WO2011060709A1 - Procédé et dispositif de vérification de relation d'association entre identité internationale d'abonné mobile et identité internationale d'équipement mobile - Google Patents

Procédé et dispositif de vérification de relation d'association entre identité internationale d'abonné mobile et identité internationale d'équipement mobile Download PDF

Info

Publication number
WO2011060709A1
WO2011060709A1 PCT/CN2010/078785 CN2010078785W WO2011060709A1 WO 2011060709 A1 WO2011060709 A1 WO 2011060709A1 CN 2010078785 W CN2010078785 W CN 2010078785W WO 2011060709 A1 WO2011060709 A1 WO 2011060709A1
Authority
WO
WIPO (PCT)
Prior art keywords
imsi
imei
terminal
binding relationship
list
Prior art date
Application number
PCT/CN2010/078785
Other languages
English (en)
Chinese (zh)
Inventor
周成
曲爱妍
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011060709A1 publication Critical patent/WO2011060709A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]

Definitions

  • the present invention relates to user identification and terminal identification technologies in the field of communications, and in particular, to a method and apparatus for verifying the binding relationship between an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI).
  • IMSI International Mobile Subscriber Identity
  • IMEI International Mobile Equipment Identity
  • the 3GPP (3rd Generation Partnership Project) standard working group is working on the evolution of the Evolved Packet System (EPS).
  • the existing EPS system is shown in Figure 1. It mainly includes the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and the Evolved Packet Core (EPC).
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • EPC Evolved Packet Core
  • the system's EPC is capable of supporting users' access from the GSM EDGE Radio Access Network (GERAN, GSM EDGE Radio Access Network) and the Universal Terrestrial Radio Access Network (UTRAN).
  • GSM EDGE Radio Access Network GSM EDGE Radio Access Network
  • UTRAN Universal Terrestrial Radio Access Network
  • the EPC mainly includes a Mobility Management Entity (MME), a S-GW (Serving Gateway), a Packet Data Network Gateway (P-GW), and a Home Subscriber Server (HSS, Home Subscriber Server), Policy and Charging Rules Function (PCRF), Supporting GPRS Supporting Node (SGSN) and other supporting nodes.
  • MME Mobility Management Entity
  • S-GW Serving Gateway
  • P-GW Packet Data Network Gateway
  • HSS Home Subscriber Server
  • PCRF Policy and Charging Rules Function
  • SGSN Supporting GPRS Supporting Node
  • the HSS is the permanent storage location of the user subscription data, located in the home network that the user subscribes to;
  • the MME is the location where the user subscription data is stored in the current network, and is responsible for the non-access stratum of the terminal to the network (NAS, Non-Access Stratum).
  • S-GW is the gateway from the core network to the wireless system, responsible for user plane bearer from the terminal to the core network, data buffer in the idle mode of the terminal, function of initiating service request on the network side, legal eavesdropping and grouping Data routing and forwarding function
  • P-GW is the gateway of EPS and external network of the system, responsible for terminal IP address allocation, charging function, packet filtering, policy application, etc.
  • PCRF is a policy and charging rule function entity, it
  • the receiving interface Rx is connected to the service network protocol (IP, Internet Protocol) to obtain service information.
  • IP Internet Protocol
  • IP Internet Protocol
  • the EPC also includes user equipment (UE, User Equipment), machine type communication server (MTC Server), MTC device (MTC Device, Machine Type Communication Device) and device i only ll register (EIR, Equipment Identity Register) and so on.
  • the UE includes a Universal Integrated Circuit Card (UICC) and a mobile terminal (ME, Mobile Equipment), and the uppermost layer of the protocol stack with the MME is NAS; the MTC Server is mainly responsible for management and data storage of the MTC device/
  • the MTC device is similar to the UE. It also includes the UICC and the ME. It is usually responsible for collecting information of several collectors and accessing the core network through the RAN (Radio Access Network) node and interacting with the MTC Server.
  • EIR is a database that stores device identification codes for MEs, and implements operations such as identification, monitoring, and blocking of MEs.
  • the user's International Mobile Subscriber Identity IMSI, International Mobile Subscriber Identity
  • IMSI International Mobile Subscriber Identity
  • USIM Universal Subscriber Identity Module
  • IMEI International Mobile Equipment Identity
  • the IMEI is globally unique to each UE and MTC device.
  • M2M machine-to-machine
  • the IMEI of an MTC device uniquely corresponds to the IMSI of the inserted device, or It is limited to correspond to several specified IMSIs; conversely, an IMSI is also limited to one or several specified IMEIs. Therefore, the relationship between the IMSI and the IMEI needs to be stored in the network to limit the illegal device and the USIM to access the network, thereby implementing anti-theft.
  • existing LTE networks are not able to meet this demand. Summary of the invention
  • the main object of the present invention is to provide a method and apparatus for verifying the binding relationship between IMSI and IMEI, so as to implement identification and verification of the binding relationship between IMSI and IMEI.
  • the present invention provides a method for verifying the binding relationship between the IMSI and the IMEI.
  • the method includes: querying the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI being used by the terminal, and according to the query result, The IMEI of the terminal is checked against the IMSI that the terminal is using.
  • the correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
  • the IMSI of the terminal is not in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the verification of the binding relationship fails;
  • the binding relationship is determined. The verification failed;
  • the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI being used by the terminal is verified according to the query result, and further includes:
  • the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 3. .
  • the correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
  • the query corresponds to the relationship, and the binding relationship between the IMEI of the terminal and the IMSI that the terminal is using is verified according to the query result, which is specifically:
  • the query corresponds to the relationship, and according to the query result, the IMEI of the terminal and the terminal are being used.
  • IMSI performs binding relationship verification, and further includes:
  • the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 6. .
  • the present invention also provides an apparatus for verifying the binding relationship between the IMSI and the IMEI, the apparatus comprising: an information acquisition module, configured to acquire an IMEI of the terminal and an IMSI that the terminal is using;
  • the query insurance module is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform binding verification on the IMEI of the terminal and the IMSI that the terminal is using according to the query result.
  • the correspondence between the IMSI and the IMEI includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the querying the insurance module is further configured to: query an IMSI list of the IMEI subscription of the terminal, and an IMEI list of the IMSI subscription that the terminal is using, if the IMSI in the IMSI list is in use by the terminal, and If the IMEI of the terminal exists in the IMEI list, it is determined that the verification of the binding relationship is passed;
  • the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the school insurance of the binding relationship fails;
  • the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is also empty, it is determined that the verification of the binding relationship is passed;
  • the IMEI list of the IMSI subscription being used by the terminal is empty, and the IMSI list of the IMEI subscription of the terminal is not empty, it is determined that the verification of the binding relationship has not passed.
  • the querying the insurance module is further configured to: when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, identifying the identifier according to the identifier of the header of the IMSI list Whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the claims The binding relationship check is continued as described in 10.
  • the correspondence between the IMSI and the IMEI includes: an IMSI contracted group identifier and an IMEI contracted group identifier.
  • the querying the insurance module is further configured to: query the group identifier signed by the IMEI of the terminal, and the group identifier signed by the IMSI that the terminal is using, and determine whether the group IDs that are queried are consistent, and if they are consistent, determine the binding relationship. If the check is inconsistent, it is determined that the check of the binding relationship has not passed;
  • the querying the insurance module is further configured to: when querying the group identifier of the IMEI contracted by the terminal, and the group identifier of the IMSI that the terminal is using, identifying the terminal according to the identifier of the group identifier of the IMEI subscription Whether the IMEI is a general IMEI, if the IMEI of the terminal is contracted according to the IMSI, and/or the IMSI being used by the terminal For the general IMSI, it is determined that the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in claim 13.
  • the method and device for verifying the binding relationship between the IMSI and the IMEI provided by the present invention according to the obtained IMEI of the terminal and the IMSI being used by the terminal, query the correspondence between the IMSI and the IMEI, and compare the IMEI of the terminal according to the query result. Binding relationship verification with the IMSI that the terminal is using. Through the invention, the identification and verification of the binding relationship between the IMSI and the IMEI is realized; and the access authentication according to different levels is realized, and the terminal of the M2M type or the terminal of the common type can be applied.
  • FIG. 1 is a schematic structural diagram of an EPS system in the prior art
  • FIG. 2 is a flowchart of a method for verifying a binding relationship between an IMSI and an IMEI according to the present invention
  • FIG. 3 is a flowchart of an EPS attachment according to Embodiment 1 of the present invention
  • FIG. 5 is a flowchart of an EPS attachment according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic diagram showing the structure of a verification apparatus for binding relationship between IMSI and IMEI according to the present invention. detailed description
  • the method for verifying the binding relationship between the IMSI and the IMEI provided by the present invention mainly includes the following steps:
  • Step 201 Query the correspondence between the IMSI and the IMEI according to the obtained IMEI of the terminal and the IMSI that the terminal is using.
  • Step 202 Perform a binding relationship check between the IMEI of the terminal and the IMSI used by the terminal according to the query result.
  • the correspondence between the IMSI and the IMEI needs to be maintained, and the correspondence may be in two maintenance forms.
  • the correspondence between the first maintenance mode includes: an IMSI-signed IMEI list and an IMEI-signed IMSI list.
  • the IMSI-signed IMEI list may contain one or more IMEIs, indicating that an IMSI has been contracted to allow the use of one or more IMEI-compliant devices; if the IMEI list is empty, it indicates that the IMSI corresponding to the IMEI list has not signed any IMEIs.
  • the IMSI can use any device that has not subscribed to the IMSI.
  • the IMSI-signed IMSI list may include one or more IMSIs, indicating that an IMEI has been contracted to allow one or more IMSIs to be used; if the IMSI list is empty, it indicates that the IMEI corresponding to the IMSI list has not signed any IMSI, The IMEI can use any IMSI that has not subscribed to the IMEI.
  • the correspondence between the second maintenance modes includes: the group identity of the IMSI contract and the group identifier of the IMEI contract. That is, IMSI and IMEI sign a global unique group identity, and the corresponding relationship stores the group identity of each IMSI and its contract, and the group identity of each IMEI and its contract.
  • the operation mode of the query and binding relationship check is: a. Querying the group identifier of the IMEI that the terminal is subscribed to, and the group identifier of the IMSI that the terminal is using, and determining whether the group IDs that are queried are consistent. If they are consistent, the binding of the binding relationship is determined; if not, Then, it is determined that the verification of the binding relationship has not passed;
  • the present invention can record the contracted IMEI list for each contracted IMSI in the database of the HSS, and record the IMSI list of the contracted IMEI for each application binding contract, that is, the HSS adopts the above-mentioned A maintenance method that stores and maintains the correspondence between IMSI and IMEI.
  • the EIR can also use the first maintenance method described above to store and maintain the correspondence between IMSI and IMEI. Then, correspondingly, the operation mode of the above query and binding relationship verification can be performed by HSS or EIR.
  • the operation mode of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide the IMSI for the MME. Correspondence query service with IMEI.
  • the second maintenance mode can also be used in the HSS database to store and maintain the group ID of the IMSI contract and the group ID of the IMEI contract. Then, correspondingly, the operation mode 2 of the above query and binding relationship insurance can be performed by the HSS.
  • the operation mode 2 of the foregoing query and binding relationship check may also be performed by the MME, but only the HSS is required to provide a group for the MME. Identification of the query service.
  • the IMEI is verified in the MME according to the method shown in FIG. 2.
  • Step 301 The terminal initiates an initial attach, and sends an attach request message to the evolved base station (eNB, evolved NodeB).
  • the message contains the end user's IMSI or the old Global Unique Temporary Identity (GUTI).
  • Step 302 The eNB selects an MME according to the GUTI in the attach request message, or selects an MME according to the network topology, and sends the attach request message to the selected new MME.
  • Step 303 If the old GUTI is carried in the attach request message, and the current new MME is not the MME when the terminal is last attached, the new MME needs to obtain the authentication vector and the key that are not used by the IMSL from the old MME/SGSN. And the identity information, and the integrity check of the attach request message according to the obtained identity information.
  • Step 304 If the terminal does not record in the new MME or the old MME/SGSN, the new MME acquires the IMSI from the terminal. That is, the new MME sends an identity request to the terminal, and the terminal sends the IMSI to the new MME in the identity response.
  • Step 305 If the terminal does not have context information in the new MME, the old MME/SGSN, or if the attach request message in step 301 does not have integrity protection, or if the attach request does not pass the integrity check, the new MME must The HSS sends an authentication data request message.
  • the authentication data request message includes the IMSI of the end user.
  • Step 306 The HSS first searches for the user subscription data corresponding to the IMSI in the authentication data request message. If no subscription is found or the IMSI is blacklisted, the HSS returns an authentication data response to the new MME and carries the appropriate The cause of the error; if the user subscription data corresponding to the IMSI is found, the HSS returns an authentication data response message to the new MME, where the response message includes an authentication vector.
  • Step 307 if steps 305 and 306 are performed, the authentication process must be performed between the new MME and the terminal to verify the validity of the terminal IMSI, and the security mode process is executed to enable the security. Fully connected.
  • Step 308 In the initial attached scenario, the new MME sends a device identifier request message to the terminal, requesting to acquire the IMEI of the terminal; and the terminal returns a device identifier response message to the new MME to inform the new MME of the IMEI of the terminal. Since the secure connection is established, the identification code request message and the identification code response message are encrypted and transmitted.
  • Step 309 If the EIR is deployed on the network, the MME may choose to query the EIR for the validity of the IMEI of the terminal.
  • Step 310 The new MME sends a location update request message to the HSS, where the request message includes IMSI and IMEI of the terminal.
  • Step 311 The HSS returns a location update response message to the new MME.
  • the location update response message needs to include the user subscription data of the terminal, the legal IMEI list signed by the IMSI of the user, and the legal IMSI list signed by the IMEI of the terminal;
  • the location update response message needs to include the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal.
  • Step 312 The new MME performs a binding relationship check between the IMEI of the terminal and the IMSI being used according to the information carried in the location update response message.
  • the new MME needs to follow the above operation mode to the IMEI of the pair of terminals.
  • the IMSI being used by the terminal performs binding relationship verification. If the location update response message returned by the HSS includes the user subscription data of the terminal, the group identifier corresponding to the IMSI of the user, and the group identifier corresponding to the IMEI of the terminal, the new MME needs to use the IMEI of the terminal and the terminal in use according to the foregoing operation mode. IMSI performs binding relationship verification.
  • step 313 if the verification is passed, the subsequent process of the attach process is continued.
  • Step 314 If the check fails, the new MME rejects the attach request of the terminal, and returns an appropriate cause value to the terminal.
  • the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the new MME For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the new MME according to the header of the IMSI list
  • the identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the header of the IMEI list; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI Then, the verification of the binding relationship is passed; otherwise, the binding relationship verification is continued as described in the foregoing operation mode 1.
  • the present invention can extend a bit of the group identifier as a type identifier bit to identify whether the IMEI of the terminal and the IMSI being used by the terminal are general IMEIs.
  • IMSI for example: Identify location 0 table Shown as a normal IMEI or IMSI, the identification location 1 is represented as a general IMEI or IMSI; if it is a general IMEI, then the IMEI has absolute authority and can use any USIM; if it is a general IMSI, then the IMSI has absolute authority and can be used Any ME.
  • the group identifier of the IMEI that is subscribed to the terminal is queried, and the group identifier of the IMSI that the terminal is using, the group that the new MME subscribes according to the IMEI
  • the identified identifier bit identifies whether the IMEI of the terminal is a general IMEI, and identifies whether the IMSI being used by the terminal is a general IMSI according to the identifier of the group identifier of the IMSI contract; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is The general IMSI, the verification of the binding relationship is passed; otherwise, the binding relationship insurance is continued as described in the foregoing operation mode 2.
  • the binding relationship between the IMEI and the IMSI is verified in the HSS, the access is allowed, and the process of EPS attachment is finally completed, as shown in FIG. It mainly includes the following steps:
  • steps 401-410 are the same as the operations of steps 301-310 in the embodiment shown in FIG.
  • Step 411 The HSS performs binding relationship verification according to the IMSI and the IMEI carried in the location update request message.
  • the binding relationship check needs to be performed according to the operation mode. If the HSS database adopts the second maintenance mode, it needs to be bound according to the operation mode 2. Determine the relationship check. I will not repeat them here.
  • Step 412 If the check passes, the HSS returns a location update response message to the new MME, where the response message includes the user's IMSI and user subscription data.
  • Step 413 If the verification fails, the HSS returns a subscription data error message to the new MME, where the message includes an appropriate error reason.
  • Step 414 if the new MME receives the location update response message, then the follow-up process The process can continue.
  • Step 415 If the new MME receives the subscription data error message, the new MME rejects the attachment of the terminal and returns an appropriate cause value to the terminal.
  • the terminal access may be refused, or may be regarded as the IMEI. Or the IMSI corresponding list is empty; for the foregoing operation mode 2, if the IMEI of the terminal or the IMSI used by the terminal is not found in the record of the HSS database, the terminal access may be refused, or may be regarded as no group. The situation of the logo is handled.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the HSS For the extension of the header, in the process of performing the binding relationship check, when querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI contracted by the terminal, the HSS identifies the header according to the header of the IMSI list.
  • the bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
  • the present invention can extend a bit of the group identifier as a type identifier to identify the IMEI of the terminal.
  • the IMSI being used by the terminal is a general IMEI and an IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, the IMEI has absolute authority, Use any USIM; if it is a generic IMSI, then the IMSI has absolute permissions and can use any ME.
  • the HSS identifies whether the IMEI of the terminal is a general IMEI according to the identifier of the group identifier of the IMEI contract, and identifies the terminal according to the identifier of the group identifier of the IMSI contract. Whether the IMSI being used is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, the verification of the binding relationship is passed; otherwise, the binding is continued as described in the above operation mode 2. Determine the relationship check.
  • the IMEI list for maintaining the IMSI subscription and the IMSI list of the IMEI subscription are stored in the EIR, and the EIR checks the binding relationship between the IMEI and the IMSI for the terminal, and
  • the process of finally completing the EPS attachment, as shown in FIG. 5, mainly includes the following steps:
  • Step 509 The new MME sends a device identifier check request message to the EIR, where the request message includes the IMSI of the user and the IMEI of the terminal.
  • Steps 510-511 the EIR retrieves its own database to verify the binding relationship between the IMSI and the IMEI sent by the new MME, and returns a device ID check response message to the new MME, where the response message includes the verification result.
  • the EIR performs binding check verification according to the above operation mode, and details are not described herein again.
  • Step 512 If the new MME receives the verification result returned by the EIR as the verification, the subsequent process of the attach process may continue to be performed.
  • Step 513 If the new MME receives the check result returned by the EIR, the check fails, the new MME rejects the attach request of the terminal and returns an appropriate cause value.
  • the terminal access may be refused, or may be regarded as an IMEI. Or the list corresponding to the IMSI is empty to handle.
  • the present invention can extend the header of the IMSI list and the IMEI list by adding the lbit identifier to identify the IMEI of the terminal and the terminal is being used.
  • the IMSI is a general IMEI and IMSI, for example: the identifier location 0 is represented as a normal IMEI or IMSI, the identifier location 1 is represented as a general IMEI or an IMSI; if it is a general IMEI, then the IMEI has absolute authority, and any USIM can be used; In the case of a generic IMSI, the IMSI has absolute authority and any ME can be used.
  • the EIR is based on the identifier of the header of the IMSI list.
  • the bit identifies whether the IMEI of the terminal is a general IMEI, and if the IMEI of the terminal is a general IMEI, and/or the IMSI used by the terminal is a general IMSI, the verification of the binding relationship passes; otherwise, continues according to the above operation mode 1. Perform binding relationship verification.
  • a method for verifying the above IMSI and IMEI binding relationship provides a
  • the verification device of the binding relationship between the IMSI and the IMEI includes: an information acquisition module 10 and a query verification module 20.
  • the information obtaining module 10 is configured to acquire an IMEI of the terminal and an IMSI that the terminal is using.
  • the query verification module 20 is configured to query the correspondence between the IMSI and the IMEI according to the obtained IMEI and the IMSI, and perform a binding relationship between the IMEI of the terminal and the IMSI used by the terminal according to the query result.
  • the mapping between the IMSI and the IMEI may adopt the first maintenance mode, that is, the IMSI-signed IMEI list and the IMEI-signed IMSI list.
  • the query verification module 20 can perform the binding relationship verification by using the operation mode, which is specifically:
  • the IMEI list of the IMSI subscription of the terminal Querying the IMSI list of the IMEI subscription of the terminal, and the IMEI list of the IMSI subscription that the terminal is using. If the IMSI of the terminal is in use in the IMSI list, and the IMEI of the terminal exists in the IMEI list, the verification of the binding relationship is determined; If the IMSI of the terminal is not present in the IMSI list, and/or the IMEI of the terminal does not exist in the IMEI list, it is determined that the check of the binding relationship fails; if the IMSI list of the IMEI of the terminal is empty, and the terminal is in use If the IMEI list of the IMSI subscription is also empty, it is determined that the binding of the binding relationship is passed; if the IMSI list of the IMEI subscription of the terminal is empty, and the IMEI list of the IMSI subscription that the terminal is using is not empty, the binding relationship is determined. The verification fails. If the IMEI list of the
  • the identifier of the header of the IMSI list is used to identify whether the IMEI of the terminal is a general IMEI, according to the header of the IMEI list.
  • the identifier bit identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation mode The binding relationship check is continued as described in .
  • the mapping between the IMSI and the IMEI can be performed in the second maintenance mode, that is, the IMSI contracted group identifier and the IMEI contracted group identifier.
  • the query verification module 20 can perform the binding relationship check in the operation mode 2, specifically: querying the group identifier of the IMEI signed by the terminal, and the group identifier signed by the IMSI that the terminal is using, and determining the queried query. Whether the group IDs are consistent. If they are consistent, the checksum of the binding relationship is determined. If they are inconsistent, the checksum of the binding relationship is not passed. If the IMEI of the terminal and the IMSI being used by the terminal are not signed, The identifier is determined to pass the verification of the binding relationship. If only one of the IMEIs of the terminal and the IMSI being used by the terminal does not have the subscription group identifier, it is determined that the verification of the binding relationship fails.
  • the identifier of the group identifier of the IMEI is identified as whether the IMEI of the terminal is a general IMEI, and the IMEI is contracted according to the IMSI.
  • the identifier of the group identifier identifies whether the IMSI being used by the terminal is a general IMSI; if the IMEI of the terminal is a general IMEI, and/or the IMSI being used by the terminal is a general IMSI, it is determined that the binding relationship is verified; otherwise, according to the operation The binding relationship check is continued as described in mode 2.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention porte sur un procédé de vérification de la relation d'association entre une identité internationale d'abonné mobile (IMSI) et une identité internationale d'équipement mobile (IMEI). Le procédé consiste à : interroger la relation de correspondance entre l'IMSI et l'IMEI conformément à l'IMEI acquis d'un terminal et à l'IMSI qui est utilisée par le terminal, et vérifier la relation d'association entre l'IMEI du terminal et l'IMSI qui est utilisée par le terminal conformément au résultat d'interrogation. La présente invention porte également sur un dispositif de vérification de la relation d'association entre l'IMSI et l'IMEI. Le dispositif de vérification peut identifier et vérifier la relation d'association entre l'IMSI et l'IMEI.
PCT/CN2010/078785 2009-11-23 2010-11-16 Procédé et dispositif de vérification de relation d'association entre identité internationale d'abonné mobile et identité internationale d'équipement mobile WO2011060709A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910238240.4A CN102075909B (zh) 2009-11-23 2009-11-23 一种imsi与imei绑定关系的校验方法和装置
CN200910238240.4 2009-11-23

Publications (1)

Publication Number Publication Date
WO2011060709A1 true WO2011060709A1 (fr) 2011-05-26

Family

ID=44034222

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/078785 WO2011060709A1 (fr) 2009-11-23 2010-11-16 Procédé et dispositif de vérification de relation d'association entre identité internationale d'abonné mobile et identité internationale d'équipement mobile

Country Status (2)

Country Link
CN (1) CN102075909B (fr)
WO (1) WO2011060709A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750424A4 (fr) * 2011-11-11 2015-03-04 Zte Corp Procédé, dispositif et système pour associer un dispositif mtc et une uicc
EP4021041A4 (fr) * 2019-08-29 2022-10-05 Huawei Cloud Computing Technologies Co., Ltd. Procédé, appareil et système de gestion de données de dispositif ido
CN116828460A (zh) * 2023-06-29 2023-09-29 广州爱浦路网络技术有限公司 基于附着流程的信息交互系统、方法、装置及存储介质

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102918878B (zh) * 2011-05-31 2016-03-09 华为技术有限公司 报文发送方法和装置
CN102857919B (zh) * 2011-06-30 2019-08-30 中兴通讯股份有限公司 机器类通信设备的触发方法及系统
CN102892102B (zh) * 2011-07-19 2015-08-19 中国移动通信集团公司 一种在移动网络中实现机卡绑定的方法、系统和设备
CN102307348B (zh) * 2011-08-09 2013-12-18 中国联合网络通信集团有限公司 Mtc设备触发方法和系统及移动通信网络设备
CN103107878B (zh) * 2011-11-15 2017-10-03 中兴通讯股份有限公司 移动用户身份识别卡与机器类通信设备绑定的方法及装置
CN104811978B (zh) * 2015-04-15 2018-05-29 珠海世纪鼎利科技股份有限公司 一种快速检测lte信令中imsi与imei匹配错误的方法
CN109714493B (zh) * 2017-10-26 2021-06-18 中国电信股份有限公司 实现机卡池绑定的方法、装置和系统
CN109756883A (zh) * 2017-11-06 2019-05-14 中国电信股份有限公司 移动通信号码使用权限检验方法、检验平台以及通信系统
CN109088949B (zh) * 2018-10-22 2021-05-25 中国联合网络通信集团有限公司 一种物联网业务的匹配方法以及mme
CN111356121B (zh) * 2018-12-21 2024-01-26 西安佰才邦网络技术有限公司 一种基于区块链绑定签约数据的方法及设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000078076A1 (fr) * 1999-06-15 2000-12-21 Nokia Corporation Detection d'identite copiee d'un equipement terminal
CN1703109A (zh) * 2004-05-27 2005-11-30 法国无线电话公司 从sim卡安全复制信息到通信对象的方法和系统
CN101022672A (zh) * 2007-02-16 2007-08-22 华为技术有限公司 一种检查移动用户合法性的方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000078076A1 (fr) * 1999-06-15 2000-12-21 Nokia Corporation Detection d'identite copiee d'un equipement terminal
CN1703109A (zh) * 2004-05-27 2005-11-30 法国无线电话公司 从sim卡安全复制信息到通信对象的方法和系统
CN101022672A (zh) * 2007-02-16 2007-08-22 华为技术有限公司 一种检查移动用户合法性的方法及系统

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750424A4 (fr) * 2011-11-11 2015-03-04 Zte Corp Procédé, dispositif et système pour associer un dispositif mtc et une uicc
US9158549B2 (en) 2011-11-11 2015-10-13 Zte Corporation Method, apparatus and system for binding MTC device and UICC
EP4021041A4 (fr) * 2019-08-29 2022-10-05 Huawei Cloud Computing Technologies Co., Ltd. Procédé, appareil et système de gestion de données de dispositif ido
CN116828460A (zh) * 2023-06-29 2023-09-29 广州爱浦路网络技术有限公司 基于附着流程的信息交互系统、方法、装置及存储介质
CN116828460B (zh) * 2023-06-29 2024-04-19 广州爱浦路网络技术有限公司 基于附着流程的信息交互系统、方法、装置及存储介质

Also Published As

Publication number Publication date
CN102075909A (zh) 2011-05-25
CN102075909B (zh) 2014-01-01

Similar Documents

Publication Publication Date Title
WO2011060709A1 (fr) Procédé et dispositif de vérification de relation d'association entre identité internationale d'abonné mobile et identité internationale d'équipement mobile
EP3629613B1 (fr) Procédé de vérification de réseau, dispositif et système pertinents
US10474522B2 (en) Providing a network access failure cause value of a user equipment
EP3984281B1 (fr) Procédé et système de traitement des procédures liées aux groupes à accès fermé
KR101167781B1 (ko) 콘텍스트 전달을 인증하는 시스템 및 방법
WO2011000315A1 (fr) Procédé, dispositif et système de réseau pour gestion de groupe
CN111869182B (zh) 对设备进行认证的方法、通信系统、通信设备
CN105828413B (zh) 一种d2d模式b发现的安全方法、终端和系统
WO2007019771A1 (fr) Méthode de contrôle d’accès d’un utilisateur changeant de réseau à visiter, son unité et son système
CN101330740A (zh) 一种无线网络中的网关选择方法
EP3324681B1 (fr) Procédé et dispositif de traitement pour accéder à un réseau 3gpp par un terminal
WO2012167500A1 (fr) Procédé d'établissement d'un canal de données de sécurité destiné à un tunnel
WO2011054251A1 (fr) Procédé, système et terminal pour empêcher l'accès à partir de terminaux non autorisés
US20150023350A1 (en) Network connection via a proxy device using a generic access point name
WO2009152676A1 (fr) Serveur aaa, p-gw, pcrf, procédé et système d'obtention de l'identifiant d'un équipement utilisateur
WO2014015698A1 (fr) Procédé et système de recherche d'identificateur externe de terminal
WO2013131461A1 (fr) Procédé et dispositif permettant à un équipement utilisateur d'accéder à un élément de réseau de commande de fusion
US20220279471A1 (en) Wireless communication method for registration procedure
WO2018058365A1 (fr) Procédé d'autorisation d'accès au réseau, et dispositif et système associés
WO2012151941A1 (fr) Procédé et système pour sélectionner une entité de gestion de mobilité d'un groupe de terminaux
WO2010139285A1 (fr) Procédé de synchronisation d'informations, système de communication et dispositifs associés
EP3443729A1 (fr) Enregistrement de trafic de paquets de données pour un dispositif sans fil
WO2011044816A1 (fr) Procédé de suivi et dispositif de surveillance pour équipement utilisateur
WO2015131949A1 (fr) Utilisation de services d'un réseau central de communications par paquets entre terminaux mobiles
WO2013067744A1 (fr) Procédé et système de sélection de passerelle de desserte pour groupe de terminaux

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10831124

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10831124

Country of ref document: EP

Kind code of ref document: A1