WO2012065405A1 - Method and system for judging legal terminal - Google Patents

Method and system for judging legal terminal Download PDF

Info

Publication number
WO2012065405A1
WO2012065405A1 PCT/CN2011/073478 CN2011073478W WO2012065405A1 WO 2012065405 A1 WO2012065405 A1 WO 2012065405A1 CN 2011073478 W CN2011073478 W CN 2011073478W WO 2012065405 A1 WO2012065405 A1 WO 2012065405A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
count value
msc
legal
message
Prior art date
Application number
PCT/CN2011/073478
Other languages
French (fr)
Chinese (zh)
Inventor
高淑美
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012065405A1 publication Critical patent/WO2012065405A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Abstract

A method and system for judging a legal terminal are provided by the present invention. The method includes: a Mobile Switching Center (MSC) receives a COUNT value from a terminal; the MSC compares a COUNT value saved in an authentication entity with the received COUNT value of the terminal to determine whether they are consistent, wherein, the COUNT value saved in the MSC is the COUNT value of the legal terminal; in the case that the consistent is determined, the terminal is judged to be a legal terminal, or else the terminal is judged to be a cloned terminal. The solution of the present invention can differentiate the legal terminal from the all cloned terminal in a communications network, and avoid the cloned terminal embezzling network resource and cross-talk resulted from the embezzlement, and therefore the rights and interests of the legal terminal are protected effectively.

Description

合法终端的判定方法及系统 技术领域 本发明涉及通信领域, 具体而言, 涉及合法终端的判定方法及系统。 背景技术 随着移动通讯领域的飞速发展, 移动通讯网络中也逐渐出现一些非法的 终端, 他们克隆了真实用户终端的一些信息, 比如国际移动识别码  TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a method and system for determining a legal terminal. BACKGROUND OF THE INVENTION With the rapid development of the mobile communication field, some illegal terminals gradually appear in mobile communication networks, and they clone some information of real user terminals, such as international mobile identification codes.
( International Mobile Subscriber Identity,简称为 IMSI ) 等信息, 试图接入移 动通讯网中盗用网络资源,我们称这种类型的终端为克隆终端或者非法终端。 目前的移动通讯网都有各自的一套安全机制, 防止这种非法终端利用网 络资源发起各项业务, 在 CDMA 2000网络中, 核心网会利用电子序列号 ( Electronic Serial Number,简称为 ESN ) 和鉴权密钥 ( Secret Subscriber Authentication Key, 简称为 A-key ) 来对终端进行鉴权, 如果 ESN或 A-key 不一致, 核心网会拒绝克隆终端申请的业务。  (International Mobile Subscriber Identity, IMSI for short) and other information, trying to access the mobile communication network to steal network resources, we call this type of terminal a clone terminal or an illegal terminal. The current mobile communication networks all have their own set of security mechanisms to prevent such illegal terminals from using network resources to initiate various services. In CDMA 2000 networks, the core network uses electronic serial numbers (ESNs) and The Secret Subscriber Authentication Key (A-key) is used to authenticate the terminal. If the ESN or A-key is inconsistent, the core network will refuse to clone the service applied by the terminal.
CN101203031说明了在合法终端和克隆终端 IMSI相同 ESN不同的情况 下, 防止非法终端千 4尤合法终端的方法。 该方法仅限于合法终端和克隆终端 IMSI 4目同、 ESN或 A-key不同时的解决方法。 所以 4十对克隆终端, 虽然目前我们有通过锁死克隆终端的办法来解决部 分问题, 但针对完全克隆的终端 (克隆终端和合法终端的所有用户信息都一 样, 比如 IMSI、 ESN、 A-key都相同), 在通讯网络现有的鉴权机制下, 无 法区分合法终端和克隆终端。 这样, 克隆终端就盗用了网络资源, 侵害了合法终端的权益, 合法终端 还要为克隆终端交话费。 而且, 在合法终端丈被叫时, 如果合法终端和克隆 终端恰好在一定的范围内, 克隆终端很大概率都会被寻呼到并且同时进入通 话态, 克隆终端也能听到合法终端的通话内容, 出现了 "串话", 合法终端的 隐私权受到严重侵害。 发明内容 针对相关技术中通信网络中无法区分完全克隆终端和合法终端等问题 , 本发明提供了一种合法终端的判定方法及系统, 以解决上述问题至少之一。 才艮据本发明的一个方面, 提供一种合法终端的判定方法, 应用于移动通 信网络, 包括: 移动交互中心 MSC接收来自于终端的 COUNT值; MSC将 其保存在鉴权实体中的 COUNT值与接收到的所述终端的 COUNT值进行比 较,确定是否一致,其中, MSC保存的 COUNT值为合法终端的 COUNT值; 在确定一致的情况下, 判定终端为合法终端, 否则, 判定终端为克隆终端。 在 MSC接收来自于终端的 COUNT值之前, 还包括: 合法终端响应核 心网发起的参数更新流程, 更新合法终端的 COUNT值并保存; MSC将保存 在鉴权实体中的 COUNT值更新为合法终端更新后的 COUNT值。 CN101203031 illustrates a method for preventing an illegal terminal from being legally used in a case where the same terminal and the cloned terminal IMSI have different ESNs. The method is limited to the solution when the legal terminal and the clone terminal IMSI 4 are the same, the ESN or the A-key are different. So forty pairs of cloned terminals, although we have some way to solve some problems by locking the cloned terminal, but for the completely cloned terminal (the user information of the cloned terminal and the legal terminal are the same, such as IMSI, ESN, A-key All are the same). Under the existing authentication mechanism of the communication network, it is impossible to distinguish between a legitimate terminal and a clone terminal. In this way, the clone terminal steals the network resources and infringes the rights of the legitimate terminal, and the legitimate terminal also pays for the clone terminal. Moreover, when the legal terminal is called, if the legal terminal and the clone terminal are within a certain range, the cloned terminal will be paged to a high probability and enter the call state at the same time, and the clone terminal can also hear the call content of the legitimate terminal. , "cross talk" appeared, and the privacy rights of legitimate terminals were seriously violated. SUMMARY OF THE INVENTION The present invention provides a method and system for determining a legal terminal to solve the above problems. According to an aspect of the present invention, a method for determining a legal terminal is provided, which is applied to a mobile communication network, including: the mobile interaction center MSC receives a COUNT value from the terminal; and the MSC stores the COUNT value in the authentication entity. Comparing with the received COUNT value of the terminal, determining whether the COUNT value is the COUNT value of the legal terminal; if the determination is consistent, determining that the terminal is a legitimate terminal; otherwise, determining that the terminal is a clone terminal. Before the MSC receives the COUNT value from the terminal, the method further includes: the legal terminal responds to the parameter update process initiated by the core network, updates the COUNT value of the legal terminal, and saves; the MSC updates the COUNT value stored in the authentication entity to a legal terminal update. After the COUNT value.
MSC接收来自于终端的 COUNT值包括: 基站 BS接收来自于终端的 COUNT值, 并发送给 MSC; MSC接收来自于 BS的终端的 COUNT值。 合法终端响应核心网发起的参数更新流程, 更新合法终端的 COUNT值 包括: BS接收 MSC参数更新请求消息并发送参数更新指令消息给合法终端; 合法终端接收 BS的参数更新指令消息, 对合法终端的 COUNT值进行更新 并发送参数更新确认指令消息给 BS; MSC将保存在鉴权实体中的 COUNT 值更新为合法终端更新后的 COUNT值包括: BS发送参数更新确认消息给 MSC; MSC接收到参数更新确认消息后, 将 MSC保存在鉴权实体中的 COUNT值更新为终端更新后的鉴权参数的 COUNT值。 方法还包括: BS接收并保存来自于 MSC的寻呼请求, 其中, 寻呼请求 携带有终端更新后的 COUNT值; BS将其保存的 COUNT值与终端反馈的寻 呼响应消息中携带的 COUNT值进行比较, 如果一致, 则判定终端为合法终 端; 否则, 判定终端为克隆终端, 丢弃该寻呼响应消息。 方法还包括: 终端将接收到的信道指派消息中携带的更新后的 COUNT 值与终端的 COUNT值进行比较, 确定是否一致; 如果一致, 则处理信道指 派消息, 进入业务信道, 否则, 丢弃信道指派信息, 拒绝进入业务信道。 才艮据本发明的另一个方面, 还提供一种合法终端的判定系统, 该判定系 统包括: 终端和移动交互中心 MSC, 其中 MSC包括: 第一接收模块, 设置 为接收来自于终端的 COUNT值; 第一判断模块, 设置为将 MSC保存在鉴 权实体中的 COUNT值与接收到的终端的 COUNT值进行比较, 确定是否一 致, 其中, MSC保存在鉴权实体中的 COUNT值为合法终端的 COUNT值; 上述第一判断模块, 在确定一致的情况下, 判定终端为合法终端, 否则, 判 定终端为克隆终端。 终端包括: 第一更新模块, 设置为响应核心网发起的参数更新流程, 更 新终端的 COUNT值并保存; MSC还包括: 第二更新模块, 设置为将 MSC 保存在鉴权实体中的 COUNT值更新为第一更新模块更新后的 COUNT值。 系统还包括: 基站 BS; BS包括: 第二接收模块, 设置为接收来自于终 端的 COUNT值, 并发送给 MSC; 第一接收模块, 还设置为接收来自于第二 接收模块的终端的 COUNT值。 第二接收模块, 还设置为接收并保存来自于 MSC的寻呼请求, 其中, 寻呼请求携带有终端更新后的 COUNT值; BS还包括: 第二判断模块, 设置 为 BS保存的 COUNT值与终端反馈的寻呼响应消息中携带的 COUNT值进 行比较, 如果一致, 则判定终端为合法终端; 否则, 判定终端为克隆终端, 丢弃该寻呼响应消息。 终端还包括: 第三判断模块, 设置为将接收到的信道指派消息中携带的 更新后的 COUNT值与终端的 COUNT值进行比较, 确定是否一致; 如果一 致, 则处理信道指派消息, 进入业务信道, 否则, 丢弃信道指派信息, 拒绝 进入业务信道。 本发明利用鉴权信息中的 COUNT字段来区分合法终端和克隆终端。 解 决了相关技术中在通信网络中无法区分完全克隆终端和合法终端, 克隆终端 盗用网络资源及由此导致的串话问题, 从而有效保护了合法终端的权益。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1为才艮据本发明实施例的合法终端的判定方法流程图; 图 2为根据本发明优选实施例的参数更新的流程示意图; 图 3为根据本发明优选实施例的克隆终端先回寻呼响应, 鉴权中心鉴权 不通过导致呼叫失败的流程示意图; 图 4为才艮据本发明优选实施例的 BS判断是否为克隆终端的寻呼响应的 流程示意图; 图 5为本发明优选实施例中合法终端和克隆终端处于同一' 区时, 出现The MSC receiving the COUNT value from the terminal includes: The base station BS receives the COUNT value from the terminal and transmits it to the MSC; the MSC receives the COUNT value of the terminal from the BS. The legal terminal responds to the parameter update process initiated by the core network, and the COUNT value of the updated legal terminal includes: the BS receives the MSC parameter update request message and sends the parameter update command message to the legal terminal; the legal terminal receives the parameter update command message of the BS, and the legal terminal The COUNT value is updated and a parameter update confirmation command message is sent to the BS; the MSC updates the COUNT value stored in the authentication entity to the COUNT value after the legal terminal is updated: the BS sends a parameter update confirmation message to the MSC; the MSC receives the parameter update. After confirming the message, the COUNT value stored in the authentication entity of the MSC is updated to the COUNT value of the authentication parameter after the terminal is updated. The method further includes: receiving, by the BS, a paging request from the MSC, where the paging request carries the COUNT value after the terminal is updated; and the BS stores the COUNT value saved by the BS and the COUNT value carried in the paging response message fed back by the terminal. For comparison, if it is consistent, it is determined that the terminal is a legitimate terminal; otherwise, the terminal is determined to be a clone terminal, and the paging response message is discarded. The method further includes: the terminal comparing the updated COUNT value carried in the received channel assignment message with the COUNT value of the terminal to determine whether the consistency is consistent; if consistent, processing the channel assignment message to enter the traffic channel, otherwise, discarding the channel assignment Information, refusal to enter the traffic channel. According to another aspect of the present invention, a system for determining a legal terminal is provided. The determining system includes: a terminal and a mobile interaction center MSC, where the MSC includes: a first receiving module, setting In order to receive the COUNT value from the terminal, the first determining module is configured to compare the COUNT value stored in the authentication entity with the COUNT value of the received terminal to determine whether the identity is consistent, wherein the MSC is saved in the authentication entity. The COUNT value is the COUNT value of the legal terminal; the first judging module determines that the terminal is a legitimate terminal if the determination is consistent, otherwise, the terminal is determined to be a clone terminal. The terminal includes: a first update module, configured to respond to a parameter update process initiated by the core network, update the COUNT value of the terminal, and save the COUNT value; the MSC further includes: a second update module, configured to save the MSC value in the authentication entity The updated COUNT value for the first update module. The system further includes: a base station BS; the BS includes: a second receiving module, configured to receive a COUNT value from the terminal, and send the COUNT value to the MSC; the first receiving module is further configured to receive the COUNT value of the terminal from the second receiving module . The second receiving module is further configured to receive and save a paging request from the MSC, where the paging request carries the updated COUNT value of the terminal; the BS further includes: a second determining module, configured to set the COUNT value saved by the BS The COUNT value carried in the paging response message fed back by the terminal is compared. If they are consistent, the terminal is determined to be a legitimate terminal; otherwise, the terminal is determined to be a clone terminal, and the paging response message is discarded. The terminal further includes: a third determining module, configured to compare the updated COUNT value carried in the received channel assignment message with the COUNT value of the terminal to determine whether the agreement is consistent; if consistent, process the channel assignment message to enter the traffic channel Otherwise, the channel assignment information is discarded and the traffic channel is denied. The invention uses the COUNT field in the authentication information to distinguish between a legitimate terminal and a clone terminal. The related art can solve the problem that the completely cloned terminal and the legal terminal cannot be distinguished in the communication network, the cloning terminal steals the network resource and the crosstalk problem caused thereby, thereby effectively protecting the rights of the legitimate terminal. Other features and advantages of the invention will be set forth in the description which follows, and The objectives and other advantages of the invention will be realized and attained by the <RTI BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a flow chart of a method for determining a legal terminal according to an embodiment of the present invention; FIG. 2 is a flow chart showing parameter updating according to a preferred embodiment of the present invention; FIG. 3 is a schematic diagram of a parameter update according to a preferred embodiment of the present invention; The cloning terminal first returns the paging response, and the authentication center authentication fails to pass the flowchart of the call failure. FIG. 4 is a schematic flowchart of the BS determining whether the paging response is a clone terminal according to the preferred embodiment of the present invention; In the preferred embodiment of the present invention, when the legal terminal and the clone terminal are in the same area,
"串话"现象的流程示意图; 图 6为解决图 5所示实施例中出现的 "串话 "问题的方法流程示意图; 图 7为 居本发明实施例合法终端的判定系统的结构框图; 图 8为 居本发明优选实施例合法终端的判定系统的结构示意图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 需要说明的是, 在以下实施例中,基站 BS和移动交互中心 MSC都设置 需要鉴权。 这样终端就会在接入消息中带鉴权参数。 图 1为 居本发明实施例的合法终端的判定方法流程图。 其中, 该判定 方法应用于移动通信网络, 如图 1所示, 该方法包括: 步骤 S 102, 移动交互中心 MSC接收来自于终端的 COUNT值; 在优选实施过程中, 上述 MSC接收来自于终端的 COUNT值包括: 基 站 BS接收来自于上述终端的 COUNT值, 并发送给上述 MSC; 上述 MSC 接收来自于上述 BS的上述终端的 COUNT值。 步骤 S 104, 上述 MSC将在鉴权实体中保存的 COUNT值与上述接收到 的终端的 COUNT值进行比较, 确定是否一致, 其中, 上述 MSC保存在鉴 权实体中的 COUNT值为合法终端的 COUNT值; 步骤 S 106, 在确定一致的情况下, 判定上述终端为合法终端, 否则, 判 定上述终端为克隆终端。 通过上述实施例可以看出, 本发明利用鉴权信息中的 COUNT字段来区 分合法终端和克隆终端。 解决了相关技术中在通信网络中无法区分完全克隆 终端和合法终端, 克隆终端盗用网络资源及由此导致的串话问题, 从而有效 保护了合法终端的权益。 优选地, 在执行步骤 S 102之前, 还可以包括以下处理: FIG. 6 is a schematic flowchart of a method for solving a "crosstalk" problem occurring in the embodiment shown in FIG. 5. FIG. 7 is a structural block diagram of a system for determining a legal terminal in the embodiment of the present invention; 8 is a schematic structural diagram of a determination system of a legal terminal in a preferred embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. It should be noted that, in the following embodiments, both the base station BS and the mobile interaction center MSC need to be authenticated. In this way, the terminal will have an authentication parameter in the access message. FIG. 1 is a flowchart of a method for determining a legal terminal according to an embodiment of the present invention. The method is applied to the mobile communication network. As shown in FIG. 1, the method includes: Step S102: The mobile interaction center MSC receives the COUNT value from the terminal. In a preferred implementation process, the MSC receiving the COUNT value from the terminal includes: the base station BS receiving the COUNT value from the terminal and transmitting the COUNT value to the MSC; and the MSC receiving the COUNT value of the terminal from the BS. Step S104: The MSC compares the COUNT value stored in the authentication entity with the COUNT value of the received terminal to determine whether the MSC value is COUNT. The COUNT value stored in the authentication entity is COUNT of the legal terminal. Values; Step S106, if the determination is consistent, it is determined that the terminal is a legitimate terminal, otherwise, the terminal is determined to be a clone terminal. As can be seen from the above embodiment, the present invention uses the COUNT field in the authentication information to distinguish between a legitimate terminal and a clone terminal. The related art can solve the problem that the completely cloned terminal and the legal terminal cannot be distinguished in the communication network, the cloning terminal steals the network resource and the crosstalk problem caused thereby, thereby effectively protecting the rights of the legitimate terminal. Preferably, before performing step S102, the following processing may also be included:
( 1 ) 上述合法终端响应核心网发起的参数更新流程, 更新上述合法终 端的 COUNT值并保存; 在优选实施过程中, 上述合法终端响应核心网发起的参数更新流程, 更 新上述终端的 COUNT值包括: BS接收上述 MSC参数更新请求消息并发送 参数更新指令消息给上述终端; 上述终端接收上述 BS的参数更新指令消息, 对上述终端的 COUNT值进行更新并发送参数更新确认指令消息给上述 BS。 ( 2 )上述 MSC将保存在鉴权实体中的 COUNT值更新为上述合法终端 更新后的 COUNT值。 在优选实施过程中, 上述 MSC将保存在鉴权实体中的 COUNT值更新 为上述终端更新后的 COUNT值包括: 上述 BS发送参数更新确认消息给上 述 MSC;上述 MSC接收到上述参数更新确认消息后,将上述 MSC的 COUNT 值更新为上述终端更新后的上述鉴权参数的 COUNT值。 以下结合一个实例详细描述上述优选实施方式: 实施例一 支定合法终端的 COUNT值更新后的值为 1 (更新前为 0 ), 克隆终端的 COUNT值为 0, 鉴权中心记录的 COUNT值为合法终端的更新后的 COUNT 值。 BS和 MSC都设置需要鉴权。 这样终端就会在接入消息中带鉴权参数。 主叫建立成功后, 核心网发起参数更新流程, 目的是终端可以更新鉴权 参数的 COUNT值。 缺省情况所有终端保存的 COUNT值为 0, 当终端收到 参数更新指令( Parameter Update Order )消息时, 上述合法终端会对 COUNT 进行更新处理并保存新的 COUNT值, 当呼叫接入时, 会在鉴权参数中将上 述更新后的 COUNT值带给 BS , 由 BS透传带给 MSC。 (1) The legal terminal responds to the parameter update process initiated by the core network, and updates the COUNT value of the legal terminal and saves it; in the preferred implementation process, the legal terminal responds to the parameter update process initiated by the core network, and updates the COUNT value of the terminal to include The BS receives the MSC parameter update request message and sends a parameter update command message to the terminal; the terminal receives the parameter update command message of the BS, updates the COUNT value of the terminal, and sends a parameter update confirmation command message to the BS. (2) The MSC updates the COUNT value stored in the authentication entity to the updated COUNT value of the legal terminal. In the preferred implementation process, the MSC updating the COUNT value stored in the authentication entity to the COUNT value after the terminal is updated includes: the BS sending a parameter update confirmation message to the MSC; after receiving the parameter update confirmation message, the MSC receives the parameter update confirmation message. And updating the COUNT value of the foregoing MSC to the COUNT value of the foregoing authentication parameter after the terminal is updated. The above preferred embodiment is described in detail below with reference to an example: Embodiment 1 The updated value of the COUNT value of the legal terminal is 1 (0 before the update), the COUNT value of the clone terminal is 0, and the COUNT value recorded by the authentication center is the updated COUNT value of the legal terminal. Both the BS and the MSC are required to be authenticated. In this way, the terminal will have an authentication parameter in the access message. After the caller is successfully established, the core network initiates a parameter update process, and the purpose is that the terminal can update the COUNT value of the authentication parameter. By default, the COUNT value saved by all terminals is 0. When the terminal receives the Parameter Update Order message, the above-mentioned legal terminal will update the COUNT and save the new COUNT value. When the call is accessed, The updated COUNT value is brought to the BS in the authentication parameter, and is transparently transmitted by the BS to the MSC.
以下结合图 2进一步描述上述实施例的 COUNT值更新过程。 图 2为根据本发明优选实施例的参数更新的流程图, 如图 2所示: 步骤 S202, MSC发送参数更新请求( Parameter Update Request )消息给 BS , 启动定时器 T3220; 步骤 S204, BS发送参数更新指令 ( Parameter Update Order ) 消息给终 端 MS(Mobile Station); 步骤 S206, 上述合法终端 MS将 COUNT值更新, 发送参数更新确认指 令 ( Parameter Update Confirmation Order ) 消息给 BS; 步骤 S208, BS发送参数更新确认 ( Parameter Update Confirm ) 消息给 MSC, MSC收到消息后, 将鉴权实体中的 COUNT值更新, 并停止定时器 T3220。 上述实施例的更新过程只对主叫进行主动更新 COUNT, 对被叫不进行 主动更新 COUNT , 可以减少对 COUNT更新的频率, 以及避免当克隆终端、 合法终端处于串话时同时更新 COUNT的情况。 当然上述更新过程也可在合 法终端开机后的第一次主叫时进行 COUNT更新, 其它时候不进行 COUNT 更新, 这样可以减少 COUNT更新次数, 提高系统效率。 上述鉴权中心 ( MSC ) 在鉴权实体中保存合法终端鉴权参数更新后的 The COUNT value update process of the above embodiment is further described below in conjunction with FIG. 2 is a flowchart of parameter update according to a preferred embodiment of the present invention. As shown in FIG. 2: Step S202, the MSC sends a Parameter Update Request message to the BS, and starts a timer T3220. Step S204, the BS sends parameters. The parameter update order message is sent to the terminal MS (Mobile Station); step S206, the legal terminal MS updates the COUNT value, and sends a parameter update confirmation order message to the BS; step S208, the BS sends the parameter update. The Parameter Update Confirm message is sent to the MSC. After receiving the message, the MSC updates the COUNT value in the authentication entity and stops the timer T3220. The update process of the foregoing embodiment only actively updates the COUNT for the calling party, and does not actively update the COUNT for the called party, which can reduce the frequency of updating the COUNT, and avoid the situation that the COUNT is updated when the cloned terminal and the legitimate terminal are in the crosstalk. Of course, the above update process can also perform COUNT update on the first call after the legitimate terminal is turned on, and does not perform COUNT update at other times, which can reduce the number of COUNT updates and improve system efficiency. The above authentication center (MSC) keeps the legal terminal authentication parameters updated in the authentication entity.
COUNT值, 并使用 COUNT值进行鉴权计算: 因为上述更新过程中对合法 终端的 COUNT值进行了更新,所以合法终端和克隆终端的鉴权参数 COUNT 值不同, 而鉴权中心 ( MSC )保存的 COUNT值为合法终端的 COUNT值, 所以当鉴权中心 (MSC ) 进行鉴权时, 除了用 IMSI、 ESN、 A-KEY这些参 数进行鉴权外, 再用 COUNT参数进行鉴权, 如果 COUNT值不同, 说明是 克隆终端, 拒绝呼叫。 上述方法实施例包括实施例一基本可以解决克隆终端和合法终端的"串 话,,问题, 但是, 在如下情况下, 还会导致一次呼叫失败: 核心网发起寻呼请 求, 当上述合法终端和克隆终端都在本次寻呼范围内时, BS会向合法终端和 克隆终端都发送寻呼请求消息。 若克隆终端先回寻呼响应, 核心网因为 COUNT鉴权不通过, 会把本次呼叫拒绝, 即使合法终端稍后回了寻呼响应, 本次呼叫还是失败, 为了便于理解上述克隆终端先回寻呼响应, 鉴权中心鉴 权不通过导致呼叫失败, 下面结合图 3进行说明。 图 3中假定 MS_1为克隆 终端, MS_2为合法终端。 如图 3所示, 主要包括以下处理: 步骤 S302, MSC发送寻呼请求 ( Pageing Request ) 消息到 BS; 步骤 S304, 支设克隆终端 MS_1在本次寻呼范围内, BS给 MS_1发送 寻呼消息 ( General Page ); 步骤 S306, 假设合法终端 MS_2在本次寻呼范围内, BS给 MS_2发送 寻呼消息 ( General Page ); 步骤 S308, 克隆终端 MS_1先回寻呼响应 ( Paging Response ) 消息给 BS , 消息中带的 COUNT参数值为 0。 BS收到寻呼响应消息后, 给 MSC发 送寻呼响应消息 ( Paging Response ), 消息中带的 COUNT参数值为 0; 步骤 S310, MSC收到寻呼响应消息( Paging Response ),鉴权中心 (MSC) 进行 COUNT鉴权时, 比较寻呼响应消息( Paging Response )消息的 COUNT 值与鉴权中心保存的 COUNT值不一致, 鉴权不通过, 本次呼叫失败; 步骤 S312, 合法终端 MS_2回寻呼响应消息给 BS , 寻呼响应消息中带 的 COUNT值为 1。 但此时因为呼叫已经被释放, 所以此时合法终端的寻呼 响应消息是无效的。 为解决图 3所示实施例的问题,优选地, 上述方法还可以包括以下处理: COUNT value, and use COUNT value for authentication calculation: Because the COUNT value of the legal terminal is updated during the above update process, the authentication parameter COUNT value of the legal terminal and the clone terminal is different, and the authentication center (MSC) saves COUNT value is the COUNT value of the legal terminal, so when the authentication center (MSC) performs authentication, in addition to using IMSI, ESN, A-KEY In addition to the number of authentication, the COUNT parameter is used for authentication. If the COUNT value is different, the description is to clone the terminal and reject the call. The foregoing method embodiment includes the first embodiment, which can basically solve the "crosstalk" problem of the clone terminal and the legal terminal. However, in the following case, the call may also fail: the core network initiates a paging request, when the above legal terminal and When the cloned terminal is within the scope of this paging, the BS will send a paging request message to both the legal terminal and the clone terminal. If the cloned terminal first returns the paging response, the core network will call the call because the COUNT authentication fails. Reject, even if the legitimate terminal returns the paging response later, the call still fails. In order to facilitate understanding of the above-mentioned cloned terminal first paging response, the authentication center fails to pass the call and causes the call to fail, which will be described below with reference to FIG. 3, it is assumed that MS_1 is a cloning terminal, and MS_2 is a legal terminal. As shown in FIG. 3, the following mainly includes the following processing: Step S302: The MSC sends a paging request (Pageing Request) message to the BS; Step S304, the cloning terminal MS_1 is in the present Within the secondary paging range, the BS sends a paging message (General Page) to MS_1; step S306, assuming that the legitimate terminal MS_2 is within the current paging range, B S sends a paging message to the MS_2 (General Page); Step S308, the cloning terminal MS_1 first returns a Paging Response message to the BS, and the COUNT parameter value in the message is 0. After receiving the paging response message, the BS receives the paging response message. Sending a paging response message (Paging Response) to the MSC, the COUNT parameter value in the message is 0; Step S310, the MSC receives the paging response message (Paging Response), and the authentication center (MSC) performs COUNT authentication, The COUNT value of the Paging Response message is inconsistent with the COUNT value saved by the authentication center, the authentication fails, and the current call fails; Step S312, the legitimate terminal MS_2 returns a paging response message to the BS, and the paging response message is The COUNT value of the band is 1. However, since the call has been released at this time, the paging response message of the legal terminal is invalid at this time. To solve the problem of the embodiment shown in FIG. 3, preferably, the above method may further include the following deal with:
BS接收并保存来自于上述 MSC的寻呼请求, 其中, 上述寻呼请求携带 有上述终端更新后的 COUNT值; 上述 BS将其保存的 COUNT值与上述终 端反馈的寻呼响应消息中携带的 COUNT值进行比较, 如果一致, 则判定上 述终端为合法终端; 否则, 判定上述终端为克隆终端, 丢弃该寻呼响应消息。 为更好地理解上述优选方案, 下面结合实施例二进行说明。 实施例二 本实施例中, 在寻呼请求消息中新增 COUNT字段, 核心网发送寻呼消 息时, 把记录的合法终端的 COUNT值通过寻呼消息发送给 BS , BS在记录 寻呼消息的 COUNT值, 当 BS收到寻呼响应时, 比较寻呼响应消息中鉴权 参数的 COUNT值与寻呼请求消息鉴权参数的 COUNT值, 如果 COUNT值 不一致则说明是克隆终端所回的寻呼响应消息, BS直接丢弃该寻呼响应消息 不处理, 如果 COUNT值一致则按正常寻呼响应流程继续处理。 这样可以避 免克隆终端先回响应后导致本次寻呼失败问题。 为更好地理解上述过程, 下 面结合图 4详细说明, ;;口图 4所示: 步骤 S402, MSC发送寻呼请求到 BS , 寻呼请求 (Paging Request)中带有 COUNT参数, BS记录本次寻呼请求的 COUNT值为 1 ; 步骤 S404, 设克隆终端 MS_1在本次寻呼范围内, BS给 MS_1发送 General Page消息; 步骤 S406, 假设合法终端 MS_2在本次寻呼范围内, BS给 MS_2发送The BS receives and stores a paging request from the MSC, where the paging request carries the updated COUNT value of the terminal; the COUNT value saved by the BS and the COUNT carried in the paging response message fed back by the terminal The values are compared. If they are consistent, the terminal is determined to be a legitimate terminal; otherwise, the terminal is determined to be a clone terminal, and the paging response message is discarded. In order to better understand the above preferred embodiments, the following description will be made in conjunction with the second embodiment. In the embodiment, the COUNT field is added to the paging request message, and when the core network sends the paging message, the COUNT value of the recorded legal terminal is sent to the BS through the paging message, and the BS records the paging message. COUNT value, when the BS receives the paging response, compares the COUNT value of the authentication parameter in the paging response message with the COUNT value of the paging request message authentication parameter, and if the COUNT value does not match, it indicates that the paging is returned by the clone terminal. In response to the message, the BS directly discards the paging response message and does not process it. If the COUNT value is consistent, the processing continues according to the normal paging response procedure. This can prevent the cloning terminal from responding first and causing the paging failure. In order to better understand the above process, it will be described in detail below with reference to FIG. 4; FIG. 4 shows: Step S402, the MSC sends a paging request to the BS, and the paging request (Paging Request) carries the COUNT parameter, the BS record book. The COUNT value of the secondary paging request is 1; Step S404, the cloning terminal MS_1 is within the current paging range, and the BS sends a General Page message to the MS_1; Step S406, assuming that the legal terminal MS_2 is within the current paging range, the BS gives MS_2 send
General Page消息; 步骤 S408, 克隆终端 MS_1先回寻呼响应消息给 BS , Page Response消 息中带的 COUNT值为 0。 BS判断寻呼响应的 COUNT值与寻呼请求的 COUNT值不一致, 认为是克隆终端回的寻呼响应, 丢弃该寻呼响应消息; 步骤 S410, 合法终端 MS_2回寻呼响应消息给 BS , Page Response消息 中带的 COUNT值为 1。BS判断寻呼响应的 COUNT值与寻呼请求的 COUNT 值一致, 认为是合法终端回的寻呼响应; 步骤 S412, BS将寻呼响应消息发给 MSC。 鉴权中心进行 COUNT鉴权 时,比较 Page Response消息的 COUNT值与鉴权中心保存的 COUNT值一致, 鉴权通过, 继续呼叫流程的处理。 对于克隆终端、合法终端处于同一个小区的情况上述方案还是解决不了。 终端发送寻呼响应消息给 BS后, 会设置定时器等待信道指派消息, 所以上 述例子中, 即使 BS丢掉了克隆终端的寻呼响应消息, 只处理合法终端的寻 呼响应消息, 但是由于克隆终端和合法终端都在等待信道指派消息, 所以克 隆终端和合法终端都会收到 BS发送的信道指派消息。 克隆终端和合法终端 都会进入业务信道, 此时, 就可能出现"串话"现象, 为了更好地理解上述出 现"串话,,的过程, 以下结合图 5详细说明上述过程。 需要注意的是, 图 5所 示实施例在具体实施时需要先进行图 4所示实施例的全部步骤,如图 5所示, 主要包括以下处理: 步骤 S502, MSC给 BS发送信道指派请求 ( Assignment Request ) 消息; 步骤 S504, BS向合法终端 MS_2接入的小区和支持接入切换或支持接 入试探切换的非接入消息发送信道指派消息; 步骤 S 506 , 合法终端 MS_2收到信道指派消息后, 进入业务信道; 步骤 S508, 若克隆终端 MS_1和合法终端 MS_2在同一' j、区, 因为克隆 终端 MS_1在步骤 S408给 BS发送过寻呼响应消息, 克隆终端 MS_1也会设 置定时器等信道指派消息。所以信道指派消息也可能被克隆终端 MS_1收到; 步骤 S510, 克隆终端 MS_1收到信道指派消息后, 进入业务信道。 这样 就会出现"串话"现象。 为解决图 5所示实施例的"串话"问题, 优选地, 上述方法还可以包括: 上述终端将接收到的信道指派消息中携带的上述更新后的 COUNT值与上述 终端的 COUNT值进行比较, 确定是否一致; 如果一致, 则处理上述信道指 派消息, 进入业务信道, 否则丢弃信道指派信息, 拒绝进入上述业务信道。 为更好地理解上述优选方案, 下面结合实施例三进行说明。 实施例三 本实施例通过修改空口协议实现, 需要在信道指派消息中也增加 General Page message; Step S408, the clone terminal MS_1 first returns a paging response message to the BS, and the COUNT value in the Page Response message is 0. The BS determines that the COUNT value of the paging response is inconsistent with the COUNT value of the paging request, and considers that it is the paging response of the cloned terminal back, discarding the paging response message; Step S410, the legitimate terminal MS_2 returns a paging response message to the BS, The COUNT value in the message is 1. The BS determines that the COUNT value of the paging response is consistent with the COUNT value of the paging request, and is considered to be a paging response of the legitimate terminal back. In step S412, the BS sends a paging response message to the MSC. When the authentication center performs COUNT authentication, the COUNT value of the comparison Page Response message is consistent with the COUNT value saved by the authentication center, and the authentication is passed to continue the processing of the call flow. In the case where the cloned terminal and the legal terminal are in the same cell, the above solution cannot be solved. After the terminal sends the paging response message to the BS, the timer is set to wait for the channel assignment message. Therefore, in the above example, even if the BS discards the paging response message of the cloned terminal, only the paging response message of the legitimate terminal is processed, but the clone terminal is And the legitimate terminal is waiting for the channel assignment message, so the gram Both the terminal and the legitimate terminal receive the channel assignment message sent by the BS. Both the clone terminal and the legitimate terminal enter the traffic channel. At this time, the "crosstalk" phenomenon may occur. In order to better understand the above-mentioned "crosstalk" process, the above process will be described in detail below with reference to FIG. 5. The embodiment shown in FIG. 5 needs to perform all the steps of the embodiment shown in FIG. 4 in the specific implementation. As shown in FIG. 5, the method mainly includes the following processing: Step S502: The MSC sends a channel assignment request ( Assignment Request) message to the BS. Step S504, the BS sends a channel assignment message to the cell that the legal terminal MS_2 accesses and the non-access message that supports the access handover or supports the access probe handover; Step S506: After the legal terminal MS_2 receives the channel assignment message, enters the service. Channel S508, if the clone terminal MS_1 and the legal terminal MS_2 are in the same 'j, zone, because the clone terminal MS_1 sends a paging response message to the BS in step S408, the clone terminal MS_1 also sets a channel assignment message such as a timer. The channel assignment message may also be received by the clone terminal MS_1; in step S510, the clone terminal MS_1 receives the channel assignment message and enters the service letter. In order to solve the "crosstalk" problem of the embodiment shown in FIG. 5, the method may further include: the terminal is to receive the updated information carried in the received channel assignment message. The COUNT value is compared with the COUNT value of the terminal to determine whether they are consistent; if they are consistent, the channel assignment message is processed to enter the traffic channel, otherwise the channel assignment information is discarded, and the access to the traffic channel is denied. To better understand the above preferred solution The following is described in conjunction with the third embodiment. Embodiment 3 This embodiment is implemented by modifying an air interface protocol, and needs to be added in the channel assignment message.
COUNT字段, 呼叫建立时把合法终端的 COUNT值填写到信道指派中, 终 端收到信道指派后用消息中的 COUNT值与自身保存的 COUNT值比较, COUNT值不一致时不处理信道指派消息, COUNT值一致时才处理信道指派 消息。 具体地, 如图 6所示, 需要说明的是, 本实施例在具体实施前需要先 进行图 5所示实施例中的步骤 S502以及步骤 S502之前的图 4上述实施例的 步骤。 具体地, 该具体实施方案包括: 步骤 S602, BS向合法终端 MS_2接入的小区和支持接入切换或支持接 入试探切换的非接入消息发送信道指派消息, 消息中带有合法终端 MS_2的 COUNT值; 步骤 S604,合法终端 MS_2收到信道指派消息后判断信道指派消息中的 COUNT值与终端保存的 COUNT值一致, 处理信道指派消息, 进入业务信 道; 步骤 S606, 若克隆终端 MS_1和合法终端 MS_2在同一' 区, 因为克隆 终端 MS_1在步骤 d给 BS发送过寻呼响应消息, 克隆终端 MS_1也会设置 定时器等信道指派消息。 所以信道指派消息也可能被克隆终端 MS_1收到, 信道指派消息中带有合法终端 MS_2的 COUNT值; 克隆终端 MS_1收到信道指派消息后 ,判断信道指派消息中带的 COUNT 值与终端保存的 COUNT值不一致,丢弃信道指派消息。因此克隆终端 MS_1 不会进入业务信道, 不会出现克隆终端 MS_1与合法终端 MS_2的"串话,,问 题。 图 7为 居发明实施例合法终端的判定系统的结构框图。 如图 7所示, 该判定系统包括:终端 70和移动交互中心 MSC72,其特征在于,上述 MSC72 包括: 第一接收模块 722 , 设置为接收来自于上述终端 70的 COUNT值; 第一判断模块 724,设置为将上述 MSC保存在鉴权实体中的 COUNT值 与上述接收到的上述终端 70的 COUNT值进行比较, 确定是否一致, 其中, 上述 MSC72保存的 COUNT值为合法终端的 COUNT值; 上述第一判断模块, 在确定一致的情况下, 判定上述终端 70为合法终 端, 否则, 判定上述终端 70为克隆终端。 优选地, 如图 8所示, 上述终端 70包括: 第一更新模块 702 , 设置为响 应核心网发起的参数更新流程, 更新上述终端 70的 COUNT值并保存; 上述 MSC72还包括: 第二更新模块 726, 设置为将上述 MSC72保存在鉴权实体 中的 COUNT值更新为上述第一更新模块 702更新后的 COUNT值。 优选地, 如图 8所示, 上述系统还包括: 基站 BS74, 上述 BS74包括: 第二接收模块 742 , 设置为接收来自于上述终端 70的 COUNT值, 并发送给 上述 MSC72; 上述第一接收模块 722 , 还设置为接收来自于上述第二接收模 块 742的上述终端的 COUNT值。 上述第二接收模块 742, 还设置为接收并 保存来自于上述 MSC72的寻呼请求, 其中, 上述寻呼请求携带有上述终端 70更新后的 COUNT值; 优选地, 如图 8所示, 上述 BS74还包括: 第二判断模块 744, 设置为上 述 BS74保存的 COUNT值与上述终端 70反馈的寻呼响应消息中携带的 COUNT值进行比较, 如果一致, 则判定上述终端 70为合法终端; 否则, 判 定上述终端为克隆终端, 丢弃该寻呼响应消息。 优选地, 如图 8所示, 上述终端 70还可以包括: 第三判断模块 704, 设 置为将接收到的信道指派消息中携带的上述更新后的 COUNT值与上述终端 70的 COUNT值进行比较, 确定是否一致; 如果一致, 则处理上述信道指派 消息, 进入业务信道, 否则丢弃信道指派信息, 拒绝进入上述业务信道。 需要注意的是, 上述实施例在具体应用时,可以先进行其它方式的鉴权, 如相关技术中利用 ESN或 A-key对终端进行鉴权,然后再进行本发明上述实 施例上述利用鉴权参数的 COUNT值鉴权, 这样本发明实施例应用性更强。 需要注意的是, 上述鉴权实体包括: 移动软交换中心 (Mobile Switching Center emulation, 简称为 MSCe ), 归属位置寄存器( Home Location Register, 简称为 HLR ),其中, 共享秘、密数据 ( Shared Secret Data, 简称为 SSD ) 可以 共享在上述 MSCe中, 不共享在上述 HLR中。 需要注意的是, 上述系统中的各模块相关结合的优选工作方式具体可以 上述方法实施例的描述, 此处不再赘述。 综上所述, 本发明利用鉴权信息中的 COUNT字段来区分合法终端和克 隆终端。 解决了相关技术中在通信网络中无法区分完全克隆终端和合法终端 而导致的克隆终端对合法终端的不良影响, 如克隆终端盗用网络资源及由此 导致的串话问题, 从而有效保护了合法终端的权益。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 并 且在某些情况下, 可以以不同于此处的顺序执行所示出或描述的步 4聚, 或者 将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作 成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件 结合。 以上仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域 的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围 之内。 In the COUNT field, the COUNT value of the legal terminal is filled in the channel assignment when the call is established. After receiving the channel assignment, the terminal compares the COUNT value in the message with the COUNT value saved by itself, and does not process the channel assignment message when the COUNT value is inconsistent, COUNT value The channel assignment message is processed only when it is consistent. Specifically, as shown in FIG. 6, it should be noted that, in this embodiment, the steps of the foregoing embodiment of FIG. 4 before the step S502 and the step S502 before the step S502 are performed before the specific implementation. Specifically, the specific implementation includes: Step S602: The BS sends a channel assignment message to the cell that is accessed by the legal terminal MS_2 and the non-access message that supports the access handover or supports the access probe handover, where the message carries the COUNT value of the legal terminal MS_2. Step S604, the legal terminal MS_2 After receiving the channel assignment message, determining that the COUNT value in the channel assignment message is consistent with the COUNT value saved by the terminal, processing the channel assignment message, and entering the traffic channel; step S606, if the clone terminal MS_1 and the legitimate terminal MS_2 are in the same 'area, because the clone terminal The MS_1 sends a paging response message to the BS in step d, and the clone terminal MS_1 also sets a channel assignment message such as a timer. Therefore, the channel assignment message may also be received by the clone terminal MS_1, and the channel assignment message carries the COUNT value of the legal terminal MS_2; after receiving the channel assignment message, the clone terminal MS_1 determines the COUNT value in the channel assignment message and the COUNT saved by the terminal. The values are inconsistent and the channel assignment message is discarded. Therefore, the clone terminal MS_1 does not enter the traffic channel, and there is no "crosstalk" between the clone terminal MS_1 and the legitimate terminal MS_2. FIG. 7 is a structural block diagram of the determination system of the legal terminal of the embodiment of the invention. As shown in FIG. The determining system includes: a terminal 70 and a mobile interaction center MSC 72, wherein the MSC 72 includes: a first receiving module 722 configured to receive a COUNT value from the terminal 70; and a first determining module 724 configured to: The COUNT value stored in the authentication entity is compared with the received COUNT value of the terminal 70 to determine whether the COUNT value is the COUNT value of the legal terminal. The first determining module determines In the case of the same, it is determined that the terminal 70 is a legitimate terminal, otherwise, the terminal 70 is determined to be a clone terminal. Preferably, as shown in FIG. 8, the terminal 70 includes: a first update module 702, configured to respond to the core network. The parameter update process updates the COUNT value of the terminal 70 and saves the foregoing; the MSC 72 further includes: a second update module 726, configured to The COUNT value of the MSC 72 stored in the authentication entity is updated to the COUNT value of the first update module 702. Preferably, as shown in FIG. 8, the system further includes: a base station BS74, where the BS 74 includes: a second receiving module 742, configured to receive the COUNT value from the terminal 70, and send it to The MSC 72; the first receiving module 722 is further configured to receive the COUNT value of the terminal from the second receiving module 742. The second receiving module 742 is further configured to receive and save a paging request from the MSC 72, where the paging request carries the updated COUNT value of the terminal 70; preferably, as shown in FIG. 8, the BS74 The method further includes: a second determining module 744, configured to compare the COUNT value saved by the BS 74 with the COUNT value carried in the paging response message fed back by the terminal 70, and if yes, determine that the terminal 70 is a legal terminal; otherwise, determine The terminal is a clone terminal, and the paging response message is discarded. Preferably, as shown in FIG. 8, the terminal 70 may further include: a third determining module 704, configured to compare the updated COUNT value carried in the received channel assignment message with the COUNT value of the terminal 70, Determining whether they are consistent; if they are consistent, the above channel assignment message is processed, and the traffic channel is entered, otherwise the channel assignment information is discarded, and the access to the service channel is denied. It should be noted that, in the specific application, the foregoing method may perform other methods of authentication. For example, in the related art, the terminal is authenticated by using the ESN or the A-key, and then the foregoing use authentication of the foregoing embodiment of the present invention is performed. The COUNT value of the parameter is authenticated, so that the embodiment of the present invention is more applicable. It should be noted that the above authentication entities include: Mobile Switching Center emulation (MSCe), Home Location Register (HLR), where shared secret and secret data (Shared Secret Data) , referred to as SSD for short) can be shared in the above MSCe, not shared in the above HLR. It should be noted that the preferred working manners of the related modules in the foregoing system may be specifically described in the foregoing method embodiments, and details are not described herein again. In summary, the present invention utilizes the COUNT field in the authentication information to distinguish between a legitimate terminal and a clone terminal. The invention solves the adverse effects of the cloned terminal on the legitimate terminal caused by the inability to distinguish the completely cloned terminal and the legal terminal in the communication network, such as the cloning terminal stealing network resources and the crosstalk problem caused thereby, thereby effectively protecting the legal terminal Rights. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. Perform the steps shown or described, or They are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claims
1. 一种合法终端的判定方法, 应用于移动通信网络, 包括: A method for determining a legal terminal, applied to a mobile communication network, comprising:
移动交互中心 MSC接收来自于终端的 COUNT值;  The mobile interaction center MSC receives the COUNT value from the terminal;
所述 MSC将其保存在鉴权实体中的 COUNT值与所述接收到的所 述终端的 COUNT值进行比较, 确定是否一致, 其中, 所述 MSC在鉴 权实体中保存的 COUNT值为合法终端的 COUNT值; 在确定一致的情况下, 判定所述终端为合法终端, 否则, 判定所 述终端为克隆终端。  The MSC compares the COUNT value stored in the authentication entity with the received COUNT value of the terminal to determine whether the COUNT value is the legal terminal. The COUNT value; in the case of determining consistency, the terminal is determined to be a legitimate terminal, otherwise, the terminal is determined to be a clone terminal.
2. 根据权利要求 1所述的方法, 其中, 在所述 MSC接收来自于终端的 COUNT值之前, 还包括: 2. The method according to claim 1, wherein before the MSC receives the COUNT value from the terminal, the method further includes:
所述合法终端响应核心网发起的参数更新流程, 更新所述合法终 端的 COUNT值并保存;  The legal terminal responds to the parameter update process initiated by the core network, and updates the COUNT value of the legal terminal and saves the value;
所述 MSC将保存在鉴权实体中的 COUNT值更新为所述合法终端 更新后的 COUNT值。  The MSC updates the COUNT value stored in the authentication entity to the updated COUNT value of the legal terminal.
3. 根据权利要求 1或 2所述的方法, 其中, 所述 MSC接收来自于终端的 COUNT值包括: The method according to claim 1 or 2, wherein the MSC receiving the COUNT value from the terminal comprises:
基站 BS接收来自于所述终端的 COUNT值,并发送给所述 MSC; 所述 MSC接收来自于所述 BS的所述终端的 COUNT值。  The base station BS receives the COUNT value from the terminal and sends it to the MSC; the MSC receives the COUNT value from the terminal of the BS.
4. 根据权利要求 2所述的方法, 其中, 4. The method according to claim 2, wherein
所述合法终端响应核心网发起的参数更新流程, 更新所述合法终 端的 COUNT值包括:  The legal terminal responds to the parameter update process initiated by the core network, and updating the COUNT value of the legal terminal includes:
BS接收所述 MSC参数更新请求消息并发送参数更新指令消息给 所述合法终端;  Receiving, by the BS, the MSC parameter update request message, and sending a parameter update command message to the legal terminal;
所述合法终端接收所述 BS的参数更新指令消息, 对所述合法终 端的 COUNT值进行更新并发送参数更新确认指令消息给所述 BS; 所述 MSC将保存在鉴权实体中的 COUNT值更新为所述合法终端 更新后的 COUNT值包括: 所述 BS发送参数更新确认消息给所述 MSC; The legal terminal receives the parameter update instruction message of the BS, updates the COUNT value of the legal terminal, and sends a parameter update confirmation instruction message to the BS; the MSC updates the COUNT value stored in the authentication entity. The updated COUNT value for the legal terminal includes: Sending, by the BS, a parameter update confirmation message to the MSC;
所述 MSC接收到所述参数更新确认消息后, 将所述 MSC保存在 鉴权实体中的 COUNT值更新为所述终端更新后的所述鉴权参数的 COUNT值。 根据权利要求 4所述的方法, 其中, 所述方法还包括:  After receiving the parameter update confirmation message, the MSC updates the COUNT value stored in the authentication entity to the COUNT value of the authentication parameter after the terminal is updated. The method according to claim 4, wherein the method further comprises:
所述 BS接收并保存来自于所述 MSC的寻呼请求, 其中, 所述寻 呼请求携带有所述终端更新后的 COUNT值;  The BS receives and stores a paging request from the MSC, where the paging request carries the updated COUNT value of the terminal;
所述 BS将其保存的 COUNT值与所述终端反馈的寻呼响应消息中 携带的 COUNT值进行比较, 如果一致, 则判定所述终端为合法终端; 否则, 判定所述终端为克隆终端, 丢弃该寻呼响应消息。 根据权利要求 4所述的方法, 其中, 所述方法还包括:  The BS compares the saved COUNT value with the COUNT value carried in the paging response message fed back by the terminal, and if yes, determines that the terminal is a legal terminal; otherwise, determines that the terminal is a clone terminal, and discards The page response message. The method according to claim 4, wherein the method further comprises:
所述终端将接收到的信道指派消息中携带的所述更新后的  The terminal will receive the updated channel carried in the received channel assignment message
COUNT值与所述终端的 COUNT值进行比较, 确定是否一致; The COUNT value is compared with the COUNT value of the terminal to determine whether they are consistent;
如果一致, 则处理所述信道指派消息, 进入业务信道, 否则丢弃 信道指派信息, 拒绝进入所述业务信道。 一种合法终端的判定系统, 所述判定系统包括: 终端和移动交互中心 MSC, 其中, 所述 MSC包括:  If they are consistent, the channel assignment message is processed, entering the traffic channel, otherwise the channel assignment information is discarded and the access to the traffic channel is denied. A system for determining a legal terminal, the determining system includes: a terminal and a mobile interaction center MSC, where the MSC includes:
第一接收模块, 设置为接收来自于所述终端的 COUNT值; 第一判断模块, 设置为将所述 MSC保存在鉴权实体中的 COUNT 值与所述接收到的所述终端的 COUNT值进行比较, 确定是否一致, 其中,所述 MSC保存在鉴权实体中的 COUNT值为合法终端的 COUNT 值;  a first receiving module, configured to receive a COUNT value from the terminal; a first determining module, configured to save the COUNT value of the MSC in the authentication entity and the received COUNT value of the terminal The COUNT value stored in the authentication entity is the COUNT value of the legal terminal;
所述第一判断模块, 在确定一致的情况下, 判定所述终端为合法 终端, 否则, 判定所述终端为克隆终端。 根据权利要求 7所述的系统, 其中,  The first determining module determines that the terminal is a legal terminal if the determination is consistent, otherwise, determines that the terminal is a clone terminal. The system according to claim 7, wherein
所述终端包括: 第一更新模块, 设置为响应核心网发起的参数更 新流程, 更新所述终端的 COUNT值并保存;  The terminal includes: a first update module, configured to respond to a parameter update process initiated by the core network, update a COUNT value of the terminal, and save the COUNT value;
所述 MSC还包括: 第二更新模块, 设置为将所述 MSC保存在鉴 权实体中的 COUNT值更新为所述第一更新模块更新后的 COUNT值。 The MSC further includes: a second update module, configured to update the COUNT value stored in the authentication entity by the MSC to the updated COUNT value of the first update module.
. 根据权利要求 7所述的系统, 其中, 所述系统还包括: 基站 BS; The system according to claim 7, wherein the system further comprises: a base station BS;
所述 BS包括: 第二接收模块, 设置为接收来自于所述终端的 COUNT值, 并发送给所述 MSC;  The BS includes: a second receiving module, configured to receive a COUNT value from the terminal, and send the COUNT value to the MSC;
所述第一接收模块, 还设置为接收来自于所述第二接收模块的所 述终端的 COUNT值。  The first receiving module is further configured to receive a COUNT value of the terminal from the second receiving module.
10. 根据权利要求 9所述的系统, 其中, 10. The system according to claim 9, wherein
所述第二接收模块,还设置为接收并保存来自于所述 MSC的寻呼 请求, 其中, 所述寻呼请求携带有所述终端更新后的 COUNT值; 所述 BS还包括: 第二判断模块, 设置为所述 BS保存的 COUNT 值与所述终端反馈的寻呼响应消息中携带的 COUNT值进行比较, 如 果一致, 则判定所述终端为合法终端; 否则, 判定所述终端为克隆终 端, 丢弃该寻呼响应消息。  The second receiving module is further configured to receive and save a paging request from the MSC, where the paging request carries the updated COUNT value of the terminal; the BS further includes: a module, configured to compare the COUNT value saved by the BS with a COUNT value carried in a paging response message fed back by the terminal, and if yes, determine that the terminal is a legal terminal; otherwise, determine that the terminal is a clone terminal. , discard the paging response message.
11. 根据权利要求 7所述的系统, 其中, 所述终端还包括: The system of claim 7, wherein the terminal further comprises:
第三判断模块, 设置为将接收到的信道指派消息中携带的所述更 新后的 COUNT值与所述终端的 COUNT值进行比较, 确定是否一致; 如果一致, 则处理所述信道指派消息, 进入业务信道, 否则丢弃信道 指派信息, 拒绝进入所述业务信道。  The third determining module is configured to compare the updated COUNT value carried in the received channel assignment message with the COUNT value of the terminal to determine whether the consistency is consistent; if they are consistent, process the channel assignment message, and enter Traffic channel, otherwise discarding channel assignment information, denying access to the traffic channel.
PCT/CN2011/073478 2010-11-18 2011-04-28 Method and system for judging legal terminal WO2012065405A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010551450.1 2010-11-18
CN201010551450.1A CN102014388B (en) 2010-11-18 2010-11-18 Method and system for determining legal terminal

Publications (1)

Publication Number Publication Date
WO2012065405A1 true WO2012065405A1 (en) 2012-05-24

Family

ID=43844357

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/073478 WO2012065405A1 (en) 2010-11-18 2011-04-28 Method and system for judging legal terminal

Country Status (2)

Country Link
CN (1) CN102014388B (en)
WO (1) WO2012065405A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11889584B2 (en) 2020-08-12 2024-01-30 Apple Inc. Updating user equipment parameters

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014388B (en) * 2010-11-18 2014-11-05 中兴通讯股份有限公司 Method and system for determining legal terminal
CN102355658B (en) * 2011-06-29 2013-12-25 中国电信股份有限公司 Authentication parameter updating method, apparatus thereof and system thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1953615A (en) * 2006-09-22 2007-04-25 华为技术有限公司 A method and device to perfect the terminal authentication
CN101022637A (en) * 2007-03-09 2007-08-22 华为技术有限公司 Method and device for testing mobile device
CN102014388A (en) * 2010-11-18 2011-04-13 中兴通讯股份有限公司 Method and system for determining legal terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100576910B1 (en) * 2003-09-27 2006-05-03 엘지전자 주식회사 Interception Method For Simultaneous Communication Of Illegality Reproduction Terminal In The Mobile Communication System

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1953615A (en) * 2006-09-22 2007-04-25 华为技术有限公司 A method and device to perfect the terminal authentication
CN101022637A (en) * 2007-03-09 2007-08-22 华为技术有限公司 Method and device for testing mobile device
CN102014388A (en) * 2010-11-18 2011-04-13 中兴通讯股份有限公司 Method and system for determining legal terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11889584B2 (en) 2020-08-12 2024-01-30 Apple Inc. Updating user equipment parameters

Also Published As

Publication number Publication date
CN102014388B (en) 2014-11-05
CN102014388A (en) 2011-04-13

Similar Documents

Publication Publication Date Title
US10716002B2 (en) Method and system for authenticating access in mobile wireless network system
US8611859B2 (en) System and method for providing secure network access in fixed mobile converged telecommunications networks
JP5216921B2 (en) Method and apparatus for creating an association between a user equipment and an access point
WO2019019736A1 (en) Security implementation method, and related apparatus and system
US20180192264A1 (en) Open Access Points for Emergency Calls
TW201739276A (en) Enhanced non-access stratum security
CN109922474B (en) Method for triggering network authentication and related equipment
JP2011141877A (en) Authentication in communication system
JP2013524556A (en) Communications system
NZ542484A (en) Using shared secret data (SSD) to authenticate between a CDMA network and a GSM network
TW200952424A (en) Authenticating a wireless device in a visited network
JP2005110112A (en) Method for authenticating radio communication device in communication system, radio communication device, base station and authentication device
WO2009030164A1 (en) A method, system and device for preventing the degradation attack while terminal is moving
KR20100085185A (en) Inter-working function for a communication system
CN110351725B (en) Communication method and device
WO2013185709A1 (en) Call authentication method, device, and system
WO2014029267A1 (en) Method, apparatus, and system for implementing ue registration and service call
EP1305967A1 (en) Control of unciphered user traffic
WO2012065405A1 (en) Method and system for judging legal terminal
CN116723507B (en) Terminal security method and device for edge network
WO2023011630A1 (en) Authorization verification method and apparatus
WO2009097749A1 (en) A method, system and apparatus for protecting user from cheat by home nodeb
KR101434750B1 (en) Geography-based pre-authentication for wlan data offloading in umts-wlan networks
WO2021134344A1 (en) Method for controlling communication access, ap and communication device
WO2012079438A1 (en) Method and apparatus for updating call history count

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11841595

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11841595

Country of ref document: EP

Kind code of ref document: A1