WO2011060709A1 - Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity - Google Patents

Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity Download PDF

Info

Publication number
WO2011060709A1
WO2011060709A1 PCT/CN2010/078785 CN2010078785W WO2011060709A1 WO 2011060709 A1 WO2011060709 A1 WO 2011060709A1 CN 2010078785 W CN2010078785 W CN 2010078785W WO 2011060709 A1 WO2011060709 A1 WO 2011060709A1
Authority
WO
WIPO (PCT)
Prior art keywords
imsi
imei
terminal
binding relationship
list
Prior art date
Application number
PCT/CN2010/078785
Other languages
French (fr)
Chinese (zh)
Inventor
周成
曲爱妍
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011060709A1 publication Critical patent/WO2011060709A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]

Definitions

  • the present invention relates to user identification and terminal identification technologies in the field of communications, and in particular, to a method and apparatus for verifying the binding relationship between an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI).
  • IMSI International Mobile Subscriber Identity
  • IMEI International Mobile Equipment Identity
  • the 3GPP (3rd Generation Partnership Project) standard working group is working on the evolution of the Evolved Packet System (EPS).
  • the existing EPS system is shown in Figure 1. It mainly includes the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and the Evolved Packet Core (EPC).
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • EPC Evolved Packet Core
  • the system's EPC is capable of supporting users' access from the GSM EDGE Radio Access Network (GERAN, GSM EDGE Radio Access Network) and the Universal Terrestrial Radio Access Network (UTRAN).
  • GSM EDGE Radio Access Network GSM EDGE Radio Access Network
  • UTRAN Universal Terrestrial Radio Access Network
  • the EPC mainly includes a Mobility Management Entity (MME), a S-GW (Serving Gateway), a Packet Data Network Gateway (P-GW), and a Home Subscriber Server (HSS, Home Subscriber Server), Policy and Charging Rules Function (PCRF), Supporting GPRS Supporting Node (SGSN) and other supporting nodes.
  • MME Mobility Management Entity
  • S-GW Serving Gateway
  • P-GW Packet Data Network Gateway
  • HSS Home Subscriber Server
  • PCRF Policy and Charging Rules Function
  • SGSN Supporting GPRS Supporting Node
  • the HSS is the permanent storage location of the user subscription data, located in the home network that the user subscribes to;
  • the MME is the location where the user subscription data is stored in the current network, and is responsible for the non-access stratum of the terminal to the network (NAS, Non-Access Stratum).
  • S-GW is the gateway from the core network to the wireless system, responsible for user plane bearer from the terminal to the core network, data buffer in the idle mode of the terminal, function of initiating service request on the network side, legal eavesdropping and grouping Data routing and forwarding function
  • P-GW is the gateway of EPS and external network of the system, responsible for terminal IP address allocation, charging function, packet filtering, policy application, etc.
  • PCRF is a policy and charging rule function entity, it
  • the receiving interface Rx is connected to the service network protocol (IP, Internet Protocol) to obtain service information.
  • IP Internet Protocol
  • IP Internet Protocol
  • the EPC also includes user equipment (UE, User Equipment), machine type communication server (MTC Server), MTC device (MTC Device, Machine Type Communication Device) and device i only ll register (EIR, Equipment Identity Register) and so on.
  • the UE includes a Universal Integrated Circuit Card (UICC) and a mobile terminal (ME, Mobile Equipment), and the uppermost layer of the protocol stack with the MME is NAS; the MTC Server is mainly responsible for management and data storage of the MTC device/
  • the MTC device is similar to the UE. It also includes the UICC and the ME. It is usually responsible for collecting information of several collectors and accessing the core network through the RAN (Radio Access Network) node and interacting with the MTC Server.
  • EIR is a database that stores device identification codes for MEs, and implements operations such as identification, monitoring, and blocking of MEs.
  • the user's International Mobile Subscriber Identity IMSI, International Mobile Subscriber Identity
  • IMSI International Mobile Subscriber Identity
  • USIM Universal Subscriber Identity Module
  • IMEI International Mobile Equipment Identity
  • the IMEI is globally unique to each UE and MTC device.
  • M2M machine-to-machine
  • the IMEI of an MTC device uniquely corresponds to the IMSI of the inserted device, or It is limited to correspond to several specified IMSIs; conversely, an IMSI is also limited to one or several specified IMEIs. Therefore, the relationship between the IMSI and the IMEI needs to be stored in the network to limit the illegal device and the USIM to access the network, thereby implementing anti-theft.
  • existing LTE networks are not able to meet this demand. Summary of the invention
  • the main object of the present invention is to provide a method and apparatus for verifying the binding relationship between IMSI and IMEI, so as to implement identification and verification of the binding relationship between IMSI and IMEI.
  • the present invention provides a method for verifying the binding relationship between the IMSI and the IMEI.
  • the method includes: querying the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI being used by the terminal, and according to the query result, The IMEI of the terminal is checked against the IMSI that the terminal is using.
  • the correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
  • the IMSI of the terminal is not in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the verification of the binding relationship fails;
  • the binding relationship is determined. The verification failed;
  • the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI being used by the terminal is verified according to the query result, and further includes:
  • the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 3. .
  • the correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
  • the query corresponds to the relationship, and according to the query result, the IMEI of the terminal and the terminal are being used.
  • IMSI performs binding relationship verification, and further includes:
  • the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 6. .
  • the present invention also provides an apparatus for verifying the binding relationship between the IMSI and the IMEI, the apparatus comprising: an information acquisition module, configured to acquire an IMEI of the terminal and an IMSI that the terminal is using;
  • the query insurance module is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform binding verification on the IMEI of the terminal and the IMSI that the terminal is using according to the query result.
  • the correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the querying the insurance module is further configured to: query an IMSI list of the IMEI subscription of the terminal, and an IMEI list of the IMSI subscription that the terminal is using, if the IMSI in the IMSI list is in use by the terminal, and If the IMEI of the terminal exists in the IMEI list, it is determined that the verification of the binding relationship is passed;
  • the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the school insurance of the binding relationship fails;
  • the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
  • the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
  • the querying the insurance module is further configured to: when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, identifying the identifier according to the identifier of the header of the IMSI list Whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the claims The binding relationship check is continued as described in 10.
  • the correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
  • the querying the insurance module is further configured to: query the group identifier signed by the IMEI of the terminal, and the group identifier signed by the IMSI that the terminal is using, and determine whether the group IDs that are queried are consistent, and if they are consistent, determine the binding relationship. If the check is inconsistent, it is determined that the check of the binding relationship has not passed;
  • the querying the insurance module is further configured to: when querying the group identifier of the IMEI contracted by the terminal, and the group identifier of the IMSI that the terminal is using, identifying the terminal according to the identifier of the group identifier of the IMEI subscription Whether the IMEI is a general IMEI, if the IMEI of the terminal is contracted according to the IMSI, and/or the IMSI being used by the terminal For the general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 13.
  • the method and device for verifying the binding relationship between the IMSI and the IMEI provided by the present invention according to the obtained IMEI of the terminal and the IMSI being used by the terminal, query the correspondence between the IMSI and the IMEI, and compare the IMEI of the terminal according to the query result. Binding relationship verification with the IMSI that the terminal is using. Through the invention, the identification and verification of the binding relationship between the IMSI and the IMEI is realized; and the access authentication according to different levels is realized, and the terminal of the M2M type or the terminal of the common type can be applied.
  • FIG. 1 is a schematic structural diagram of an EPS system in the prior art
  • FIG. 2 is a flowchart of a method for verifying a binding relationship between an IMSI and an IMEI according to the present invention
  • FIG. 3 is a flowchart of an EPS attachment according to Embodiment 1 of the present invention
  • FIG. 5 is a flowchart of an EPS attachment according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic diagram showing the structure of a verification apparatus for binding relationship between IMSI and IMEI according to the present invention. detailed description
  • the method for verifying the binding relationship between the IMSI and the IMEI provided by the present invention mainly includes the following steps:
  • Step 201 Query the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI that the terminal is using.
  • Step 202 Perform a binding relationship check between the IMEI of the terminal and the IMSI used by the terminal according to the query result.
  • the correspondence between the IMSI and the IMEI needs to be maintained, and the correspondence may be in two maintenance forms.
  • the correspondence between the first maintenance mode includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the IMSI-signed IMEI list may contain one or more IMEIs, indicating that an IMSI has been contracted to allow the use of one or more IMEI-compliant devices; if the IMEI list is empty, it indicates that the IMSI corresponding to the IMEI list has not signed any IMEIs.
  • the IMSI can use any device that has not subscribed to the IMSI.
  • the IMSI-signed IMSI list may include one or more IMSIs, indicating that an IMEI has been contracted to allow one or more IMSIs to be used; if the IMSI list is empty, it indicates that the IMEI corresponding to the IMSI list has not signed any IMSI, The IMEI can use any IMSI that has not subscribed to the IMEI.
  • the correspondence between the second maintenance modes includes: the group identity of the IMSI contract and the group identifier of the IMEI contract. That is, IMSI and IMEI sign a global unique group identity, and the corresponding relationship stores the group identity of each IMSI and its contract, and the group identity of each IMEI and its contract.
  • the operation mode of the query and binding relationship check is: a. Querying the group identifier of the IMEI that the terminal is subscribed to, and the group identifier of the IMSI that the terminal is using, and determining whether the group IDs that are queried are consistent. If they are consistent, the binding of the binding relationship is determined; if not, Then, it is determined that the verification of the binding relationship has not passed;
  • the present invention can record the contracted IMEI list for each contracted IMSI in the database of the HSS, and record the IMSI list of the contracted IMEI for each application binding contract, that is, the HSS adopts the above-mentioned A maintenance method that stores and maintains the correspondence between IMSI and IMEI.
  • the EIR can also use the first maintenance method described above to store and maintain the correspondence between IMSI and IMEI. Then, correspondingly, the operation mode of the above query and binding relationship verification can be performed by HSS or EIR.
  • the operation mode of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide the IMSI for the MME. Correspondence query service with IMEI.
  • the second maintenance mode can also be used in the HSS database to store and maintain the group ID of the IMSI contract and the group ID of the IMEI contract. Then, correspondingly, the operation mode 2 of the above query and binding relationship insurance can be performed by the HSS.
  • the operation mode 2 of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide a group for the MME. Identification of the query service.
  • the IMEI is verified in the MME according to the method shown in FIG. 2.
  • Step 301 The terminal initiates an initial attach, and sends an attach request message to the evolved base station (eNB, evolved NodeB).
  • the message contains the end user's IMSI or the old Global Unique Temporary Identity (GUTI).
  • Step 302 The eNB selects an MME according to the GUTI in the attach request message, or selects an MME according to the network topology, and sends the attach request message to the selected new MME.
  • Step 303 If the old GUTI is carried in the attach request message, and the current new MME is not the MME when the terminal is last attached, the new MME needs to obtain the authentication vector and the key that are not used by the IMSL from the old MME/SGSN. And the identity information, and the integrity check of the attach request message according to the obtained identity information.
  • Step 304 If the terminal does not record in the new MME or the old MME/SGSN, the new MME acquires the IMSI from the terminal. That is, the new MME sends an identity request to the terminal, and the terminal sends the IMSI to the new MME in the identity response.
  • Step 305 If the terminal does not have context information in the new MME, the old MME/SGSN, or if the attach request message in step 301 does not have integrity protection, or if the attach request does not pass the integrity check, the new MME must The HSS sends an authentication data request message.
  • the authentication data request message includes the IMSI of the end user.
  • Step 306 The HSS first searches for the user subscription data corresponding to the IMSI in the authentication data request message. If no subscription is found or the IMSI is blacklisted, the HSS returns an authentication data response to the new MME and carries the appropriate The cause of the error; if the user subscription data corresponding to the IMSI is found, the HSS returns an authentication data response message to the new MME, where the response message includes an authentication vector.
  • Step 307 if steps 305 and 306 are performed, the authentication process must be performed between the new MME and the terminal to verify the validity of the terminal IMSI, and the security mode process is executed to enable the security. Fully connected.
  • Step 308 In the initial attached scenario, the new MME sends a device identifier request message to the terminal, requesting to acquire the IMEI of the terminal; and the terminal returns a device identifier response message to the new MME to inform the new MME of the IMEI of the terminal. Since the secure connection is established, the identification code request message and the identification code response message are encrypted and transmitted.
  • Step 309 If the EIR is deployed on the network, the MME may choose to query the EIR for the validity of the IMEI of the terminal.
  • Step 310 The new MME sends a location update request message to the HSS, where the request message includes IMSI and IMEI of the terminal.
  • Step 311 The HSS returns a location update response message to the new MME.
  • the location update response message needs to include the user subscription data of the terminal, the legal IMEI list signed by the IMSI of the user, and the legal IMSI list signed by the IMEI of the terminal;
  • the location update response message needs to include the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal.
  • Step 312 The new MME performs a binding relationship check between the IMEI of the terminal and the IMSI being used according to the information carried in the location update response message.
  • the new MME needs to follow the above operation mode to the IMEI of the pair of terminals.
  • the IMSI being used by the terminal performs binding relationship verification. If the location update response message returned by the HSS includes the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal, the new MME needs to use the IMEI of the terminal and the terminal in use according to the foregoing operation mode. IMSI performs binding relationship verification.
  • step 313 if the verification is passed, the subsequent process of the attach process is continued.
  • Step 314 If the check fails, the new MME rejects the attach request of the terminal, and returns an appropriate cause value to the terminal.
  • the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the new MME For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the new MME according to the header of the IMSI list
  • the identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the header of the IMEI list; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI Then, the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in the foregoing operation mode 1.
  • the present invention can extend a bit of the group identifier as a type identifier bit to identify whether the IMEI of the terminal and the IMSI being used by the terminal are general IMEIs.
  • IMSI for example: Identify location 0 table Shown as a normal IMEI or IMSI, the identification location 1 is represented as a general IMEI or IMSI; if it is a general IMEI, then the IMEI has absolute authority and can use any USIM; if it is a general IMSI, then the IMSI has absolute authority and can be used Any ME.
  • the group identifier of the IMEI that is subscribed to the terminal is queried, and the group identifier of the IMSI that the terminal is using, the group that the new MME subscribes according to the IMEI
  • the identified identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the group identifier of the IMSI contract; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is The general IMSI, the verification of the binding relationship is passed; otherwise, the binding relationship insurance is continued as described in the foregoing operation mode 2.
  • the binding relationship between the IMEI and the IMSI is verified in the HSS, the access is allowed, and the process of EPS attachment is finally completed, as shown in FIG. It mainly includes the following steps:
  • steps 401-410 are the same as the operations of steps 301-310 in the embodiment shown in FIG.
  • Step 411 The HSS performs binding relationship verification according to the IMSI and the IMEI carried in the location update request message.
  • the binding relationship check needs to be performed according to the operation mode. If the HSS database adopts the second maintenance mode, it needs to be bound according to the operation mode 2. Determine the relationship check. I will not repeat them here.
  • Step 412 If the check passes, the HSS returns a location update response message to the new MME, where the response message includes the user's IMSI and user subscription data.
  • Step 413 If the verification fails, the HSS returns a subscription data error message to the new MME, where the message includes an appropriate error reason.
  • Step 414 if the new MME receives the location update response message, then the follow-up process The process can continue.
  • Step 415 If the new MME receives the subscription data error message, the new MME rejects the attachment of the terminal and returns an appropriate cause value to the terminal.
  • the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the HSS For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the HSS identifies the header according to the header of the IMSI list.
  • the bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
  • the present invention can extend a bit of the group identifier as a type identifier to identify the IMEI of the terminal.
  • the IMSI being used by the terminal is a general IMEI and an IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, the IMEI has absolute authority, Use any USIM; if it is a generic IMSI, then the IMSI has absolute permissions and can use any ME.
  • the HSS identifies whether the IMEI of the terminal is a general IMEI according to the identifier of the group identifier of the IMEI contract, and identifies the terminal according to the identifier of the group identifier of the IMSI contract. Whether the IMSI being used is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship is passed; otherwise, the binding is continued as described in the above operation mode 2. Determine the relationship check.
  • the IMEI list for maintaining the IMSI subscription and the IMSI list of the IMEI subscription are stored in the EIR, and the EIR checks the binding relationship between the IMEI and the IMSI for the terminal, and
  • the process of finally completing the EPS attachment, as shown in FIG. 5, mainly includes the following steps:
  • Step 509 The new MME sends a device identifier check request message to the EIR, where the request message includes the IMSI of the user and the IMEI of the terminal.
  • Steps 510-511 the EIR retrieves its own database to verify the binding relationship between the IMSI and the IMEI sent by the new MME, and returns a device ID check response message to the new MME, where the response message includes the verification result.
  • the EIR performs binding check verification according to the above operation mode, and details are not described herein again.
  • Step 512 If the new MME receives the verification result returned by the EIR as the verification, the subsequent process of the attach process may continue to be performed.
  • Step 513 If the new MME receives the check result returned by the EIR, the check fails, the new MME rejects the attach request of the terminal and returns an appropriate cause value.
  • the terminal access may be refused, or may be regarded as an IMEI. Or the list corresponding to the IMSI is empty to handle.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the EIR is based on the identifier of the header of the IMSI list.
  • the bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
  • a method for verifying the above IMSI and IMEI binding relationship provides a
  • the verification device of the binding relationship between the IMSI and the IMEI includes: an information acquisition module 10 and a query verification module 20.
  • the information obtaining module 10 is configured to acquire an IMEI of the terminal and an IMSI that the terminal is using.
  • the query verification module 20 is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform a binding relationship between the IMEI of the terminal and the IMSI used by the terminal according to the query result.
  • the mapping between the IMSI and the IMEI may adopt the first maintenance mode, that is, the IMSI-signed IMEI list and the IMEI-signed IMSI list.
  • the query verification module 20 can perform the binding relationship verification by using the operation mode, which is specifically:
  • the IMEI list of the IMSI subscription of the terminal Querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI subscription that the terminal is using. If the IMSI of the terminal is in use in the IMSI list, and the IMEI of the terminal exists in the IMEI list, the verification of the binding relationship is determined; If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the check of the binding relationship fails; if the IMSI list of the IMEI of the terminal is empty, and the terminal is in use If the IMEI list of the IMSI subscription is also empty, it is determined that the binding of the binding relationship is passed; if the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, the binding relationship is determined. The verification fails. If the IMEI list of the
  • the identifier of the header of the IMSI list is used to identify whether the IMEI of the terminal is a general IMEI, according to the header of the IMEI list.
  • the identifier bit identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation mode The binding relationship check is continued as described in .
  • the mapping between the IMSI and the IMEI can be performed in the second maintenance mode, that is, the IMSI contracted group identifier and the IMEI contracted group identifier.
  • the query verification module 20 can perform the binding relationship check in the operation mode 2, specifically: querying the group identifier of the IMEI signed by the terminal, and the group identifier signed by the IMSI that the terminal is using, and determining the queried query. Whether the group IDs are consistent. If they are consistent, the checksum of the binding relationship is determined. If they are inconsistent, the checksum of the binding relationship is not passed. If the IMEI of the terminal and the IMSI being used by the terminal are not signed, The identifier is determined to pass the verification of the binding relationship. If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have the subscription group identifier, it is determined that the verification of the binding relationship fails.
  • the identifier of the group identifier of the IMEI is identified as whether the IMEI of the terminal is a general IMEI, and the IMEI is contracted according to the IMSI.
  • the identifier of the group identifier identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation The binding relationship check is continued as described in mode 2.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a checking method for the binding relationship of an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI). The method includes: inquiring the corresponding relationship of the IMSI and the IMEI according to the acquired IMEI of a terminal and the IMSI which is being used by the terminal, and checking the binding relationship of the IMEI of the terminal and the IMSI which is being used by the terminal according to the inquiry result. The present invention also discloses a checking device for the binding relationship of the IMSI and the IMEI. The checking device can identify and check the binding relationship of the IMSI and the IMEI.

Description

校验国际移动用户识别码与国际移动设备身份码  Verify international mobile subscriber identity and international mobile device identity code
绑定关系的方法和装置 技术领域  Method and device for binding relationship
本发明涉及通信领域的用户身份识别和终端识别技术, 尤其涉及一种 国际移动用户识别码(IMSI )与国际移动设备身份码 ( IMEI )绑定关系的 校验方法和装置。 背景技术  The present invention relates to user identification and terminal identification technologies in the field of communications, and in particular, to a method and apparatus for verifying the binding relationship between an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI). Background technique
为了保持第三代移动通信系统在通信领域的竟争力, 第三代合作伙伴 计划 (3GPP, 3rd Generation Partnership Project )标准工作组正致力于演进 分组域系统(EPS , Evolved Packet System ) 的研究。 现有的 EPS系统如图 1 所示, 主要包括演进的通用陆地无线接入网络 ( E-UTRAN , Evolved Universal Terrestrial Radio Access Network )和演进的分组核心网 (EPC, Evolved Packet Core ) 两部分。 该系统的 EPC能够支持用户从 GSM EDGE 无线接入网 ( GERAN, GSM EDGE Radio Access Network )和通用陆地无 线接入网 ( UTRAN, Universal Terrestrial Radio Access Network ) 的接入。 其中, EPC主要包括移动管理单元(MME, Mobility Management Entity ), 月良务网关( S-GW, Serving Gateway )、分组数据网络网关( P-GW, Packet Data Network Gateway ), 归属用户服务器(HSS, Home Subscriber Server ), 策 略和计费规则功能实体( PCRF, Policy and Charging Rules Function )、 支持 GPRS服务结点 ( SGSN, Serving GPRS Supporting Node )及其他支撑节点 组成。  In order to maintain the competitiveness of the third generation mobile communication system in the field of communication, the 3GPP (3rd Generation Partnership Project) standard working group is working on the evolution of the Evolved Packet System (EPS). The existing EPS system is shown in Figure 1. It mainly includes the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and the Evolved Packet Core (EPC). The system's EPC is capable of supporting users' access from the GSM EDGE Radio Access Network (GERAN, GSM EDGE Radio Access Network) and the Universal Terrestrial Radio Access Network (UTRAN). The EPC mainly includes a Mobility Management Entity (MME), a S-GW (Serving Gateway), a Packet Data Network Gateway (P-GW), and a Home Subscriber Server (HSS, Home Subscriber Server), Policy and Charging Rules Function (PCRF), Supporting GPRS Supporting Node (SGSN) and other supporting nodes.
在图 1 中, HSS是用户签约数据的永久存放地点, 位于用户签约的归 属网; MME是用户签约数据在当前网络的存放地点, 负责终端到网络的非 接入层(NAS, Non- Access Stratum )信令管理、 用户空闲模式下的跟踪和 寻呼管理功能和承载管理; S-GW是核心网到无线系统的网关, 负责终端到 核心网的用户面承载、 终端空闲模式下的数据緩存、 网络侧发起业务请求 的功能、 合法窃听和分组数据路由和转发功能; P-GW是 EPS和该系统外 部网络的网关, 负责终端的 IP地址分配、 计费功能、 分组包过滤、 策略应 用等功能; PCRF是策略和计费规则功能实体, 它通过接收接口 Rx和运营 商网络协议 ( IP, Internet Protocol )业务网络相连, 获取业务信息, 此外, 它还可以通过 Gx接口与网络中的网关设备相连, 负责发起 IP承载的建立, 保证业务数据的服务质量(QoS , Quality of Service ), 并进行计费控制。 In Figure 1, the HSS is the permanent storage location of the user subscription data, located in the home network that the user subscribes to; the MME is the location where the user subscription data is stored in the current network, and is responsible for the non-access stratum of the terminal to the network (NAS, Non-Access Stratum). ) signaling management, tracking in user idle mode and Paging management function and bearer management; S-GW is the gateway from the core network to the wireless system, responsible for user plane bearer from the terminal to the core network, data buffer in the idle mode of the terminal, function of initiating service request on the network side, legal eavesdropping and grouping Data routing and forwarding function; P-GW is the gateway of EPS and external network of the system, responsible for terminal IP address allocation, charging function, packet filtering, policy application, etc.; PCRF is a policy and charging rule function entity, it The receiving interface Rx is connected to the service network protocol (IP, Internet Protocol) to obtain service information. In addition, it can be connected to the gateway device in the network through the Gx interface, and is responsible for initiating the establishment of the IP bearer and ensuring the service data. Quality of Service (QoS), and charge control.
此外, EPC还包括用户设备 ( UE, User Equipment )、 机器类通信服务 器( MTC Server, Machine Type Communication Server )、 MTC设备 ( MTC Device, Machine Type Communication Device )和设备 i只另 ll寄存器 ( EIR, Equipment Identity Register )等。 其中, UE包括通用集成电路卡( UICC, Universal Integrated Circuit Card )和移动终端 ( ME, Mobile Equipment ), 与 MME之间的协议栈最上层为 NAS; MTC Server主要负责 MTC设备的 管理和数据存储 /维护; MTC设备与 UE类似, 也包括 UICC和 ME, 通常 负责收集若干采集器的信息并通过无线接入网 (RAN , Radio Access Network )节点接入核心网, 并与 MTC Server交互数据。 EIR为存储有关 ME的设备识别码的数据库, 实现对 ME的识别、 监视和闭锁等操作。  In addition, the EPC also includes user equipment (UE, User Equipment), machine type communication server (MTC Server), MTC device (MTC Device, Machine Type Communication Device) and device i only ll register (EIR, Equipment Identity Register) and so on. The UE includes a Universal Integrated Circuit Card (UICC) and a mobile terminal (ME, Mobile Equipment), and the uppermost layer of the protocol stack with the MME is NAS; the MTC Server is mainly responsible for management and data storage of the MTC device/ The MTC device is similar to the UE. It also includes the UICC and the ME. It is usually responsible for collecting information of several collectors and accessing the core network through the RAN (Radio Access Network) node and interacting with the MTC Server. EIR is a database that stores device identification codes for MEs, and implements operations such as identification, monitoring, and blocking of MEs.
在现有的长期演进( LTE, Long Term Evolution ) 网络中, 仅支持对普 通移动用户身份的鉴权, 即对用户的国际移动用户识别码 (IMSI , International Mobile Subscriber Identity )进行认证, IMSI存 4诸在全球用户识 别卡( USIM , Universal Subscriber Identity Module ) 中并作为用户的身份识 别。 即便是部署了 EIR的网络, 也仅对设备的国际移动设备身份码 ( IMEI, International Mobile Equipment Identity )本身进行合法性检查, IMEI与每台 UE和 MTC设备——对应, 是全球唯一的。 随着机器到机器 (M2M, Machine to Machine )通信的引入, 尤其是 MTC设备的特殊性, 如无人值守的户外 MTC设备,通常要求一台 MTC设 备的 IMEI与插入设备的 IMSI唯一对应、或仅限于与若干指定的 IMSI对应; 反之, 某个 IMSI也仅限于一个或若干个指定的 IMEI使用。 因此, IMSI与 IMEI的关系需在网络中存储, 以限制非法的设备和 USIM组合接入网络, 进而实现防盗用。 但是, 现有的 LTE网络还无法满足这种需求。 发明内容 In the existing Long Term Evolution (LTE) network, only the authentication of the identity of the ordinary mobile user is supported, that is, the user's International Mobile Subscriber Identity (IMSI, International Mobile Subscriber Identity) is authenticated, and the IMSI is stored. They are identified in the Universal Subscriber Identity Module (USIM) and as the user's identity. Even if the EIR network is deployed, only the device's International Mobile Equipment Identity (IMEI) is checked for legality. The IMEI is globally unique to each UE and MTC device. With the introduction of machine-to-machine (M2M) communication, especially the speciality of MTC devices, such as unattended outdoor MTC devices, it is usually required that the IMEI of an MTC device uniquely corresponds to the IMSI of the inserted device, or It is limited to correspond to several specified IMSIs; conversely, an IMSI is also limited to one or several specified IMEIs. Therefore, the relationship between the IMSI and the IMEI needs to be stored in the network to limit the illegal device and the USIM to access the network, thereby implementing anti-theft. However, existing LTE networks are not able to meet this demand. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种 IMSI与 IMEI绑定关系的 校验方法和装置, 以实现对 IMSI与 IMEI绑定关系的识别校验。  In view of this, the main object of the present invention is to provide a method and apparatus for verifying the binding relationship between IMSI and IMEI, so as to implement identification and verification of the binding relationship between IMSI and IMEI.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种 IMSI与 IMEI绑定关系的校验方法, 该方法包括: 根据获取到的终端的 IMEI和终端正在使用的 IMSI,查询 IMSI与 IMEI 的对应关系, 并根据查询结果对所述终端的 IMEI与终端正在使用的 IMSI 进行绑定关系校验。  The present invention provides a method for verifying the binding relationship between the IMSI and the IMEI. The method includes: querying the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI being used by the terminal, and according to the query result, The IMEI of the terminal is checked against the IMSI that the terminal is using.
所述 IMSI与 IMEI的对应关系包括: IMSI签约的 IMEI列表和 IMEI 签约的 IMSI列表。  The correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
所述查询对应关系,并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 具体为:  The query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
查询所述终端的 IMEI签约的 IMSI 列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表, 如果所述 IMSI列表中存在所述终端正在使用的 IMSI, 且所述 IMEI列表中存在所述终端的 IMEI , 则判定绑定关系的校验 通过;  Querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI subscription that the terminal is using, if the IMSI in the IMSI list is in use, and the terminal exists in the IMEI list IMEI, then determine the verification of the binding relationship;
如果所述 IMSI 列表中不存在所述终端正在使用的 IMSI, 和 /或所述 IMEI列表中不存在所述终端的 IMEI, 则判定绑定关系的校验未通过;  If the IMSI of the terminal is not in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the verification of the binding relationship fails;
如果所述终端的 IMEI签约的 IMSI列表为空, 且所述终端正在使用的 IMSI签约的 IMEI列表也为空, 则判定绑定关系的校验通过; 如果终端的 IMEI签约的 IMSI列表为空,且终端正在使用的 IMSI签约 的 IMEI列表不为空, 则判定绑定关系的校验未通过; If the IMSI subscription IMSI list of the terminal is empty, and the terminal is in use If the IMEI list of the IMSI contract is also empty, the checksum of the binding relationship is determined to pass; if the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, the binding relationship is determined. The verification failed;
如果终端正在使用的 IMSI签约的 IMEI列表为空, 且终端的 IMEI签 约的 IMSI列表不为空, 则判定绑定关系的校验未通过。  If the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
所述查询对应关系,并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 进一步包括:  The query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI being used by the terminal is verified according to the query result, and further includes:
在查询所述终端的 IMEI签约的 IMSI列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表时,根据所述 IMSI列表的表头的标识位识别所述终 端的 IMEI是否为通用 IMEI ,根据所述 IMEI列表的表头的标识位识别所述 终端正在使用的 IMSI是否为通用 IMSI;  When querying the IMSI list of the IMEI subscription of the terminal, and the IMEI subscription IMEI list that the terminal is using, identifying whether the IMEI of the terminal is a general IMEI according to the identifier of the header of the IMSI list, according to The identifier of the header of the IMEI list identifies whether the IMSI being used by the terminal is a general IMSI;
如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 3中所述 继续进行绑定关系校验。  If the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 3. .
所述 IMSI与 IMEI的对应关系包括: IMSI签约的组标识和 IMEI签约 的组标识。  The correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
所述查询对应关系,并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 具体为:  The query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约 的组标识, 并判断所查询的组标识是否一致, 如果一致, 则判定绑定关系 的校验通过; 如果不一致, 则判定绑定关系的校验未通过;  Querying the group identifier of the IMEI that is signed by the terminal, and the group identifier of the IMSI that the terminal is using, and determining whether the group IDs that are queried are consistent. If they are consistent, the binding of the binding relationship is determined; if not, it is determined. The checksum of the binding relationship failed.
如果终端的 IMEI和终端正在使用的 IMSI都没有签约组标识, 则判定 绑定关系的校验通过;  If the IMEI of the terminal and the IMSI being used by the terminal do not have the subscription group identifier, it is determined that the verification of the binding relationship is passed;
如果对于终端的 IMEI和终端正在使用的 IMSI, 只有其中之一没有签 约组标识, 则判定绑定关系的校验未通过。 所述查询对应关系,并根据查询结果对终端的 IMEI与终端正在使用的If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have a subscription group identifier, it is determined that the verification of the binding relationship has not passed. The query corresponds to the relationship, and according to the query result, the IMEI of the terminal and the terminal are being used.
IMSI进行绑定关系校验, 进一步包括: IMSI performs binding relationship verification, and further includes:
在查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签 是否为通用 IMEI, 根据所述 IMSI签约的组标识的标识位识别所述终端正 在使用的 IMSI是否为通用 IMSI;  Querying the group identifier of the IMEI of the terminal, and whether the IMSI that the terminal is using is a general IMEI, and identifying whether the IMSI being used by the terminal is a general IMSI according to the identifier of the group identifier of the IMSI contract;
如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 6中所述 继续进行绑定关系校验。  If the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 6. .
本发明还提供了一种 IMSI与 IMEI绑定关系的校验装置,该装置包括: 信息获取模块, 用于获取终端的 IMEI和终端正在使用的 IMSI;  The present invention also provides an apparatus for verifying the binding relationship between the IMSI and the IMEI, the apparatus comprising: an information acquisition module, configured to acquire an IMEI of the terminal and an IMSI that the terminal is using;
查询校险模块, 用于根据获取到的 IMEI和 IMSI, 查询 IMSI与 IMEI 的对应关系, 并根据查询结果对所述终端的 IMEI与终端正在使用的 IMSI 进行绑定关系校验。  The query insurance module is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform binding verification on the IMEI of the terminal and the IMSI that the terminal is using according to the query result.
所述 IMSI与 IMEI的对应关系包括: IMSI签约的 IMEI列表和 IMEI 签约的 IMSI列表。  The correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
所述查询校险模块进一步用于, 查询所述终端的 IMEI签约的 IMSI列 表, 以及所述终端正在使用的 IMSI签约的 IMEI列表,如果所述 IMSI列表 中存在所述终端正在使用的 IMSI, 且所述 IMEI 列表中存在所述终端的 IMEI, 则判定绑定关系的校验通过;  The querying the insurance module is further configured to: query an IMSI list of the IMEI subscription of the terminal, and an IMEI list of the IMSI subscription that the terminal is using, if the IMSI in the IMSI list is in use by the terminal, and If the IMEI of the terminal exists in the IMEI list, it is determined that the verification of the binding relationship is passed;
如果所述 IMSI 列表中不存在所述终端正在使用的 IMSI, 和 /或所述 IMEI列表中不存在所述终端的 IMEI, 则判定绑定关系的校险未通过;  If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the school insurance of the binding relationship fails;
如果所述终端的 IMEI签约的 IMSI列表为空, 且所述终端正在使用的 IMSI签约的 IMEI列表也为空, 则判定绑定关系的校验通过;  If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
如果终端的 IMEI签约的 IMSI列表为空,且终端正在使用的 IMSI签约 的 IMEI列表不为空, 则判定绑定关系的校验未通过; If the IMSI of the terminal's IMEI subscription is empty, and the IMSI subscription of the terminal is being used If the IMEI list is not empty, it is determined that the check of the binding relationship has not passed;
如果终端正在使用的 IMSI签约的 IMEI列表为空, 且终端的 IMEI签 约的 IMSI列表不为空, 则判定绑定关系的校验未通过。  If the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
所述查询校险模块进一步用于, 在查询所述终端的 IMEI签约的 IMSI 列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表时, 根据所述 IMSI 列表的表头的标识位识别所述终端的 IMEI是否为通用 IMEI, 根据所述 如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 10中所述 继续进行绑定关系校验。  The querying the insurance module is further configured to: when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, identifying the identifier according to the identifier of the header of the IMSI list Whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the claims The binding relationship check is continued as described in 10.
所述 IMSI与 IMEI的对应关系包括: IMSI签约的组标识和 IMEI签约 的组标识。  The correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
所述查询校险模块进一步用于, 查询终端的 IMEI所签约的组标识, 以 及终端正在使用的 IMSI所签约的组标识,并判断所查询的组标识是否一致, 如果一致, 则判定绑定关系的校验通过; 如果不一致, 则判定绑定关系的 校验未通过;  The querying the insurance module is further configured to: query the group identifier signed by the IMEI of the terminal, and the group identifier signed by the IMSI that the terminal is using, and determine whether the group IDs that are queried are consistent, and if they are consistent, determine the binding relationship. If the check is inconsistent, it is determined that the check of the binding relationship has not passed;
如果终端的 IMEI和终端正在使用的 IMSI都没有签约组标识, 则判定 绑定关系的校验通过;  If the IMEI of the terminal and the IMSI being used by the terminal do not have the subscription group identifier, it is determined that the verification of the binding relationship is passed;
如果对于终端的 IMEI和终端正在使用的 IMSI, 只有其中之一没有签 约组标识, 则判定绑定关系的校验未通过。  If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have a signed group identifier, it is determined that the check of the binding relationship has not passed.
所述查询校险模块进一步用于, 在查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识时, 根据所述 IMEI签约的组标 识的标识位识别所述终端的 IMEI是否为通用 IMEI,根据所述 IMSI签约的 如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 13中所述 继续进行绑定关系校验。 The querying the insurance module is further configured to: when querying the group identifier of the IMEI contracted by the terminal, and the group identifier of the IMSI that the terminal is using, identifying the terminal according to the identifier of the group identifier of the IMEI subscription Whether the IMEI is a general IMEI, if the IMEI of the terminal is contracted according to the IMSI, and/or the IMSI being used by the terminal For the general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 13.
本发明所提供的一种 IMSI与 IMEI绑定关系的校验方法和装置, 根据 获取到的终端的 IMEI和终端正在使用的 IMSI, 查询 IMSI与 IMEI的对应 关系, 并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关 系校验。 通过本发明, 实现了对 IMSI与 IMEI绑定关系的识别校验; 并且 实现了按不同级别的接入认证, 无论是 M2M类型的终端,还是普通类型的 终端都可适用。 附图说明  The method and device for verifying the binding relationship between the IMSI and the IMEI provided by the present invention, according to the obtained IMEI of the terminal and the IMSI being used by the terminal, query the correspondence between the IMSI and the IMEI, and compare the IMEI of the terminal according to the query result. Binding relationship verification with the IMSI that the terminal is using. Through the invention, the identification and verification of the binding relationship between the IMSI and the IMEI is realized; and the access authentication according to different levels is realized, and the terminal of the M2M type or the terminal of the common type can be applied. DRAWINGS
图 1为现有技术中 EPS系统的架构示意图;  1 is a schematic structural diagram of an EPS system in the prior art;
图 2为本发明一种 IMSI与 IMEI绑定关系的校验方法的流程图; 图 3为本发明实施例一的 EPS附着流程图;  2 is a flowchart of a method for verifying a binding relationship between an IMSI and an IMEI according to the present invention; FIG. 3 is a flowchart of an EPS attachment according to Embodiment 1 of the present invention;
图 4为本发明实施例二的 EPS附着流程图;  4 is a flowchart of an EPS attachment according to Embodiment 2 of the present invention;
图 5为本发明实施例三的 EPS附着流程图;  FIG. 5 is a flowchart of an EPS attachment according to Embodiment 3 of the present invention; FIG.
图 6为本发明一种 IMSI与 IMEI绑定关系的校验装置的组成结构示意 图。 具体实施方式  FIG. 6 is a schematic diagram showing the structure of a verification apparatus for binding relationship between IMSI and IMEI according to the present invention. detailed description
下面结合附图和具体实施例对本发明的技术方案进一步详细阐述。 本发明所提供的一种 IMSI与 IMEI绑定关系的校验方法,如图 2所示, 主要包括以下步驟:  The technical solutions of the present invention are further elaborated below in conjunction with the accompanying drawings and specific embodiments. The method for verifying the binding relationship between the IMSI and the IMEI provided by the present invention, as shown in FIG. 2, mainly includes the following steps:
步驟 201 , 根据获取到的终端的 IMEI和终端正在使用的 IMSI, 查询 IMSI与 IMEI的对应关系。  Step 201: Query the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI that the terminal is using.
步驟 202, 根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行 绑定关系校验。 本发明中需要维护 IMSI与 IMEI的对应关系, 且该对应关系可以有两 种维护形式, 第一种维护方式的对应关系包括: IMSI签约的 IMEI列表和 IMEI签约的 IMSI列表。 IMSI签约的 IMEI 列表中可以包含一个或多个 IMEI , 表示某个 IMSI已签约允许使用一个或多个 IMEI所对应的设备; 如 果 IMEI列表为空, 则表示对应该 IMEI列表的 IMSI尚未签约任何 IMEI, 该 IMSI可以使用任意尚未签约 IMSI的设备。 类似的, IMEI签约的 IMSI 列表中可以包含一个或多个 IMSI, 表示某个 IMEI 已签约允许使用一个或 多个 IMSI; 如果 IMSI列表为空, 则表示对应该 IMSI列表的 IMEI尚未签 约任何 IMSI, 该 IMEI可以使用任意尚未签约 IMEI的 IMSI。 Step 202: Perform a binding relationship check between the IMEI of the terminal and the IMSI used by the terminal according to the query result. In the present invention, the correspondence between the IMSI and the IMEI needs to be maintained, and the correspondence may be in two maintenance forms. The correspondence between the first maintenance mode includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list. The IMSI-signed IMEI list may contain one or more IMEIs, indicating that an IMSI has been contracted to allow the use of one or more IMEI-compliant devices; if the IMEI list is empty, it indicates that the IMSI corresponding to the IMEI list has not signed any IMEIs. The IMSI can use any device that has not subscribed to the IMSI. Similarly, the IMSI-signed IMSI list may include one or more IMSIs, indicating that an IMEI has been contracted to allow one or more IMSIs to be used; if the IMSI list is empty, it indicates that the IMEI corresponding to the IMSI list has not signed any IMSI, The IMEI can use any IMSI that has not subscribed to the IMEI.
针对这第一种对应关系, 其查询和绑定关系校验的操作方式一为: For the first correspondence, the operation mode of the query and binding relationship check is:
A、 查询终端的 IMEI签约的 IMSI列表, 以及终端正在使用的 IMSI签 约的 IMEI列表, 如果 IMSI列表中存在终端正在使用的 IMSI, 且 IMEI列 表中存在终端的 IMEI, 则判定绑定关系的校验通过; A. Query the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI subscription that the terminal is using. If there is an IMSI that the terminal is using in the IMSI list, and the IMEI of the terminal exists in the IMEI list, the binding relationship check is determined. Pass
B、 如果 IMSI列表中不存在终端正在使用的 IMSI, 和 /或 IMEI列表中 不存在终端的 IMEI, 则判定绑定关系的校验未通过;  B. If there is no IMSI in the IMSI list, and the IMEI of the terminal does not exist in the IMEI list, it is determined that the verification of the binding relationship has not passed;
C、 如果终端的 IMEI签约的 IMSI列表为空, 且终端正在使用的 IMSI 签约的 IMEI列表也为空, 则判定绑定关系的校验通过;  C. If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
D、 如果终端的 IMEI签约的 IMSI列表为空, 且终端正在使用的 IMSI 签约的 IMEI列表不为空, 则判定绑定关系的校验未通过;  D. If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, it is determined that the verification of the binding relationship fails.
E、 如果终端正在使用的 IMSI签约的 IMEI列表为空, 且终端的 IMEI 签约的 IMSI列表不为空, 则判定绑定关系的校验未通过。  E. If the IMEI list of the IMSI subscription that the terminal is using is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
第二种维护方式的对应关系包括: IMSI签约的组标识和 IMEI签约的 组标识。 即为 IMSI和 IMEI签约全球唯一的组标识, 对应关系中存储的是 各个 IMSI与其签约的组标识, 以及各个 IMEI与其签约的组标识。  The correspondence between the second maintenance modes includes: the group identity of the IMSI contract and the group identifier of the IMEI contract. That is, IMSI and IMEI sign a global unique group identity, and the corresponding relationship stores the group identity of each IMSI and its contract, and the group identity of each IMEI and its contract.
针对这第二种对应关系, 其查询和绑定关系校验的操作方式二为: a、 查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签 约的组标识, 并判断所查询的组标识是否一致, 如果一致, 则判定绑定关 系的校验通过; 如果不一致, 则判定绑定关系的校验未通过; For the second correspondence, the operation mode of the query and binding relationship check is: a. Querying the group identifier of the IMEI that the terminal is subscribed to, and the group identifier of the IMSI that the terminal is using, and determining whether the group IDs that are queried are consistent. If they are consistent, the binding of the binding relationship is determined; if not, Then, it is determined that the verification of the binding relationship has not passed;
b、如果终端的 IMEI和终端正在使用的 IMSI都没有签约组标识, 则判 定绑定关系的校验通过;  b. If the IMEI of the terminal and the IMSI being used by the terminal do not have the subscription group identifier, the verification of the binding relationship is determined to pass;
c、 如果对于终端的 IMEI和终端正在使用的 IMSI , 只有其中之一没有 签约组标识, 则判定绑定关系的校验未通过。  c. If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have a subscription group identifier, it is determined that the verification of the binding relationship has not passed.
需要指出的是, 本发明可以在 HSS的数据库中为每个签约的 IMSI记 录其签约的 IMEI列表, 并为每个申请签约绑定 IMSI的 IMEI记录其签约 的 IMSI列表,即由 HSS采用上述第一种维护方式,存储并维护 IMSI和 IMEI 的对应关系。 当然, 也可以由 EIR采用上述第一种维护方式, 存储并维护 IMSI和 IMEI的对应关系。 那么相应的, 上述查询和绑定关系校验的操作 方式一可以由 HSS或 EIR来执行。 另夕卜, 由于终端的 IMEI和终端正在使 用的 IMSI, 最初是由 MME收集到的, 因此上述查询和绑定关系校验的操 作方式一也可以由 MME来执行,只是需要 HSS为 MME提供 IMSI和 IMEI 的对应关系查询服务。  It should be noted that the present invention can record the contracted IMEI list for each contracted IMSI in the database of the HSS, and record the IMSI list of the contracted IMEI for each application binding contract, that is, the HSS adopts the above-mentioned A maintenance method that stores and maintains the correspondence between IMSI and IMEI. Of course, the EIR can also use the first maintenance method described above to store and maintain the correspondence between IMSI and IMEI. Then, correspondingly, the operation mode of the above query and binding relationship verification can be performed by HSS or EIR. In addition, since the IMEI of the terminal and the IMSI being used by the terminal are originally collected by the MME, the operation mode of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide the IMSI for the MME. Correspondence query service with IMEI.
在 HSS的数据库中也可以采用第二种维护方式, 存储并维护 IMSI签 约的组标识和 IMEI签约的组标识。 那么相应的, 上述查询和绑定关系校险 的操作方式二可以由 HSS来执行。 另夕卜, 由于终端的 IMEI和终端正在使 用的 IMSI, 最初是由 MME收集到的, 因此上述查询和绑定关系校验的操 作方式二也可以由 MME来执行, 只是需要 HSS为 MME提供组标识的查 询服务。  The second maintenance mode can also be used in the HSS database to store and maintain the group ID of the IMSI contract and the group ID of the IMEI contract. Then, correspondingly, the operation mode 2 of the above query and binding relationship insurance can be performed by the HSS. In addition, since the IMEI of the terminal and the IMSI being used by the terminal are originally collected by the MME, the operation mode 2 of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide a group for the MME. Identification of the query service.
下面结合具体实施例对上述 IMSI与 IMEI绑定关系的校险方法进一步 详细阐述。  The above-mentioned IMSI and IMEI binding relationship insurance method will be further elaborated below in conjunction with specific embodiments.
在本发明的实施例一中, 依据图 2所示的方法, 在 MME中校验 IMEI 与 IMSI的绑定关系, 判断是否允许接入, 并最终完成 EPS附着的过程, 如 图 3所示, 主要包括以下步驟: In the first embodiment of the present invention, the IMEI is verified in the MME according to the method shown in FIG. 2. Binding relationship with the IMSI, determining whether to allow access, and finally completing the process of EPS attachment, as shown in FIG. 3, mainly includes the following steps:
步驟 301 , 终端发起初始附着, 向演进的基站(eNB, evolved NodeB ) 发送附着请求消息。该消息中包含终端用户的 IMSI或旧的全球唯一临时标 识 ( GUTI, Global Unique Temporary Identity )。  Step 301: The terminal initiates an initial attach, and sends an attach request message to the evolved base station (eNB, evolved NodeB). The message contains the end user's IMSI or the old Global Unique Temporary Identity (GUTI).
步驟 302, eNB根据附着请求消息中的 GUTI选择一个 MME、 或者根 据网络拓朴选择一个 MME, 并将该附着请求消息发送给选择的新 MME。  Step 302: The eNB selects an MME according to the GUTI in the attach request message, or selects an MME according to the network topology, and sends the attach request message to the selected new MME.
步驟 303 , 如果附着请求消息中携带的是旧的 GUTI, 并且当前的新 MME不是终端上次附着时的 MME,则新 MME需从旧的 MME/SGSN获取 IMSL 未使用的鉴权向量、 密钥等身份信息, 并依据获取的身份信息对附 着请求消息进行完整性校验。  Step 303: If the old GUTI is carried in the attach request message, and the current new MME is not the MME when the terminal is last attached, the new MME needs to obtain the authentication vector and the key that are not used by the IMSL from the old MME/SGSN. And the identity information, and the integrity check of the attach request message according to the obtained identity information.
步驟 304, 如果终端在新 MME、 旧 MME/SGSN中都没有记录, 则新 MME向终端获取 IMSI。 即新 MME向终端发送标识请求,终端在标识响应 中将 IMSI发送给新 MME。  Step 304: If the terminal does not record in the new MME or the old MME/SGSN, the new MME acquires the IMSI from the terminal. That is, the new MME sends an identity request to the terminal, and the terminal sends the IMSI to the new MME in the identity response.
步驟 305 , 如果终端在新 MME、 旧 MME/SGSN中都没有上下文信息, 或者如果步驟 301 中的附着请求消息没有完整性保护, 再或者如果附着请 求没有通过完整性校验, 则新 MME必须向 HSS发送鉴权数据请求消息。 该鉴权数据请求消息中包含终端用户的 IMSI。  Step 305: If the terminal does not have context information in the new MME, the old MME/SGSN, or if the attach request message in step 301 does not have integrity protection, or if the attach request does not pass the integrity check, the new MME must The HSS sends an authentication data request message. The authentication data request message includes the IMSI of the end user.
步驟 306, HSS首先查找鉴权数据请求消息中的 IMSI所对应的用户签 约数据, 如果查找不到任何签约或者 IMSI 已被列入黑名单, 则 HSS向新 MME返回鉴权数据响应并携带合适的错误原因; 如果查找到与 IMSI对应 的用户签约数据, 则 HSS向新 MME返回鉴权数据响应消息, 该响应消息 中包含鉴权向量。  Step 306: The HSS first searches for the user subscription data corresponding to the IMSI in the authentication data request message. If no subscription is found or the IMSI is blacklisted, the HSS returns an authentication data response to the new MME and carries the appropriate The cause of the error; if the user subscription data corresponding to the IMSI is found, the HSS returns an authentication data response message to the new MME, where the response message includes an authentication vector.
步驟 307, 如果执行了步驟 305和 306, 那么新 MME与终端之间就必 须执行鉴权流程以验证终端 IMSI的合法性, 并执行安全模式流程以启用安 全连接。 Step 307, if steps 305 and 306 are performed, the authentication process must be performed between the new MME and the terminal to verify the validity of the terminal IMSI, and the security mode process is executed to enable the security. Fully connected.
步驟 308, 在初始附着的场景下, 新 MME向终端发送设备识别码请求 消息 , 请求获取终端的 IMEI; 终端向新 MME返回设备识别码响应消息 , 以告知新 MME该终端的 IMEI。 由于安全连接已建立 , 因此该识别码请求 消息、 识别码响应消息是加密传输的。  Step 308: In the initial attached scenario, the new MME sends a device identifier request message to the terminal, requesting to acquire the IMEI of the terminal; and the terminal returns a device identifier response message to the new MME to inform the new MME of the IMEI of the terminal. Since the secure connection is established, the identification code request message and the identification code response message are encrypted and transmitted.
步驟 309, 如果网络部署了 EIR, 则 MME可以选择向 EIR查询终端的 IMEI的合法性。  Step 309: If the EIR is deployed on the network, the MME may choose to query the EIR for the validity of the IMEI of the terminal.
步驟 310, 新 MME向 HSS发送位置更新请求消息, 该请求消息中包 含终端的 IMSI和 IMEI。  Step 310: The new MME sends a location update request message to the HSS, where the request message includes IMSI and IMEI of the terminal.
步驟 311 , HSS向新 MME返回位置更新响应消息。  Step 311: The HSS returns a location update response message to the new MME.
需要指出的是, 如果采用上述操作方式一, 那么该位置更新响应消息 中需要包含终端的用户签约数据、 用户的 IMSI所签约的合法 IMEI列表、 终端的 IMEI所签约的合法 IMSI列表; 如果采用上述操作方式二, 那么该 位置更新响应消息中需要包含终端的用户签约数据、用户的 IMSI对应的组 标识、 终端的 IMEI对应的组标识。  It should be noted that, if the foregoing operation mode 1 is adopted, the location update response message needs to include the user subscription data of the terminal, the legal IMEI list signed by the IMSI of the user, and the legal IMSI list signed by the IMEI of the terminal; In operation mode 2, the location update response message needs to include the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal.
步驟 312, 新 MME根据位置更新响应消息中所携带的信息, 对终端的 IMEI与正在使用的 IMSI进行绑定关系校验。  Step 312: The new MME performs a binding relationship check between the IMEI of the terminal and the IMSI being used according to the information carried in the location update response message.
如果 HSS返回的位置更新响应消息中包含终端的用户签约数据、 用户 的 IMSI所签约的合法 IMEI列表、 终端的 IMEI所签约的合法 IMSI列表, 那么新 MME需要按照上述操作方式一对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验。如果 HSS返回的位置更新响应消息中包含终端的 用户签约数据、 用户的 IMSI对应的组标识、 终端的 IMEI对应的组标识, 那么新 MME需要按照上述操作方式二对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验。  If the location update response message returned by the HSS includes the user subscription data of the terminal, the legal IMEI list signed by the IMSI of the user, and the legal IMSI list signed by the IMEI of the terminal, the new MME needs to follow the above operation mode to the IMEI of the pair of terminals. The IMSI being used by the terminal performs binding relationship verification. If the location update response message returned by the HSS includes the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal, the new MME needs to use the IMEI of the terminal and the terminal in use according to the foregoing operation mode. IMSI performs binding relationship verification.
步驟 313, 如果校验通过, 则继续执行附着流程的后续过程。 步驟 314, 如果校验未通过, 则新 MME拒绝终端的附着请求, 并向终 端返回适当的原因值。 In step 313, if the verification is passed, the subsequent process of the attach process is continued. Step 314: If the check fails, the new MME rejects the attach request of the terminal, and returns an appropriate cause value to the terminal.
需要说明的是,对于上述操作方式一,根据运营商的需要,如果在 HSS 数据库的记录中查找不到终端的 IMEI或终端正在使用的 IMSI, 则可以选 择拒绝终端接入, 也可以当作 IMEI或 IMSI对应的列表为空来处理; 对于 上述操作方式二, 如果在 HSS数据库的记录中查找不到终端的 IMEI或终 端正在使用的 IMSI , 则可以选择拒绝终端接入, 也可以当作没有组标识的 情况来处理。  It should be noted that, for the foregoing operation mode 1, according to the needs of the operator, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
另外, 为了满足实际应用中不同级别的接入认证需求, 针对上述操作 方式一, 本发明可以扩展 IMSI列表和 IMEI列表的表头, 增加 lbit的标识 位, 用以标识终端的 IMEI和终端正在使用的 IMSI是否为通用的 IMEI和 IMSI, 例如: 标识位置 0表示为普通 IMEI或 IMSI, 标识位置 1表示为通 用 IMEI或 IMSI; 如果是通用 IMEI, 那么该 IMEI拥有绝对的权限, 可以 使用任何 USIM; 如果是通用 IMSI, 那么该 IMSI拥有绝对的权限, 可以使 用任何 ME。  In addition, in order to meet the different levels of access authentication requirements in the actual application, the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used. Whether the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
针对这种表头的扩展, 在执行绑定关系校验的过程中, 在查询终端的 IMEI签约的 IMSI列表, 以及终端正在使用的 IMSI签约的 IMEI列表时, 新 MME根据 IMSI列表的表头的标识位识别终端的 IMEI是否为通用 IMEI , 根据 IMEI 列表的表头的标识位识别终端正在使用的 IMSI 是否为通用 IMSI; 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使用的 IMSI为通用 IMSI, 则绑定关系的校验通过; 否则, 按照上述操作方式一所述继续进行 绑定关系校验。  For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the new MME according to the header of the IMSI list The identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the header of the IMEI list; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI Then, the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in the foregoing operation mode 1.
为了满足实际应用中不同级别的接入认证需求, 针对上述操作方式二, 本发明可以扩展组标识的一个 bit作为类型标识位, 用以标识终端的 IMEI 和终端正在使用的 IMSI是否为通用的 IMEI和 IMSI, 例如: 标识位置 0表 示为普通 IMEI或 IMSI, 标识位置 1表示为通用 IMEI或 IMSI; 如果是通 用 IMEI, 那么该 IMEI拥有绝对的权限, 可以使用任何 USIM; 如果是通用 IMSI, 那么该 IMSI拥有绝对的权限, 可以使用任何 ME。 In order to meet the requirements of different levels of access authentication in the actual application, the present invention can extend a bit of the group identifier as a type identifier bit to identify whether the IMEI of the terminal and the IMSI being used by the terminal are general IMEIs. And IMSI, for example: Identify location 0 table Shown as a normal IMEI or IMSI, the identification location 1 is represented as a general IMEI or IMSI; if it is a general IMEI, then the IMEI has absolute authority and can use any USIM; if it is a general IMSI, then the IMSI has absolute authority and can be used Any ME.
针对这种表头的扩展, 在执行绑定关系校验的过程中, 在查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识时, 新 MME根据 IMEI签约的组标识的标识位识别终端的 IMEI是否为通用 IMEI , 根据 IMSI签约的组标识的标识位识别终端正在使用的 IMSI是否为通用 IMSI; 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使用的 IMSI为通用 IMSI, 则绑定关系的校验通过; 否则, 按照上述操作方式二所述继续进行 绑定关系校险。  For the extension of the header, in the process of performing the binding relationship check, when the group identifier of the IMEI that is subscribed to the terminal is queried, and the group identifier of the IMSI that the terminal is using, the group that the new MME subscribes according to the IMEI The identified identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the group identifier of the IMSI contract; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is The general IMSI, the verification of the binding relationship is passed; otherwise, the binding relationship insurance is continued as described in the foregoing operation mode 2.
在本发明的实施例二中, 依据图 2所示的方法, 在 HSS 中校验 IMEI 与 IMSI的绑定关系, 判断是否允许接入, 并最终完成 EPS附着的过程, 如 图 4所示, 主要包括以下步驟:  In the second embodiment of the present invention, according to the method shown in FIG. 2, the binding relationship between the IMEI and the IMSI is verified in the HSS, the access is allowed, and the process of EPS attachment is finally completed, as shown in FIG. It mainly includes the following steps:
步驟 401~410的操作与图 3所示实施例中步驟 301~310的操作相同,
Figure imgf000015_0001
The operations of steps 401-410 are the same as the operations of steps 301-310 in the embodiment shown in FIG.
Figure imgf000015_0001
步驟 411 , HSS根据位置更新请求消息中所携带的 IMSI和 IMEI ,进行 绑定关系校验。  Step 411: The HSS performs binding relationship verification according to the IMSI and the IMEI carried in the location update request message.
需要指出的是, 如果 HSS的数据库是采用第一种维护方式, 那么需要 按照操作方式一进行绑定关系校验; 如果 HSS的数据库是采用第二种维护 方式, 那么需要按照操作方式二进行绑定关系校验。 此处不再赘述。  It should be noted that if the database of the HSS adopts the first maintenance mode, the binding relationship check needs to be performed according to the operation mode. If the HSS database adopts the second maintenance mode, it needs to be bound according to the operation mode 2. Determine the relationship check. I will not repeat them here.
步驟 412 , 如果校验通过, 则 HSS向新 MME返回位置更新响应消息, 该响应消息中包含用户的 IMSI和用户签约数据。  Step 412: If the check passes, the HSS returns a location update response message to the new MME, where the response message includes the user's IMSI and user subscription data.
步驟 413, 如果校验未通过, 则 HSS向新 MME返回签约数据错误消 息, 该消息中包含合适的错误原因。  Step 413: If the verification fails, the HSS returns a subscription data error message to the new MME, where the message includes an appropriate error reason.
步驟 414, 如果新 MME收到位置更新响应消息, 那么附着流程的后续 过程可以继续执行。 Step 414, if the new MME receives the location update response message, then the follow-up process The process can continue.
步驟 415 , 如果新 MME收到签约数据错误消息, 那么新 MME拒绝终 端的附着, 并向终端返回适当的原因值。  Step 415: If the new MME receives the subscription data error message, the new MME rejects the attachment of the terminal and returns an appropriate cause value to the terminal.
需要说明的是,对于上述操作方式一,根据运营商的需要,如果在 HSS 数据库的记录中查找不到终端的 IMEI或终端正在使用的 IMSI, 则可以选 择拒绝终端接入, 也可以当作 IMEI或 IMSI对应的列表为空来处理; 对于 上述操作方式二, 如果在 HSS数据库的记录中查找不到终端的 IMEI或终 端正在使用的 IMSI , 则可以选择拒绝终端接入, 也可以当作没有组标识的 情况来处理。  It should be noted that, for the foregoing operation mode 1, according to the needs of the operator, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
另外, 为了满足实际应用中不同级别的接入认证需求, 针对上述操作 方式一, 本发明可以扩展 IMSI列表和 IMEI列表的表头, 增加 lbit的标识 位, 用以标识终端的 IMEI和终端正在使用的 IMSI是否为通用的 IMEI和 IMSI, 例如: 标识位置 0表示为普通 IMEI或 IMSI, 标识位置 1表示为通 用 IMEI或 IMSI; 如果是通用 IMEI, 那么该 IMEI拥有绝对的权限, 可以 使用任何 USIM; 如果是通用 IMSI, 那么该 IMSI拥有绝对的权限, 可以使 用任何 ME。  In addition, in order to meet the different levels of access authentication requirements in the actual application, the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used. Whether the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
针对这种表头的扩展, 在执行绑定关系校验的过程中, 在查询终端的 IMEI签约的 IMSI列表, 以及终端正在使用的 IMSI签约的 IMEI列表时, HSS根据 IMSI列表的表头的标识位识别终端的 IMEI是否为通用 IMEI,根 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使用的 IMSI为通用 IMSI, 则绑定关系的校验通过; 否则, 按照上述操作方式一所述继续进行绑定关 系校验。  For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the HSS identifies the header according to the header of the IMSI list. The bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
为了满足实际应用中不同级别的接入认证需求, 针对上述操作方式二, 本发明可以扩展组标识的一个 bit作为类型标识位, 用以标识终端的 IMEI 和终端正在使用的 IMSI是否为通用的 IMEI和 IMSI, 例如: 标识位置 0表 示为普通 IMEI或 IMSI, 标识位置 1表示为通用 IMEI或 IMSI; 如果是通 用 IMEI, 那么该 IMEI拥有绝对的权限, 可以使用任何 USIM; 如果是通用 IMSI, 那么该 IMSI拥有绝对的权限, 可以使用任何 ME。 In order to meet the requirements of different levels of access authentication in the actual application, the present invention can extend a bit of the group identifier as a type identifier to identify the IMEI of the terminal. And whether the IMSI being used by the terminal is a general IMEI and an IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, the IMEI has absolute authority, Use any USIM; if it is a generic IMSI, then the IMSI has absolute permissions and can use any ME.
针对这种表头的扩展, 在执行绑定关系校验的过程中, 在查询终端的 For the extension of this header, in the process of performing binding relationship verification, in the query terminal
IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识时, HSS 根据 IMEI签约的组标识的标识位识别终端的 IMEI是否为通用 IMEI,根据 IMSI签约的组标识的标识位识别终端正在使用的 IMSI是否为通用 IMSI; 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使用的 IMSI为通用 IMSI, 则绑定关系的校验通过; 否则, 按照上述操作方式二所述继续进行绑定关 系校验。 When the group identifier of the IMEI is signed, and the group identifier of the IMSI contracted by the terminal, the HSS identifies whether the IMEI of the terminal is a general IMEI according to the identifier of the group identifier of the IMEI contract, and identifies the terminal according to the identifier of the group identifier of the IMSI contract. Whether the IMSI being used is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship is passed; otherwise, the binding is continued as described in the above operation mode 2. Determine the relationship check.
在本发明的实施例三中,依据图 2所示的方法,在 EIR中存储维护 IMSI 签约的 IMEI列表, 以及 IMEI签约的 IMSI列表, EIR对终端进行 IMEI与 IMSI绑定关系的校验, 并最终完成 EPS附着的过程, 如图 5所示, 主要包 括以下步驟:  In the third embodiment of the present invention, according to the method shown in FIG. 2, the IMEI list for maintaining the IMSI subscription and the IMSI list of the IMEI subscription are stored in the EIR, and the EIR checks the binding relationship between the IMEI and the IMSI for the terminal, and The process of finally completing the EPS attachment, as shown in FIG. 5, mainly includes the following steps:
步驟 501~508的操作与图 3所示实施例中步驟 301~308的操作相同, 此处不再赘述。  The operations of the steps 501 to 508 are the same as those of the steps 301 to 308 in the embodiment shown in FIG. 3, and details are not described herein again.
步驟 509,新 MME向 EIR发送设备识别码检查请求消息, 该请求消息 中包含用户的 IMSI和终端的 IMEI。  Step 509: The new MME sends a device identifier check request message to the EIR, where the request message includes the IMSI of the user and the IMEI of the terminal.
步驟 510~511 , EIR检索自身的数据库, 以校验新 MME发送来的 IMSI 和 IMEI的绑定关系 , 并向新 MME返回设备识别码检查响应消息 , 该响应 消息中包含校验结果。  Steps 510-511, the EIR retrieves its own database to verify the binding relationship between the IMSI and the IMEI sent by the new MME, and returns a device ID check response message to the new MME, where the response message includes the verification result.
EIR按照上述操作方式一执行绑定关系校验, 此处不再赘述。  The EIR performs binding check verification according to the above operation mode, and details are not described herein again.
步驟 512,如果新 MME收到 EIR返回的校验结果为校验通过, 则附着 流程的后续过程可以继续执行。 步驟 513 ,如果新 MME收到 EIR返回的检查结果为校验未通过, 则新 MME拒绝终端的附着请求并返回适当的原因值。 Step 512: If the new MME receives the verification result returned by the EIR as the verification, the subsequent process of the attach process may continue to be performed. Step 513: If the new MME receives the check result returned by the EIR, the check fails, the new MME rejects the attach request of the terminal and returns an appropriate cause value.
需要说明的是, 对于上述操作方式一, 根据运营商的需要, 如果在 EIR 数据库的记录中查找不到终端的 IMEI或终端正在使用的 IMSI, 则可以选 择拒绝终端接入, 也可以当作 IMEI或 IMSI对应的列表为空来处理。  It should be noted that, for the foregoing operation mode 1, according to the needs of the operator, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the EIR database, the terminal access may be refused, or may be regarded as an IMEI. Or the list corresponding to the IMSI is empty to handle.
另外, 为了满足实际应用中不同级别的接入认证需求, 针对上述操作 方式一, 本发明可以扩展 IMSI列表和 IMEI列表的表头, 增加 lbit的标识 位, 用以标识终端的 IMEI和终端正在使用的 IMSI是否为通用的 IMEI和 IMSI, 例如: 标识位置 0表示为普通 IMEI或 IMSI, 标识位置 1表示为通 用 IMEI或 IMSI; 如果是通用 IMEI, 那么该 IMEI拥有绝对的权限, 可以 使用任何 USIM; 如果是通用 IMSI, 那么该 IMSI拥有绝对的权限, 可以使 用任何 ME。  In addition, in order to meet the different levels of access authentication requirements in the actual application, the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used. Whether the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
针对这种表头的扩展, 在执行绑定关系校验的过程中, 在查询终端的 IMEI签约的 IMSI列表, 以及终端正在使用的 IMSI签约的 IMEI列表时, EIR根据 IMSI列表的表头的标识位识别终端的 IMEI是否为通用 IMEI, 根 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使用的 IMSI为通用 IMSI, 则绑定关系的校验通过; 否则, 按照上述操作方式一所述继续进行绑定关 系校验。  For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the EIR is based on the identifier of the header of the IMSI list. The bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
为实现上述 IMSI与 IMEI绑定关系的校验方法, 本发明所提供的一种 A method for verifying the above IMSI and IMEI binding relationship, the present invention provides a
IMSI与 IMEI绑定关系的校验装置, 如图 6所示, 包括: 信息获取模块 10 和查询校验模块 20。 信息获取模块 10, 用于获取终端的 IMEI和终端正在 使用的 IMSI。查询校验模块 20,用于根据获取到的 IMEI和 IMSI,查询 IMSI 与 IMEI 的对应关系, 并^^据查询结果对终端的 IMEI 与终端正在使用的 IMSI进行绑定关系校险。 其中, IMSI与 IMEI的对应关系可以采用第一种维护方式,即包括: IMSI 签约的 IMEI列表和 IMEI签约的 IMSI列表。 相应的, 查询校验模块 20可 以采用操作方式一进行绑定关系校验, 具体为: The verification device of the binding relationship between the IMSI and the IMEI, as shown in FIG. 6, includes: an information acquisition module 10 and a query verification module 20. The information obtaining module 10 is configured to acquire an IMEI of the terminal and an IMSI that the terminal is using. The query verification module 20 is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform a binding relationship between the IMEI of the terminal and the IMSI used by the terminal according to the query result. The mapping between the IMSI and the IMEI may adopt the first maintenance mode, that is, the IMSI-signed IMEI list and the IMEI-signed IMSI list. Correspondingly, the query verification module 20 can perform the binding relationship verification by using the operation mode, which is specifically:
查询终端的 IMEI签约的 IMSI列表,以及终端正在使用的 IMSI签约的 IMEI列表, 如果 IMSI列表中存在终端正在使用的 IMSI, 且 IMEI列表中 存在终端的 IMEI, 则判定绑定关系的校验通过; 如果 IMSI列表中不存在 终端正在使用的 IMSI, 和 /或 IMEI列表中不存在终端的 IMEI, 则判定绑定 关系的校验未通过; 如果终端的 IMEI签约的 IMSI列表为空, 且终端正在 使用的 IMSI签约的 IMEI列表也为空, 则判定绑定关系的校验通过; 如果 终端的 IMEI签约的 IMSI列表为空, 且终端正在使用的 IMSI签约的 IMEI 列表不为空, 则判定绑定关系的校验未通过; 如果终端正在使用的 IMSI签 约的 IMEI列表为空, 且终端的 IMEI签约的 IMSI列表不为空, 则判定绑 定关系的校验未通过。  Querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI subscription that the terminal is using. If the IMSI of the terminal is in use in the IMSI list, and the IMEI of the terminal exists in the IMEI list, the verification of the binding relationship is determined; If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the check of the binding relationship fails; if the IMSI list of the IMEI of the terminal is empty, and the terminal is in use If the IMEI list of the IMSI subscription is also empty, it is determined that the binding of the binding relationship is passed; if the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, the binding relationship is determined. The verification fails. If the IMEI list of the IMSI subscription that the terminal is using is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
较佳的, 在查询终端的 IMEI签约的 IMSI列表, 以及终端正在使用的 IMSI签约的 IMEI列表时 ,根据 IMSI列表的表头的标识位识别终端的 IMEI 是否为通用 IMEI, 根据 IMEI 列表的表头的标识位识别终端正在使用的 IMSI是否为通用 IMSI; 如果终端的 IMEI为通用 IMEI, 和 /或终端正在使 用的 IMSI为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照操作方 式一中所述继续进行绑定关系校验。  Preferably, when the IMSI list of the IMEI subscription of the terminal is queried, and the IMEI list of the IMSI contracted by the terminal, the identifier of the header of the IMSI list is used to identify whether the IMEI of the terminal is a general IMEI, according to the header of the IMEI list. The identifier bit identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation mode The binding relationship check is continued as described in .
IMSI与 IMEI的对应关系可以采用第二种维护方式, 即包括: IMSI签 约的组标识和 IMEI签约的组标识。 相应的, 查询校验模块 20可以采用操 作方式二进行绑定关系校验, 具体为: 查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识, 并判断所查询的组标识是否一 致, 如果一致, 则判定绑定关系的校验通过; 如果不一致, 则判定绑定关 系的校验未通过; 如果终端的 IMEI和终端正在使用的 IMSI都没有签约组 标识, 则判定绑定关系的校验通过; 如果对于终端的 IMEI和终端正在使用 的 IMSI, 只有其中之一没有签约组标识, 则判定绑定关系的校验未通过。 The mapping between the IMSI and the IMEI can be performed in the second maintenance mode, that is, the IMSI contracted group identifier and the IMEI contracted group identifier. Correspondingly, the query verification module 20 can perform the binding relationship check in the operation mode 2, specifically: querying the group identifier of the IMEI signed by the terminal, and the group identifier signed by the IMSI that the terminal is using, and determining the queried query. Whether the group IDs are consistent. If they are consistent, the checksum of the binding relationship is determined. If they are inconsistent, the checksum of the binding relationship is not passed. If the IMEI of the terminal and the IMSI being used by the terminal are not signed, The identifier is determined to pass the verification of the binding relationship. If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have the subscription group identifier, it is determined that the verification of the binding relationship fails.
较佳的, 在查询终端的 IMEI 所签约的组标识, 以及终端正在使用的 IMSI 所签约的组标识时, 根据 IMEI签约的组标识的标识位识别终端的 IMEI是否为通用 IMEI, 根据 IMSI签约的组标识的标识位识别终端正在使 用的 IMSI是否为通用 IMSI; 如果终端的 IMEI为通用 IMEI, 和 /或终端正 在使用的 IMSI为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照操 作方式二中所述继续进行绑定关系校验。  Preferably, when the group identifier signed by the IMEI of the terminal is queried, and the group identifier of the IMSI that the terminal is using, the identifier of the group identifier of the IMEI is identified as whether the IMEI of the terminal is a general IMEI, and the IMEI is contracted according to the IMSI. The identifier of the group identifier identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation The binding relationship check is continued as described in mode 2.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种国际移动用户识别码(IMSI )与国际移动设备身份码(IMEI ) 绑定关系的校验方法, 其特征在于, 该方法包括:  A method for verifying a binding relationship between an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI), the method comprising:
根据获取到的终端的 IMEI和终端正在使用的 IMSI,查询 IMSI与 IMEI 的对应关系, 并根据查询结果对所述终端的 IMEI与终端正在使用的 IMSI 进行绑定关系校验。  According to the obtained IMEI of the terminal and the IMSI that the terminal is using, the correspondence between the IMSI and the IMEI is queried, and the binding relationship between the IMEI of the terminal and the IMSI being used by the terminal is verified according to the query result.
2、根据权利要求 1所述 IMSI与 IMEI绑定关系的校验方法, 其特征在 于, 所述 IMSI与 IMEI的对应关系包括: IMSI签约的 IMEI列表和 IMEI 签约的 IMSI列表。  The method for verifying the binding relationship between the IMSI and the IMEI according to claim 1, wherein the correspondence between the IMSI and the IMEI comprises: an IMSI subscription IMEI list and an IMEI subscription IMSI list.
3、根据权利要求 2所述 IMSI与 IMEI绑定关系的校验方法, 其特征在 于, 所述查询对应关系, 并根据查询结果对终端的 IMEI与终端正在使用的 The method for verifying the binding relationship between the IMSI and the IMEI according to claim 2, wherein the query correspondence relationship is performed on the IMEI of the terminal and the terminal according to the query result.
IMSI进行绑定关系校验, 具体为: IMSI performs binding relationship verification, which is specifically as follows:
查询所述终端的 IMEI签约的 IMSI 列表, 以及所述终端正在使用的 Querying the IMSI list of the IMEI subscription of the terminal, and the terminal being used by the terminal
IMSI签约的 IMEI列表, 如果所述 IMSI列表中存在所述终端正在使用的 IMSI, 且所述 IMEI列表中存在所述终端的 IMEI , 则判定绑定关系的校验 通过; An IMSI-signed IMEI list, if the IMSI is in use in the IMSI list, and the IMEI of the terminal exists in the IMEI list, it is determined that the binding relationship is verified;
如果所述 IMSI 列表中不存在所述终端正在使用的 IMSI, 和 /或所述 IMEI列表中不存在所述终端的 IMEI, 则判定绑定关系的校险未通过;  If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the school insurance of the binding relationship fails;
如果所述终端的 IMEI签约的 IMSI列表为空, 且所述终端正在使用的 IMSI签约的 IMEI列表也为空, 则判定绑定关系的校验通过;  If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
如果终端的 IMEI签约的 IMSI列表为空,且终端正在使用的 IMSI签约 的 IMEI列表不为空, 则判定绑定关系的校验未通过;  If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, it is determined that the verification of the binding relationship fails.
如果终端正在使用的 IMSI签约的 IMEI列表为空, 且终端的 IMEI签 约的 IMSI列表不为空, 则判定绑定关系的校验未通过。  If the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
4、根据权利要求 3所述 IMSI与 IMEI绑定关系的校验方法, 其特征在 于, 所述查询对应关系, 并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 进一步包括: 4. The method for verifying the binding relationship between an IMSI and an IMEI according to claim 3, characterized in that The querying the relationship, and performing the binding relationship check between the IMEI of the terminal and the IMSI used by the terminal according to the query result, further includes:
在查询所述终端的 IMEI签约的 IMSI列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表时,根据所述 IMSI列表的表头的标识位识别所述终 端的 IMEI是否为通用 IMEI,根据所述 IMEI列表的表头的标识位识别所述 终端正在使用的 IMSI是否为通用 IMSI;  When querying the IMSI list of the IMEI subscription of the terminal, and the IMEI subscription IMEI list that the terminal is using, identifying whether the IMEI of the terminal is a general IMEI according to the identifier of the header of the IMSI list, according to The identifier of the header of the IMEI list identifies whether the IMSI being used by the terminal is a general IMSI;
如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 3中所述 继续进行绑定关系校验。  If the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 3. .
5、根据权利要求 2所述述 IMSI与 IMEI绑定关系的校验方法, 其特征 在于, 所述 IMSI与 IMEI的对应关系包括: IMSI签约的组标识和 IMEI签 约的组标识。  The method for verifying the binding relationship between the IMSI and the IMEI according to claim 2, wherein the correspondence between the IMSI and the IMEI comprises: an IMSI-signed group identifier and an IMEI-signed group identifier.
6、根据权利要求 5所述 IMSI与 IMEI绑定关系的校验方法, 其特征在 于, 所述查询对应关系, 并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 具体为:  The method for verifying the binding relationship between the IMSI and the IMEI according to claim 5, wherein the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI being used by the terminal is verified according to the query result. Specifically:
查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约 的组标识, 并判断所查询的组标识是否一致, 如果一致, 则判定绑定关系 的校验通过; 如果不一致, 则判定绑定关系的校验未通过;  Querying the group identifier of the IMEI that is signed by the terminal, and the group identifier of the IMSI that the terminal is using, and determining whether the group IDs that are queried are consistent. If they are consistent, the binding of the binding relationship is determined; if not, it is determined. The checksum of the binding relationship failed.
如果终端的 IMEI和终端正在使用的 IMSI都没有签约组标识, 则判定 绑定关系的校验通过;  If the IMEI of the terminal and the IMSI being used by the terminal do not have the subscription group identifier, it is determined that the verification of the binding relationship is passed;
如果对于终端的 IMEI和终端正在使用的 IMSI, 只有其中之一没有签 约组标识, 则判定绑定关系的校验未通过。  If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have a signed group identifier, it is determined that the check of the binding relationship has not passed.
7、根据权利要求 6所述 IMSI与 IMEI绑定关系的校验方法, 其特征在 于, 所述查询对应关系, 并根据查询结果对终端的 IMEI与终端正在使用的 IMSI进行绑定关系校验, 进一步包括: 在查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签 是否为通用 IMEI, 根据所述 IMSI签约的组标识的标识位识别所述终端正 在使用的 IMSI是否为通用 IMSI; The method for verifying the binding relationship between the IMSI and the IMEI according to claim 6, wherein the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI used by the terminal is verified according to the query result. Further includes: Querying the group identifier of the IMEI of the terminal, and whether the IMSI signed by the terminal is a general IMEI, and identifying, according to the identifier of the group identifier of the IMSI contract, whether the IMSI being used by the terminal is a general IMSI;
如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 6中所述 继续进行绑定关系校验。  If the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 6. .
8、一种 IMSI与 IMEI绑定关系的校验装置,其特征在于,该装置包括: 信息获取模块, 用于获取终端的 IMEI和终端正在使用的 IMSI;  A device for verifying the binding relationship between the IMSI and the IMEI, the device comprising: an information acquisition module, configured to acquire an IMEI of the terminal and an IMSI that the terminal is using;
查询校险模块, 用于根据获取到的 IMEI和 IMSI, 查询 IMSI与 IMEI 的对应关系, 并根据查询结果对所述终端的 IMEI与终端正在使用的 IMSI 进行绑定关系校验。  The query insurance module is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform binding verification on the IMEI of the terminal and the IMSI that the terminal is using according to the query result.
9、根据权利要求 8所述 IMSI与 IMEI绑定关系的校验装置, 其特征在 于, 所述 IMSI与 IMEI的对应关系包括: IMSI签约的 IMEI列表和 IMEI 签约的 IMSI列表。  The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 8, wherein the correspondence between the IMSI and the IMEI comprises: an IMSI subscription IMEI list and an IMEI subscription IMSI list.
10、 根据权利要求 9所述 IMSI与 IMEI绑定关系的校验装置, 其特征 在于, 所述查询校险模块进一步用于, 查询所述终端的 IMEI签约的 IMSI 列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表, 如果所述 IMSI 列表中存在所述终端正在使用的 IMSI, 且所述 IMEI列表中存在所述终端 的 IMEI, 则判定绑定关系的校验通过;  The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 9, wherein the querying the insurance module is further configured to query the IMSI list of the IMEI subscription of the terminal, and the terminal is in use If the IMSI of the IMSI is in the IMSI list, if the IMSI of the terminal is in the IMSI list, and the IMEI of the terminal exists in the IMEI list, it is determined that the verification of the binding relationship is passed;
如果所述 IMSI 列表中不存在所述终端正在使用的 IMSI, 和 /或所述 IMEI列表中不存在所述终端的 IMEI, 则判定绑定关系的校险未通过;  If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the school insurance of the binding relationship fails;
如果所述终端的 IMEI签约的 IMSI列表为空, 且所述终端正在使用的 IMSI签约的 IMEI列表也为空, 则判定绑定关系的校验通过;  If the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
如果终端的 IMEI签约的 IMSI列表为空,且终端正在使用的 IMSI签约 的 IMEI列表不为空, 则判定绑定关系的校验未通过; If the IMSI of the terminal's IMEI subscription is empty, and the IMSI subscription of the terminal is being used If the IMEI list is not empty, it is determined that the check of the binding relationship has not passed;
如果终端正在使用的 IMSI签约的 IMEI列表为空, 且终端的 IMEI签 约的 IMSI列表不为空, 则判定绑定关系的校验未通过。  If the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
11、根据权利要求 10所述 IMSI与 IMEI绑定关系的校验装置, 其特征 在于,所述查询校险模块进一步用于,在查询所述终端的 IMEI签约的 IMSI 列表, 以及所述终端正在使用的 IMSI签约的 IMEI列表时, 根据所述 IMSI 列表的表头的标识位识别所述终端的 IMEI是否为通用 IMEI, 根据所述 如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 10中所述 继续进行绑定关系校验。  The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 10, wherein the querying the insurance module is further configured to query the IMSI list of the IMEI subscription of the terminal, and the terminal is When the IMSI-signed IMEI list is used, it is determined whether the IMEI of the terminal is a general IMEI according to the identifier of the header of the IMSI list, according to if the IMEI of the terminal is a general IMEI, and/or the terminal If the IMSI being used is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 10.
12、 根据权利要求 8所述 IMSI与 IMEI绑定关系的校验装置, 其特征 在于, 所述 IMSI与 IMEI的对应关系包括: IMSI签约的组标识和 IMEI签 约的组标识。  12. The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 8, wherein the correspondence between the IMSI and the IMEI comprises: an IMSI-signed group identifier and an IMEI-signed group identifier.
13、根据权利要求 12所述 IMSI与 IMEI绑定关系的校验装置, 其特征 在于, 所述查询校险模块进一步用于, 查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识, 并判断所查询的组标识是否一 致, 如果一致, 则判定绑定关系的校验通过; 如果不一致, 则判定绑定关 系的校验未通过;  The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 12, wherein the querying the insurance module is further configured to: query the group identifier of the IMEI signed by the terminal, and the IMSI used by the terminal. The group ID of the contract is determined, and it is determined whether the group IDs are consistent. If they are consistent, the binding of the binding relationship is determined; if not, the verification of the binding relationship is not passed;
如果终端的 IMEI和终端正在使用的 IMSI都没有签约组标识, 则判定 绑定关系的校验通过;  If the IMEI of the terminal and the IMSI being used by the terminal do not have the subscription group identifier, it is determined that the verification of the binding relationship is passed;
如果对于终端的 IMEI和终端正在使用的 IMSI, 只有其中之一没有签 约组标识, 则判定绑定关系的校验未通过。  If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have a signed group identifier, it is determined that the check of the binding relationship has not passed.
14、根据权利要求 13所述 IMSI与 IMEI绑定关系的校验装置, 其特征 在于,所述查询校险模块进一步用于,在查询终端的 IMEI所签约的组标识, 以及终端正在使用的 IMSI所签约的组标识时, 根据所述 IMEI签约的组标 识的标识位识别所述终端的 IMEI是否为通用 IMEI,根据所述 IMSI签约的 如果所述终端的 IMEI为通用 IMEI, 和 /或所述终端正在使用的 IMSI 为通用 IMSI, 则判定绑定关系的校验通过; 否则, 按照权利要求 13中所述 继续进行绑定关系校验。 The apparatus for verifying the binding relationship between the IMSI and the IMEI according to claim 13, wherein the querying the insurance module is further configured to query the group identifier of the IMEI signed by the terminal, And determining, according to the identifier of the group identifier of the IMEI subscription, whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is contracted according to the IMSI, the IMEI is a general IMEI. And/or the IMSI being used by the terminal is a general IMSI, and then the verification of the binding relationship is determined to pass; otherwise, the binding relationship verification is continued as described in claim 13.
PCT/CN2010/078785 2009-11-23 2010-11-16 Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity WO2011060709A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910238240.4A CN102075909B (en) 2009-11-23 2009-11-23 Checking method and device of binding relationship of IMSI and IMEI
CN200910238240.4 2009-11-23

Publications (1)

Publication Number Publication Date
WO2011060709A1 true WO2011060709A1 (en) 2011-05-26

Family

ID=44034222

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/078785 WO2011060709A1 (en) 2009-11-23 2010-11-16 Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity

Country Status (2)

Country Link
CN (1) CN102075909B (en)
WO (1) WO2011060709A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750424A4 (en) * 2011-11-11 2015-03-04 Zte Corp Method, device and system for binding mtc device and uicc
EP4021041A4 (en) * 2019-08-29 2022-10-05 Huawei Cloud Computing Technologies Co., Ltd. Iot device data management method, apparatus, and system
CN116828460A (en) * 2023-06-29 2023-09-29 广州爱浦路网络技术有限公司 Information interaction system, method and device based on attachment flow and storage medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011157142A2 (en) * 2011-05-31 2011-12-22 华为技术有限公司 Method and apparatus for message transmission
CN102857919B (en) * 2011-06-30 2019-08-30 中兴通讯股份有限公司 The triggering method and system of equipment for machine type communication
CN102892102B (en) * 2011-07-19 2015-08-19 中国移动通信集团公司 A kind of method, system and equipment realizing binding machine and card in a mobile network
CN102307348B (en) * 2011-08-09 2013-12-18 中国联合网络通信集团有限公司 MTC (machine type communication) equipment triggering method and system as well as mobile communication network equipment
CN103107878B (en) * 2011-11-15 2017-10-03 中兴通讯股份有限公司 The method and device that mobile subscriber identifier identification card is bound with equipment for machine type communication
CN104811978B (en) * 2015-04-15 2018-05-29 珠海世纪鼎利科技股份有限公司 The method of IMSI and IMEI matching errors in a kind of quick detection LTE signalings
CN109714493B (en) * 2017-10-26 2021-06-18 中国电信股份有限公司 Method, device and system for binding machine-card pool
CN109756883A (en) * 2017-11-06 2019-05-14 中国电信股份有限公司 The mobile communication number access right method of inspection, verifying bench and communication system
CN109088949B (en) * 2018-10-22 2021-05-25 中国联合网络通信集团有限公司 Matching method of Internet of things services and MME
CN111356121B (en) * 2018-12-21 2024-01-26 西安佰才邦网络技术有限公司 Method and equipment for binding subscription data based on blockchain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000078076A1 (en) * 1999-06-15 2000-12-21 Nokia Corporation Detecting copied identity of terminal equipment
CN1703109A (en) * 2004-05-27 2005-11-30 法国无线电话公司 Method and apparatus for secure duplication of SIM card informations
CN101022672A (en) * 2007-02-16 2007-08-22 华为技术有限公司 Method and system for testing mobile user legality

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000078076A1 (en) * 1999-06-15 2000-12-21 Nokia Corporation Detecting copied identity of terminal equipment
CN1703109A (en) * 2004-05-27 2005-11-30 法国无线电话公司 Method and apparatus for secure duplication of SIM card informations
CN101022672A (en) * 2007-02-16 2007-08-22 华为技术有限公司 Method and system for testing mobile user legality

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750424A4 (en) * 2011-11-11 2015-03-04 Zte Corp Method, device and system for binding mtc device and uicc
US9158549B2 (en) 2011-11-11 2015-10-13 Zte Corporation Method, apparatus and system for binding MTC device and UICC
EP4021041A4 (en) * 2019-08-29 2022-10-05 Huawei Cloud Computing Technologies Co., Ltd. Iot device data management method, apparatus, and system
CN116828460A (en) * 2023-06-29 2023-09-29 广州爱浦路网络技术有限公司 Information interaction system, method and device based on attachment flow and storage medium
CN116828460B (en) * 2023-06-29 2024-04-19 广州爱浦路网络技术有限公司 Information interaction system, method and device based on attachment flow and storage medium

Also Published As

Publication number Publication date
CN102075909A (en) 2011-05-25
CN102075909B (en) 2014-01-01

Similar Documents

Publication Publication Date Title
WO2011060709A1 (en) Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity
EP3629613B1 (en) Network verification method, and relevant device and system
US10474522B2 (en) Providing a network access failure cause value of a user equipment
EP3984281B1 (en) Method and system for handling of closed access group related procedure
KR101167781B1 (en) System and method for authenticating a context transfer
WO2011000315A1 (en) Method, network device and network system for group management
CN111869182B (en) Method for authenticating equipment, communication system and communication equipment
CN105828413B (en) Safety method, terminal and system for D2D mode B discovery
WO2007019771A1 (en) An access control method of the user altering the visited network, the unit and the system thereof
CN101330740A (en) Method for selecting gateway in wireless network
EP3324681B1 (en) Processing method and device for accessing to 3gpp network by terminal
WO2012167500A1 (en) Method for establishing data security channel for tunnel
WO2011054251A1 (en) Method, system and terminal for preventing access from illegal terminals
US20150023350A1 (en) Network connection via a proxy device using a generic access point name
WO2009152676A1 (en) Aaa server, p-gw, pcrf, method and system for obtaining the ue's id
WO2014015698A1 (en) Method and system for searching for external identifier of terminal
WO2013131461A1 (en) Method and device for accessing user equipment to fusion control network element
US20220279471A1 (en) Wireless communication method for registration procedure
WO2018058365A1 (en) Network access authorization method, and related device and system
WO2012151941A1 (en) Method and system for selecting mobility management entity of terminal group
WO2010139285A1 (en) Information synchronization method, communication system and devices thereof
WO2017178054A1 (en) Registration of data packet traffic for a wireless device
WO2011044816A1 (en) Monitoring method and monitoring device for user equipment
EP3114865A1 (en) Using services of a mobile packet core network
CN101472261B (en) Method for customer equipment to access business network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10831124

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10831124

Country of ref document: EP

Kind code of ref document: A1