WO2016015510A1 - Method and device for terminal authentication for use in mobile communication system - Google Patents
Method and device for terminal authentication for use in mobile communication system Download PDFInfo
- Publication number
- WO2016015510A1 WO2016015510A1 PCT/CN2015/079305 CN2015079305W WO2016015510A1 WO 2016015510 A1 WO2016015510 A1 WO 2016015510A1 CN 2015079305 W CN2015079305 W CN 2015079305W WO 2016015510 A1 WO2016015510 A1 WO 2016015510A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- authentication
- mobile communication
- information
- communication network
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
Definitions
- FIG. 8 is a schematic diagram of an authentication process of a terminal by a mobile communication server according to an embodiment of the present invention.
- the second terminal interrupts the connection with the mobile communication network.
- the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
- the identification data generating device may be configured to determine according to the credential information input by the user and the preset function, and the different types of credential information correspond to different functions. For example, if the format of the credential information input by the user is an email address, the first function is adopted; if the format of the credential information input by the user is a string of numbers, the second function is adopted; Alternatively, the corresponding function may be set according to the target software corresponding to the credential information. For example, if the credential information is a WeChat ID, it corresponds to the first function, and if the credential information is a Micha ID, it corresponds to the second function.
- the authentication information request sent by the mobile communication network to the terminal may include a random number, and the terminal may determine the authentication information according to the random number and the first credential information input by the user, using the first authentication function, and The authentication information is transmitted to the mobile communication network, and as shown in FIG. 5, the first authentication function is implemented in the terminal authentication information generating device.
- the mobile communication network side has the information of the random number and the first authentication function, and after receiving the authentication information of the terminal, the terminal can be authenticated accordingly.
- Mobile communication server The authentication mode of the mobile communication server is similar to that of the authentication center, and is not described here. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
- the authentication end may include a software server corresponding to the target software
- the third authentication unit may include: a second obtaining module and a second authentication module.
- the second obtaining module can be used to enable the software server to acquire the terminal Sending the first authentication information
- the second authentication module may be configured to enable the software server to authenticate the terminal according to the first authentication information
- the authorization unit is further configured to enable the software server to successfully authenticate the terminal according to the first authentication information
- the mobile communication network authorizes the terminal to access the mobile communication network.
- the terminal authentication apparatus may further include: a fourth sending unit.
- the fourth sending unit may be configured to: before the authentication end acquires the first authentication information sent by the terminal, the authentication end sends an authentication request including a random number to the terminal, where the terminal may be configured to acquire the first credential information input by the user, and The first authentication information is determined according to the first credential information and the random number.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
Disclosed are a method and device for terminal authentication for use in a mobile communication system. The method for terminal authentication for use in the mobile communication system comprises: a terminal acquires first credential information inputted by a user, where the first credential information is information successfully verified by target software; the terminal determines first authentication information on the basis of the first credential information; the terminal transmits the first authentication information to an authentication terminal, where the authentication terminal is used for authenticating the terminal on the basis of the first authentication information; and, when the terminal is successfully authenticated by the authentication terminal on the basis of the first authentication information, the terminal accesses a mobile communication network. By means of the present invention, solved is the problem in the related art in which a SIM card restricts development of thin and lightweight terminals.
Description
本发明涉及通信领域,具体而言,涉及一种用于移动通信系统中的终端认证方法和装置。The present invention relates to the field of communications, and in particular to a terminal authentication method and apparatus for use in a mobile communication system.
目前,在相关技术中,用户为了获取移动通信服务,往往需要先向移动通信服务提供商(如中国移动、中国联通、中国电信等)申请用户识别模块(Subscriber Identity Module,简称为SIM)卡,再为SIM卡所对应的通信服务缴费,这样,在终端插入SIM卡,就可以获取移动通信服务(如打电话、发短信、上因特网等)。移动通信服务提供商根据用户对移动通信的使用量或资源占用情况进行计费。其中,SIM卡信息可以用于在向移动通信网络认证终端。At present, in the related art, in order to obtain mobile communication services, users often need to apply for a Subscriber Identity Module (SIM) card to a mobile communication service provider (such as China Mobile, China Unicom, China Telecom, etc.). Then, the communication service corresponding to the SIM card is paid, so that the mobile communication service (such as making a call, sending a text message, accessing the Internet, etc.) can be obtained by inserting the SIM card into the terminal. The mobile communication service provider charges according to the usage or resource occupation of the mobile communication by the user. Wherein, the SIM card information can be used to authenticate the terminal to the mobile communication network.
随着移动宽带业务的发展和越来越多的智能终端(如智能手机)的出现,用户能够更充分的享用移动宽带业务带来的智能服务。With the development of mobile broadband services and the emergence of more and more intelligent terminals (such as smart phones), users can more fully enjoy the intelligent services brought by mobile broadband services.
例如,目前,智能手机正朝着更轻更薄的方向发展。而在相关技术中,基于SIM卡的移动通信需要在手机上预先设置SIM卡插槽,这制约了智能手机的轻薄化发展。For example, smartphones are currently moving in a lighter and thinner direction. In the related art, the SIM card-based mobile communication requires a SIM card slot to be preset on the mobile phone, which restricts the development of the thin and light of the smart phone.
为了减轻SIM卡对智能手机的轻薄化发展的制约,在相关技术中,提供了尺寸比传统SIM卡尺寸更小的Micro SIM卡和Nano SIM卡,然而,上述方案不能从根本上解决问题。In order to alleviate the restriction of the SIM card on the thin and light development of the smart phone, in the related art, a micro SIM card and a Nano SIM card having a size smaller than that of the conventional SIM card are provided. However, the above solution cannot fundamentally solve the problem.
针对相关技术中SIM卡制约了终端的轻薄化发展的问题,目前尚未提出有效的解决方案。In view of the problem that the SIM card in the related art restricts the development of the thin and light of the terminal, an effective solution has not been proposed yet.
发明内容Summary of the invention
本发明的主要目的在于提供一种用于移动通信系统中的终端认证方法和装置,以解决相关技术中SIM卡制约了终端的轻薄化发展的问题。A main object of the present invention is to provide a terminal authentication method and apparatus for use in a mobile communication system to solve the problem that the SIM card in the related art restricts the development of the terminal.
为了实现上述目的,根据本发明的一个方面,提供了一种用于移动通信系统中的终端认证方法。该方法包括:终端获取用户输入的第一凭证信息,其中,第一凭证信息为通过目标软件验证的信息;终端根据第一凭证信息确定第一认证信息;终端将第
一认证信息发送至认证端,其中,认证端用于根据第一认证信息对终端进行认证;以及在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络。In order to achieve the above object, according to an aspect of the present invention, a terminal authentication method for use in a mobile communication system is provided. The method includes: the terminal acquiring the first credential information input by the user, where the first credential information is information verified by the target software; the terminal determines the first credential information according to the first credential information;
An authentication information is sent to the authentication end, where the authentication end is used to authenticate the terminal according to the first authentication information; and after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network.
为了实现上述目的,根据本发明的另一个方面,提供了另一种用于移动通信系统中的终端认证装置。该装置包括:第一获取单元,用于使得终端获取用户输入的第一凭证信息,其中,第一凭证信息为通过目标软件验证的信息;第一确定单元,用于使得终端根据第一凭证信息确定第一认证信息;第一发送单元,用于使得终端将第一认证信息发送至认证端,其中,认证端用于根据第一认证信息对终端进行认证;以及接入单元,用于使得在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络。In order to achieve the above object, according to another aspect of the present invention, another terminal authentication apparatus for use in a mobile communication system is provided. The device includes: a first obtaining unit, configured to enable the terminal to acquire first credential information input by the user, where the first credential information is information verified by the target software; and the first determining unit is configured to enable the terminal to use the first credential information according to the first credential information Determining the first authentication information, the first sending unit, configured to: send the first authentication information to the authentication end, where the authentication end is used to authenticate the terminal according to the first authentication information; and the access unit is configured to enable After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network.
为了实现上述目的,根据本发明的再一个方面,还提供了一种存储介质,用于保存上述用于移动通信系统中的终端认证方法所执行的程序代码。In order to achieve the above object, according to still another aspect of the present invention, a storage medium for storing the program code executed by the terminal authentication method for use in a mobile communication system is also provided.
通过本发明,采用终端获取用户输入的第一凭证信息,其中,第一凭证信息为通过目标软件验证的信息;终端根据第一凭证信息确定第一认证信息;终端将第一认证信息发送至认证端,其中,认证端用于根据第一认证信息对终端进行认证;以及在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络,解决了相关技术中SIM卡制约了终端的轻薄化发展的问题,进而达到了利于终端的轻薄化发展的效果。The first credential information input by the user is obtained by the terminal, wherein the first credential information is information verified by the target software; the terminal determines the first authentication information according to the first credential information; and the terminal sends the first credential information to the authentication. End, wherein the authentication end is used to authenticate the terminal according to the first authentication information; and after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network, and the SIM card is restricted in the related technology. The problem of thin and light development has reached the effect of facilitating the development of thin and light terminals.
构成本申请的一部分的附图用来提供对本发明的进一步理解,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings, which are incorporated in the claims In the drawing:
图1是根据本发明实施例的用于移动通信系统中的终端认证方法的流程图;1 is a flowchart of a terminal authentication method for use in a mobile communication system according to an embodiment of the present invention;
图2是根据本发明实施例的用于移动通信系统中的终端认证系统的示意图;2 is a schematic diagram of a terminal authentication system for use in a mobile communication system according to an embodiment of the present invention;
图3是根据本发明实施例的设置终端功能的界面的示意图;3 is a schematic diagram of an interface for setting a terminal function according to an embodiment of the present invention;
图4是根据本发明实施例的认证信息生成过程的示意图;4 is a schematic diagram of an authentication information generating process according to an embodiment of the present invention;
图5是根据本发明实施例的另一认证信息生成过程的示意图;FIG. 5 is a schematic diagram of another authentication information generating process according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的对终端进行认证的示意图;6 is a schematic diagram of authenticating a terminal according to an embodiment of the present invention;
图7是根据本发明实施例的另一用于移动通信系统中的终端认证方法流程图;
7 is a flow chart of another method for terminal authentication in a mobile communication system according to an embodiment of the present invention;
图8是根据本发明实施例的移动通信服务器对终端的认证过程的示意图;8 is a schematic diagram of an authentication process of a terminal by a mobile communication server according to an embodiment of the present invention;
图9是根据本发明实施例的第三方软件服务器对终端的认证过程的示意图;9 is a schematic diagram of an authentication process of a terminal by a third-party software server according to an embodiment of the present invention;
图10是根据本发明实施例的用于移动通信系统中的终端认证装置的示意图;以及FIG. 10 is a schematic diagram of a terminal authentication apparatus for use in a mobile communication system according to an embodiment of the present invention;
图11是根据本发明实施例的另一用于移动通信系统中的终端认证装置的示意图。11 is a schematic diagram of another terminal authentication apparatus for use in a mobile communication system according to an embodiment of the present invention.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本发明。It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
为了使本领域的技术人员更好的理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,在本领域普通技术人员没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明的保护范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is an embodiment of the invention, but not all of the embodiments. All other embodiments obtained under the premise that no one skilled in the art can make creative work based on the embodiments of the present invention should fall within the protection scope of the present invention.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order. It is to be understood that the data so used may be interchanged where appropriate, so that the embodiments of the invention described herein can be implemented in a sequence other than those illustrated or described herein. Moreover, the terms "comprising" and "having" and "the" are intended
根据本发明的实施例,提供了一种用于移动通信系统中的终端认证方法,该用于移动通信系统中的终端认证方法用于根据目标软件的认证信息对移动通信系统中的终端进行身份认证。该用于移动通信系统中的终端认证方法可以运行在计算机处理设备上。According to an embodiment of the present invention, there is provided a terminal authentication method for use in a mobile communication system, the terminal authentication method for use in a mobile communication system for authenticating a terminal in a mobile communication system according to authentication information of a target software Certification. The terminal authentication method for use in a mobile communication system can operate on a computer processing device.
图1是根据本发明实施例的用于移动通信系统中的终端认证方法的流程图。1 is a flow chart of a method for terminal authentication in a mobile communication system according to an embodiment of the present invention.
如图1所示,该方法包括如下的步骤S102至步骤S108:As shown in FIG. 1, the method includes the following steps S102 to S108:
步骤S102,终端获取用户输入的第一凭证信息。其中,第一凭证信息为通过目标软件验证的信息。Step S102: The terminal acquires first credential information input by the user. The first credential information is information verified by the target software.
步骤S104,终端根据第一凭证信息确定第一认证信息。
Step S104: The terminal determines the first authentication information according to the first credential information.
步骤S106,终端将第一认证信息发送至认证端。其中,认证端用于根据第一认证信息对终端进行认证。Step S106: The terminal sends the first authentication information to the authentication end. The authentication end is configured to authenticate the terminal according to the first authentication information.
步骤S108,在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络。Step S108: After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network.
具体地,当终端进入移动通信网络覆盖区时,该终端可以自动根据第一凭证信息与移动通信网络进行通信并对终端身份进行认证。在认证之后,认证端可以将认证结果发送至移动通信网络。其中,若认证通过,则终端可以接入移动通信网络,并获取移动通信服务;若认证失败,则终端不可以接入移动通信网络,进而不能获取移动通信服务。其中,在终端将第一认证信息发送至认证端之前,移动通信网络可以向终端发送认证信息请求,终端在接收到认证信息请求之后,根据认证信息请求将第一认证信息发送至认证端。Specifically, when the terminal enters the coverage area of the mobile communication network, the terminal can automatically communicate with the mobile communication network according to the first credential information and authenticate the terminal identity. After the authentication, the authentication end can send the authentication result to the mobile communication network. If the authentication is passed, the terminal can access the mobile communication network and obtain the mobile communication service; if the authentication fails, the terminal cannot access the mobile communication network, and thus cannot obtain the mobile communication service. The mobile communication network may send an authentication information request to the terminal before the terminal sends the first authentication information to the authentication end. After receiving the authentication information request, the terminal sends the first authentication information to the authentication end according to the authentication information request.
需要说明的是,可以基于终端的检测来判断终端是否进入移动通信网络覆盖区。例如,基站周期性地发送CRS(Common Reference Signal,公共参考信号),终端会检测CRS的强度(如LTE(Long Term Evolution,长期演进)系统中根据对CRS的测量而计算RSRP(Reference Signal Received Power,参考信号接收功率)或RSRQ(Reference Signal Received Quality,参考信号接收质量)),当CRS的强度达到一定门限之后,确定终端已进入移动网络覆盖区。再例如,某运营商所部署的基站周期性地发送承载了系统相关信息(如频带宽度、基站天线数等物理层相关信息,PLMN(Public Land Mobile Network,或公共陆地移动网络等网络相关信息)的信号,终端会检测该信号,当准确检测到该信号所承载的信息时,确定终端已进入该运营商的网络覆盖区域。It should be noted that whether the terminal enters the coverage area of the mobile communication network can be determined based on the detection of the terminal. For example, the base station periodically transmits a CRS (Common Reference Signal), and the terminal detects the strength of the CRS. For example, the LTE (Long Term Evolution) system calculates the RSRP based on the measurement of the CRS (Reference Signal Received Power). , reference signal received power) or RSRQ (Reference Signal Received Quality), after the strength of the CRS reaches a certain threshold, it is determined that the terminal has entered the mobile network coverage area. For example, a base station deployed by an operator periodically transmits system-related information (such as bandwidth-related, base station antenna number, and other physical layer-related information, and PLMN (Public Land Mobile Network, or public land mobile network). The signal is detected by the terminal, and when the information carried by the signal is accurately detected, it is determined that the terminal has entered the network coverage area of the operator.
用户只需向终端输入一次凭证信息,只要终端进入移动通信网络覆盖区域,就会自动根据第一凭证信息与移动通信网络通信并认证所述终端;作为优选的实施例,用户向终端输入凭证信息之后,该凭证信息就会被存储在终端中便于后续认证。这样,终端在不同时间进入两个相互不重叠的移动网络覆盖区域时,就会自动根据凭证信息与移动通信网络进行通信并认证所述终端,提高了用户的体验度。The user only needs to input the credential information to the terminal once, and as long as the terminal enters the coverage area of the mobile communication network, the terminal automatically communicates with the mobile communication network according to the first credential information and authenticates the terminal; as a preferred embodiment, the user inputs credential information to the terminal. After that, the credential information will be stored in the terminal for subsequent authentication. In this way, when the terminal enters two mobile network coverage areas that do not overlap each other at different times, it automatically communicates with the mobile communication network according to the credential information and authenticates the terminal, thereby improving the user experience.
需要说明的是,在实际中,为提高安全度,终端还可以按照预设条件提醒用户输入凭证信息,例如,在终端重启、其飞行模式由开启状态转换为关闭状态时,可以提醒用户输入凭证信息。需要注意的是,在此,仍然不需要用户每次进入新的网络覆盖区域都要重新输入一次凭证信息。
It should be noted that, in practice, in order to improve the security, the terminal may also prompt the user to input the credential information according to the preset condition. For example, when the terminal restarts and the flight mode is changed from the open state to the closed state, the user may be prompted to input the credential. information. It should be noted that, here, the user is still not required to re-enter the credential information each time he enters the new network coverage area.
需要说明的是,终端不仅可以包括移动电话机或手机,还可以包括其它能够发送和接收无线信号的设备。例如,终端可以为智能家电,或者可以为其它不通过人的操作就能自发与移动通信网络进行通信的设备。It should be noted that the terminal may include not only a mobile phone or a mobile phone, but also other devices capable of transmitting and receiving wireless signals. For example, the terminal may be a smart home appliance, or may be a device that can spontaneously communicate with the mobile communication network without the operation of a person.
第一认证信息可以用于在除用户和移动通信服务提供者之外的第三方所开发的目标软件中认证终端。例如,目标软件可以是腾讯公司所开发的“微信”软件或“QQ”软件,或小米公司所开发的“米聊”软件等。用户可以通过多种方式向终端输入第一凭证信息,例如,用户可以通过在终端上通过实体键盘或虚拟键盘键入的方式或者通过扫描的方式输入第一凭证信息。The first authentication information can be used to authenticate the terminal in target software developed by a third party other than the user and the mobile communication service provider. For example, the target software may be "WeChat" software or "QQ" software developed by Tencent, or "Mi Chat" software developed by Xiaomi Company. The user can input the first credential information to the terminal in various manners. For example, the user can input the first credential information by typing on the terminal through a physical keyboard or a virtual keyboard or by scanning.
移动通信网络与第三方目标软件处于不同的网络为不同的网络,两个网络之间通过网关控制数据传输,保证各自信息的安全性。如图2所示,终端与移动通信网络中基站进行通信,基站通过移动通信网络中的网关连接到第三方网络,其中,第三方网络包括第三方软件服务器和第三方网关。The mobile communication network and the third-party target software are in different networks, and the two networks control the data transmission through the gateway to ensure the security of the respective information. As shown in FIG. 2, the terminal communicates with a base station in a mobile communication network, and the base station is connected to a third-party network through a gateway in the mobile communication network, wherein the third-party network includes a third-party software server and a third-party gateway.
作为优选的实施例,第一认证信息可以为目标软件的用户名、密码、或者两者的结合。例如,第一凭证信息可以为微信ID(Identity,标识),或者微信ID和密码,或者米聊ID,或者米聊ID和密码。用户名和密码的形式可以包括多种,在此不限定。例如,其可以是生物特征信息(如指纹信息、视网膜信息、掌纹信息、虹膜信息、面部特征信息、语音特征信息、签名特征信息、DNA(Deoxyribonucleic acid,脱氧核糖核酸)信息等);其也可以是证书信息;其还可以是声音、音频、符号、线条等。需要说明的是,第一凭证信息可以是上述信息形式的任意组合,例如,用户在输入指纹信息的同时也可以录入面部特征信息,或者在输入指纹信息之后还可以录入声音信息。As a preferred embodiment, the first authentication information may be a username, a password, or a combination of both of the target software. For example, the first credential information may be a WeChat ID (Identity), or a WeChat ID and password, or a Mi Chat ID, or a Mi Chat ID and password. The form of the username and password may include a plurality of types, and is not limited herein. For example, it may be biometric information (such as fingerprint information, retinal information, palm print information, iris information, facial feature information, voice feature information, signature feature information, DNA (Deoxyribonucleic acid) information, etc.); It can be certificate information; it can also be sound, audio, symbols, lines, and the like. It should be noted that the first credential information may be any combination of the foregoing information forms. For example, the user may also input the facial feature information while inputting the fingerprint information, or may input the sound information after inputting the fingerprint information.
需要说明的是,第一凭证信息作为目标软件验证过的信息,其可以对目标软件进行认证,并获取服务。例如,用户可以使用第一凭证信息在PC(Personal Computer,个人电脑)上使用腾讯QQ的客户端软件。It should be noted that the first credential information is used as the information verified by the target software, and the target software can be authenticated and the service is obtained. For example, the user can use the first credential information to use the client software of Tencent QQ on a PC (Personal Computer).
通过本发明实施例,将指纹、视网膜、声音等生物特征信息作为凭证信息,能够使用户脱离SIM卡的束缚而自由通信。并且将第三方设计的软件的凭证信息作为终端接入移动通信网络的认证依据,这样,终端中无需再设置SIM插槽,并且无需插入SIM卡,避免了传统大尺寸SIM卡对终端轻薄化发展带来的限制,有利于终端的轻薄化设计,并且第三方设计的软件的凭证信息用于认证移动通信网络,使第三方设计的软件能够成为移动通信网络的入口,有利于移动互联网的发展和创新。According to the embodiment of the present invention, the biometric information such as the fingerprint, the retina, and the sound is used as the voucher information, so that the user can freely communicate without being bound by the SIM card. And the credential information of the software designed by the third party is used as the authentication basis for the terminal to access the mobile communication network, so that the SIM slot does not need to be set in the terminal, and the SIM card does not need to be inserted, thereby avoiding the development of the traditional large-size SIM card to the terminal. The restrictions brought about is beneficial to the thin and light design of the terminal, and the credential information of the software designed by the third party is used to authenticate the mobile communication network, so that the software designed by the third party can become the entrance of the mobile communication network, which is beneficial to the development of the mobile Internet and Innovation.
作为优选的实施例,在本发明实施例中,终端可以包括一个或者多个终端,例如,终端可以包括第一终端和第二终端,这样,当用户分别在第一终端和第二终端上输入
相同的凭证信息,例如,第二终端根据该凭证信息认证通过后,若第一终端也根据相同的凭证信息进行认证,则可以通过方式一或方式二对第一终端和第二终端进行认证处理:As a preferred embodiment, in the embodiment of the present invention, the terminal may include one or more terminals. For example, the terminal may include the first terminal and the second terminal, so that when the user inputs the first terminal and the second terminal respectively,
The same credential information, for example, after the second terminal authenticates according to the credential information, if the first terminal also performs authentication according to the same credential information, the first terminal and the second terminal may be authenticated by mode 1 or mode 2. :
方式一:method one:
S2,第一终端获取用户输入的第一凭证信息。S2. The first terminal acquires first credential information input by the user.
S4,第一终端根据第一凭证信息确定第一认证信息。S4. The first terminal determines the first authentication information according to the first credential information.
S6,第一终端将第一认证信息发送至认证端。S6. The first terminal sends the first authentication information to the authentication end.
S8,认证端接收第一终端发送的第一认证信息。S8. The authentication end receives the first authentication information sent by the first terminal.
S10,认证端根据第一终端发送的第一认证信息对第一终端进行认证。S10. The authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
S12,认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功。S12. The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
S14,如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则移动通信网络中断第二终端与移动通信网络的连接。S14. If the authentication end determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal, the mobile communication network interrupts the connection between the second terminal and the mobile communication network.
S16,在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,第一终端接入移动通信网络。S16: After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the first terminal accesses the mobile communication network.
在方式一中,第二终端在第一终端通过移动通信网络的认证之后,将无法保持与移动通信网络的通信。即,若第二终端首先通过某一凭证信息在移动通信网络中认证成功,随后移动通信网络又检测到该凭证信息又被用于认证第一终端,则在第一终端认证成功后,移动通信网络授权第一终端与移动通信网络通信,并中断第二终端与移动通信网络的通信。In the first method, after the first terminal passes the authentication of the mobile communication network, the second terminal cannot maintain communication with the mobile communication network. That is, if the second terminal first authenticates successfully in the mobile communication network through a certain credential information, and then the mobile communication network detects that the credential information is used to authenticate the first terminal, after the first terminal successfully authenticates, the mobile communication The network authorizes the first terminal to communicate with the mobile communication network and interrupts communication between the second terminal and the mobile communication network.
作为优选的实施例,在第二终端与移动通信网络的通信后,第二终端上存储的用户信息可以自动删除,或者可以在第一终端上远程删除第二终端上的用户信息。其中,用户信息可以包括至少如下信息之一:短信、通话记录、通讯录、照片、邮件、备忘录、用户在应用软件上存储的数据等。As a preferred embodiment, after the second terminal communicates with the mobile communication network, the user information stored on the second terminal may be automatically deleted, or the user information on the second terminal may be remotely deleted on the first terminal. The user information may include at least one of the following information: a short message, a call record, an address book, a photo, a mail, a memo, data stored by the user on the application software, and the like.
作为优选的实施例,在方式一的基础上,在S14“第二终端中断与移动通信网络的连接”之前,还可以执行如下步骤:
As a preferred embodiment, on the basis of the first method, before the connection of the second terminal to the mobile communication network in S14, the following steps may be performed:
S18,认证端判断第一终端的入网优先级是否高于第二终端的入网优先级。S18. The authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal.
S20,如果认证端判断出第一终端的入网优先级高于第二终端的入网优先级,则第二终端中断与移动通信网络的连接。S20. If the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal interrupts the connection with the mobile communication network.
S22,如果认证端判断出第一终端的入网优先级不高于第二终端的入网优先级,则认证端根据第二终端发送的中断指示对第一终端认证失败。S22: If the authentication end determines that the network access priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the interruption indication sent by the second terminal.
其中,优先级判断的依据可以是:移动通信网络可以向第一终端和第二终端发送请求响应,并授权最先响应的终端具有较高优先级。The priority judgment may be based on: the mobile communication network may send a request response to the first terminal and the second terminal, and authorize the first responding terminal to have a higher priority.
方式二:Method 2:
S24,第一终端获取用户输入的第一凭证信息。S24. The first terminal acquires first credential information input by the user.
S26,第一终端根据第一凭证信息确定第一认证信息。S26. The first terminal determines the first authentication information according to the first credential information.
S28,第一终端将第一认证信息发送至认证端。S28. The first terminal sends the first authentication information to the authentication end.
S30,认证端接收第一终端发送的第一认证信息。S30. The authentication end receives the first authentication information sent by the first terminal.
S32,认证端根据第一终端发送的第一认证信息对第一终端进行认证。S32. The authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
S34,认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功。S34. The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
S36,如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端保持与移动通信网络的连接。S36. If the authentication end determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network.
S38,在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,第一终端接入移动通信网络。S38: After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the first terminal accesses the mobile communication network.
S40,第一终端获取移动通信网络提供的第一类移动通信服务。S40. The first terminal acquires a first type of mobile communication service provided by the mobile communication network.
S42,第二终端获取移动通信网络提供的第二类移动通信服务。S42. The second terminal acquires a second type of mobile communication service provided by the mobile communication network.
在方式二中,第一终端和第二终端能够同时与移动通信网络保持通信。需要说明的是,在方式二中,移动通信网络可以向这两个终端发送消息以提示同时还有其它终端使用相同的凭证信息进行认证。
In the second mode, the first terminal and the second terminal can simultaneously maintain communication with the mobile communication network. It should be noted that, in the second mode, the mobile communication network may send a message to the two terminals to prompt that other terminals use the same credential information for authentication.
需要说明的是,第一类移动通信服务和第二类移动通信服务可以不同。第一类移动通信服务的业务类别可以多于第二类移动通信服务的业务类别。例如,第一类移动通信服务可以包括CS(Circuit Switch,电路交换)域和PS(Packet Switch,分组交换)域的业务,第二类移动通信服务可以仅包括PS域的业务,或者反之。其中,CS域的业务可以是语音通话,这样能够避免别人在寻呼该凭证信息时会有多个终端能够接听。或者第一终端能够与移动通信网络进行语音、视频、数据传输等通信,而第二终端能够与移动通信网络进行语音通信。It should be noted that the first type of mobile communication service and the second type of mobile communication service may be different. The first type of mobile communication service may have more service categories than the second type of mobile communication service. For example, the first type of mobile communication service may include services of a CS (Circuit Switch) domain and a PS (Packet Switch) domain, and the second type of mobile communication service may include only services of the PS domain, or vice versa. The service in the CS domain may be a voice call, so that a plurality of terminals can be answered when someone else pages the voucher information. Or the first terminal can perform voice, video, data transmission and the like communication with the mobile communication network, and the second terminal can perform voice communication with the mobile communication network.
需要说明的是,第一终端具有查看第二终端地理位置的功能,而第二终端却不具有查看第一终端地理位置的功能。并且第一终端具有控制第二终端的安全性的功能,而第二终端却不具有控制第一终端的安全性的功能,例如,第一终端可以授权第二终端访问凭证信息对应的信息的功能。It should be noted that the first terminal has the function of viewing the geographic location of the second terminal, and the second terminal does not have the function of viewing the geographic location of the first terminal. And the first terminal has the function of controlling the security of the second terminal, and the second terminal does not have the function of controlling the security of the first terminal, for example, the function that the first terminal can authorize the second terminal to access the information corresponding to the credential information .
作为优选的实施例,用户可以在终端上为第一终端和第二终端选择通信功能和通信业务,并且可以在终端的设置界面上进行设置,或者可以登录移动通信业务提供商的应用软件或网页进行设置。例如,在第二终端上,用户可以为第一终端和第二终端开启/关闭不同类型的业务,如图3所示,“√”表示开启相应的业务。As a preferred embodiment, the user may select a communication function and a communication service for the first terminal and the second terminal on the terminal, and may set on the setting interface of the terminal, or may log in to the application software or webpage of the mobile communication service provider. Make settings. For example, on the second terminal, the user can enable/disable different types of services for the first terminal and the second terminal. As shown in FIG. 3, “√” indicates that the corresponding service is started.
作为优选的实施例,移动通信网络可以根据凭证信息对针对移动通信服务计费。多个终端在不同时间段使用同一凭证信息认证时,移动通信网络可以根据多个终端所使用的全部移动通信服务对同一凭证计费。例如,第二终端在第一时段下载了100M比特的内容,第一终端在第二时段下载了200M比特的内容,则移动通信网络就对该凭证在这两个时段的300M比特的流量进行计费。这样,可以提高用户体验度。As a preferred embodiment, the mobile communication network may charge for the mobile communication service based on the credential information. When multiple terminals use the same credential information authentication in different time periods, the mobile communication network can charge the same credential according to all mobile communication services used by multiple terminals. For example, the second terminal downloads 100 Mbits of content in the first time period, and the first terminal downloads 200 Mbits of content in the second time period, and the mobile communication network calculates the 300 Mbit traffic of the voucher in the two time periods. fee. In this way, the user experience can be improved.
无需挂失:若某用户的终端(如手机)遗失,无需补办SIM卡,用户只要在另一个终端上输入自己的凭证信息就可以继续获取移动通信服务了。No need to report loss: If a user's terminal (such as a mobile phone) is lost, there is no need to reissue the SIM card, and the user can continue to obtain the mobile communication service by inputting his own credential information on another terminal.
智能防盗:若某用户的手机被盗,则该用户可以在另一个终端上输入自己的凭证信息,查看使用同一个凭证信息的终端的地理位置,从而对被盗的手机定位、以及远程删除被盗的手机上的凭证信息,避免信息泄露。Intelligent anti-theft: If a user's mobile phone is stolen, the user can enter his or her voucher information on another terminal to view the geographical location of the terminal using the same voucher information, thereby locating the stolen mobile phone and remotely deleting it. Voucher information on the stolen mobile phone to avoid information leakage.
流量分享:多个终端可以同时输入相同的凭证信息,从而可以分享同一个凭证信息对应的流量。Traffic sharing: Multiple terminals can input the same credential information at the same time, so that the traffic corresponding to the same credential information can be shared.
安全凭证:当第一终端使用某凭证信息获取移动通信服务时,若网络检测到第二终端也使用同一凭证信息接入网络,则发消息通知第一终端,提醒持有第一终端的用户注意自己的凭证信息的安全。
Security credential: when the first terminal uses a certain credential information to obtain the mobile communication service, if the network detects that the second terminal also uses the same credential information to access the network, it sends a message to the first terminal to remind the user holding the first terminal to pay attention. The security of your own voucher information.
通信方便:只要有终端,可以方便地使用上述凭证信息接入移动通信网络而享受移动通信服务。例如,用户可以不随身携带手机,当需要通信时,只需在公共通信终端上按下手指就可以接入移动通信网络;其中,公共通信终端可以仅支持CS语音通话业务,这样不会泄露太多个人信息,从而利于用户脱离移动终端的束缚。再例如,当第一用户使用第二用户的终端进行通信时,第一用户可以通过视网膜信息接入移动通信网络,移动通信网络对第一用户的视网膜凭证信息进行计费,这样,第二用户不会产生费用问题,利于终端共享。Convenient communication: As long as there is a terminal, it is convenient to use the above credential information to access the mobile communication network and enjoy the mobile communication service. For example, the user may not carry the mobile phone with him or her. When communication is required, the mobile communication network can be accessed by simply pressing a finger on the public communication terminal; wherein the public communication terminal can only support the CS voice call service, so that it does not leak too much. Multiple person information, thereby facilitating the user's shackles from the mobile terminal. For another example, when the first user communicates with the terminal of the second user, the first user can access the mobile communication network through the retina information, and the mobile communication network charges the retina voucher information of the first user, so that the second user There will be no cost issues, which will facilitate terminal sharing.
再例如,用户可以随身携带小屏幕终端,当需要视频通信时,可以借用公共的大屏幕终端,并通过面部识别信息接入移动通信网络,移动通信网络针对在该大屏幕上流量对该面部识别信息对应的凭证信息进行计费,在结束大屏幕通信之后,再使用相同的面部识别信息认证小屏幕终端,这样,大屏幕终端上保存的个人信息就会自动删除。For another example, the user can carry the small screen terminal with him or her. When the video communication is required, the public large screen terminal can be borrowed, and the mobile communication network can be accessed through the facial recognition information, and the mobile communication network can recognize the face for the traffic on the large screen. The voucher information corresponding to the information is charged, and after ending the large-screen communication, the same facial recognition information is used to authenticate the small-screen terminal, so that the personal information saved on the large-screen terminal is automatically deleted.
终端可能直接将用户输入的凭证信息作为认证信息,并可以将认证信息的全部或部分信息发送给移动通信网络,终端也可以先将凭证信息进行处理,得到认证信息,再将认证信息的全部或部分信息发送给移动通信网络,例如,终端可以将凭证信息进行加密处理。The terminal may directly use the credential information input by the user as the authentication information, and may send all or part of the information of the authentication information to the mobile communication network, and the terminal may first process the credential information to obtain the authentication information, and then all or all of the authentication information. Part of the information is sent to the mobile communication network. For example, the terminal can encrypt the voucher information.
具体地,在本发明实施例中,终端可以通过多种方式来根据第一凭证信息确定第一认证信息:Specifically, in the embodiment of the present invention, the terminal may determine the first authentication information according to the first credential information in multiple manners:
例1example 1
首先,终端根据第一凭证信息确定识别数据。First, the terminal determines the identification data based on the first credential information.
然后,终端根据识别数据生成第一认证信息。Then, the terminal generates first authentication information based on the identification data.
具体地,终端侧可以包括一个识别数据生成装置,该识别数据生成装置用于根据用户输入的第一凭证信息生成相应的识别数据,识别数据用于通过终端认证信息生成装置来生成认证信息,如图4所示。Specifically, the terminal side may include an identification data generating device, configured to generate corresponding identification data according to the first credential information input by the user, where the identification data is used to generate the authentication information by using the terminal authentication information generating device, such as Figure 4 shows.
由于可用于认证第三方设计的目标软件的凭证信息的格式不规则,例如,凭证信息可以是email地址、一串数字符号等,而在通信认证中,识别数据需要有固定的格式,例如,传统SIM卡中存储的密钥Ki码是固定长度的代码(如长度为64或128的二级制码,国际移动用户识别码(IMSI:International Mobile Subscriber Identification Number)总长度为不超过15位的0~9的数字),因此通过例1,能够把任一凭证信息
转化为格式统一的识别数据。例如,该识别数据生成装置可以把用户输入的凭证信息转化为与Ki码格式相同的代码。Since the format of the credential information of the target software that can be used to authenticate the third-party design is irregular, for example, the credential information may be an email address, a string of digital symbols, etc., and in the communication authentication, the identification data needs to have a fixed format, for example, a conventional The key Ki code stored in the SIM card is a fixed-length code (such as a secondary code of length 64 or 128, and the total length of the International Mobile Subscriber Identification Number (IMSI) is no more than 15 bits. ~9 digits), so by example 1, can be used to put any credential information
Convert to formatted identification data. For example, the identification data generating means can convert the voucher information input by the user into the same code as the Ki code format.
此外,由于用户的认证信息需要在网络上传输,因此具有不安全性。而在本发明实施例中,由于采用“识别数据生成装置”,网络只须传输根据识别数据生成的认证信息,而无法获取用户输入的凭证信息,例如用户的生物特征信息,避免了用户的生物特征信息的泄露,消除了用户的担忧。In addition, since the user's authentication information needs to be transmitted over the network, it is insecure. In the embodiment of the present invention, since the "identification data generating device" is adopted, the network only needs to transmit the authentication information generated according to the identification data, and cannot obtain the credential information input by the user, such as the biometric information of the user, thereby avoiding the user's biological The disclosure of feature information eliminates the user's concerns.
可选地,识别数据生成装置可以根据当前的凭证信息即时生成识别数据,或者可以在终端内预先存储一个或者多个识别数据,当用户输入凭证信息时,终端可以根据第一凭证信息查找相应的识别数据,并将查找到的识别数据生成认证信息发送给移动通信网络。当用户输入的凭证信息无法匹配到预先存储一个或者多个识别数据时,则终端不会生成认证信息。终端中可以存储多个凭证信息的识别数据,便于终端灵活更换凭证信息。例如,终端中可以存储家庭成员的多个识别数据,便于家庭成员之间换用终端。Optionally, the identification data generating device may generate the identification data immediately according to the current credential information, or may pre-store one or more identification data in the terminal. When the user inputs the credential information, the terminal may search for the corresponding information according to the first credential information. The data is identified, and the found identification data generation authentication information is sent to the mobile communication network. When the credential information input by the user cannot be matched to pre-store one or more identification data, the terminal does not generate the authentication information. The identification data of the plurality of credential information can be stored in the terminal, so that the terminal can flexibly exchange the credential information. For example, a plurality of identification data of a family member may be stored in the terminal, so that it is convenient for the family members to switch to the terminal.
这里,终端内存储的识别数据可以由用户输入或下载的方式存储在终端。例如,用户手动输入该凭证信息对应的识别数据;或者用户在有wifi连接的环境中输入凭证信息之后,终端自动根据该凭证信息下载对应的识别数据;或者用户可以通过NFC(Near Field Communication,近场通信)的方式将识别数据下载到终端。具体地,可以先将识别数据下载到识别数据装置,终端再通过NFC从识别数据装置中读取识别数据。需要说明的是,该操作可以仅执行一次。Here, the identification data stored in the terminal may be stored in the terminal by way of user input or download. For example, the user manually inputs the identification data corresponding to the credential information; or after the user inputs the credential information in the environment with the wifi connection, the terminal automatically downloads the corresponding identification data according to the credential information; or the user can pass NFC (Near Field Communication, near Field communication) downloads identification data to the terminal. Specifically, the identification data may be first downloaded to the identification data device, and the terminal reads the identification data from the identification data device through the NFC. It should be noted that the operation can be performed only once.
可选地,识别数据生成装置可以是用于根据用户输入的凭证信息和预设函数进行确定,不同类型的凭证信息对应不同的函数。例如,若用户输入的凭证信息的格式是email地址,则采用第一函数;若用户输入的凭证信息的格式是一串数字,则采用第二函数;……。或者可以根据凭证信息所对应的目标软件设定对应的函数,例如,若凭证信息是微信ID,则对应第一函数,若凭证信息是米聊ID,则对应第二函数。这样,通过控制不同类型凭证信息对应的不同函数,对任意凭证信息,都可以生成同一格式的识别数据,并且不造成识别数据的冲突。例如,任一微信ID对应的识别数据都不会与任一米聊ID对应的识别数据冲突,这样,可以保证凭证信息的身份的唯一性。前述的不同的函数可以预先存储在终端中,也可以即时下载到终端中。Optionally, the identification data generating device may be configured to determine according to the credential information input by the user and the preset function, and the different types of credential information correspond to different functions. For example, if the format of the credential information input by the user is an email address, the first function is adopted; if the format of the credential information input by the user is a string of numbers, the second function is adopted; Alternatively, the corresponding function may be set according to the target software corresponding to the credential information. For example, if the credential information is a WeChat ID, it corresponds to the first function, and if the credential information is a Micha ID, it corresponds to the second function. In this way, by controlling different functions corresponding to different types of credential information, the identification data of the same format can be generated for any credential information, and no conflict of the identification data is caused. For example, the identification data corresponding to any WeChat ID does not conflict with the identification data corresponding to any of the Micha IDs, so that the uniqueness of the identity of the credential information can be guaranteed. The different functions described above may be stored in the terminal in advance, or may be downloaded to the terminal immediately.
例2Example 2
首先,终端接收认证端发送的包括随机数的认证请求。
First, the terminal receives an authentication request that is sent by the authentication end and includes a random number.
其中,该步骤可以在前述的步骤S102之前执行。Wherein, the step can be performed before the foregoing step S102.
然后,终端根据第一凭证信息和随机数确定第一认证信息。Then, the terminal determines the first authentication information according to the first credential information and the random number.
其中,为了网络传输的安全,移动通信网络向终端发送的认证信息请求中可以包括一个随机数,终端可以根据该随机数和用户输入的第一凭证信息、使用第一认证函数确定认证信息,并将认证信息发送给移动通信网络,如图5所示,在终端认证信息生成装置中实现了第一认证函数。移动通信网络侧具有随机数的信息和第一认证函数,又收到了终端的认证信息,就可以据此认证该终端。这样,由于随机数仅被用于本次认证,即使终端发出的认证信息被别人截获,但由于截获者不知道该随机数,也就无法反向获取用户输入的凭证信息,保证了用户凭证信息的安全性。For the security of the network transmission, the authentication information request sent by the mobile communication network to the terminal may include a random number, and the terminal may determine the authentication information according to the random number and the first credential information input by the user, using the first authentication function, and The authentication information is transmitted to the mobile communication network, and as shown in FIG. 5, the first authentication function is implemented in the terminal authentication information generating device. The mobile communication network side has the information of the random number and the first authentication function, and after receiving the authentication information of the terminal, the terminal can be authenticated accordingly. In this way, since the random number is only used for the current authentication, even if the authentication information sent by the terminal is intercepted by others, since the interceptor does not know the random number, the credential information input by the user cannot be obtained in reverse, and the user credential information is guaranteed. Security.
作为优选的实施例,在本发明实施例中,除了通过前述的一种凭证信息(即,第一凭证信息)对用户终端进行认证之外,还可以通过另一种凭证信息(如第二凭证信息)与第一凭证信息相结合对用户终端进行认证。例如,在根据第一凭证信息进行认证之前,可以先通过第二凭证信息进行初步认证。具体地,在前述的步骤S102“终端获取用户输入的第一凭证信息”之前,可以执行如下步骤:As a preferred embodiment, in the embodiment of the present invention, in addition to authenticating the user terminal by using one of the foregoing credential information (ie, the first credential information), another credential information (such as the second credential may be passed). The information is combined with the first credential information to authenticate the user terminal. For example, prior to performing authentication according to the first credential information, preliminary authentication may be performed through the second credential information. Specifically, before the foregoing step S102, “the terminal acquires the first credential information input by the user”, the following steps may be performed:
S44,终端通过与终端相连接的用户识别模块SIM获取第二凭证信息。和/或S44. The terminal acquires the second credential information by using a subscriber identity module SIM connected to the terminal. and / or
S46,终端通过自身内嵌的存储模块获取第二凭证信息。S46. The terminal acquires the second credential information by using the embedded storage module.
S48,终端根据第二凭证信息确定第二认证信息。S48. The terminal determines the second authentication information according to the second credential information.
S50,终端将第二认证信息发送至认证端。此时,认证端可以用于根据第二认证信息对终端进行认证。S50. The terminal sends the second authentication information to the authentication end. At this time, the authentication end may be configured to authenticate the terminal according to the second authentication information.
S52,在认证端根据第二认证信息对终端认证成功后,终端接入移动通信网络以获取第三类移动通信服务。S52. After the authentication end successfully authenticates the terminal according to the second authentication information, the terminal accesses the mobile communication network to obtain the third type of mobile communication service.
S54,在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络以获取第四类移动通信服务。S54. After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
作为优选的实施例,在本发明实施例中,终端可以通过LIPA(Local IP Access,本地IP(Internet Protocol,网络互联协议)接入)协议接入移动通信网络以获取第三类移动通信服务。终端可以通过SIPTO(Selected IP Traffic Offload,选择IP流量卸载)协议接入移动通信网络以获取第四类移动通信服务。
As a preferred embodiment, in the embodiment of the present invention, the terminal can access the mobile communication network through the LIPA (Local IP Access) protocol to obtain the third type of mobile communication service. The terminal can access the mobile communication network through the SIPTO (Selected IP Traffic Offload) protocol to obtain the fourth type of mobile communication service.
终端通过LIPA协议,可以直接访问基站覆盖区域中的其他具备IP能力的设备,对HeNB(Home evolved Node B,家庭基站)而言,终端通过LIPA协议可以直接访问用户家庭网络或企业网中其他具备IP能力的设备,从而无需通过核心网中转,有利于减轻核心网的负担。Through the LIPA protocol, the terminal can directly access other IP-capable devices in the coverage area of the base station. For the Home evolved Node B (HeNB), the terminal can directly access the user's home network or other network in the enterprise network through the LIPA protocol. IP-capable devices, so that there is no need to transit through the core network, which helps to reduce the burden on the core network.
终端通过SIPTO协议,可以通过HeNB或者宏基站直接访问互联网,同样有利于减轻核心网的负担。与LIPA不同,终端通过SIPTO协议能够访问除本地网络之外的其它网络。Through the SIPTO protocol, the terminal can directly access the Internet through the HeNB or the macro base station, which is also beneficial for reducing the burden on the core network. Unlike LIPA, the terminal can access other networks than the local network through the SIPTO protocol.
如图6所示,“终端1”与因特网的通信为需要经过核心网传统通信;“终端2”与因特网的通信为经过SIPTO协议的通信;“终端3”与本地设备的通信为经过LIPA协议的通信。As shown in FIG. 6, the communication between the "terminal 1" and the Internet requires traditional communication through the core network; the communication between the "terminal 2" and the Internet is a communication via the SIPTO protocol; the communication between the "terminal 3" and the local device is through the LIPA protocol. Communication.
作为优选的实施例,在本发明实施例中,在终端根据不同的凭证信息接入移动通信网络并获取不同类别的移动通信服务时,终端可以生成相应的提醒信息来提醒用户当前可用的移动通信服务。例如,在“终端接入移动通信网络以获取第三类移动通信服务”之后,终端可以生成第一提醒信息;在“终端接入移动通信网络以获取第四类移动通信服务”之后,终端可以生成第二提醒信息。其中,第一提醒信息可以不同于第二提醒信息。As a preferred embodiment, in the embodiment of the present invention, when the terminal accesses the mobile communication network according to different credential information and acquires different types of mobile communication services, the terminal may generate corresponding reminder information to remind the user of the currently available mobile communication. service. For example, after the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal may generate the first reminder information; after the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service, the terminal may Generate a second reminder message. The first reminder information may be different from the second reminder information.
其中,第二凭证信息可以为SIM卡信息,当终端根据SIM卡信息认证通过时,终端发出第一提醒信息;当根据第一凭证信息认证通过时,终端发出第二提醒信息,便于用户获知当前可用的移动通信服务类型。The second credential information may be the SIM card information. When the terminal passes the authentication according to the SIM card information, the terminal sends the first reminder information. When the first credential information is authenticated, the terminal sends the second reminder information, so that the user can know the current The type of mobile communication service available.
例如,用户尚未在某终端上输入第一凭证信息,则当终端进入移动通信网络的覆盖区域时,该用户仅能使用第三类移动通信服务,此时终端会发出第一提醒信息。比如,手机上显示“欢迎进入xx移动覆盖区域,您可以获得xx服务”;如果终端没有发出第二提醒信息,用户就能获知自己的服务状况,这样,如果期望获取第四类移动通信服务时,可以通过缴费进行申请,在申请成功之后,终端就会发出第二提醒信息,例如,手机上显示“您是xx移动高级用户,自由上网流量还剩xx”,或者手机APP(Application,应用)由灰色变彩色。For example, if the user has not input the first credential information on a certain terminal, when the terminal enters the coverage area of the mobile communication network, the user can only use the third type of mobile communication service, and the terminal will send the first reminder information. For example, if the mobile phone displays “Welcome to the xx mobile coverage area, you can get the xx service”; if the terminal does not send the second reminder information, the user can know the status of his service, so if you want to obtain the fourth type of mobile communication service, The application can be made by payment. After the application is successful, the terminal will send a second reminder message. For example, the mobile phone displays “You are xx mobile advanced user, free Internet traffic is left xx”, or mobile APP (Application) Changed from gray to color.
需要说明的是,在实际应用中,并不限定本发明所提出的方法与基于传统SIM卡的通信的方法的结合,例如,使用本发明的终端可能同时包括传统SIM卡插槽以供用户插入传统的SIM卡,也可以获取用户输入的第一凭证信息,其中,终端可以根据传统的SIM卡通过传统移动通信网络的认证,也可以使用本发明的方法通过使用本发明的新型移动通信网络的认证。
It should be noted that, in practical applications, the combination of the method proposed by the present invention and the method based on traditional SIM card communication is not limited. For example, the terminal using the present invention may include a traditional SIM card slot for the user to insert at the same time. The traditional SIM card can also obtain the first credential information input by the user, wherein the terminal can authenticate according to the traditional SIM card through the traditional mobile communication network, or can use the method of the present invention to use the novel mobile communication network of the present invention. Certification.
第三类移动通信服务可以为至少下述其中之一:访问本地基站的缓存、观看广告、获取地理区域附近的资讯、为获取第四类移动通信服务缴费、访问部分企业的网站。这样,任何加入移动通信网络的合格用户(不管是否付费或欠费),只要进入移动通信网络覆盖区域,都可以享用第三类移动通信服务,从而能够吸引更多用户加入移动通信网络,并且能够为移动通信服务提供者带来广告收益,同时能够为用户带来更多便利,比如,当用户进入一个商场,其可以获取该商场内所有餐馆的排号情况,从而避免挨个餐馆询问是否能立即就餐,提高了用户的体验度。而当任何加入移动通信网络的用户都能为获取第四类移动通信服务缴费,则能够降低用户缴费的限制,便于用户自助缴费。当任何加入移动通信网络的合格用户都能访问部分企业的网站,则能够有助于移动通信服务提供者帮助企业推广业务,也有助于提升移动通信服务提供者对于这些企业的价值。The third type of mobile communication service may be at least one of the following: accessing a cache of the local base station, viewing an advertisement, acquiring information near a geographical area, paying for a fourth type of mobile communication service, and accessing a website of a part of the enterprise. In this way, any qualified user who joins the mobile communication network (whether paying or arrears) can enjoy the third type of mobile communication service as long as he enters the coverage area of the mobile communication network, thereby attracting more users to join the mobile communication network, and Bringing advertising revenue to mobile communication service providers, and at the same time bringing more convenience to users. For example, when a user enters a shopping mall, he can obtain the number of all the restaurants in the shopping mall, so as to avoid whether a restaurant can immediately ask whether it can be immediately Eating, it improves the user experience. When any user joining the mobile communication network can pay for the fourth type of mobile communication service, the user's payment limit can be reduced, and the user can self-pay. When any qualified user joining the mobile communication network can access the websites of some enterprises, it can help the mobile communication service providers to help the enterprises to promote the business, and also help to enhance the value of the mobile communication service providers for these enterprises.
根据本发明的实施例,提供了另一种用于移动通信系统中的终端认证方法。According to an embodiment of the present invention, another terminal authentication method for use in a mobile communication system is provided.
图7是根据本发明实施例的另一用于移动通信系统中的终端认证方法流程图。7 is a flow chart of another method for terminal authentication in a mobile communication system according to an embodiment of the present invention.
如图7所示,该方法包括如下的步骤S702至步骤S706:As shown in FIG. 7, the method includes the following steps S702 to S706:
步骤S702,认证端获取终端发送的第一认证信息。终端可以用于获取用户输入的第一凭证信息,且根据第一凭证信息确定第一认证信息,其中,第一凭证信息为通过目标软件验证的信息。Step S702, the authentication end acquires the first authentication information sent by the terminal. The terminal may be configured to obtain first credential information input by the user, and determine first authentication information according to the first credential information, where the first credential information is information verified by the target software.
步骤S704,认证端根据第一认证信息对终端进行认证。Step S704, the authentication end authenticates the terminal according to the first authentication information.
步骤S706,在认证端根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络。Step S706, after the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network.
认证端接收终端根据用户输入的第一凭证信息发送的第一认证信息,并根据第一认证信息对该终端进行认证,若认证通过,移动通信网络为该终端提供移动通信服务。其中,第一凭证信息可以用于在除了用户和移动通信服务提供者之外的第三方所开发的软件(目标软件)中认证用户。The authentication end receives the first authentication information sent by the terminal according to the first credential information input by the user, and authenticates the terminal according to the first authentication information. If the authentication passes, the mobile communication network provides the mobile communication service for the terminal. Wherein, the first credential information can be used to authenticate the user in software (target software) developed by a third party other than the user and the mobile communication service provider.
需要说明的是,上述操作可以由不同的移动通信网络设备执行,例如,基站可以用于接收认证信息,并为终端提供移动通信服务,鉴权中心用于对终端进行认证;上述操作也可以由同一移动通信网络设备执行,例如,基站可以用于通信、认证、收发信号。
It should be noted that the foregoing operations may be performed by different mobile communication network devices. For example, the base station may be configured to receive authentication information, and provide a mobile communication service for the terminal, where the authentication center is used to authenticate the terminal; The same mobile communication network device performs, for example, the base station can be used for communication, authentication, and transceiving signals.
作为优选的实施例,在本发明实施例中,认证端可以为移动通信网络中的鉴权中心,或者其可以为移动通信网络中的移动通信服务器(如AAA(Authentication、Authorization、Accounting,验证、授权、记账)服务器),或者其可以为移动通信网络中具有认证端功能的云平台。或者认证端还可以为第三方开发的目标软件所对应的软件服务器(下文简称为第三方软件服务器)。其中,鉴权中心、移动通信服务器和软件服务器可以分别通过以下方式对终端进行认证:As a preferred embodiment, in the embodiment of the present invention, the authentication end may be an authentication center in a mobile communication network, or it may be a mobile communication server in a mobile communication network (such as AAA (Authentication, Authorization, Accounting, Authentication, Authorization, accounting)), or it may be a cloud platform with authentication side functionality in a mobile communication network. Alternatively, the authentication end may also be a software server corresponding to the target software developed by the third party (hereinafter referred to as a third-party software server). The authentication center, the mobile communication server, and the software server can respectively authenticate the terminal by:
鉴权中心:Authentication Center:
S56,鉴权中心获取目标软件用于验证第一凭证信息的用户数据。S56. The authentication center acquires user data used by the target software to verify the first credential information.
S58,鉴权中心接收终端发送的第一认证信息。S58. The authentication center receives the first authentication information sent by the terminal.
S60,鉴权中心根据用户数据和第一认证信息对终端进行认证。S60. The authentication center authenticates the terminal according to the user data and the first authentication information.
S62,在鉴权中心根据第一认证信息和用户数据对终端认证成功后,认证端授权终端接入移动通信网络。S62. After the authentication center successfully authenticates the terminal according to the first authentication information and the user data, the authentication end authorizes the terminal to access the mobile communication network.
移动通信服务器:Mobile communication server:
其中,移动通信服务器的鉴权方式与鉴权中心类似,在此不再赘述。The authentication mode of the mobile communication server is similar to that of the authentication center, and is not described here.
由于鉴权中心、移动通信服务器(如AAA服务器)和云平台均在移动通信网络内部进行认证,无需经过多次转发到第三方软件服务器完成,认证过程迅速,有助于提高用户体验。特别地,第三方软件服务器使用第一密钥对用户数据进行加密操作,再发送给移动通信网络。这样,由于移动通信服务提供者不知道第一密钥,也就无法反向获取第三方软件服务器所掌握的用户数据信息,保护了第三方所掌握的用户数据的安全性。Since the authentication center, the mobile communication server (such as the AAA server), and the cloud platform all authenticate within the mobile communication network, the authentication process is fast, which is not necessary to be repeatedly forwarded to the third-party software server, which helps to improve the user experience. In particular, the third party software server encrypts the user data using the first key and sends it to the mobile communication network. In this way, since the mobile communication service provider does not know the first key, the user data information held by the third-party software server cannot be obtained in reverse, and the security of the user data grasped by the third party is protected.
对于终端发送给移动通信网络的第一凭证信息,同样可以使用第一密钥进行加密,这样,移动通信网络设备只需判断用户发送的凭证信息是否与第三方软件服务器发送的经过加密的用户数据相匹配就能实现认证过程;在这种情况下,用户在终端上输入凭证信息所涉及的软件同样也是第三方(例如腾讯公司)开发的,例如,用户在手机上通过腾讯公司开发的微信APP输入用户名和密码,该APP自动使用第一密钥对用户名和密码进行加密,再发送给移动通信网络设备,后者就能够直接使用加密后的信息来认证终端。
For the first credential information sent by the terminal to the mobile communication network, the first key may also be used for encryption, so that the mobile communication network device only needs to determine whether the credential information sent by the user is encrypted with the user data sent by the third-party software server. The authentication process can be achieved by matching; in this case, the software involved in the user inputting the credential information on the terminal is also developed by a third party (such as Tencent), for example, the WeChat APP developed by the user on the mobile phone through Tencent. Enter the username and password. The APP automatically encrypts the username and password using the first key and sends it to the mobile communication network device. The latter can directly use the encrypted information to authenticate the terminal.
对于终端发送给移动通信网络的凭证信息,还可以使用与第一密钥不同的第二密钥进行加密,从而具有更高的保密性。例如,移动通信网络所采用的认证算法与第一密钥和第二密钥相关,从而能够实现认证,由于移动通信网络不知道第一密钥和第二密钥,就无法获取用户数据。不同的第三方的凭证信息使用不同的密钥,能具有更高的保密性。比如微信和米聊使用不同的密钥。For the credential information sent by the terminal to the mobile communication network, the second key different from the first key may also be used for encryption, thereby having higher confidentiality. For example, the authentication algorithm employed by the mobile communication network is associated with the first key and the second key, thereby enabling authentication, and since the mobile communication network does not know the first key and the second key, the user data cannot be acquired. Different third-party credential information uses different keys and can be more confidential. For example, WeChat and Mi Chat use different keys.
在本发明实施例中,移动通信服务器对终端的认证过程,具体可以包括:首先,移动通信网络从第三方获取用户数据,例如,获取用户的用户名和密码相关的用户数据,接着,用户在终端上输入用户名和密码,当终端进入移动通信网络覆盖区域时,终端就根据用户输入的用户名和密码自动向移动通信网络发送凭证信息,移动通信网络根据从第三方获取的用户数据和从终端获取的认证信息对终端进行认证,并根据认证结果向终端提供移动通信服务。整个过程如图8所示,按照编号顺序完成认证过程。In the embodiment of the present invention, the authentication process of the mobile communication server to the terminal may specifically include: first, the mobile communication network acquires user data from a third party, for example, obtains user data related to the user name and password of the user, and then the user is at the terminal. Entering the user name and password, when the terminal enters the coverage area of the mobile communication network, the terminal automatically sends the credential information to the mobile communication network according to the user name and password input by the user, and the mobile communication network obtains the user data obtained from the third party and the obtained from the terminal. The authentication information authenticates the terminal and provides a mobile communication service to the terminal according to the authentication result. The entire process is shown in Figure 8, and the authentication process is completed in numerical order.
软件服务器:Software server:
首先,软件服务器获取终端发送的第一认证信息。First, the software server obtains the first authentication information sent by the terminal.
接着,软件服务器根据第一认证信息对终端进行认证。Then, the software server authenticates the terminal according to the first authentication information.
然后,在软件服务器根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络。Then, after the software server successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network.
对终端的认证在第三方软件服务器上完成时,第三方软件服务器把认证结果发送给移动通信网络,移动通信网络根据认证结果向终端提供移动通信服务。When the authentication of the terminal is completed on the third-party software server, the third-party software server transmits the authentication result to the mobile communication network, and the mobile communication network provides the mobile communication service to the terminal according to the authentication result.
具体地,终端向移动通信网络发送认证信息之后,移动通信网络将认证信息直接发送给或者处理后再发送给第三方网络设备(如第三方软件服务器),最后由第三方网络设备对终端进行认证(根据用户在该过程之前注册成为第三方软件用户时预留的用户数据进行认证);若认证通过,则通知移动通信网络,移动通信网络将为终端提供移动通信服务。整个过程如图9所示,按照编号顺序完成认证过程。Specifically, after the terminal sends the authentication information to the mobile communication network, the mobile communication network directly sends or processes the authentication information to the third-party network device (such as a third-party software server), and finally the third-party network device authenticates the terminal. (According to the user data reserved when the user registers as a third-party software user before the process); if the authentication is passed, the mobile communication network is notified, and the mobile communication network will provide the mobile communication service for the terminal. The entire process is shown in Figure 9, and the authentication process is completed in numerical order.
其中,凭证信息1、凭证信息2、凭证信息3可以相同或不同。例如,在不同过程中进行不同的加密处理等,第二凭证信息由第一凭证信息生成,第三凭证信息由第二凭证信息生成。The voucher information 1, the voucher information 2, and the voucher information 3 may be the same or different. For example, different encryption processing or the like is performed in different processes, the second credential information is generated by the first credential information, and the third credential information is generated by the second credential information.
作为优选的实施例,在本发明实施例中,终端可以包括多个终端,例如,终端可以包括第一终端和第二终端,这样,认证端可以通过方式一或方式二对第一终端和第二终端进行认证:
As a preferred embodiment, in the embodiment of the present invention, the terminal may include multiple terminals. For example, the terminal may include the first terminal and the second terminal, so that the authentication terminal may use the first terminal or the second terminal in the first mode or the second mode. The second terminal performs authentication:
方式一:method one:
S64,认证端获取第一终端发送的第一认证信息。S64. The authentication end acquires the first authentication information sent by the first terminal.
S66,认证端根据第一终端发送的第一认证信息对第一终端进行认证。S66. The authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
S68,认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功。S68. The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
S70,如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端中断与移动通信网络的连接。S70. If the authentication end determines that the second terminal successfully authenticates according to the first authentication information sent by the first terminal, the second terminal interrupts the connection with the mobile communication network.
S72,在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,认证端授权第一终端接入移动通信网络。S72: After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the authentication end authorizes the first terminal to access the mobile communication network.
作为优选的实施例,在本发明实施例中,在“第二终端中断与移动通信网络的连接”之前,还可以包括如下步骤:As a preferred embodiment, in the embodiment of the present invention, before the second terminal interrupts the connection with the mobile communication network, the following steps may be further included:
S74,认证端判断第一终端的入网优先级是否高于第二终端的入网优先级,S74. The authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal.
S76,如果认证端判断出第一终端的入网优先级高于第二终端的入网优先级,则第二终端中断与移动通信网络的连接。S76. If the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal interrupts the connection with the mobile communication network.
S78,如果认证端判断出第一终端的入网优先级不高于第二终端的入网优先级,则认证端根据第一终端发送的第一凭证信息对第一终端认证失败。S78. If the authentication end determines that the network access priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the first credential information sent by the first terminal.
方式二:Method 2:
S80,认证端接收第一终端发送的第一认证信息。S80. The authentication end receives the first authentication information sent by the first terminal.
S82,认证端根据第一终端发送的第一认证信息对第一终端进行认证。S82. The authentication end authenticates the first terminal according to the first authentication information sent by the first terminal.
S84,认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功。S84. The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal.
S86,如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端保持与移动通信网络的连接。S86. If the authentication end determines that the second terminal successfully authenticates according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network.
S88,在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,移动通信网络授权第一终端接入移动通信网络。
S88. After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the mobile communication network authorizes the first terminal to access the mobile communication network.
其中,第一终端可以用于获取移动通信网络提供的第一类移动通信服务。第二终端可以用于获取移动通信网络提供的第二类移动通信服务。The first terminal may be used to obtain the first type of mobile communication service provided by the mobile communication network. The second terminal can be used to obtain a second type of mobile communication service provided by the mobile communication network.
作为优选的实施例,在本发明实施例中,在认证端获取终端发送的第一认证信息之前,该终端认证方法还可以包括:认证端向终端发送包括随机数的认证请求,其中,终端可以用于根据获取用户输入的第一凭证信息,并根据第一凭证信息和随机数确定第一认证信息。As a preferred embodiment, in the embodiment of the present invention, before the authentication end acquires the first authentication information sent by the terminal, the terminal authentication method may further include: the authentication end sends an authentication request including a random number to the terminal, where the terminal may And configured to determine, according to the first credential information input by the user, the first credential information according to the first credential information and the random number.
第一终端和第二终端的认证过程的详细介绍同前述方法部分,在此不再赘述。The detailed description of the authentication process of the first terminal and the second terminal is the same as that of the foregoing method, and details are not described herein again.
作为优选的实施例,在本发明实施例中,认证端除了通过前述的一种凭证信息(即,第一凭证信息)对用户终端进行认证之外,还可以通过另一种凭证信息(如第二凭证信息)与第一凭证信息相结合对用户终端进行认证。例如,在根据第一凭证信息进行认证之前,可以先通过第二凭证信息进行初步认证。具体地,终端可以用于获取第二凭证信息,并根据第二凭证信息确定第二认证信息,以及将第二认证信息发送至认证端,这样,在前述的步骤S202“认证端获取终端发送的第一认证信息”之前,可以执行如下步骤:As a preferred embodiment, in the embodiment of the present invention, the authentication end can authenticate the user terminal by using one of the foregoing credential information (ie, the first credential information), and can also pass another credential information (such as The second voucher information is combined with the first credential information to authenticate the user terminal. For example, prior to performing authentication according to the first credential information, preliminary authentication may be performed through the second credential information. Specifically, the terminal may be configured to obtain the second credential information, and determine the second credential information according to the second credential information, and send the second authentication information to the authentication end, so that, in the foregoing step S202, the authentication end acquires the sent by the terminal. Before the first authentication information, the following steps can be performed:
S90,认证端获取终端发送的第二认证信息。其中,终端可以用于通过与终端相连接的用户识别模块SIM获取第二凭证信息;和/或终端可以通过自身内嵌的存储模块获取第二凭证信息。S90. The authentication end acquires the second authentication information sent by the terminal. The terminal may be configured to obtain the second credential information by using the user identification module SIM connected to the terminal; and/or the terminal may obtain the second credential information by using the embedded storage module.
S92,认证端根据第二认证信息对终端进行认证。S92. The authentication end authenticates the terminal according to the second authentication information.
S94,在认证端根据第二认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络以获取第三类移动通信服务。S94: After the authentication end successfully authenticates the terminal according to the second authentication information, the mobile communication network authorizes the terminal to access the mobile communication network to obtain the third type of mobile communication service.
S96,在认证端根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络以获取第四类移动通信服务。S96: After the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal to access the mobile communication network to obtain the fourth type of mobile communication service.
上述认证方法为两级认证的认证方法:终端预先存储用户的第二凭证信息,并获取用户输入的第一凭证信息,第一凭证信息可用于在除了用户和移动通信服务提供者之外的第三方所开发的软件中认证用户;当终端进入移动通信网络覆盖区域时,先自动根据第二凭证信息与移动通信网络进行通信并认证终端,再根据第一凭证信息与移动通信网络进行通信并认证终端;若根据用户第二凭证信息的认证通过,则通过移动通信网络获取第三类移动通信服务;若根据第一凭证信息的认证通过,则进一步通过移动通信网络获取第四类移动通信服务。
The above authentication method is a two-level authentication method: the terminal pre-stores the second credential information of the user, and acquires first credential information input by the user, where the first credential information can be used in addition to the user and the mobile communication service provider. The user authenticated by the software developed by the three parties; when the terminal enters the coverage area of the mobile communication network, it first automatically communicates with the mobile communication network according to the second credential information and authenticates the terminal, and then communicates and authenticates with the mobile communication network according to the first credential information. If the terminal passes the authentication according to the second credential information of the user, the third type of mobile communication service is obtained through the mobile communication network; if the authentication according to the first credential information is passed, the fourth type of mobile communication service is further obtained through the mobile communication network.
其中,第二认证信息的来源如前述,在此不再赘述。第二认证信息至少包括如下之一:国际移动用户识别号(IMSI,International Mobile Subscriber Identification Number)、鉴权密钥(Ki),保密算法(如A3、A8算法)、其它密钥信息(如由Ki导出的Kc信息)、位置区域识别码(LAI,Location Area Identity)、移动用户暂时识别码(TMSI,Temporary Mobile Subscriber Identity)、禁止接入的公共电话网代码、个人识别码(PIN,Personal Identification Number)、解锁码(PUK,PIN Unlocking Key)、计费费率、用户的电话号码信息。The source of the second authentication information is as described above, and details are not described herein again. The second authentication information includes at least one of the following: an International Mobile Subscriber Identification Number (IMSI), an authentication key (Ki), a security algorithm (such as A3, A8 algorithm), and other key information (such as Ki-derived Kc information), Location Area Identity (LAI), Mobile Subscriber Temporary Identity (TMSI), Public Access Network Code forbidden access, Personal Identification Number (PIN, Personal Identification) Number), unlock code (PUK, PIN Unlocking Key), billing rate, user's phone number information.
在本发明中,基于第一凭证信息的认证或基于与传统SIM卡所包括的信息类似的第二认证信息的认证可以是双向认证,即移动通信网络可以通过这一过程认证终端,认证通过后才向终端提供通信服务;终端也可以通过这一过程认证网络,认证通过后才向移动通信网络发送用户信息。双向认证的机制使终端和网络这两个通信对端建立起更高的信任,从而提升了通信的安全性。In the present invention, the authentication based on the first credential information or the second authentication information based on the information similar to the information included in the conventional SIM card may be two-way authentication, that is, the mobile communication network may authenticate the terminal through the process, after the authentication is passed The communication service is provided to the terminal; the terminal can also authenticate the network through this process, and the user information is sent to the mobile communication network after the authentication is passed. The two-way authentication mechanism enables the two communication peers of the terminal and the network to establish a higher trust, thereby improving the security of the communication.
需要说明的是,移动通信网络提供的第三类移动通信服务可以为免费服务,从而可以吸引更多用户加入移动通信网络;移动通信网络提供的第四类移动通信服务为付费服务,其中,付费对象可以是用户和第三方,例如,用户直接向移动通信网络缴费,或者用户通过观看广告达到一定的条件之后,第三方替该用户缴费,使该用户享受移动通信服务。It should be noted that the third type of mobile communication service provided by the mobile communication network may be a free service, thereby attracting more users to join the mobile communication network; the fourth type of mobile communication service provided by the mobile communication network is a paid service, wherein The object may be a user and a third party. For example, the user directly pays the mobile communication network, or after the user reaches a certain condition by viewing the advertisement, the third party pays the user for the mobile communication service.
作为优选的实施例,在本发明实施例中,移动通信网络可以通过LIPA协议授权终端接入移动通信网络以获取第三类移动通信服务。移动通信网络可以通过SIPTO协议授权终端接入移动通信网络以获取第四类移动通信服务。内容的详细介绍同前述方法部分,在此不再赘述。As a preferred embodiment, in the embodiment of the present invention, the mobile communication network may authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service. The mobile communication network can authorize the terminal to access the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,本发明使用非授权(Unlicensed)频段提供移动通信业务。现有的无线通信包括在授权(Licensed)频段上和在Unlicensed频段上进行的无线通信,Licensed频段上进行的无线通信例如现在的移动通信运营商提供的通信,这类无线通信所占用的频段是被某移动通信运营商单独使用;而Unlicensed频段上进行的无线通信例如现在的wifi,这段频谱可以被自由使用。由于Unlicensed频具有开放性,因此在通过软件服务器进行认证时,移动通信网络可以通过Unlicensed频段为终端提供移动通信业务,从频谱和认证过程都具有良好的开放性,有利于通信服务平台的开放以及业务创新。As a preferred embodiment, the present invention provides a mobile communication service using an unlicensed frequency band. The existing wireless communication includes wireless communication on the licensed band and on the Unlicensed band, and wireless communication on the licensed band, such as the communication provided by the current mobile communication carrier, the frequency band occupied by such wireless communication is Used by a mobile communication carrier alone; and wireless communication on the Unlicensed band, such as the current wifi, this spectrum can be used freely. Due to the openness of the Unlicensed frequency, the mobile communication network can provide mobile communication services for terminals through the Unlicensed frequency band when authentication is performed by the software server. The spectrum and the authentication process are both open and beneficial to the opening of the communication service platform. Business Innovation.
根据本发明的实施例,提供了一种用于移动通信系统中的终端认证装置,该用于移动通信系统中的终端认证装置用于根据目标软件的认证信息对移动通信系统中的终
端进行身份认证。需要说明的是,本发明实施例所提供的用于移动通信系统中的终端认证方法可以通过本发明实施例的用于移动通信系统中的终端认证装置来执行,本发明实施例的用于移动通信系统中的终端认证装置也可以用于执行本发明实施例的用于移动通信系统中的终端认证方法。According to an embodiment of the present invention, there is provided a terminal authentication apparatus for use in a mobile communication system for terminal authentication apparatus in a mobile communication system for authenticating in accordance with authentication information of a target software to a mobile communication system
End authentication. It should be noted that the terminal authentication method for the mobile communication system provided by the embodiment of the present invention may be performed by the terminal authentication apparatus used in the mobile communication system according to the embodiment of the present invention, and is used for moving in the embodiment of the present invention. The terminal authentication apparatus in the communication system can also be used to execute the terminal authentication method in the mobile communication system of the embodiment of the present invention.
如图10所示,该装置包括:第一获取单元10、第一确定单元20、第一发送单元30和接入单元40。As shown in FIG. 10, the apparatus includes: a first acquisition unit 10, a first determination unit 20, a first transmission unit 30, and an access unit 40.
第一获取单元10可以用于使得终端获取用户输入的第一凭证信息,其中,第一凭证信息为通过目标软件验证的信息。The first obtaining unit 10 may be configured to enable the terminal to acquire first credential information input by the user, where the first credential information is information verified by the target software.
第一确定单元20可以用于使得终端根据第一凭证信息确定第一认证信息。The first determining unit 20 may be configured to enable the terminal to determine the first authentication information according to the first credential information.
第一发送单元30可以用于使得终端将第一认证信息发送至认证端,其中,认证端用于根据第一认证信息对终端进行认证。The first sending unit 30 may be configured to enable the terminal to send the first authentication information to the authentication end, where the authentication end is configured to authenticate the terminal according to the first authentication information.
接入单元40可以用于使得在认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络。The access unit 40 can be configured to enable the terminal to access the mobile communication network after the authentication end successfully authenticates the terminal according to the first authentication information.
具体地,当终端进入移动通信网络覆盖区时,该终端可以自动根据第一凭证信息与移动通信网络进行通信并对终端身份进行认证。在认证之后,认证端可以将认证结果发送至移动通信网络。其中,若认证通过,则终端可以接入移动通信网络,并获取移动通信服务;若认证失败,则终端不可以接入移动通信网络,进而不能获取移动通信服务。其中,在终端将第一认证信息发送至认证端之前,移动通信网络可以向终端发送认证信息请求,终端在接收到认证信息请求之后,根据认证信息请求将第一认证信息发送至认证端。内容的详细介绍同前述方法部分,在此不再赘述。Specifically, when the terminal enters the coverage area of the mobile communication network, the terminal can automatically communicate with the mobile communication network according to the first credential information and authenticate the terminal identity. After the authentication, the authentication end can send the authentication result to the mobile communication network. If the authentication is passed, the terminal can access the mobile communication network and obtain the mobile communication service; if the authentication fails, the terminal cannot access the mobile communication network, and thus cannot obtain the mobile communication service. The mobile communication network may send an authentication information request to the terminal before the terminal sends the first authentication information to the authentication end. After receiving the authentication information request, the terminal sends the first authentication information to the authentication end according to the authentication information request. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在本发明实施例中,终端可以包括一个或者多个终端,例如,终端可以包括第一终端和第二终端,这样,当用户分别在第一终端和第二终端上输入相同的凭证信息,例如,第二终端根据该凭证信息认证通过后,若第一终端也根据相同的凭证信息进行认证,则可以通过方式一或方式二对第一终端和第二终端进行认证处理:As a preferred embodiment, in the embodiment of the present invention, the terminal may include one or more terminals. For example, the terminal may include the first terminal and the second terminal, so that when the user inputs the first terminal and the second terminal respectively, The same credential information, for example, after the second terminal authenticates according to the credential information, if the first terminal also performs authentication according to the same credential information, the first terminal and the second terminal may be authenticated by mode 1 or mode 2. :
方式一:method one:
第一获取单元10还可以用于使得第一终端获取用户输入的第一凭证信息。
The first obtaining unit 10 is further configured to enable the first terminal to acquire the first credential information input by the user.
第一确定单元20还可以用于使得终端根据第一凭证信息确定第一认证信息包括:第一终端根据第一凭证信息确定第一认证信息。The first determining unit 20 is further configured to enable the terminal to determine the first authentication information according to the first credential information, where the first terminal determines the first authentication information according to the first credential information.
第一发送单元30还可以用于使得终端将第一认证信息发送至认证端包括:第一终端将第一认证信息发送至认证端。The first sending unit 30 is further configured to enable the terminal to send the first authentication information to the authentication end, where the first terminal sends the first authentication information to the authentication end.
该终端认证装置还可以包括:第一接收单元、第一认证单元、第一判断单元和第一中断单元。The terminal authentication apparatus may further include: a first receiving unit, a first authentication unit, a first determining unit, and a first interrupting unit.
第一接收单元可以用于使得在第一终端将第一认证信息发送至认证端之后,认证端接收第一终端发送的第一认证信息。第一认证单元可以用于使得认证端根据第一终端发送的第一认证信息对第一终端进行认证;第一判断单元可以用于使得认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功;第一中断单元可以用于使得如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则移动通信网络中断第二终端与移动通信网络的连接,其中,接入单元还可以用于使得在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,第一终端接入移动通信网络。The first receiving unit may be configured to: after the first terminal sends the first authentication information to the authentication end, the authentication end receives the first authentication information sent by the first terminal. The first authentication unit may be configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal. The first determining unit may be configured to enable the authentication end to determine whether the first authentication information that has been sent according to the first terminal is The second terminal is successfully authenticated; the first interrupting unit may be configured to enable the mobile communication network to interrupt the second terminal and the mobile communication network if the authentication terminal determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal. The connection unit, wherein the access unit is further configured to enable the first terminal to access the mobile communication network after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal.
在方式一中,第二终端在第一终端通过移动通信网络的认证之后,将无法保持与移动通信网络的通信。即,若第二终端首先通过某一凭证信息在移动通信网络中认证成功,随后移动通信网络又检测到该凭证信息又被用于认证第一终端,则在第一终端认证成功后,移动通信网络授权第一终端与移动通信网络通信,并中断第二终端与移动通信网络的通信。内容的详细介绍同前述方法部分,在此不再赘述。In the first method, after the first terminal passes the authentication of the mobile communication network, the second terminal cannot maintain communication with the mobile communication network. That is, if the second terminal first authenticates successfully in the mobile communication network through a certain credential information, and then the mobile communication network detects that the credential information is used to authenticate the first terminal, after the first terminal successfully authenticates, the mobile communication The network authorizes the first terminal to communicate with the mobile communication network and interrupts communication between the second terminal and the mobile communication network. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在方式一的基础上,该终端认证装置可以包括:第二判断单元。As a preferred embodiment, on the basis of the first method, the terminal authentication device may include: a second determining unit.
第二判断单元可以用于使得在第二终端中断与移动通信网络的连接之前,该认证端判断第一终端的入网优先级是否高于第二终端的入网优先级,其中,第一中断单元还可以用于使得当认证端判断出第一终端的入网优先级高于第二终端的入网优先级时,第二终端中断与移动通信网络的连接;以及第一认证单元还可以用于使得当认证端判断出第一终端的入网优先级不高于第二终端的入网优先级时,认证端根据第二终端发送的中断指示对第一终端认证失败。其中,优先级判断的依据可以是:移动通信网络可以向第一终端和第二终端发送请求响应,并授权最先响应的终端具有较高优先级。The second determining unit may be configured to: before the second terminal interrupts the connection with the mobile communication network, the authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal, where the first interrupting unit further The second terminal may terminate the connection with the mobile communication network when the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal; and the first authentication unit may also be used to enable authentication. When the terminal determines that the network access priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the interruption indication sent by the second terminal. The priority judgment may be based on: the mobile communication network may send a request response to the first terminal and the second terminal, and authorize the first responding terminal to have a higher priority.
方式二:
Method 2:
该终端认证装置还可以包括:第二获取单元、第二确定单元、第二发送单元、第二接收单元、第二认证单元、第三判断单元、保持单元、接入单元、第三获取单元和第四获取单元。第二获取单元可以用于使得第一终端获取用户输入的第一凭证信息;第二确定单元可以用于使得第一终端根据第一凭证信息确定第一认证信息;第二发送单元可以用于使得第一终端将第一认证信息发送至认证端;第二接收单元可以用于使得认证端接收第一终端发送的第一认证信息;第二认证单元可以用于使得认证端根据第一终端发送的第一认证信息对第一终端进行认证;第三判断单元可以用于使得认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功;保持单元可以用于使得如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端保持与移动通信网络的连接;接入单元可以用于使得在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,第一终端接入移动通信网络;第三获取单元可以用于使得第一终端获取移动通信网络提供的第一类移动通信服务;以及第四获取单元可以用于使得第二终端获取移动通信网络提供的第二类移动通信服务。The terminal authentication apparatus may further include: a second obtaining unit, a second determining unit, a second sending unit, a second receiving unit, a second authentication unit, a third determining unit, a holding unit, an access unit, a third acquiring unit, and The fourth acquisition unit. The second obtaining unit may be configured to enable the first terminal to acquire the first credential information input by the user; the second determining unit may be configured to enable the first terminal to determine the first credential information according to the first credential information; the second sending unit may be configured to enable The first terminal sends the first authentication information to the authentication terminal; the second receiving unit may be configured to enable the authentication terminal to receive the first authentication information sent by the first terminal, and the second authentication unit may be configured to enable the authentication terminal to send according to the first terminal. The first authentication information is used to authenticate the first terminal; the third determining unit may be configured to enable the authentication end to determine whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the holding unit may be configured to enable the authentication terminal Determining that the second terminal successfully authenticates according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network; the access unit may be configured to enable the first end sent by the authentication terminal according to the first terminal. After the credential information is successfully authenticated by the first terminal, the first terminal accesses the mobile communication network; the third acquiring unit may A first terminal for obtaining a first class of such mobile communication service provided by mobile communication network; and a fourth acquiring unit may be configured such that the second terminal to obtain a second type mobile communication service provided by mobile communication network.
在方式二中,第一终端和第二终端能够同时与移动通信网络保持通信。需要说明的是,在方式二中,移动通信网络可以向这两个终端发送消息以提示同时还有其它终端使用相同的凭证信息进行认证。内容的详细介绍同前述方法部分,在此不再赘述。In the second mode, the first terminal and the second terminal can simultaneously maintain communication with the mobile communication network. It should be noted that, in the second mode, the mobile communication network may send a message to the two terminals to prompt that other terminals use the same credential information for authentication. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在本发明实施例中,终端可以通过多种方式来根据第一凭证信息确定第一认证信息。As a preferred embodiment, in the embodiment of the present invention, the terminal may determine the first authentication information according to the first credential information in multiple manners.
例3Example 3
第一确定单元20可以包括:确定模块和生成模块。确定模块可以用于使得终端根据第一凭证信息确定识别数据;以及生成模块可以用于使得终端根据识别数据生成第一认证信息。具体地,终端侧可以包括一个识别数据生成装置,该识别数据生成装置用于根据用户输入的第一凭证信息生成相应的识别数据,识别数据用于通过终端认证信息生成装置来生成认证信息。内容的详细介绍同前述方法部分,在此不再赘述。The first determining unit 20 may include: a determining module and a generating module. The determining module may be configured to cause the terminal to determine the identification data according to the first credential information; and the generating module may be configured to cause the terminal to generate the first authentication information according to the identification data. Specifically, the terminal side may include an identification data generating means for generating corresponding identification data based on the first voucher information input by the user, the identification data being used to generate the authentication information by the terminal authentication information generating means. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
例4Example 4
作为优选的实施例,在本发明实施例中,该终端认证装置还可以包括:第三接收单元。第三接收单元可以用于使得在终端获取用户输入的第一凭证信息之前,终端接收认证端发送的包括随机数的认证请求,第一确定单元还可以用于使得终端根据第一凭证信息和随机数确定第一认证信息。
As a preferred embodiment, in the embodiment of the present invention, the terminal authentication apparatus may further include: a third receiving unit. The third receiving unit may be configured to: before the terminal acquires the first credential information input by the user, the terminal receives the authentication request that is sent by the authentication end, and the first determining unit is further configured to enable the terminal to use the first credential information and the random The number determines the first authentication information.
其中,为了网络传输的安全,移动通信网络向终端发送的认证信息请求中可以包括一个随机数,终端可以根据该随机数和用户输入的第一凭证信息、使用第一认证函数确定认证信息,并将认证信息发送给移动通信网络,如图5所示,在终端认证信息生成装置中实现了第一认证函数。移动通信网络侧具有随机数的信息和第一认证函数,又收到了终端的认证信息,就可以据此认证该终端。这样,由于随机数仅被用于本次认证,即使终端发出的认证信息被别人截获,但由于截获者不知道该随机数,也就无法反向获取用户输入的凭证信息,保证了用户凭证信息的安全性。For the security of the network transmission, the authentication information request sent by the mobile communication network to the terminal may include a random number, and the terminal may determine the authentication information according to the random number and the first credential information input by the user, using the first authentication function, and The authentication information is transmitted to the mobile communication network, and as shown in FIG. 5, the first authentication function is implemented in the terminal authentication information generating device. The mobile communication network side has the information of the random number and the first authentication function, and after receiving the authentication information of the terminal, the terminal can be authenticated accordingly. In this way, since the random number is only used for the current authentication, even if the authentication information sent by the terminal is intercepted by others, since the interceptor does not know the random number, the credential information input by the user cannot be obtained in reverse, and the user credential information is guaranteed. Security.
作为优选的实施例,在本发明实施例中,除了通过前述的一种凭证信息(即,第一凭证信息)对用户终端进行认证之外,还可以通过另一种凭证信息(如第二凭证信息)与第一凭证信息相结合对用户终端进行认证。例如,在根据第一凭证信息进行认证之前,可以先通过第二凭证信息进行初步认证。具体地,该认证装置还可以包括:第五获取单元、第六获取单元、第三确定单元和第三发送单元。As a preferred embodiment, in the embodiment of the present invention, in addition to authenticating the user terminal by using one of the foregoing credential information (ie, the first credential information), another credential information (such as the second credential may be passed). The information is combined with the first credential information to authenticate the user terminal. For example, prior to performing authentication according to the first credential information, preliminary authentication may be performed through the second credential information. Specifically, the authentication apparatus may further include: a fifth obtaining unit, a sixth obtaining unit, a third determining unit, and a third sending unit.
第五获取单元可以用于使得在终端获取用户输入的第一凭证信息之前,终端通过与终端相连接的用户识别模块SIM获取第二凭证信息;和/或第六获取单元可以用于使得终端通过自身内嵌的存储模块获取第二凭证信息;第三确定单元可以用于使得终端根据第二凭证信息确定第二认证信息;以及第三发送单元可以用于使得终端将第二认证信息发送至认证端,认证端用于根据第二认证信息对终端进行认证,其中,接入单元还可以用于使得在认证端根据第二认证信息对终端认证成功后,终端接入移动通信网络以获取第三类移动通信服务;以及认证端根据第一认证信息对终端认证成功后,终端接入移动通信网络以获取第四类移动通信服务。The fifth obtaining unit may be configured to: before the terminal acquires the first credential information input by the terminal, the terminal acquires the second credential information by using the user identification module SIM connected to the terminal; and/or the sixth obtaining unit may be configured to enable the terminal to pass The self-embedded storage module acquires the second credential information; the third determining unit may be configured to enable the terminal to determine the second credential information according to the second credential information; and the third sending unit may be configured to enable the terminal to send the second credential information to the authentication The authentication end is configured to authenticate the terminal according to the second authentication information, where the access unit is further configured to enable the terminal to access the mobile communication network to obtain the third after the authentication end successfully authenticates the terminal according to the second authentication information. The class mobile communication service; and after the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
作为优选的实施例,在本发明实施例中,接入单元还可以用于使得终端通过LIPA协议接入移动通信网络以获取第三类移动通信服务;以及终端通过SIPTO协议接入移动通信网络以获取第四类移动通信服务。其中,LIPA协议和SIPTO协议内容的详细介绍同前述方法部分,在此不再赘述。As a preferred embodiment, in the embodiment of the present invention, the access unit may be further configured to enable the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service; and the terminal accesses the mobile communication network by using the SIPTO protocol. Obtain the fourth type of mobile communication service. The details of the content of the LIPA protocol and the SIPTO protocol are the same as those of the foregoing method, and are not described here.
作为优选的实施例,在本发明实施例中,该终端认证装置还可以包括:第一生成单元和第二生成单元。第一生成单元可以用于使得在终端接入移动通信网络以获取第三类移动通信服务之后,终端生成第一提醒信息,第二生成单元可以用于使得在终端接入移动通信网络以获取第四类移动通信服务之后,终端生成第二提醒信息。As a preferred embodiment, in the embodiment of the present invention, the terminal authentication apparatus may further include: a first generating unit and a second generating unit. The first generating unit may be configured to: after the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal generates first reminder information, and the second generating unit may be configured to enable the terminal to access the mobile communication network to obtain the first After the four types of mobile communication services, the terminal generates second reminder information.
其中,第二凭证信息可以为SIM卡信息,当终端根据SIM卡信息认证通过时,终端发出第一提醒信息;当根据第一凭证信息认证通过时,终端发出第二提醒信息,便
于用户获知当前可用的移动通信服务类型。内容的详细介绍同前述方法部分,在此不再赘述。The second credential information may be SIM card information. When the terminal passes the authentication according to the SIM card information, the terminal sends the first reminder information. When the first credential information is authenticated, the terminal sends the second reminder information.
The user is informed of the currently available types of mobile communication services. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
根据本发明的实施例,提供了另一种用于移动通信系统中的终端认证装置。According to an embodiment of the present invention, another terminal authentication apparatus for use in a mobile communication system is provided.
如图11所示,该装置包括:第七获取单元50、第三认证单元60和授权单元70。As shown in FIG. 11, the apparatus includes a seventh obtaining unit 50, a third authentication unit 60, and an authorization unit 70.
第七获取单元可以用于使得认证端获取终端发送的第一认证信息,终端可以用于获取用户输入的第一凭证信息,且根据第一凭证信息确定第一认证信息,其中,第一凭证信息为通过目标软件验证的信息;第三认证单元可以用于使得认证端根据第一认证信息对终端进行认证;以及授权单元可以用于使得在认证端根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络。The seventh obtaining unit may be configured to enable the authentication end to obtain the first authentication information sent by the terminal, where the terminal may be configured to obtain the first credential information input by the user, and determine the first credential information according to the first credential information, where the first credential information The information verified by the target software; the third authentication unit may be configured to enable the authentication end to authenticate the terminal according to the first authentication information; and the authorization unit may be configured to: after the authentication end successfully authenticates the terminal according to the first authentication information, move The communication network authorizes the terminal to access the mobile communication network.
认证端接收终端根据用户输入的第一凭证信息发送的第一认证信息,并根据第一认证信息对该终端进行认证,若认证通过,移动通信网络为该终端提供移动通信服务。其中,第一凭证信息可以用于在除了用户和移动通信服务提供者之外的第三方所开发的软件(目标软件)中认证用户。内容的详细介绍同前述方法部分,在此不再赘述。The authentication end receives the first authentication information sent by the terminal according to the first credential information input by the user, and authenticates the terminal according to the first authentication information. If the authentication passes, the mobile communication network provides the mobile communication service for the terminal. Wherein, the first credential information can be used to authenticate the user in software (target software) developed by a third party other than the user and the mobile communication service provider. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在本发明实施例中,认证端可以为移动通信网络中的鉴权中心,或者其可以为移动通信网络中的移动通信服务器(如AAA服务器),或者其可以为移动通信网络中具有认证端功能的云平台。或者认证端还可以为第三方开发的目标软件所对应的软件服务器。其中,鉴权中心、移动通信服务器和软件服务器可以分别通过以下方式对终端进行认证:认证端可以包括移动通信网络中的鉴权中心,第三认证单元60可以包括:第一获取模块、第一接收模块和第一认证模块。As a preferred embodiment, in the embodiment of the present invention, the authentication end may be an authentication center in the mobile communication network, or it may be a mobile communication server (such as an AAA server) in the mobile communication network, or it may be a mobile communication A cloud platform with authentication side functionality in the network. Or the authentication end can also be a software server corresponding to the target software developed by the third party. The authentication center, the mobile communication server, and the software server can respectively authenticate the terminal in the following manner: the authentication end can include an authentication center in the mobile communication network, and the third authentication unit 60 can include: a first acquiring module, and a first The receiving module and the first authentication module.
鉴权中心:第一获取模块可以用于使得鉴权中心用于获取目标软件用于验证第一凭证信息的用户数据;第一接收模块可以用于使得鉴权中心用于接收终端发送的第一认证信息;第一认证模块可以用于使得鉴权中心根据用户数据和第一认证信息对终端进行认证,其中,授权单元还可以用于使得在鉴权中心根据第一认证信息和用户数据对终端认证成功后,认证端授权终端接入移动通信网络。其详细介绍同前述的方法部分,在此不再赘述。The authentication center may be configured to enable the authentication center to obtain the user data used by the target software to verify the first credential information; the first receiving module may be configured to enable the authentication center to be used by the receiving terminal to send the first The first authentication module is configured to enable the authentication center to authenticate the terminal according to the user data and the first authentication information, wherein the authorization unit is further configured to: use the first authentication information and the user data to authenticate the terminal at the authentication center. After the authentication succeeds, the authentication end authorizes the terminal to access the mobile communication network. The details of the method are the same as those in the foregoing, and are not described here.
移动通信服务器:其中,移动通信服务器的鉴权方式与鉴权中心类似,在此不再赘述。内容的详细介绍同前述方法部分,在此也不再赘述。Mobile communication server: The authentication mode of the mobile communication server is similar to that of the authentication center, and is not described here. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
或者,该认证端可以包括与目标软件相对应的软件服务器,第三认证单元可以包括:第二获取模块和第二认证模块。第二获取模块可以用于使得软件服务器获取终端
发送的第一认证信息;第二认证模块可以用于使得软件服务器根据第一认证信息对终端进行认证;以及其中,授权单元还可以用于使得在软件服务器根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络。Alternatively, the authentication end may include a software server corresponding to the target software, and the third authentication unit may include: a second obtaining module and a second authentication module. The second obtaining module can be used to enable the software server to acquire the terminal
Sending the first authentication information; the second authentication module may be configured to enable the software server to authenticate the terminal according to the first authentication information; and wherein the authorization unit is further configured to enable the software server to successfully authenticate the terminal according to the first authentication information The mobile communication network authorizes the terminal to access the mobile communication network.
对终端的认证在第三方软件服务器上完成时,第三方软件服务器把认证结果发送给移动通信网络,移动通信网络根据认证结果向终端提供移动通信服务。内容的详细介绍同前述方法部分,在此不再赘述。When the authentication of the terminal is completed on the third-party software server, the third-party software server transmits the authentication result to the mobile communication network, and the mobile communication network provides the mobile communication service to the terminal according to the authentication result. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在本发明实施例中,终端可以包括多个终端,例如,终端可以包括第一终端和第二终端,这样,认证端可以通过方式一或方式二对第一终端和第二终端进行认证:As a preferred embodiment, in the embodiment of the present invention, the terminal may include multiple terminals. For example, the terminal may include the first terminal and the second terminal, so that the authentication terminal may use the first terminal or the second terminal in the first mode or the second mode. The second terminal performs authentication:
在方式一中,第七获取单元还可以用于使得认证端获取第一终端发送的第一认证信息,其中,终端认证装置还可以包括:第四认证单元、第四判断单元和第二中断单元。In the first manner, the seventh obtaining unit may be further configured to: the authentication end acquires the first authentication information that is sent by the first terminal, where the terminal authentication device may further include: a fourth authentication unit, a fourth determining unit, and a second interrupting unit. .
第四认证单元可以用于使得在认证端获取第一终端发送的第一认证信息之后,认证端根据第一终端发送的第一认证信息对第一终端进行认证;第四判断单元可以用于使得认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功;第二中断单元还可以用于使得如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端中断与移动通信网络的连接,其中,授权单元还可以用于使得在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,认证端授权第一终端接入移动通信网络。The fourth authentication unit may be configured to: after the authentication end acquires the first authentication information sent by the first terminal, the authentication end authenticates the first terminal according to the first authentication information sent by the first terminal; the fourth determining unit may be configured to enable The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal, and the second interrupting unit is further configured to: if the authentication end determines that the first authentication information that has been sent according to the first terminal is used to be the second If the terminal authentication succeeds, the second terminal interrupts the connection with the mobile communication network, wherein the authorization unit may be further configured to enable the authentication end to authorize the authentication of the first terminal after the authentication end succeeds according to the first credential information sent by the first terminal. A terminal accesses the mobile communication network.
作为优选的实施例,该认证装置还可以包括:第五判断单元。第五判断单元可以用于使得在第二终端中断与移动通信网络的连接之前,认证端判断第一终端的入网优先级是否高于第二终端的入网优先级,其中,第二中断单元还可以用于使得如果认证端判断出第一终端的入网优先级高于第二终端的入网优先级,则第二终端中断与移动通信网络的连接;以及第三认证单元还可以用于使得如果认证端判断出第一终端的入网优先级不高于第二终端的入网优先级,则认证端根据第一终端发送的第一凭证信息对第一终端认证失败。As a preferred embodiment, the authentication apparatus may further include: a fifth determining unit. The fifth determining unit may be configured to: before the second terminal interrupts the connection with the mobile communication network, the authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal, where the second interrupting unit is further The second terminal interrupts the connection with the mobile communication network if the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal; and the third authentication unit is further configured to enable the authentication end If the first terminal's network access priority is not higher than the second terminal's network access priority, the authentication end fails to authenticate the first terminal according to the first credential information sent by the first terminal.
在方式二中,该授权单元可以包括:第二接收模块、第二认证模块、判断模块、保持模块和第三授权模块。In the second manner, the authorization unit may include: a second receiving module, a second authentication module, a determining module, a holding module, and a third authorization module.
第二接收模块可以用于使得认证端接收第一终端发送的第一认证信息;第二认证模块可以用于使得认证端根据第一终端发送的第一认证信息对第一终端进行认证;判
断模块可以用于使得认证端判断是否已经根据第一终端发送的第一认证信息对第二终端认证成功;保持模块可以用于使得如果认证端判断出已经根据第一终端发送的第一认证信息对第二终端认证成功,则第二终端保持与移动通信网络的连接;第三授权模块可以用于使得在认证端根据第一终端发送的第一凭证信息对第一终端认证成功后,移动通信网络授权第一终端接入移动通信网络,其中,第一终端可以用于获取移动通信网络提供的第一类移动通信服务;以及第二终端可以用于获取移动通信网络提供的第二类移动通信服务。The second receiving module may be configured to: the authentication end receives the first authentication information sent by the first terminal; the second authentication module may be configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal;
The breaking module may be configured to enable the authentication end to determine whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the maintaining module may be configured to: if the authentication end determines that the first authentication information that has been sent according to the first terminal is After the authentication of the second terminal is successful, the second terminal maintains a connection with the mobile communication network; the third authorization module may be configured to enable the mobile terminal to perform authentication after the first terminal successfully authenticates according to the first credential information sent by the first terminal. The first terminal of the network is authorized to access the mobile communication network, wherein the first terminal can be used to obtain the first type of mobile communication service provided by the mobile communication network; and the second terminal can be used to obtain the second type of mobile communication provided by the mobile communication network service.
作为优选的实施例,在本发明实施例中,该终端认证装置还可以包括:第四发送单元。第四发送单元可以用于使得在认证端获取终端发送的第一认证信息之前,认证端向终端发送包括随机数的认证请求,其中,终端可以用于根据获取用户输入的第一凭证信息,并根据第一凭证信息和随机数确定第一认证信息。第一终端和第二终端的详细认证过程的详细介绍同前述方法部分,在此不再赘述。As a preferred embodiment, in the embodiment of the present invention, the terminal authentication apparatus may further include: a fourth sending unit. The fourth sending unit may be configured to: before the authentication end acquires the first authentication information sent by the terminal, the authentication end sends an authentication request including a random number to the terminal, where the terminal may be configured to acquire the first credential information input by the user, and The first authentication information is determined according to the first credential information and the random number. The detailed description of the detailed authentication process of the first terminal and the second terminal is the same as the foregoing method part, and details are not described herein again.
作为优选的实施例,在本发明实施例中,认证端除了通过前述的一种凭证信息(即,第一凭证信息)对用户终端进行认证之外,还可以通过另一种凭证信息(如第二凭证信息)与第一凭证信息相结合对用户终端进行认证。例如,在根据第一凭证信息进行认证之前,可以先通过第二凭证信息进行初步认证。具体地,终端可以用于获取第二凭证信息,并根据第二凭证信息确定第二认证信息,以及将第二认证信息发送至认证端,该认证装置还可以包括:第八获取单元和第四认证单元。As a preferred embodiment, in the embodiment of the present invention, the authentication end can authenticate the user terminal by using one of the foregoing credential information (ie, the first credential information), and can also pass another credential information (such as The second voucher information is combined with the first credential information to authenticate the user terminal. For example, prior to performing authentication according to the first credential information, preliminary authentication may be performed through the second credential information. Specifically, the terminal may be configured to obtain the second credential information, and determine the second credential information according to the second credential information, and send the second authentication information to the authentication end, where the authentication apparatus may further include: an eighth obtaining unit and a fourth Certification unit.
第八获取单元可以用于使得在认证端获取终端发送的第一认证信息之前,认证端获取终端发送的第二认证信息,其中,终端用于通过与终端相连接的用户识别模块SIM获取第二凭证信息和/或通过自身内嵌的存储模块获取第二凭证信息;第四认证单元可以用于使得认证端根据第二认证信息对终端进行认证,其中,授权单元还可以用于使得在认证端根据第二认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络以获取第三类移动通信服务;以及在认证端根据第一认证信息对终端认证成功后,移动通信网络授权终端接入移动通信网络以获取第四类移动通信服务。授权单元还可以用于移动通信网络通过LIPA协议授权终端接入移动通信网络以获取第三类移动通信服务;以及移动通信网络通过SIPTO协议授权终端接入移动通信网络以获取第四类移动通信服务。The eighth obtaining unit may be configured to: before the authentication end acquires the first authentication information sent by the terminal, the authentication end acquires the second authentication information sent by the terminal, where the terminal is configured to acquire the second information by using the user identification module SIM connected to the terminal. The voucher information and/or the second credential information is obtained by the embedded storage module; the fourth authentication unit may be configured to enable the authentication end to authenticate the terminal according to the second authentication information, wherein the authorization unit may further be configured to enable the authentication end After the terminal authentication succeeds according to the second authentication information, the mobile communication network authorizes the terminal to access the mobile communication network to obtain the third type of mobile communication service; and after the authentication end successfully authenticates the terminal according to the first authentication information, the mobile communication network authorizes the terminal. Access to a mobile communication network to obtain a fourth type of mobile communication service. The authorization unit may also be used in the mobile communication network to authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service; and the mobile communication network to authorize the terminal to access the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service. .
上述认证方法为两级认证的认证方法:终端预先存储用户的第二凭证信息,并获取用户输入的第一凭证信息,第一凭证信息可用于在除了用户和移动通信服务提供者之外的第三方所开发的软件中认证用户;当终端进入移动通信网络覆盖区域时,先自动根据第二凭证信息与移动通信网络进行通信并认证终端,再根据第一凭证信息与移
动通信网络进行通信并认证终端;若根据用户第二凭证信息的认证通过,则通过移动通信网络获取第三类移动通信服务;若根据第一凭证信息的认证通过,则进一步通过移动通信网络获取第四类移动通信服务。内容的详细介绍同前述方法部分,在此不再赘述。The above authentication method is a two-level authentication method: the terminal pre-stores the second credential information of the user, and acquires first credential information input by the user, where the first credential information can be used in addition to the user and the mobile communication service provider. The user authenticated by the software developed by the three parties; when the terminal enters the coverage area of the mobile communication network, it first automatically communicates with the mobile communication network according to the second credential information and authenticates the terminal, and then moves according to the first credential information and
The mobile communication network communicates and authenticates the terminal; if the authentication according to the second credential information of the user passes, the third type of mobile communication service is obtained through the mobile communication network; if the authentication according to the first credential information is passed, the mobile communication network is further obtained through the mobile communication network. The fourth type of mobile communication services. The detailed description of the content is the same as the method part mentioned above, and will not be described here.
作为优选的实施例,在本发明实施例中,移动通信网络可以通过LIPA协议授权终端接入移动通信网络以获取第三类移动通信服务。移动通信网络可以通过SIPTO协议授权终端接入移动通信网络以获取第四类移动通信服务。其中,详细介绍同前述,在此不再赘述。As a preferred embodiment, in the embodiment of the present invention, the mobile communication network may authorize the terminal to access the mobile communication network through the LIPA protocol to obtain the third type of mobile communication service. The mobile communication network can authorize the terminal to access the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service. The detailed description is the same as the foregoing, and will not be repeated here.
通过上述描述,本发明实施例可以达到如下技术效果:Through the above description, the embodiment of the present invention can achieve the following technical effects:
用户不需要向移动通信服务提供者购买SIM卡,而直接在终端中输入凭证信息;当终端进入移动通信网络的覆盖区域,自动根据该凭证信息与移动通信网络进行通信并认证该终端,认证通过则能够享受到移动通信服务。因此,终端中无需设置SIM卡插槽,降低了终端的设计复杂度,也有利于终端的轻薄化发展。并且,在使用时,只需在终端上输入一次凭证信息,这样,当终端进入移动通信网络的不同覆盖区域时,都能自动认证。The user does not need to purchase the SIM card from the mobile communication service provider, but directly inputs the credential information in the terminal; when the terminal enters the coverage area of the mobile communication network, it automatically communicates with the mobile communication network according to the credential information and authenticates the terminal, and the authentication passes. You can enjoy mobile communication services. Therefore, there is no need to set a SIM card slot in the terminal, which reduces the design complexity of the terminal, and is also beneficial to the development of the terminal. Moreover, when used, it is only necessary to input the credential information once on the terminal, so that when the terminal enters different coverage areas of the mobile communication network, it can automatically authenticate.
用户输入的凭证信息不仅可以用于在接入移动通信网络过程中的认证操作,还可以在第三方所开发的软件中认证用户,这样就省去了一个用户需要拥有多重网络身份的麻烦,例如,微信用户可以在终端输入微信ID和密码,并在终端进入移动通信网络覆盖区域时,自动根据所输入的凭证信息与移动通信网络进行通信并认证该终端,从而该用户就只需拥有一个微信ID的网络身份,用户可以通过第三方的社交资源获取更便利的信息服务,例如,用户输入微信ID和密码之后,可以直接通过移动通信网络连接到Internet并与朋友通信。The credential information input by the user can be used not only for the authentication operation in the process of accessing the mobile communication network, but also for authenticating the user in the software developed by the third party, thus eliminating the trouble that a user needs to have multiple network identities, for example. The WeChat user can input the WeChat ID and password in the terminal, and when the terminal enters the coverage area of the mobile communication network, automatically communicates with the mobile communication network according to the entered credential information and authenticates the terminal, so that the user only needs to have one WeChat. ID's network identity, users can obtain more convenient information services through third-party social resources. For example, after users input WeChat ID and password, they can connect to the Internet and communicate with friends directly through the mobile communication network.
提高第三方所开发的软件的价值。例如,当用户可以通过输入微信ID和密码而享用移动通信服务时,微信就会吸引更多用户,从而提升微信的价值;移动通信服务提供者也能通过与第三方合作而扩展业务范围,例如,可以通过为第三方提升价值而盈利。Increase the value of software developed by third parties. For example, when users can enjoy mobile communication services by inputting WeChat ID and password, WeChat will attract more users and enhance the value of WeChat; mobile communication service providers can also expand their business scope by cooperation with third parties, for example Can be profitable by increasing value for third parties.
需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。
It should be noted that the steps illustrated in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer executable instructions, and, although shown in the flowchart, The steps shown or described may be performed in an order different than that herein.
为了实现上述目的,根据本发明的再一个方面,还提供了一种存储介质,用于保存上述用于移动通信系统中的终端认证方法所执行的程序代码。In order to achieve the above object, according to still another aspect of the present invention, a storage medium for storing the program code executed by the terminal authentication method for use in a mobile communication system is also provided.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in a storage device by a computing device, or they may be fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。
The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
Claims (18)
- 一种用于移动通信系统中的终端认证方法,其中,包括:A terminal authentication method for use in a mobile communication system, comprising:终端获取用户输入的第一凭证信息,其中,所述第一凭证信息为通过目标软件验证的信息;The terminal acquires first credential information input by the user, where the first credential information is information verified by the target software;所述终端根据所述第一凭证信息确定第一认证信息;Determining, by the terminal, first authentication information according to the first credential information;所述终端将所述第一认证信息发送至认证端,其中,所述认证端用于根据所述第一认证信息对所述终端进行认证;以及The terminal sends the first authentication information to the authentication end, where the authentication end is configured to authenticate the terminal according to the first authentication information;在所述认证端根据所述第一认证信息对所述终端认证成功后,所述终端接入移动通信网络。After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network.
- 根据权利要求1所述的终端认证方法,所述终端包括第一终端和第二终端,The terminal authentication method according to claim 1, wherein the terminal comprises a first terminal and a second terminal,终端获取用户输入的第一凭证信息包括:所述第一终端获取用户输入的第一凭证信息,The obtaining, by the terminal, the first credential information input by the user includes: the first terminal acquiring the first credential information input by the user,所述终端根据所述第一凭证信息确定第一认证信息包括:所述第一终端根据所述第一凭证信息确定第一认证信息,Determining the first authentication information by the terminal according to the first credential information includes: determining, by the first terminal, the first authentication information according to the first credential information,所述终端将所述第一认证信息发送至认证端包括:所述第一终端将所述第一认证信息发送至所述认证端,The sending, by the terminal, the first authentication information to the authentication end includes: sending, by the first terminal, the first authentication information to the authentication end,在所述第一终端将所述第一认证信息发送至所述认证端之后,所述终端认证方法还包括:所述认证端接收所述第一终端发送的第一认证信息;所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述移动通信网络中断第二终端与所述移动通信网络的连接,After the first terminal sends the first authentication information to the authentication end, the terminal authentication method further includes: the authentication end receiving the first authentication information sent by the first terminal; The first terminal is authenticated according to the first authentication information sent by the first terminal; the authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; If the authentication end determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal, the mobile communication network interrupts the connection between the second terminal and the mobile communication network,其中,在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述第一终端接入所述移动通信网络。The first terminal accesses the mobile communication network after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal.
- 根据权利要求2所述的终端认证方法,在所述第二终端中断与所述移动通信网络的连接之前,所述终端认证方法包括: The terminal authentication method according to claim 2, before the second terminal interrupts the connection with the mobile communication network, the terminal authentication method includes:所述认证端判断所述第一终端的入网优先级是否高于所述第二终端的入网优先级,The authentication end determines whether the network access priority of the first terminal is higher than the network access priority of the second terminal,其中,如果所述认证端判断出所述第一终端的入网优先级高于所述第二终端的入网优先级,则所述第二终端中断与所述移动通信网络的连接;以及如果所述认证端判断出所述第一终端的入网优先级不高于所述第二终端的入网优先级,则所述认证端根据所述第二终端发送的中断指示对所述第一终端认证失败。If the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal interrupts the connection with the mobile communication network; The authentication end determines that the network access priority of the first terminal is not higher than the network access priority of the second terminal, and the authentication end fails to authenticate the first terminal according to the interruption indication sent by the second terminal.
- 根据权利要求1所述的终端认证方法,所述终端包括第一终端和第二终端,所述第二终端通过以下方式接入移动通信网络:The terminal authentication method according to claim 1, wherein the terminal comprises a first terminal and a second terminal, and the second terminal accesses the mobile communication network by:所述第一终端获取用户输入的第一凭证信息;The first terminal acquires first credential information input by a user;所述第一终端根据所述第一凭证信息确定第一认证信息;Determining, by the first terminal, first authentication information according to the first credential information;所述第一终端将所述第一认证信息发送至所述认证端;The first terminal sends the first authentication information to the authentication end;所述认证端接收所述第一终端发送的第一认证信息;The authentication end receives the first authentication information sent by the first terminal;所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;The authentication end authenticates the first terminal according to the first authentication information sent by the first terminal;所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;The authentication end determines whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal;如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端保持与所述移动通信网络的连接;If the authentication end determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal, the second terminal maintains a connection with the mobile communication network;在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述第一终端接入所述移动通信网络;After the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal, the first terminal accesses the mobile communication network;所述第一终端获取所述移动通信网络提供的第一类移动通信服务;以及The first terminal acquires a first type of mobile communication service provided by the mobile communication network;所述第二终端获取所述移动通信网络提供的第二类移动通信服务。The second terminal acquires a second type of mobile communication service provided by the mobile communication network.
- 根据权利要求1所述的终端认证方法,所述终端根据所述第一凭证信息确定第一认证信息包括:The terminal authentication method according to claim 1, wherein the determining, by the terminal, the first authentication information according to the first credential information comprises:所述终端根据所述第一凭证信息确定识别数据;以及Determining, by the terminal, identification data according to the first credential information;所述终端根据所述识别数据生成所述第一认证信息。The terminal generates the first authentication information according to the identification data.
- 根据权利要求1所述的终端认证方法, The terminal authentication method according to claim 1,在终端获取用户输入的第一凭证信息之前,所述终端认证方法还包括:所述终端接收所述认证端发送的包括随机数的认证请求,Before the terminal obtains the first credential information input by the user, the terminal authentication method further includes: the terminal receiving an authentication request that is sent by the authentication end, including a random number,所述终端根据所述第一凭证信息确定第一认证信息包括:所述终端根据所述第一凭证信息和所述随机数确定所述第一认证信息。The determining, by the terminal, the first authentication information according to the first credential information comprises: determining, by the terminal, the first authentication information according to the first credential information and the random number.
- 根据权利要求1所述的终端认证方法,在终端获取用户输入的第一凭证信息之前,所述认证方法还包括:The terminal authentication method according to claim 1, wherein before the terminal acquires the first credential information input by the user, the authentication method further includes:所述终端通过与所述终端相连接的用户识别模块SIM获取第二凭证信息;和/或The terminal acquires second credential information through a subscriber identity module SIM connected to the terminal; and/or所述终端通过自身内嵌的存储模块获取所述第二凭证信息;The terminal acquires the second credential information by using a storage module embedded therein;所述终端根据所述第二凭证信息确定第二认证信息;以及Determining, by the terminal, second authentication information according to the second credential information;所述终端将所述第二认证信息发送至所述认证端,所述认证端用于根据所述第二认证信息对所述终端进行认证,The terminal sends the second authentication information to the authentication end, where the authentication end is used to authenticate the terminal according to the second authentication information.其中,在所述认证端根据所述第二认证信息对所述终端认证成功后,所述终端接入移动通信网络以获取第三类移动通信服务;以及在所述认证端根据所述第一认证信息对所述终端认证成功后,所述终端接入移动通信网络以获取第四类移动通信服务。After the authentication end successfully authenticates the terminal according to the second authentication information, the terminal accesses the mobile communication network to obtain a third type of mobile communication service; and the first end is authenticated according to the first After the authentication information is successfully authenticated by the terminal, the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
- 根据权利要求7所述的终端认证方法,The terminal authentication method according to claim 7,所述终端通过LIPA协议接入移动通信网络以获取第三类移动通信服务;以及The terminal accesses a mobile communication network through a LIPA protocol to obtain a third type of mobile communication service;所述终端通过SIPTO协议接入移动通信网络以获取第四类移动通信服务。The terminal accesses the mobile communication network through the SIPTO protocol to obtain the fourth type of mobile communication service.
- 根据权利要求7所述的终端认证方法,The terminal authentication method according to claim 7,在所述终端接入移动通信网络以获取第三类移动通信服务之后,所述终端认证方法还包括:所述终端生成第一提醒信息,After the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal authentication method further includes: the terminal generating the first reminder information,在所述终端接入移动通信网络以获取第四类移动通信服务之后,所述终端认证方法还包括:所述终端生成第二提醒信息。After the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service, the terminal authentication method further includes: the terminal generating second reminder information.
- 一种用于移动通信系统中的终端认证装置,其中,包括:A terminal authentication apparatus for use in a mobile communication system, comprising:第一获取单元,用于使得终端获取用户输入的第一凭证信息,其中,所述第一凭证信息为通过目标软件验证的信息; a first obtaining unit, configured to enable the terminal to obtain first credential information input by the user, where the first credential information is information verified by the target software;第一确定单元,用于使得所述终端根据所述第一凭证信息确定第一认证信息;a first determining unit, configured to enable the terminal to determine first authentication information according to the first credential information;第一发送单元,用于使得所述终端将所述第一认证信息发送至认证端,其中,所述认证端用于根据所述第一认证信息对所述终端进行认证;以及a first sending unit, configured to enable the terminal to send the first authentication information to an authentication end, where the authentication end is configured to authenticate the terminal according to the first authentication information;接入单元,用于使得在所述认证端根据所述第一认证信息对所述终端认证成功后,所述终端接入移动通信网络。The access unit is configured to enable the terminal to access the mobile communication network after the authentication end successfully authenticates the terminal according to the first authentication information.
- 根据权利要求10所述的终端认证装置,所述终端包括第一终端和第二终端,The terminal authentication apparatus according to claim 10, wherein the terminal comprises a first terminal and a second terminal,所述第一获取单元还用于使得所述第一终端获取用户输入的第一凭证信息,The first obtaining unit is further configured to enable the first terminal to obtain first credential information input by a user,所述第一确定单元还用于使得所述终端根据所述第一凭证信息确定第一认证信息包括:所述第一终端根据所述第一凭证信息确定第一认证信息,The first determining unit is further configured to: determine, by the terminal, the first authentication information according to the first credential information, that: the first terminal determines, according to the first credential information, first authentication information, where所述第一发送单元还用于使得所述终端将所述第一认证信息发送至认证端包括:所述第一终端将所述第一认证信息发送至所述认证端,The first sending unit is further configured to: send, by the terminal, the first authentication information to the authentication end, where the first terminal sends the first authentication information to the authentication end,所述终端认证装置还包括:第一接收单元,用于使得在所述第一终端将所述第一认证信息发送至所述认证端之后,所述认证端接收所述第一终端发送的第一认证信息;第一认证单元,用于使得所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;第一判断单元,用于使得所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;第一中断单元,用于使得如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述移动通信网络中断第二终端与所述移动通信网络的连接,The terminal authentication apparatus further includes: a first receiving unit, configured to: after the first terminal sends the first authentication information to the authentication end, the authentication end receives the first a first authentication unit, configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal, where the first determining unit is configured to enable the authentication end to determine Whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal; the first interruption unit is configured to: if the authentication end determines that the first authentication has been sent according to the first terminal If the information is successfully authenticated by the second terminal, the mobile communication network interrupts the connection between the second terminal and the mobile communication network,其中,所述接入单元还用于使得在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述第一终端接入所述移动通信网络。The access unit is further configured to enable the first terminal to access the mobile communication network after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal. .
- 根据权利要求11所述的终端认证装置,所述终端认证装置还包括:The terminal authentication device according to claim 11, wherein the terminal authentication device further comprises:第二判断单元,用于使得在所述第二终端中断与所述移动通信网络的连接之前,所述认证端判断所述第一终端的入网优先级是否高于所述第二终端的入网优先级,a second determining unit, configured to: before the second terminal interrupts the connection with the mobile communication network, the authentication end determines whether the network access priority of the first terminal is higher than the access priority of the second terminal level,其中,所述第一中断单元还用于使得如果所述认证端判断出所述第一终端的入网优先级高于所述第二终端的入网优先级,则所述第二终端中断与所述移动通信网络的连接;以及所述第一认证单元还用于使得如果所述认证端判断出 所述第一终端的入网优先级不高于所述第二终端的入网优先级,则所述认证端根据所述第二终端发送的中断指示对所述第一终端认证失败。The first interrupting unit is further configured to: if the authentication end determines that the network access priority of the first terminal is higher than the network access priority of the second terminal, the second terminal is interrupted and a connection of the mobile communication network; and the first authentication unit is further configured to cause if the authentication terminal determines If the priority of the first terminal is not higher than the network access priority of the second terminal, the authentication end fails to authenticate the first terminal according to the interruption indication sent by the second terminal.
- 根据权利要求11所述的终端认证装置,所述终端包括第一终端和第二终端,所述终端认证装置还包括:The terminal authentication device according to claim 11, wherein the terminal comprises a first terminal and a second terminal, and the terminal authentication device further comprises:第二获取单元,用于使得所述第一终端获取用户输入的第一凭证信息;a second acquiring unit, configured to enable the first terminal to acquire first credential information input by a user;第二确定单元,用于使得所述第一终端根据所述第一凭证信息确定第一认证信息;a second determining unit, configured to enable the first terminal to determine first authentication information according to the first credential information;第二发送单元,用于使得所述第一终端将所述第一认证信息发送至所述认证端;a second sending unit, configured to enable the first terminal to send the first authentication information to the authentication end;第二接收单元,用于使得所述认证端接收所述第一终端发送的第一认证信息;a second receiving unit, configured to enable the authentication end to receive the first authentication information sent by the first terminal;第二认证单元,用于使得所述认证端根据所述第一终端发送的第一认证信息对所述第一终端进行认证;a second authentication unit, configured to enable the authentication end to authenticate the first terminal according to the first authentication information sent by the first terminal;第三判断单元,用于使得所述认证端判断是否已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功;a third determining unit, configured to enable the authentication end to determine whether the second terminal is successfully authenticated according to the first authentication information sent by the first terminal;保持单元,用于使得如果所述认证端判断出已经根据所述第一终端发送的第一认证信息对所述第二终端认证成功,则所述第二终端保持与所述移动通信网络的连接;a holding unit, configured to enable the second terminal to maintain a connection with the mobile communication network if the authentication terminal determines that the second terminal has successfully authenticated according to the first authentication information sent by the first terminal ;所述接入单元,用于使得在所述认证端根据所述第一终端发送的第一凭证信息对所述第一终端认证成功后,所述第一终端接入所述移动通信网络;The access unit is configured to enable the first terminal to access the mobile communication network after the authentication end successfully authenticates the first terminal according to the first credential information sent by the first terminal;第三获取单元,用于使得所述第一终端获取所述移动通信网络提供的第一类移动通信服务;以及a third acquiring unit, configured to enable the first terminal to acquire a first type of mobile communication service provided by the mobile communication network;第四获取单元,用于使得所述第二终端获取所述移动通信网络提供的第二类移动通信服务。And a fourth acquiring unit, configured to enable the second terminal to acquire a second type of mobile communication service provided by the mobile communication network.
- 根据权利要求10所述的终端认证装置,所述第一确定单元包括:The terminal authentication device according to claim 10, wherein the first determining unit comprises:确定模块,用于使得所述终端根据所述第一凭证信息确定识别数据;以及Determining a module, configured to cause the terminal to determine identification data according to the first credential information;生成模块,用于使得所述终端根据所述识别数据生成所述第一认证信息。 And a generating module, configured to enable the terminal to generate the first authentication information according to the identification data.
- 根据权利要求10所述的终端认证装置,The terminal authentication device according to claim 10,所述终端认证装置还包括:第三接收单元,用于使得在终端获取用户输入的第一凭证信息之前,所述终端接收所述认证端发送的包括随机数的认证请求,The terminal authentication device further includes: a third receiving unit, configured to: before the terminal acquires the first credential information input by the user, the terminal receives the authentication request that is sent by the authenticating end, including the random number,所述第一确定单元还用于使得所述终端根据所述第一凭证信息和所述随机数确定所述第一认证信息。The first determining unit is further configured to enable the terminal to determine the first authentication information according to the first credential information and the random number.
- 根据权利要求10所述的终端认证装置,所述认证装置还包括:The terminal authentication device according to claim 10, wherein the authentication device further comprises:第五获取单元,用于使得在终端获取用户输入的第一凭证信息之前,所述终端通过与所述终端相连接的用户识别模块SIM获取第二凭证信息;和/或a fifth obtaining unit, configured to: before the terminal acquires the first credential information input by the terminal, the terminal acquires the second credential information by using a user identification module SIM connected to the terminal; and/or第六获取单元,用于使得所述终端通过自身内嵌的存储模块获取所述第二凭证信息;a sixth obtaining unit, configured to enable the terminal to acquire the second credential information by using a storage module embedded therein;第三确定单元,用于使得所述终端根据所述第二凭证信息确定第二认证信息;以及a third determining unit, configured to enable the terminal to determine second authentication information according to the second credential information;第三发送单元,用于使得所述终端将所述第二认证信息发送至所述认证端,所述认证端用于根据所述第二认证信息对所述终端进行认证,a third sending unit, configured to enable the terminal to send the second authentication information to the authentication end, where the authentication end is configured to authenticate the terminal according to the second authentication information,其中,所述接入单元还用于使得在所述认证端根据所述第二认证信息对所述终端认证成功后,所述终端接入移动通信网络以获取第三类移动通信服务;以及所述认证端根据所述第一认证信息对所述终端认证成功后,所述终端接入移动通信网络以获取第四类移动通信服务。The access unit is further configured to: after the authentication end successfully authenticates the terminal according to the second authentication information, the terminal accesses a mobile communication network to obtain a third type of mobile communication service; After the authentication end successfully authenticates the terminal according to the first authentication information, the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service.
- 根据权利要求16所述的终端认证装置,所述接入单元还用于使得所述终端通过LIPA协议接入移动通信网络以获取第三类移动通信服务;以及所述终端通过SIPTO协议接入移动通信网络以获取第四类移动通信服务。The terminal authentication apparatus according to claim 16, wherein the access unit is further configured to enable the terminal to access a mobile communication network through a LIPA protocol to acquire a third type of mobile communication service; and the terminal accesses the mobile through a SIPTO protocol. Communication network to obtain the fourth type of mobile communication service.
- 根据权利要求16所述的终端认证装置,所述终端认证装置还包括:The terminal authentication device according to claim 16, wherein the terminal authentication device further comprises:第一生成单元,用于使得在所述终端接入移动通信网络以获取第三类移动通信服务之后,所述终端生成第一提醒信息;a first generating unit, configured to: after the terminal accesses the mobile communication network to obtain the third type of mobile communication service, the terminal generates first reminder information;第二生成单元,用于使得在所述终端接入移动通信网络以获取第四类移动通信服务之后,所述终端生成第二提醒信息。 And a second generating unit, configured to: after the terminal accesses the mobile communication network to obtain the fourth type of mobile communication service, the terminal generates second reminder information.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410364838.9A CN104469766A (en) | 2014-07-28 | 2014-07-28 | Terminal authentication method and device used in mobile communication system |
CN201410364838.9 | 2014-07-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016015510A1 true WO2016015510A1 (en) | 2016-02-04 |
Family
ID=52914978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/079305 WO2016015510A1 (en) | 2014-07-28 | 2015-05-19 | Method and device for terminal authentication for use in mobile communication system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104469766A (en) |
WO (1) | WO2016015510A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111263361A (en) * | 2020-01-10 | 2020-06-09 | 中国联合网络通信集团有限公司 | Connection authentication method and device based on block chain network and micro base station |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104469765B (en) * | 2014-07-28 | 2020-10-23 | 北京佰才邦技术有限公司 | Terminal authentication method and apparatus for use in mobile communication system |
CN104469766A (en) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | Terminal authentication method and device used in mobile communication system |
CN105208545B (en) * | 2015-08-31 | 2019-01-15 | 宇龙计算机通信科技(深圳)有限公司 | Communication data management method, device and server based on virtual SIM card |
WO2017049598A1 (en) * | 2015-09-25 | 2017-03-30 | 广东欧珀移动通信有限公司 | Terminal authentication method and device |
CN105631675B (en) * | 2015-11-30 | 2019-06-11 | 东莞酷派软件技术有限公司 | Information acquisition method and device, terminal |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102149170A (en) * | 2011-04-11 | 2011-08-10 | 宇龙计算机通信科技(深圳)有限公司 | Network access method and device for wireless communication device |
US8594628B1 (en) * | 2011-09-28 | 2013-11-26 | Juniper Networks, Inc. | Credential generation for automatic authentication on wireless access network |
CN103428696A (en) * | 2012-05-22 | 2013-12-04 | 中兴通讯股份有限公司 | Virtual SIM card achieving method and system and relevant device |
CN103582178A (en) * | 2012-08-08 | 2014-02-12 | 广州三星通信技术研究有限公司 | Mobile communication terminal |
CN104469766A (en) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | Terminal authentication method and device used in mobile communication system |
CN104469765A (en) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | Terminal authentication method and device used in mobile communication system |
-
2014
- 2014-07-28 CN CN201410364838.9A patent/CN104469766A/en active Pending
-
2015
- 2015-05-19 WO PCT/CN2015/079305 patent/WO2016015510A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102149170A (en) * | 2011-04-11 | 2011-08-10 | 宇龙计算机通信科技(深圳)有限公司 | Network access method and device for wireless communication device |
US8594628B1 (en) * | 2011-09-28 | 2013-11-26 | Juniper Networks, Inc. | Credential generation for automatic authentication on wireless access network |
CN103428696A (en) * | 2012-05-22 | 2013-12-04 | 中兴通讯股份有限公司 | Virtual SIM card achieving method and system and relevant device |
CN103582178A (en) * | 2012-08-08 | 2014-02-12 | 广州三星通信技术研究有限公司 | Mobile communication terminal |
CN104469766A (en) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | Terminal authentication method and device used in mobile communication system |
CN104469765A (en) * | 2014-07-28 | 2015-03-25 | 北京佰才邦技术有限公司 | Terminal authentication method and device used in mobile communication system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111263361A (en) * | 2020-01-10 | 2020-06-09 | 中国联合网络通信集团有限公司 | Connection authentication method and device based on block chain network and micro base station |
Also Published As
Publication number | Publication date |
---|---|
CN104469766A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016015509A1 (en) | Method and device for terminal authentication for use in mobile communication system | |
WO2016015510A1 (en) | Method and device for terminal authentication for use in mobile communication system | |
US9154955B1 (en) | Authenticated delivery of premium communication services to trusted devices over an untrusted network | |
EP3610603B1 (en) | Secure password sharing for wireless networks | |
CN104081799B (en) | Social focus | |
CN110611905A (en) | Information sharing method, terminal device, storage medium, and computer program product | |
US20190036924A1 (en) | Method and apparatus for network access | |
US10769615B2 (en) | Device and method in wireless communication system and wireless communication system | |
JP6997886B2 (en) | Non-3GPP device access to core network | |
JP2016506152A (en) | Device authentication by tagging | |
JP7564919B2 (en) | NON-3GPP DEVICE ACCESS TO CORE NETWORK - Patent application | |
JP2008042862A (en) | Wireless lan communication system, method thereof and program | |
CN102111766A (en) | Network accessing method, device and system | |
US11848926B2 (en) | Network authentication | |
WO2017049598A1 (en) | Terminal authentication method and device | |
US9154949B1 (en) | Authenticated delivery of premium communication services to untrusted devices over an untrusted network | |
US20190116169A1 (en) | Real-time data for access control approval | |
WO2016090578A1 (en) | Authentication processing method, apparatus and terminal | |
US20130247160A1 (en) | Method and System for User Authentication Over a Communication Network | |
US20240267732A1 (en) | Control plane only mobile device network access authentication | |
CN102204308A (en) | Method and device for using wireless local area network service | |
WO2024179262A1 (en) | Communication method and communication apparatus | |
US11546339B2 (en) | Authenticating client devices to an enterprise network | |
WO2024021137A1 (en) | Api invoker authentication method and apparatus, communication device, and storage medium | |
WO2024199678A1 (en) | Secure allocation of a user terminal emulator for authenticated user who is registered to another user terminal emulator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15827856 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 02/06/2017) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15827856 Country of ref document: EP Kind code of ref document: A1 |