WO2016015509A1 - 用于移动通信系统中的终端认证方法和装置 - Google Patents
用于移动通信系统中的终端认证方法和装置 Download PDFInfo
- Publication number
- WO2016015509A1 WO2016015509A1 PCT/CN2015/079303 CN2015079303W WO2016015509A1 WO 2016015509 A1 WO2016015509 A1 WO 2016015509A1 CN 2015079303 W CN2015079303 W CN 2015079303W WO 2016015509 A1 WO2016015509 A1 WO 2016015509A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- authentication
- mobile communication
- communication network
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/43—Security arrangements using identity modules using shared identity modules, e.g. SIM sharing
Definitions
- the present invention relates to the field of communications, and in particular to a terminal authentication method and apparatus for use in a mobile communication system.
- SIM Subscriber Identity Module
- a mobile communication service provider such as China Mobile, China Unicom, China Telecom, etc.
- the communication service corresponding to the SIM card is paid, so that the mobile communication service (such as making a call, sending a text message, accessing the Internet, etc.) can be obtained by inserting the SIM card into the terminal.
- the mobile communication service provider charges according to the usage or resource occupation of the mobile communication by the user.
- the SIM card information can be used to authenticate the terminal to the mobile communication network.
- SIM card-based mobile communication requires a SIM card slot to be preset on the mobile phone, which restricts the development of the thin and light of the smart phone.
- a main object of the present invention is to provide a terminal authentication method and apparatus for use in a mobile communication system to solve the problem that the SIM card in the related art restricts the development of the terminal.
- a terminal authentication method for use in a mobile communication system includes: the authentication end acquires the first authentication information sent by the terminal, the terminal is configured to obtain the first credential information input by the user, and determine the first credential information according to the first credential information, where the first credential letter The information is the information verified by the target software; the authentication end authenticates the terminal according to the first authentication information; and after the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network.
- another terminal authentication apparatus for use in a mobile communication system.
- the device includes: a first obtaining unit, configured to enable the authentication end to acquire first authentication information sent by the terminal, the terminal is configured to acquire first credential information input by the user, and determine first authentication information according to the first credential information, where The credential information is information that is verified by the target software; the first authentication unit is configured to enable the authentication end to authenticate the terminal according to the first authentication information; and the authorization unit is configured to enable the authentication end to successfully authenticate the terminal according to the first authentication information.
- the mobile communication network authorizes the terminal to access the mobile communication network.
- a storage medium for storing the program code executed by the terminal authentication method for use in a mobile communication system is also provided.
- the first credential information input by the user is obtained by the terminal, wherein the first credential information is information verified by the target software; the terminal determines the first authentication information according to the first credential information; and the terminal sends the first credential information to the authentication. End, wherein the authentication end is used to authenticate the terminal according to the first authentication information; and after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network, and the SIM card is restricted in the related technology.
- the problem of thin and light development has reached the effect of facilitating the development of thin and light terminals.
- FIG. 1 is a flowchart of a terminal authentication method for use in a mobile communication system according to an embodiment of the present invention
- FIG. 2 is a schematic diagram of a terminal authentication system for use in a mobile communication system according to an embodiment of the present invention
- FIG. 3 is a schematic diagram of an interface for setting a terminal function according to an embodiment of the present invention.
- FIG. 4 is a schematic diagram of an authentication information generating process according to an embodiment of the present invention.
- FIG. 5 is a schematic diagram of another authentication information generating process according to an embodiment of the present invention.
- FIG. 6 is a schematic diagram of authenticating a terminal according to an embodiment of the present invention.
- FIG. 7 is a flow chart of another method for terminal authentication in a mobile communication system according to an embodiment of the present invention.
- FIG. 8 is a schematic diagram of an authentication process of a terminal by a mobile communication server according to an embodiment of the present invention.
- FIG. 9 is a schematic diagram of an authentication process of a terminal by a third-party software server according to an embodiment of the present invention.
- FIG. 10 is a schematic diagram of a terminal authentication apparatus for use in a mobile communication system according to an embodiment of the present invention.
- FIG. 11 is a schematic diagram of another terminal authentication apparatus for use in a mobile communication system according to an embodiment of the present invention.
- a terminal authentication method for use in a mobile communication system the terminal authentication method for use in a mobile communication system for authenticating a terminal in a mobile communication system according to authentication information of a target software Certification.
- the terminal authentication method for use in a mobile communication system can operate on a computer processing device.
- FIG. 1 is a flow chart of a method for terminal authentication in a mobile communication system according to an embodiment of the present invention.
- the method includes the following steps S102 to S108:
- Step S102 The terminal acquires first credential information input by the user.
- the first credential information is information verified by the target software.
- Step S104 The terminal determines the first authentication information according to the first credential information.
- Step S106 The terminal sends the first authentication information to the authentication end.
- the authentication end is configured to authenticate the terminal according to the first authentication information.
- Step S108 After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network.
- the terminal when the terminal enters the coverage area of the mobile communication network, the terminal can automatically communicate with the mobile communication network according to the first credential information and authenticate the terminal identity. After the authentication, the authentication end can send the authentication result to the mobile communication network. If the authentication is passed, the terminal can access the mobile communication network and obtain the mobile communication service; if the authentication fails, the terminal cannot access the mobile communication network, and thus cannot obtain the mobile communication service.
- the mobile communication network may send an authentication information request to the terminal before the terminal sends the first authentication information to the authentication end. After receiving the authentication information request, the terminal sends the first authentication information to the authentication end according to the authentication information request.
- whether the terminal enters the coverage area of the mobile communication network can be determined based on the detection of the terminal.
- the base station periodically transmits a CRS (Common Reference Signal), and the terminal detects the strength of the CRS.
- CRS Common Reference Signal
- the LTE (Long Term Evolution) system calculates the RSRP based on the measurement of the CRS (Reference Signal Received Power). , reference signal received power) or RSRQ (Reference Signal Received Quality), after the strength of the CRS reaches a certain threshold, it is determined that the terminal has entered the mobile network coverage area.
- a base station deployed by an operator periodically transmits system-related information (such as bandwidth-related, base station antenna number, and other physical layer-related information, and PLMN (Public Land Mobile Network, or public land mobile network).
- system-related information such as bandwidth-related, base station antenna number, and other physical layer-related information, and PLMN (Public Land Mobile Network, or public land mobile network).
- PLMN Public Land Mobile Network, or public land mobile network
- the terminal automatically communicates with the mobile communication network according to the first credential information and authenticates the terminal; as a preferred embodiment, the user inputs credential information to the terminal. After that, the credential information will be stored in the terminal for subsequent authentication. In this way, when the terminal enters two mobile network coverage areas that do not overlap each other at different times, it automatically communicates with the mobile communication network according to the credential information and authenticates the terminal, thereby improving the user experience.
- the terminal may also prompt the user to input the credential information according to the preset condition. For example, when the terminal restarts and the flight mode is changed from the open state to the closed state, the user may be prompted to input the credential. information. It should be noted that, here, the user is still not required to re-enter the credential information each time he enters the new network coverage area.
- the terminal may include not only a mobile phone or a mobile phone, but also other devices capable of transmitting and receiving wireless signals.
- the terminal may be a smart home appliance, or may be a device that can spontaneously communicate with the mobile communication network without the operation of a person.
- the first authentication information can be used to authenticate the terminal in target software developed by a third party other than the user and the mobile communication service provider.
- the target software may be "WeChat” software or "QQ” software developed by Tencent, or "Mi Chat” software developed by Huawei Company.
- the user can input the first credential information to the terminal in various manners. For example, the user can input the first credential information by typing on the terminal through a physical keyboard or a virtual keyboard or by scanning.
- the mobile communication network and the third-party target software are in different networks, and the two networks control the data transmission through the gateway to ensure the security of the respective information.
- the terminal communicates with a base station in a mobile communication network, and the base station is connected to a third-party network through a gateway in the mobile communication network, wherein the third-party network includes a third-party software server and a third-party gateway.
- the first authentication information may be a username, a password, or a combination of both of the target software.
- the first credential information may be a WeChat ID (Identity), or a WeChat ID and password, or a Mi Chat ID, or a Mi Chat ID and password.
- the form of the username and password may include a plurality of types, and is not limited herein.
- it may be biometric information (such as fingerprint information, retinal information, palm print information, iris information, facial feature information, voice feature information, signature feature information, DNA (Deoxyribonucleic acid) information, etc.); It can be certificate information; it can also be sound, audio, symbols, lines, and the like.
- the first credential information may be any combination of the foregoing information forms.
- the user may also input the facial feature information while inputting the fingerprint information, or may input the sound information after inputting the fingerprint information.
- the first credential information is used as the information verified by the target software, and the target software can be authenticated and the service is obtained.
- the user can use the first credential information to use the client software of Tencent QQ on a PC (Personal Computer).
- the biometric information such as the fingerprint, the retina, and the sound is used as the voucher information, so that the user can freely communicate without being bound by the SIM card.
- the credential information of the software designed by the third party is used as the authentication basis for the terminal to access the mobile communication network, so that the SIM slot does not need to be set in the terminal, and the SIM card does not need to be inserted, thereby avoiding the development of the traditional large-size SIM card to the terminal.
- the restrictions brought about is beneficial to the thin and light design of the terminal, and the credential information of the software designed by the third party is used to authenticate the mobile communication network, so that the software designed by the third party can become the entrance of the mobile communication network, which is beneficial to the development of the mobile Internet and Innovation.
- the terminal may include one or more terminals.
- the terminal may include the first terminal and the second terminal, so that when the user inputs the first terminal and the second terminal respectively,
- the same credential information for example, after the second terminal authenticates according to the credential information, if the first terminal also performs authentication according to the same credential information, the first terminal and the second terminal may be authenticated by mode 1 or mode 2. :
- the first terminal acquires first credential information input by the user.
- the first terminal determines the first authentication information according to the first credential information.
- the first terminal sends the first authentication information to the authentication end.
- the authentication end receives the first authentication information sent by the first terminal.
- the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
- the authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
- the mobile communication network interrupts the connection between the second terminal and the mobile communication network.
- the second terminal after the first terminal passes the authentication of the mobile communication network, the second terminal cannot maintain communication with the mobile communication network. That is, if the second terminal first authenticates successfully in the mobile communication network through a certain credential information, and then the mobile communication network detects that the credential information is used to authenticate the first terminal, after the first terminal successfully authenticates, the mobile communication The network authorizes the first terminal to communicate with the mobile communication network and interrupts communication between the second terminal and the mobile communication network.
- the user information stored on the second terminal may be automatically deleted, or the user information on the second terminal may be remotely deleted on the first terminal.
- the user information may include at least one of the following information: a short message, a call record, an address book, a photo, a mail, a memo, data stored by the user on the application software, and the like.
- the following steps may be performed:
- the authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal.
- the second terminal interrupts the connection with the mobile communication network.
- the priority judgment may be based on: the mobile communication network may send a request response to the first terminal and the second terminal, and authorize the first responding terminal to have a higher priority.
- the first terminal acquires first credential information input by the user.
- the first terminal determines the first authentication information according to the first credential information.
- the first terminal sends the first authentication information to the authentication end.
- the authentication end receives the first authentication information sent by the first terminal.
- the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
- the authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
- the second terminal maintains a connection with the mobile communication network.
- the first terminal acquires a first type of mobile communication service provided by the mobile communication network.
- the second terminal acquires a second type of mobile communication service provided by the mobile communication network.
- the first terminal and the second terminal can simultaneously maintain communication with the mobile communication network.
- the mobile communication network may send a message to the two terminals to prompt that other terminals use the same credential information for authentication.
- the first type of mobile communication service and the second type of mobile communication service may be different.
- the first type of mobile communication service may have more service categories than the second type of mobile communication service.
- the first type of mobile communication service may include services of a CS (Circuit Switch) domain and a PS (Packet Switch) domain
- the second type of mobile communication service may include only services of the PS domain, or vice versa.
- the service in the CS domain may be a voice call, so that a plurality of terminals can be answered when someone else pages the voucher information.
- the first terminal can perform voice, video, data transmission and the like communication with the mobile communication network, and the second terminal can perform voice communication with the mobile communication network.
- the first terminal has the function of viewing the geographic location of the second terminal, and the second terminal does not have the function of viewing the geographic location of the first terminal.
- the first terminal has the function of controlling the security of the second terminal, and the second terminal does not have the function of controlling the security of the first terminal, for example, the function that the first terminal can authorize the second terminal to access the information corresponding to the credential information .
- the user may select a communication function and a communication service for the first terminal and the second terminal on the terminal, and may set on the setting interface of the terminal, or may log in to the application software or webpage of the mobile communication service provider. Make settings.
- the user can enable/disable different types of services for the first terminal and the second terminal. As shown in FIG. 3, “ ⁇ ” indicates that the corresponding service is started.
- the mobile communication network may charge for the mobile communication service based on the credential information.
- the mobile communication network can charge the same credential according to all mobile communication services used by multiple terminals. For example, the second terminal downloads 100 Mbits of content in the first time period, and the first terminal downloads 200 Mbits of content in the second time period, and the mobile communication network calculates the 300 Mbit traffic of the voucher in the two time periods. fee. In this way, the user experience can be improved.
- Intelligent anti-theft If a user's mobile phone is stolen, the user can enter his or her voucher information on another terminal to view the geographical location of the terminal using the same voucher information, thereby locating the stolen mobile phone and remotely deleting it. Voucher information on the stolen mobile phone to avoid information leakage.
- Traffic sharing Multiple terminals can input the same credential information at the same time, so that the traffic corresponding to the same credential information can be shared.
- Security credential when the first terminal uses a certain credential information to obtain the mobile communication service, if the network detects that the second terminal also uses the same credential information to access the network, it sends a message to the first terminal to remind the user holding the first terminal to pay attention. The security of your own voucher information.
- Convenient communication As long as there is a terminal, it is convenient to use the above credential information to access the mobile communication network and enjoy the mobile communication service. For example, the user may not carry the mobile phone with him or her.
- the mobile communication network can be accessed by simply pressing a finger on the public communication terminal; wherein the public communication terminal can only support the CS voice call service, so that it does not leak too much. Multiple person information, thereby facilitating the user's shackles from the mobile terminal.
- the first user communicates with the terminal of the second user, the first user can access the mobile communication network through the retina information, and the mobile communication network charges the retina voucher information of the first user, so that the second user does not generate Cost issues are beneficial for terminal sharing.
- the user can carry the small screen terminal with him or her.
- the public large screen terminal can be borrowed, and the mobile communication network can be accessed through the facial recognition information, and the mobile communication network can recognize the face for the traffic on the large screen.
- the voucher information corresponding to the information is charged, and after ending the large-screen communication, the same facial recognition information is used to authenticate the small-screen terminal, so that the personal information saved on the large-screen terminal is automatically deleted.
- the terminal may directly use the credential information input by the user as the authentication information, and may send all or part of the information of the authentication information to the mobile communication network, and the terminal may first process the credential information to obtain the authentication information, and then all or all of the authentication information. Part of the information is sent to the mobile communication network. For example, the terminal can encrypt the voucher information.
- the terminal may determine the first authentication information according to the first credential information in multiple manners:
- the terminal determines the identification data based on the first credential information.
- the terminal generates first authentication information based on the identification data.
- the terminal side may include an identification data generating device, configured to generate corresponding identification data according to the first credential information input by the user, where the identification data is used to generate the authentication information by using the terminal authentication information generating device, such as Figure 4 shows.
- the identification data needs to have a fixed format, for example, a conventional
- the key Ki code stored in the SIM card is a fixed-length code (such as a secondary code of length 64 or 128, and the total length of the International Mobile Subscriber Identification Number (IMSI) is no more than 15 bits.
- IMSI International Mobile Subscriber Identification Number
- the number of ⁇ 9 therefore, by way of example 1, any credential information can be converted into identification data of uniform format.
- the identification data generating means can convert the voucher information input by the user into the same code as the Ki code format.
- the network since the user's authentication information needs to be transmitted over the network, it is insecure.
- the network since the "identification data generating device" is adopted, the network only needs to transmit the authentication letter generated according to the identification data.
- the information of the voucher input by the user such as the biometric information of the user, cannot be obtained, thereby avoiding the leakage of the biometric information of the user and eliminating the user's concern.
- the identification data generating device may generate the identification data immediately according to the current credential information, or may pre-store one or more identification data in the terminal.
- the terminal may search according to the first credential information.
- Corresponding identification data is sent, and the found identification data generation authentication information is sent to the mobile communication network.
- the terminal does not generate the authentication information.
- the identification data of the plurality of credential information can be stored in the terminal, so that the terminal can flexibly exchange the credential information.
- a plurality of identification data of a family member may be stored in the terminal, so that it is convenient for the family members to switch to the terminal.
- the identification data stored in the terminal may be stored in the terminal by way of user input or download.
- the user manually inputs the identification data corresponding to the credential information; or after the user inputs the credential information in the environment with the wifi connection, the terminal automatically downloads the corresponding identification data according to the credential information; or the user can pass NFC (Near Field Communication, near Field communication) downloads identification data to the terminal.
- NFC Near Field Communication, near Field communication
- the identification data may be first downloaded to the identification data device, and the terminal reads the identification data from the identification data device through the NFC. It should be noted that the operation can be performed only once.
- the identification data generating means may be configured to determine according to the credential information input by the user and the preset function, and the different types of credential information correspond to different functions. For example, if the format of the credential information input by the user is an email address, the first function is adopted; if the format of the credential information input by the user is a string of numbers, the second function is adopted; Alternatively, the corresponding function may be set according to the target software corresponding to the credential information. For example, if the credential information is a WeChat ID, it corresponds to the first function, and if the credential information is a Micha ID, it corresponds to the second function.
- the identification data of the same format can be generated for any credential information, and no conflict of the identification data is caused.
- the identification data corresponding to any WeChat ID does not conflict with the identification data corresponding to any of the Micha IDs, so that the uniqueness of the identity of the credential information can be guaranteed.
- the different functions described above may be stored in the terminal in advance, or may be downloaded to the terminal immediately.
- the terminal receives an authentication request that is sent by the authentication end and includes a random number.
- step can be performed before the foregoing step S102.
- the terminal determines the first authentication information according to the first credential information and the random number.
- the authentication information request sent by the mobile communication network to the terminal may include a random number, and the terminal may determine the authentication information according to the random number and the first credential information input by the user, using the first authentication function, and The authentication information is transmitted to the mobile communication network, and as shown in FIG. 5, the first authentication function is implemented in the terminal authentication information generating device.
- the mobile communication network side has the information of the random number and the first authentication function, and after receiving the authentication information of the terminal, the terminal can be authenticated accordingly.
- the terminal acquires the first credential information input by the user in addition to authenticating the user terminal by using one of the foregoing credential information (ie, the first credential information), another credential information (such as the second credential may be passed).
- the information is combined with the first credential information to authenticate the user terminal.
- preliminary authentication may be performed through the second credential information.
- the terminal acquires the first credential information input by the user the following steps may be performed:
- the terminal acquires the second credential information by using a subscriber identity module SIM connected to the terminal. and / or
- the terminal acquires the second credential information by using the embedded storage module.
- the terminal determines the second authentication information according to the second credential information.
- the terminal sends the second authentication information to the authentication end.
- the authentication end may be configured to authenticate the terminal according to the second authentication information.
- the terminal accesses the mobile communication network to obtain the third type of mobile communication service.
- the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
- the terminal can access the mobile communication network through the LIPA (Local IP Access) protocol to obtain the third type of mobile communication service.
- the terminal can access the mobile communication network through the SIPTO (Selected IP Traffic Offload) protocol to obtain the fourth type of mobile communication service.
- LIPA Local IP Access
- SIPTO Select IP Traffic Offload
- the terminal can directly access other IP-capable devices in the coverage area of the base station.
- the terminal can directly access the user's home network or other network in the enterprise network through the LIPA protocol. IP-capable devices, so that there is no need to transit through the core network, which helps to reduce the burden on the core network.
- the terminal can directly access the Internet through the HeNB or the macro base station, which is also beneficial for reducing the burden on the core network.
- the terminal can access other networks than the local network through the SIPTO protocol.
- the communication between the "terminal 1" and the Internet requires traditional communication through the core network; the communication between the "terminal 2" and the Internet is a communication via the SIPTO protocol; the communication between the "terminal 3" and the local device is through the LIPA protocol. Communication.
- the terminal when the terminal accesses the mobile communication network according to different credential information and acquires different types of mobile communication services, the terminal may generate corresponding reminder information to remind the user of the currently available mobile communication. service. For example, after the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal may generate the first reminder information; after the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service, the terminal may Generate a second reminder message. The first reminder information may be different from the second reminder information.
- the second credential information may be the SIM card information.
- the terminal passes the authentication according to the SIM card information, the terminal sends the first reminder information.
- the terminal sends the second reminder information, so that the user can know the current The type of mobile communication service available.
- the terminal when the terminal enters the coverage area of the mobile communication network, the user can only use the third type of mobile communication service, and the terminal will send the first reminder information. For example, if the mobile phone displays “Welcome to the xx mobile coverage area, you can get the xx service”; if the terminal does not send the second reminder information, the user can know the status of his service, so if you want to obtain the fourth type of mobile communication service, The application can be made by payment. After the application is successful, the terminal will send a second reminder message. For example, the mobile phone displays “You are xx mobile advanced user, free Internet traffic is left xx”, or mobile APP (Application) Changed from gray to color.
- the mobile phone displays “You are xx mobile advanced user, free Internet traffic is left xx”, or mobile APP (Application) Changed from gray to color.
- the combination of the method proposed by the present invention and the method based on traditional SIM card communication is not limited.
- the terminal using the present invention may include a traditional SIM card slot for the user to insert at the same time.
- the traditional SIM card can also obtain the first credential information input by the user, wherein the terminal can authenticate according to the traditional SIM card through the traditional mobile communication network, or can use the method of the present invention to use the novel mobile communication network of the present invention. Certification.
- the third type of mobile communication service may be at least one of the following: accessing a cache of the local base station, viewing an advertisement, acquiring information near a geographical area, paying for a fourth type of mobile communication service, and accessing a website of a part of the enterprise.
- any qualified user who joins the mobile communication network (whether paying or arrears) can enjoy the third type of mobile communication service as long as he enters the coverage area of the mobile communication network, thereby attracting more users to join the mobile communication.
- Letter network can bring advertising revenue to mobile communication service providers, and at the same time can bring more convenience to users, for example, when a user enters a shopping mall, they can obtain the number of all restaurants in the mall, thereby avoiding The restaurant asked if it was possible to eat immediately, which improved the user experience.
- any user joining the mobile communication network can pay for the fourth type of mobile communication service, the user's payment limit can be reduced, and the user can self-pay.
- any qualified user joining the mobile communication network can access the websites of some enterprises, it can help the mobile communication service providers to help the enterprises to promote the business, and also help to enhance the value of the mobile communication service providers for these enterprises.
- another terminal authentication method for use in a mobile communication system is provided.
- FIG. 7 is a flow chart of another method for terminal authentication in a mobile communication system according to an embodiment of the present invention.
- the method includes the following steps S702 to S706:
- Step S702 the authentication end acquires the first authentication information sent by the terminal.
- the terminal may be configured to obtain first credential information input by the user, and determine first authentication information according to the first credential information, where the first credential information is information verified by the target software.
- Step S704 the authentication end authenticates the terminal according to the first authentication information.
- Step S706 after the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network.
- the authentication end receives the first authentication information sent by the terminal according to the first credential information input by the user, and authenticates the terminal according to the first authentication information. If the authentication passes, the mobile communication network provides the mobile communication service for the terminal.
- the first credential information can be used to authenticate the user in software (target software) developed by a third party other than the user and the mobile communication service provider.
- the base station may be configured to receive authentication information, and provide a mobile communication service for the terminal, where the authentication center is used to authenticate the terminal;
- the same mobile communication network device performs, for example, the base station can be used for communication, authentication, and transceiving signals.
- the authentication end may be an authentication center in a mobile communication network, or it may be a mobile communication server in a mobile communication network (such as AAA (Authentication, Authorization, Accounting, Authentication, Authorization, accounting)), or it may be a cloud platform with authentication side functionality in a mobile communication network. Or the authentication end can also be corresponding to the target software developed by the third party.
- Software server hereinafter referred to as third-party software server.
- the authentication center, the mobile communication server, and the software server can respectively authenticate the terminal by:
- the authentication center acquires user data used by the target software to verify the first credential information.
- the authentication center receives the first authentication information sent by the terminal.
- the authentication center authenticates the terminal according to the user data and the first authentication information.
- the authentication end After the authentication center successfully authenticates the terminal according to the first authentication information and the user data, the authentication end authorizes the terminal to access the mobile communication network.
- the authentication mode of the mobile communication server is similar to that of the authentication center, and is not described here.
- the authentication process is fast, which is not necessary to be repeatedly forwarded to the third-party software server, which helps to improve the user experience.
- the third party software server encrypts the user data using the first key and sends it to the mobile communication network. In this way, since the mobile communication service provider does not know the first key, the user data information held by the third-party software server cannot be obtained in reverse, and the security of the user data grasped by the third party is protected.
- the first key may also be used for encryption, so that the mobile communication network device only needs to determine whether the credential information sent by the user is encrypted with the user data sent by the third-party software server.
- the authentication process can be achieved by matching; in this case, the software involved in the user inputting the credential information on the terminal is also developed by a third party (such as Tencent), for example, the WeChat APP developed by the user on the mobile phone through Tencent. Enter the username and password.
- the APP automatically encrypts the username and password using the first key and sends it to the mobile communication network device. The latter can directly use the encrypted information to authenticate the terminal.
- the second key different from the first key may also be used for encryption, thereby having higher confidentiality.
- the authentication algorithm employed by the mobile communication network is associated with the first key and the second key, thereby enabling authentication, and since the mobile communication network does not know the first key and the second key, the user data cannot be acquired.
- Different third-party credential information uses different keys and can be more confidential. For example, WeChat and Mi Chat use different keys.
- the authentication process of the mobile communication server to the terminal may specifically include: first, the mobile communication network acquires user data from a third party, for example, obtains user data related to the user name and password of the user, and then the user is at the terminal. Entering the user name and password, when the terminal enters the coverage area of the mobile communication network, the terminal automatically sends the credential information to the mobile communication network according to the user name and password input by the user, and the mobile communication network obtains the user data obtained from the third party and the obtained from the terminal.
- the authentication information authenticates the terminal and provides a mobile communication service to the terminal according to the authentication result.
- the entire process is shown in Figure 8, and the authentication process is completed in numerical order.
- the software server obtains the first authentication information sent by the terminal.
- the software server authenticates the terminal according to the first authentication information.
- the mobile communication network authorizes the terminal to access the mobile communication network.
- the third-party software server transmits the authentication result to the mobile communication network, and the mobile communication network provides the mobile communication service to the terminal according to the authentication result.
- the mobile communication network directly sends or processes the authentication information to a third-party network device (such as a third-party software server), and finally the third-party software server authenticates the terminal.
- a third-party network device such as a third-party software server
- the third-party software server authenticates the terminal.
- the mobile communication network is notified, and the mobile communication network will provide the mobile communication service for the terminal.
- the entire process is shown in Figure 9, and the authentication process is completed in numerical order.
- the voucher information 1, the voucher information 2, and the voucher information 3 may be the same or different.
- different encryption processing or the like is performed in different processes, the second credential information is generated by the first credential information, and the third credential information is generated by the second credential information.
- the terminal may include multiple terminals.
- the terminal may include the first terminal and the second terminal, so that the authentication terminal may use the first terminal or the second terminal in the first mode or the second mode.
- the second terminal performs authentication:
- the authentication end acquires the first authentication information sent by the first terminal.
- the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
- the authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
- the second terminal interrupts the connection with the mobile communication network.
- the following steps may be further included:
- the authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal.
- the second terminal interrupts the connection with the mobile communication network.
- the authentication end determines that the network access priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the first credential information sent by the first terminal.
- the authentication end receives the first authentication information sent by the first terminal.
- the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
- the authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
- the authentication end determines that the second terminal successfully authenticates according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network.
- the mobile communication network After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the mobile communication network authorizes the first terminal to access the mobile communication network.
- the first terminal may be used to obtain the first type of mobile communication service provided by the mobile communication network.
- the second terminal can be used to obtain a second type of mobile communication service provided by the mobile communication network.
- the terminal authentication method may further include: the authentication end sends an authentication request including a random number to the terminal,
- the terminal may be configured to determine, according to the first credential information input by the user, the first credential information according to the first credential information and the random number.
- the authentication end can authenticate the user terminal by using one of the foregoing credential information (ie, the first credential information), and can also pass another credential information (such as The second voucher information is combined with the first credential information to authenticate the user terminal.
- the terminal may be configured to obtain the second credential information, and determine the second credential information according to the second credential information, and send the second authentication information to the authentication end, so that, in the foregoing step S202, the authentication end acquires the sent by the terminal.
- the following steps can be performed:
- the authentication end acquires the second authentication information sent by the terminal.
- the terminal may be configured to obtain the second credential information by using the user identification module SIM connected to the terminal; and/or the terminal may obtain the second credential information by using the embedded storage module.
- the authentication end authenticates the terminal according to the second authentication information.
- the mobile communication network After the authentication end successfully authenticates the terminal according to the second authentication information, the mobile communication network authorizes the terminal to access the mobile communication network to obtain the third type of mobile communication service.
- the mobile communication network After the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network to obtain the fourth type of mobile communication service.
- the above authentication method is a two-level authentication method: the terminal pre-stores the second credential information of the user, and acquires first credential information input by the user, where the first credential information can be used in addition to the user and the mobile communication service provider.
- the user authenticated by the software developed by the three parties; when the terminal enters the coverage area of the mobile communication network, it first automatically communicates with the mobile communication network according to the second credential information and authenticates the terminal, and then communicates and authenticates with the mobile communication network according to the first credential information.
- the terminal passes the authentication according to the second credential information of the user, the third type of mobile communication service is obtained through the mobile communication network; if the authentication according to the first credential information is passed, the fourth type of mobile communication service is further obtained through the mobile communication network.
- the whole process is shown in Figure 10.
- the source of the second authentication information is as described above, and details are not described herein again.
- the second authentication information includes at least one of the following: an International Mobile Subscriber Identification Number (IMSI), an authentication key (Ki), a security algorithm (such as A3, A8 algorithm), and other key information (such as K-derived Kc information), Location Area Identity (LAI), Mobile User Temporary Identification Code (TMSI, Temporary Mobile Subscriber Identity), public telephone network code forbidden to access, personal identification number (PIN), unlock code (PUK, PIN Unlocking Key), billing rate, user's phone number information.
- IMSI International Mobile Subscriber Identification Number
- Ki authentication key
- Ki a security algorithm
- K-derived Kc information K-derived Kc information
- LAI Location Area Identity
- TMSI Mobile User Temporary Identification Code
- PIN personal identification number
- PIN unlock code
- billing rate user's phone number information.
- the authentication based on the first credential information or the second authentication information based on the information similar to the information included in the conventional SIM card may be two-way authentication, that is, the mobile communication network may authenticate the terminal through the process, after the authentication is passed
- the communication service is provided to the terminal; the terminal can also authenticate the network through this process, and the user information is sent to the mobile communication network after the authentication is passed.
- the two-way authentication mechanism enables the two communication peers of the terminal and the network to establish a higher trust, thereby improving the security of the communication.
- the mobile communication network may authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service.
- the mobile communication network can authorize the terminal to access the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service.
- the present invention provides a mobile communication service using an unlicensed frequency band.
- the existing wireless communication includes wireless communication on the licensed band and on the Unlicensed band, and wireless communication on the licensed band, such as the communication provided by the current mobile communication carrier, the frequency band occupied by such wireless communication is Used by a mobile communication carrier alone; and wireless communication on the Unlicensed band, such as the current wifi, this spectrum can be used freely.
- the mobile communication network can provide mobile communication services for terminals through the Unlicensed frequency band when authentication is performed by the software server.
- the spectrum and the authentication process are both open and beneficial to the opening of the communication service platform. Business Innovation.
- a terminal authentication apparatus for use in a mobile communication system for authenticating a terminal in a mobile communication system according to authentication information of a target software Certification.
- the terminal authentication method for the mobile communication system provided by the embodiment of the present invention may be performed by the terminal authentication apparatus used in the mobile communication system according to the embodiment of the present invention, and is used for moving in the embodiment of the present invention.
- the terminal authentication apparatus in the communication system can also be used to execute the terminal authentication method in the mobile communication system of the embodiment of the present invention.
- the apparatus includes: a third acquisition unit 10, a first determination unit 20, a second transmission unit 30, and an access unit 40.
- the third obtaining unit 10 may be configured to enable the terminal to acquire first credential information input by the user, where the first credential information is information verified by the target software.
- the first determining unit 20 may be configured to enable the terminal to determine the first authentication information according to the first credential information.
- the second sending unit 30 may be configured to enable the terminal to send the first authentication information to the authentication end, where the authentication end is configured to authenticate the terminal according to the first authentication information.
- the access unit 40 can be configured to enable the terminal to access the mobile communication network after the authentication end successfully authenticates the terminal according to the first authentication information.
- the terminal when the terminal enters the coverage area of the mobile communication network, the terminal can automatically communicate with the mobile communication network according to the first credential information and authenticate the terminal identity. After the authentication, the authentication end can send the authentication result to the mobile communication network. If the authentication is passed, the terminal can access the mobile communication network and obtain the mobile communication service; if the authentication fails, the terminal cannot access the mobile communication network, and thus cannot obtain the mobile communication service.
- the mobile communication network may send an authentication information request to the terminal before the terminal sends the first authentication information to the authentication end. After receiving the authentication information request, the terminal sends the first authentication information to the authentication end according to the authentication information request.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the terminal may include one or more terminals.
- the terminal may include the first terminal and the second terminal, so that when the user inputs the first terminal and the second terminal respectively,
- the same credential information for example, after the second terminal authenticates according to the credential information, if the first terminal also performs authentication according to the same credential information, the first terminal and the second terminal may be authenticated by mode 1 or mode 2. :
- the third obtaining unit 10 is further configured to enable the first terminal to acquire the first credential information input by the user.
- the first determining unit 20 is further configured to enable the terminal to determine the first authentication information according to the first credential information, where the first terminal determines the first authentication information according to the first credential information.
- the second sending unit 30 is further configured to enable the terminal to send the first authentication information to the authentication end, where the first terminal sends the first authentication information to the authentication end.
- the terminal authentication apparatus may further include: a first receiving unit, a fourth authentication unit, a third determining unit, and a second interrupting unit.
- the first receiving unit may be configured to: after the first terminal sends the first authentication information to the authentication end, the authentication end receives the first authentication information sent by the first terminal.
- the fourth authentication unit may be configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal, and the third determining unit may be configured to enable the authentication end to determine Whether the authentication of the second terminal is successful according to the first authentication information sent by the first terminal; the second interruption unit may be configured to enable the authentication end to successfully authenticate the second terminal according to the first authentication information sent by the first terminal,
- the mobile communication network interrupts the connection between the second terminal and the mobile communication network, wherein the access unit is further configured to: after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the first terminal is connected Into the mobile communication network.
- the second terminal after the first terminal passes the authentication of the mobile communication network, the second terminal cannot maintain communication with the mobile communication network. That is, if the second terminal first authenticates successfully in the mobile communication network through a certain credential information, and then the mobile communication network detects that the credential information is used to authenticate the first terminal, after the first terminal successfully authenticates, the mobile communication The network authorizes the first terminal to communicate with the mobile communication network and interrupts communication between the second terminal and the mobile communication network.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the terminal authentication device may include: a fourth determining unit.
- the fourth determining unit may be configured to: before the second terminal interrupts the connection with the mobile communication network, the authentication end determines whether the network access priority of the first terminal is higher than the access priority of the second terminal, where the second interrupting unit is further And configured to: if the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal interrupts the connection with the mobile communication network; and the fourth authentication unit is further configured to enable the authentication end If the priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the interrupt indication sent by the second terminal.
- the priority judgment may be based on: the mobile communication network may send a request response to the first terminal and the second terminal, and authorize the first responding terminal to have a higher priority.
- the terminal authentication apparatus may further include: a fourth obtaining unit, a second determining unit, a third sending unit, a second receiving unit, a fifth authentication unit, a fifth determining unit, a holding unit, an access unit, a fifth acquiring unit, and The sixth acquisition unit.
- the fourth obtaining unit may be configured to enable the first terminal to acquire the first credential information input by the user;
- the second determining unit may be configured to enable the first terminal to determine the first credential information according to the first credential information;
- the third sending unit may be configured to enable The first terminal sends the first authentication information to the authentication terminal;
- the second receiving unit may be configured to enable the authentication terminal to receive the first authentication information sent by the first terminal, and the fifth authentication unit may be configured to enable the authentication terminal to send according to the first terminal.
- the first authentication information is used to authenticate the first terminal; the fifth determining unit may be configured to enable the authentication end to determine whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the holding unit may be configured to enable the authentication terminal Determining that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network; the access unit may be configured to make the authentication terminal After the first credential information sent by the first terminal is successfully authenticated by the first terminal, the first terminal accesses the mobile communication network; and the fifth obtaining unit may be configured to enable the first terminal to obtain the first type of mobile communication service provided by the mobile communication network; And the sixth obtaining unit may be configured to enable the second terminal to acquire the second type of mobile communication service provided by the mobile communication network.
- the first terminal and the second terminal can simultaneously maintain communication with the mobile communication network.
- the mobile communication network may send a message to the two terminals to prompt that other terminals use the same credential information for authentication.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the terminal may determine the first authentication information according to the first credential information in multiple manners.
- the first determining unit 20 may include: a determining module and a generating module.
- the determining module may be configured to cause the terminal to determine the identification data according to the first credential information; and the generating module may be configured to cause the terminal to generate the first authentication information according to the identification data.
- the terminal side may include an identification data generating means for generating corresponding identification data based on the first voucher information input by the user, the identification data being used to generate the authentication information by the terminal authentication information generating means.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the terminal authentication apparatus may further include: a third receiving unit.
- the third receiving unit may be configured to: before the terminal acquires the first credential information input by the user, the terminal receives the authentication request that is sent by the authentication end, and the first determining unit is further configured to enable the terminal to use the first credential information and the random The number determines the first authentication information.
- the authentication information request sent by the mobile communication network to the terminal may include a random number, and the terminal may determine the authentication information according to the random number and the first credential information input by the user, using the first authentication function, and The authentication information is transmitted to the mobile communication network, and as shown in FIG. 5, the first authentication function is implemented in the terminal authentication information generating device.
- the mobile communication network side has the information of the random number and the first authentication function, and after receiving the authentication information of the terminal, the terminal can be authenticated accordingly.
- the authentication apparatus may further include: a seventh obtaining unit, an eighth obtaining unit, a third determining unit, and a third sending unit.
- the seventh obtaining unit may be configured to: before the terminal acquires the first credential information input by the terminal, the terminal acquires the second credential information by using the user identification module SIM connected to the terminal; and/or the eighth obtaining unit may be configured to enable the terminal to pass
- the self-embedded storage module acquires the second credential information; the third determining unit may be configured to enable the terminal to determine the second credential information according to the second credential information; and the fourth sending unit may be configured to enable the terminal to send the second credential information to the authentication
- the authentication end is configured to authenticate the terminal according to the second authentication information, where the access unit is further configured to enable the terminal to access the mobile communication network to obtain the third after the authentication end successfully authenticates the terminal according to the second authentication information.
- the class mobile communication service and after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
- the access unit may be further configured to enable the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service; and the terminal accesses the mobile communication network by using the SIPTO protocol. Obtain the fourth type of mobile communication service.
- the details of the content of the LIPA protocol and the SIPTO protocol are the same as those of the foregoing method, and are not described here.
- the terminal authentication apparatus may further include: a first generating unit and a second generating unit.
- the first generating unit may be configured to: after the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal generates first reminder information, and the second generating unit may be configured to enable the terminal to access the mobile communication network to obtain the first After the four types of mobile communication services, the terminal generates second reminder information.
- the second credential information may be the SIM card information.
- the terminal passes the authentication according to the SIM card information, the terminal sends the first reminder information.
- the terminal sends the second reminder information, so that the user can know the current The type of mobile communication service available.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- another terminal authentication apparatus for use in a mobile communication system is provided.
- the apparatus includes a first acquisition unit 50, a first authentication unit 60, and an authorization unit 70.
- the first obtaining unit 50 may be configured to enable the authentication end to obtain the first authentication information sent by the terminal, where the terminal may be configured to acquire the first credential information input by the user, and determine the first credential information according to the first credential information, where the first credential The information is information verified by the target software; the first authentication unit 60 can be used to make the authentication end according to the first An authentication information is used to authenticate the terminal; and the authorization unit 70 can be configured to enable the mobile communication network to authorize the terminal to access the mobile communication network after the authentication end successfully authenticates the terminal according to the first authentication information.
- the authentication end receives the first authentication information sent by the terminal according to the first credential information input by the user, and authenticates the terminal according to the first authentication information. If the authentication passes, the mobile communication network provides the mobile communication service for the terminal.
- the first credential information can be used to authenticate the user in software (target software) developed by a third party other than the user and the mobile communication service provider.
- target software developed by a third party other than the user and the mobile communication service provider.
- the authentication end may be an authentication center in the mobile communication network, or it may be a mobile communication server (such as an AAA server) in the mobile communication network, or it may be a mobile communication A cloud platform with authentication side functionality in the network.
- the authentication end can also be a software server corresponding to the target software developed by the third party.
- the authentication center, the mobile communication server, and the software server can respectively authenticate the terminal in the following manner: the authentication end can include an authentication center in the mobile communication network, and the first authentication unit 60 can include: a first acquiring module, and a first The receiving module and the first authentication module.
- the authentication center may be configured to enable the authentication center to obtain the user data used by the target software to verify the first credential information; the first receiving module may be configured to enable the authentication center to be used by the receiving terminal to send the first The first authentication module is configured to enable the authentication center to authenticate the terminal according to the user data and the first authentication information, wherein the authorization unit is further configured to: use the first authentication information and the user data to authenticate the terminal at the authentication center. After the authentication succeeds, the authentication end authorizes the terminal to access the mobile communication network.
- the details of the method are the same as those in the foregoing, and are not described here.
- Mobile communication server The authentication mode of the mobile communication server is similar to that of the authentication center, and is not described here. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the authentication end may include a software server corresponding to the target software
- the third authentication unit may include: a second obtaining module and a second authentication module.
- the second obtaining module may be configured to enable the software server to obtain the first authentication information sent by the terminal;
- the second authentication module may be configured to enable the software server to authenticate the terminal according to the first authentication information;
- the authorization unit is further configured to enable After the software server successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network.
- the third-party software server transmits the authentication result to the mobile communication network, and the mobile communication network provides the mobile communication service to the terminal according to the authentication result.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the terminal may include multiple terminals.
- the terminal may include the first terminal and the second terminal, so that the authentication terminal may use the first terminal or the second terminal in the first mode or the second mode.
- the second terminal performs authentication:
- the first obtaining unit 50 is further configured to enable the authentication end to obtain the first authentication information that is sent by the first terminal, where the terminal authentication device may further include: a second authentication unit, a first determining unit, and a first interrupt. unit.
- the second authentication unit may be configured to: after the authentication end acquires the first authentication information sent by the first terminal, the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal; the first determining unit may be configured to enable The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the first interruption unit may be configured to: if the authentication end determines that the first authentication information that has been sent according to the first terminal is used to the second terminal If the authentication succeeds, the second terminal interrupts the connection with the mobile communication network, and the authorization unit may be further configured to: after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the authentication end authorizes the first The terminal accesses the mobile communication network.
- the authentication apparatus may further include: a second determining unit.
- the fifth determining unit may be configured to: before the second terminal interrupts the connection with the mobile communication network, the authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal, where the first interrupting unit is further And configured to: if the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal interrupts the connection with the mobile communication network; and the first authentication unit is further configured to enable the authentication end If the first terminal's network access priority is not higher than the second terminal's network access priority, the authentication end fails to authenticate the first terminal according to the first credential information sent by the first terminal.
- the authorization unit may include: a second receiving module, a second authentication module, a determining module, a holding module, and an authorization module.
- the second receiving module may be configured to: the authentication end receives the first authentication information sent by the first terminal; the second authentication module may be configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal;
- the authentication terminal may be configured to determine whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the maintaining module may be configured to: if the authentication end determines that the first authentication information that has been sent according to the first terminal is If the second terminal is successfully authenticated, the second terminal maintains a connection with the mobile communication network;
- the authorization module may be configured to enable the mobile communication network to authorize the first after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal.
- the terminal accesses the mobile communication network, wherein the first terminal is configured to acquire the first type of mobile communication service provided by the mobile communication network; and the second terminal is configured to acquire the second type of mobile communication service provided by the mobile communication network.
- the terminal authentication apparatus may further include: a first sending unit.
- the first sending unit may be configured to: before the authentication end acquires the first authentication information sent by the terminal, the authentication end sends an authentication request including a random number to the terminal, where the terminal may be configured to obtain the first credential information input by the user, and The first authentication information is determined according to the first credential information and the random number.
- the authentication end can authenticate the user terminal by using one of the foregoing credential information (ie, the first credential information), and can also pass another credential information (such as The second voucher information is combined with the first credential information to authenticate the user terminal.
- the terminal may be configured to obtain the second credential information, and determine the second credential information according to the second credential information, and send the second authentication information to the authentication end, where the authentication apparatus may further include: a second acquiring unit and a third Certification unit.
- the second obtaining unit may be configured to: before the authentication end acquires the first authentication information sent by the terminal, the authentication end acquires the second authentication information sent by the terminal, where the terminal is configured to acquire the second information by using the user identification module SIM connected to the terminal.
- the voucher information and/or the second credential information is obtained by the storage module embedded therein;
- the third authentication unit may be configured to enable the authentication end to authenticate the terminal according to the second authentication information, wherein the authorization unit may further be configured to enable the authentication end
- the mobile communication network authorizes the terminal to access the mobile communication network to obtain the third type of mobile communication service; and after the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal.
- the authorization unit may also be used in the mobile communication network to authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service; and the mobile communication network to authorize the terminal to access the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service.
- the above authentication method is a two-level authentication method: the terminal pre-stores the second credential information of the user, and acquires first credential information input by the user, where the first credential information can be used in addition to the user and the mobile communication service provider.
- the user authenticated by the software developed by the three parties; when the terminal enters the coverage area of the mobile communication network, it first automatically communicates with the mobile communication network according to the second credential information and authenticates the terminal, and then communicates and authenticates with the mobile communication network according to the first credential information.
- the terminal passes the authentication according to the second credential information of the user, the third type of mobile communication service is obtained through the mobile communication network; if the authentication according to the first credential information is passed, the fourth type of mobile communication service is further obtained through the mobile communication network.
- the detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the mobile communication network may authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service.
- Mobile communication network can pass SIPTO The terminal is authorized to access the mobile communication network to obtain the fourth type of mobile communication service.
- the user does not need to purchase the SIM card from the mobile communication service provider, but directly inputs the credential information in the terminal; when the terminal enters the coverage area of the mobile communication network, it automatically communicates with the mobile communication network according to the credential information and authenticates the terminal, and the authentication passes.
- You can enjoy mobile communication services. Therefore, there is no need to set a SIM card slot in the terminal, which reduces the design complexity of the terminal, and is also beneficial to the development of the terminal.
- it is only necessary to input the credential information once on the terminal, so that when the terminal enters different coverage areas of the mobile communication network, it can automatically authenticate.
- the credential information input by the user can be used not only for the authentication operation in the process of accessing the mobile communication network, but also for authenticating the user in the software developed by the third party, thus eliminating the trouble that a user needs to have multiple network identities, for example.
- the WeChat user can input the WeChat ID and password in the terminal, and when the terminal enters the coverage area of the mobile communication network, automatically communicates with the mobile communication network according to the entered credential information and authenticates the terminal, so that the user only needs to have one WeChat. ID's network identity, users can obtain more convenient information services through third-party social resources. For example, after users input WeChat ID and password, they can connect to the Internet and communicate with friends directly through the mobile communication network.
- the present invention also provides a storage medium for storing the program code executed by the above-described terminal authentication method for use in a mobile communication system.
- modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices.
- they may be implemented by program code executable by a computing device, such that they may be stored in a storage device by a computing device, or they may be separately fabricated into individual
- the integrated circuit modules are implemented by making a plurality of modules or steps of them into a single integrated circuit module.
- the invention is not limited to any specific combination of hardware and software.
Abstract
Description
Claims (16)
- 一种用于移动通信系统中的终端认证方法,其中,包括:认证端获取终端发送的第一认证信息,所述终端用于获取用户输入的第一凭证信息,且根据所述第一凭证信息确定所述第一认证信息,其中,所述第一凭证信息为通过目标软件验证的信息;所述认证端根据所述第一认证信息对所述终端进行认证;以及在所述认证端根据所述第一认证信息对所述终端认证成功后,移动通信网络授权所述终端接入移动通信网络。
- 根据权利要求1所述的终端认证方法,所述认证端为所述移动通信网络中的鉴权中心,所述鉴权中心通过以下方式对所述终端进行认证:所述鉴权中心获取目标软件用于验证第一凭证信息的用户数据;所述鉴权中心接收所述终端发送的所述第一认证信息;所述鉴权中心根据所述用户数据和所述第一认证信息对所述终端进行认证;以及在所述鉴权中心根据所述第一认证信息和所述用户数据对所述终端认证成功后,所述认证端授权所述终端接入所述移动通信网络,或者,所述认证端为与所述目标软件相对应的软件服务器,所述软件服务器通过以下方式对所述终端进行认证:所述软件服务器获取所述终端发送的所述第一认证信息;所述软件服务器根据所述第一认证信息对所述终端进行认证;以及在所述软件服务器根据所述第一认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络。
- 根据权利要求1所述的终端认证方法,所述终端包括第一终端和第二终端,认证端获取终端发送的第一认证信息包括:所述认证端获取所述第一终端发送的 第一认证信息,其中,在所述认证端获取所述第一终端发送的第一认证信息之后,所述终端认证方法还包括:所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端中断与所述移动通信网络的连接,其中,在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述认证端授权所述第一终端接入所述移动通信网络。
- 根据权利要求3所述的终端认证方法,在所述第二终端中断与所述移动通信网络的连接之前,所述认证方法还包括:所述认证端判断所述第一终端的入网优先级是否高于所述第二终端的入网优先级,其中,如果所述认证端判断出所述第一终端的入网优先级高于所述第二终端的入网优先级,则所述第二终端中断与所述移动通信网络的连接;以及如果所述认证端判断出所述第一终端的入网优先级不高于所述第二终端的入网优先级,则所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证失败。
- 根据权利要求1所述的终端认证方法,所述终端包括第一终端和第二终端,所述移动通信网络通过以下方式授权第二终端接入移动通信网络:所述认证端接收所述第一终端发送的第一认证信息;所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端保持与所述移动通信网络的连接;在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述移动通信网络授权所述第一终端接入所述移动通信网络,其中,所述第一终端用于获取所述移动通信网络提供的第一类移动通信服务;以及所述第二终端用于获取所述移动通信网络提供的第二类移动通信服务。
- 根据权利要求1所述的终端认证方法,在认证端获取终端发送的第一认证信息之前,所述终端认证方法还包括:所述认证端向所述终端发送包括随机数的认证请求,其中,所述终端用于根据获取用户输入的第一凭证信息,并根据所述第一凭证信息和所述随机数确定所述第一认证信息。
- 根据权利要求1所述的终端认证方法,所述终端用于获取第二凭证信息,并根据所述第二凭证信息确定第二认证信息,以及将所述第二认证信息发送至所述认证端,在认证端获取终端发送的第一认证信息之前,所述认证方法还包括:所述认证端获取所述终端发送的所述第二认证信息,其中,所述终端用于通过与所述终端相连接的用户识别模块SIM获取第二凭证信息和/或通过自身内嵌的存储模块获取所述第二凭证信息;所述认证端根据所述第二认证信息对所述终端进行认证,其中,在所述认证端根据所述第二认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络以获取第三类移动通信服务;以及在所述认证端根据所述第一认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络以获取第四类移动通信服务。
- 根据权利要求7所述的终端认证方法,所述移动通信网络通过LIPA协议授权所述终端接入所述移动通信网络以获取第三类移动通信服务;以及所述移动通信网络通过SIPTO协议授权所述终端接入所述移动通信网络以获取第四类移动通信服务。
- 一种用于移动通信系统中的终端认证装置,其中,包括:第一获取单元,用于使得认证端获取终端发送的第一认证信息,所述终端用于获取用户输入的第一凭证信息,且根据所述第一凭证信息确定所述第一认证信息,其中,所述第一凭证信息为通过目标软件验证的信息;第一认证单元,用于使得所述认证端根据所述第一认证信息对所述终端进行认证;以及授权单元,用于使得在所述认证端根据所述第一认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入移动通信网络。
- 根据权利要求9所述的终端认证装置,所述认证端包括所述移动通信网络中的鉴权中心,所述第一认证单元包括:第一获取模块,用于使得所述鉴权中心用于获取目标软件用于验证第一凭证信息的用户数据;第一接收模块,用于使得所述鉴权中心用于接收所述终端发送的所述第一认证信息;第一认证模块,用于使得所述鉴权中心根据所述用户数据和所述第一认证信息对所述终端进行认证,其中,所述授权单元还用于使得在所述鉴权中心根据所述第一认证信息和所述用户数据对所述终端认证成功后,所述认证端授权所述终端接入所述移动通信网络,或者,所述认证端包括与所述目标软件相对应的软件服务器,所述第一认证单元包括:第二获取模块,用于使得所述软件服务器获取所述终端发送的所述第一认证信息;第二认证模块,用于使得所述软件服务器根据所述第一认证信息对所述终端进行认证;以及其中,所述授权单元还用于使得在所述软件服务器根据所述第一认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络。
- 根据权利要求9所述的终端认证装置,所述终端包括第一终端和第二终端,所述第一获取单元还用于使得所述认证端获取所述第一终端发送的第一认证信息,其中,所述终端认证装置还包括:第二认证单元,用于使得在所述认证端获取所述第一终端发送的第一认证信息之后,所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;第一判断单元,用于使得所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;第一中断单元用于使得如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端中断与所述移动通信网络的连接,其中,所述授权单元还用于使得在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述认证端授权所述第一终端接入所述移动通信网络。
- 根据权利要求11所述的终端认证装置,所述认证装置还包括:第二判断单元,用于使得在所述第二终端中断与所述移动通信网络的连接之前,所述认证端判断所述第一终端的入网优先级是否高于所述第二终端的入网优先级,其中,所述第一中断单元还用于使得如果所述认证端判断出所述第一终端的入网优先级高于所述第二终端的入网优先级,则所述第二终端中断与所述移动通信网络的连接;以及所述第一认证单元还用于使得如果所述认证端判断出所述第一终端的入网优先级不高于所述第二终端的入网优先级,则所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证失败。
- 根据权利要求9所述的终端认证装置,所述终端包括第一终端和第二终端,所述授权单元包括:第二接收模块,用于使得所述认证端接收所述第一终端发送的第一认证信息;第二认证模块,用于使得所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;判断模块,用于使得所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;保持模块,用于使得如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端保持与所述移动通信网络的连接;授权模块,用于使得在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述移动通信网络授权所述第一终端接入所述移动通信网络,其中,所述第一终端用于获取所述移动通信网络提供的第一类移动通信服务;以及所述第二终端用于获取所述移动通信网络提供的第二类移动通信服务。
- 根据权利要求9所述的终端认证装置,所述终端认证装置还包括:第一发送单元,用于使得在认证端获取终端发送的第一认证信息之前,所述认证端向所述终端发送包括随机数的认证请求,其中,所述终端用于根据获取用户输入的第一凭证信息,并根据所述第一凭证信息和所述随机数确定所述第一认证信息。
- 根据权利要求9所述的终端认证装置,所述终端用于获取第二凭证信息,并根据所述第二凭证信息确定第二认证信息,以及将所述第二认证信息发送至所述认证端,所述认证装置还包括:第二获取单元,用于使得在认证端获取终端发送的第一认证信息之前,所述认证端获取所述终端发送的所述第二认证信息,其中,所述终端用于通过与所述终端相连接的用户识别模块SIM获取第二凭证信息和/或通过自身内嵌的存储模块获取所述第二凭证信息;第三认证单元,用于使得所述认证端根据所述第二认证信息对所述终端进行认证,其中,所述授权单元还用于使得在所述认证端根据所述第二认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络以获取第三类移动通信服务;以及在所述认证端根据所述第一认证信息对所述终端认证成功后,所述移动通信网络授权所述终端接入所述移动通信网络以获取第四类移动通信服务。
- 根据权利要求15所述的终端认证装置,所述授权单元还用于所述移动通信网络通过LIPA协议授权所述终端接入所述移动通信网络以获取第三类移动通信服务;以及所述移动通信网络通过SIPTO协议授权所述终端接入所述移动通信网络以获取第四类移动通信服务。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2017504088A JP6411629B2 (ja) | 2014-07-28 | 2015-05-19 | 移動通信システムに用いられる端末認証方法及び装置 |
EP15826403.6A EP3177054B1 (en) | 2014-07-28 | 2015-05-19 | Method and device for terminal authentication for use in mobile communication system |
US15/414,112 US10045213B2 (en) | 2014-07-28 | 2017-01-24 | Method and apparatus for authenticating terminal in mobile communications system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410364824.7 | 2014-07-28 | ||
CN201410364824.7A CN104469765B (zh) | 2014-07-28 | 2014-07-28 | 用于移动通信系统中的终端认证方法和装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/414,112 Continuation US10045213B2 (en) | 2014-07-28 | 2017-01-24 | Method and apparatus for authenticating terminal in mobile communications system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016015509A1 true WO2016015509A1 (zh) | 2016-02-04 |
Family
ID=52914977
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/079303 WO2016015509A1 (zh) | 2014-07-28 | 2015-05-19 | 用于移动通信系统中的终端认证方法和装置 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10045213B2 (zh) |
EP (1) | EP3177054B1 (zh) |
JP (2) | JP6411629B2 (zh) |
CN (1) | CN104469765B (zh) |
WO (1) | WO2016015509A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106292592A (zh) * | 2016-08-19 | 2017-01-04 | 北京小米移动软件有限公司 | 家电的控制方法及装置 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104469765B (zh) | 2014-07-28 | 2020-10-23 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
CN104469766A (zh) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
US9717003B2 (en) * | 2015-03-06 | 2017-07-25 | Qualcomm Incorporated | Sponsored connectivity to cellular networks using existing credentials |
CN105023143A (zh) * | 2015-08-10 | 2015-11-04 | 周国民 | 一种通信方法、装置及客户端设备 |
CN107852603B (zh) * | 2015-09-25 | 2021-07-23 | Oppo广东移动通信有限公司 | 终端认证的方法及设备 |
CN107710673B (zh) * | 2015-09-28 | 2020-04-10 | Oppo广东移动通信有限公司 | 用户身份认证的方法及设备 |
CN110474879B (zh) * | 2019-07-18 | 2020-07-24 | 阿里巴巴集团控股有限公司 | 身份识别预处理方法、身份识别方法,及其设备和系统 |
US10778678B2 (en) | 2018-07-18 | 2020-09-15 | Alibaba Group Holding Limited | Identity identification and preprocessing |
EP3968590B1 (en) * | 2020-09-10 | 2023-08-23 | Ntt Docomo, Inc. | Communication network component and method |
WO2023230924A1 (zh) * | 2022-05-31 | 2023-12-07 | 北京小米移动软件有限公司 | 认证方法、装置、通信设备和存储介质 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101690287A (zh) * | 2007-04-20 | 2010-03-31 | Lm爱立信电话有限公司 | 用于移动设备授证的方法和系统 |
EP2271146A1 (en) * | 2009-06-30 | 2011-01-05 | France Telecom | Authentication method and system |
WO2013097177A1 (en) * | 2011-12-30 | 2013-07-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Virtual sim card cloud platform |
CN103428696A (zh) * | 2012-05-22 | 2013-12-04 | 中兴通讯股份有限公司 | 实现虚拟sim卡的方法、系统及相关设备 |
CN103841560A (zh) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | 增强sim卡可靠性的方法及设备 |
CN104469765A (zh) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
CN104469766A (zh) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2971620B2 (ja) * | 1991-05-30 | 1999-11-08 | 郵政大臣 | 個人認証機能付き携帯電話機 |
US6377699B1 (en) * | 1998-11-25 | 2002-04-23 | Iridian Technologies, Inc. | Iris imaging telephone security module and method |
US20020186845A1 (en) * | 2001-06-11 | 2002-12-12 | Santanu Dutta | Method and apparatus for remotely disabling and enabling access to secure transaction functions of a mobile terminal |
ITRM20030100A1 (it) * | 2003-03-06 | 2004-09-07 | Telecom Italia Mobile Spa | Tecnica di accesso multiplo alla rete, da parte di terminale di utente interconnesso ad una lan e relativa architettura di riferimento. |
US7801743B2 (en) * | 2005-02-11 | 2010-09-21 | Avaya Inc. | Use of location awareness of establish communications with a target clinician in a healthcare environment |
WO2009141919A1 (en) * | 2008-05-23 | 2009-11-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Ims user equipment, control method thereof, host device, and control method thereof |
US8370509B2 (en) * | 2009-04-09 | 2013-02-05 | Alcatel Lucent | Identity management services provided by network operator |
CA2768417C (en) * | 2009-07-17 | 2018-04-24 | Boldstreet Inc. | Hotspot network access system and method |
CN101711029A (zh) * | 2009-12-17 | 2010-05-19 | 中国联合网络通信集团有限公司 | 终端的接入认证方法和设备及恢复设备合法性的方法 |
US8666368B2 (en) * | 2010-05-03 | 2014-03-04 | Apple Inc. | Wireless network authentication apparatus and methods |
US20130089076A1 (en) | 2011-04-01 | 2013-04-11 | Interdigital Patent Holdings, Inc. | Local / remote ip traffic access and selective ip traffic offload service continuity |
CN102264061B (zh) * | 2011-04-11 | 2015-07-22 | 宇龙计算机通信科技(深圳)有限公司 | 无卡移动终端的鉴权及通信方法、服务器及无卡移动终端 |
CN102149170A (zh) * | 2011-04-11 | 2011-08-10 | 宇龙计算机通信科技(深圳)有限公司 | 无线通信设备的网络接入方法和装置 |
CN102195991A (zh) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | 一种终端安全管理、认证方法及系统 |
KR101243713B1 (ko) * | 2011-07-08 | 2013-03-13 | 이광민 | 무선랜 접속 장치 및 그 동작 방법 |
US9031541B2 (en) * | 2012-04-09 | 2015-05-12 | Cellco Partnership | Method for transmitting information stored in a tamper-resistant module |
CN103703741B (zh) * | 2012-11-22 | 2018-06-05 | 华为技术有限公司 | 应用程序分发方法、终端及服务器 |
-
2014
- 2014-07-28 CN CN201410364824.7A patent/CN104469765B/zh active Active
-
2015
- 2015-05-19 JP JP2017504088A patent/JP6411629B2/ja active Active
- 2015-05-19 EP EP15826403.6A patent/EP3177054B1/en active Active
- 2015-05-19 WO PCT/CN2015/079303 patent/WO2016015509A1/zh active Application Filing
-
2017
- 2017-01-24 US US15/414,112 patent/US10045213B2/en active Active
-
2018
- 2018-05-10 JP JP2018091687A patent/JP6668407B2/ja active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101690287A (zh) * | 2007-04-20 | 2010-03-31 | Lm爱立信电话有限公司 | 用于移动设备授证的方法和系统 |
EP2271146A1 (en) * | 2009-06-30 | 2011-01-05 | France Telecom | Authentication method and system |
WO2013097177A1 (en) * | 2011-12-30 | 2013-07-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Virtual sim card cloud platform |
CN103428696A (zh) * | 2012-05-22 | 2013-12-04 | 中兴通讯股份有限公司 | 实现虚拟sim卡的方法、系统及相关设备 |
CN103841560A (zh) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | 增强sim卡可靠性的方法及设备 |
CN104469765A (zh) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
CN104469766A (zh) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | 用于移动通信系统中的终端认证方法和装置 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106292592A (zh) * | 2016-08-19 | 2017-01-04 | 北京小米移动软件有限公司 | 家电的控制方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
EP3177054A4 (en) | 2018-03-14 |
JP6411629B2 (ja) | 2018-10-24 |
JP6668407B2 (ja) | 2020-03-18 |
EP3177054A1 (en) | 2017-06-07 |
US10045213B2 (en) | 2018-08-07 |
CN104469765B (zh) | 2020-10-23 |
JP2018170010A (ja) | 2018-11-01 |
US20170134951A1 (en) | 2017-05-11 |
CN104469765A (zh) | 2015-03-25 |
JP2017528804A (ja) | 2017-09-28 |
EP3177054B1 (en) | 2019-12-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016015509A1 (zh) | 用于移动通信系统中的终端认证方法和装置 | |
US9426132B1 (en) | Methods and apparatus for rules-based multi-factor verification | |
US10237732B2 (en) | Mobile device authentication in heterogeneous communication networks scenario | |
WO2016015510A1 (zh) | 用于移动通信系统中的终端认证方法和装置 | |
US9154955B1 (en) | Authenticated delivery of premium communication services to trusted devices over an untrusted network | |
US9531835B2 (en) | System and method for enabling wireless social networking | |
US9014736B2 (en) | Portable network device for the discovery of nearby devices and services | |
CN110611905A (zh) | 信息共享方法、终端设备、存储介质及计算机程序产品 | |
US20190036924A1 (en) | Method and apparatus for network access | |
US20180337785A1 (en) | Secure password sharing for wireless networks | |
US11812263B2 (en) | Methods and apparatus for securely storing, using and/or updating credentials using a network device at a customer premises | |
JP6997886B2 (ja) | コアネットワ-クへの非3gpp装置アクセス | |
US11848926B2 (en) | Network authentication | |
JP2008042862A (ja) | 無線lan通信システム及びその方法並びにプログラム | |
JP2023162296A (ja) | コアネットワークへの非3gppデバイスアクセス | |
WO2017049598A1 (zh) | 终端认证的方法及设备 | |
US9154949B1 (en) | Authenticated delivery of premium communication services to untrusted devices over an untrusted network | |
KR102381038B1 (ko) | 피제어 장치의 보안 인증 기법 | |
WO2016090578A1 (zh) | 认证的处理方法、装置和终端 | |
JP5670926B2 (ja) | 無線lanのアクセスポイントの端末アクセス制御システム及び認可サーバ装置 | |
US20190116169A1 (en) | Real-time data for access control approval | |
US11546339B2 (en) | Authenticating client devices to an enterprise network | |
CN102204308A (zh) | 无线局域网业务使用方法和设备 | |
CN117795905A (zh) | Api调用者认证方法以及装置、通信设备及存储介质 | |
WO2024049335A1 (en) | Two factor authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15826403 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017504088 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2015826403 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015826403 Country of ref document: EP |