wireless LAN authentication method and system based on SMS mechanism of GSM | |
| KR20140125299A (en) | Method for providing direct debit service through electronic signature authentication based by mobile messaging | |
| Panjwani | Practical receipt authentication for branchless banking | |
| JP2003032749A (en) | Method for prohibiting communication, method for digital authentication and server | |
| KR20140051702A (en) | Secured mobile phone payment system for using personal identification number and method thereof | |
| Munjal et al. | Secure and cost effective transaction model for financial services | |
| Lee et al. | An enhanced unlinkable anonymous payment scheme based on near field commnication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |