WO2017101571A1 - User identity authentication method, apparatus and system thereof - Google Patents

User identity authentication method, apparatus and system thereof Download PDF

Info

Publication number
WO2017101571A1
WO2017101571A1 PCT/CN2016/101699 CN2016101699W WO2017101571A1 WO 2017101571 A1 WO2017101571 A1 WO 2017101571A1 CN 2016101699 W CN2016101699 W CN 2016101699W WO 2017101571 A1 WO2017101571 A1 WO 2017101571A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
biometric information
mobile terminal
network side
information
Prior art date
Application number
PCT/CN2016/101699
Other languages
French (fr)
Chinese (zh)
Inventor
孙晓勇
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017101571A1 publication Critical patent/WO2017101571A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a user identity authentication method, apparatus, and system thereof.
  • the Intelligent Network is developed on the basis of the existing telephone network, and refers to a telephone network with intelligence or an integrated service digital network. Its network intelligence is deployed on computers distributed among several service control points in the whole network, and software intelligent control is implemented by software to provide more flexible intelligent control functions.
  • Intelligent Network (IN) is a network architecture that generates and provides intelligent services quickly, economically, conveniently, and efficiently on a communication network. It is an additional network structure set up to provide users with new services on the basis of the original communication network. Its biggest feature is to separate the switching function of the network from the control function. Since the intelligent network technology in the original communication network can provide users with new mobile services with strong service characteristics, comprehensive functions and flexible changes, it has great market demand. Therefore, the intelligent network has gradually become the first choice for modern communication to provide new services. Program.
  • the SIM card in mobile phones records the contact information of all the people who are in close contact with the mobile phone users. Therefore, when the mobile phone is lost, it is easy for the criminals to use the lost mobile phone number to fraudulently use the information in the lost mobile phone.
  • the existing mobile terminal itself has certain security functions, such as a boot lock button and a password setting to prevent the use of the non-operator, the SIM card in the mobile terminal can be easily removed from the mobile terminal and moved to other Continue to use on the mobile terminal.
  • An object of the present invention is to provide a user identity authentication method, apparatus, and system thereof, to overcome the problem that the mobile terminal is lost in the related art, and the network side device cannot identify the identity information of the terminal user, and the information is fraudulently exploited by the criminal.
  • the present invention provides a user identity authentication method, including:
  • the network side device acquires first user biometric information from the mobile terminal
  • the network side device determines that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  • the method further includes that the network side device determines that the first user biometric information is different from the second user biometric information stored in advance on the network side, and is not allowed to access the network.
  • the step of the network side device acquiring the first user biometric information from the mobile terminal includes: the network side device receiving the SIM registration request or the call request initiated by the mobile terminal.
  • the acquiring, by the network side device, the biometric information of the first user to the mobile terminal includes:
  • the mobile interaction center MSC/visit location register VLR receives the SIM card registration request sent by the mobile terminal, and then passes it to the home location register HLR;
  • the HLR returns a SIM registration request response message to the MSC/VLR, where the response information carries service information supplemented by the SIM card user;
  • the MSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the service control point SCP;
  • the SCP instructs the MSC to collect biometric information of the user from the mobile terminal
  • the MSC receives the biometric information of the user collected by the mobile terminal and transmits the biometric information to the SCP.
  • the MSC further includes: the MSC instructs the media gateway MGW to play the prompt tone, and prompts to input the first user biometric information.
  • the acquiring, by the network side device, the biometric information of the user to the mobile terminal includes:
  • the MSC/VLR After receiving the call request sent by the mobile terminal, the MSC/VLR initiates a route query request of the called user to the mobile gateway interaction center GMSC;
  • the GMSC initiates a routing query request to the called HLR;
  • the HLR returns a route query response message to the GMSC, where the response information carries service information supplemented by the SIM card user;
  • the GMSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the SCP;
  • the SCP After receiving the biometric information authentication request, the SCP instructs the GMSC to collect the biometric information of the user from the mobile terminal;
  • the GMSC receives the biometric information collected by the mobile terminal and transmits it to the SCP.
  • the GMSC further includes: the GMSC instructs the media gateway MGW to play a prompt tone, and prompts to input the first user biometric information.
  • biometric information is fingerprint or/and iris information.
  • the present invention further provides a user identity authentication apparatus, which is applied to a network side, where the apparatus includes an identifier acquisition unit and an identifier authentication unit;
  • the identifier acquiring unit is configured to acquire first user biometric information from the mobile terminal
  • the identifier authentication unit is configured to determine that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  • the device further includes a response feedback unit and a determination indication unit;
  • the response feedback unit is configured to return response information of a SIM registration request or a call request, where the response information carries service information supplemented by a SIM card user;
  • the determining indication unit is configured to determine whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP, and after receiving the biometric information authentication request, the SCP instructs the MSC to collect the user from the mobile terminal. Biometric information.
  • the biometric information is fingerprint or/and iris information.
  • the present invention further provides a user identity authentication system, the system comprising a mobile terminal and a network side device for communicating with the mobile terminal, the network side device comprising the user identity authentication device described above.
  • the present invention has at least the following beneficial effects: in a user identity authentication method, apparatus, and system thereof provided by an embodiment of the present invention, the first user biometric information is obtained by acquiring the first user biometric information; If the second user biometric information stored in the network side is the same, the access to the network is allowed; thus, the network side device authenticates and identifies the identity feature of the mobile terminal user to control whether the SIM card on the mobile terminal is allowed to be accessed. The network thus limits the users of the mobile terminal SIM card to avoid the problem of fraud by the criminals.
  • the technical solution of the present invention if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the current mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, it is possible to effectively avoid the problem that the criminals use the SIM card on the lost mobile terminal for information fraud.
  • FIG. 1 is a block diagram of a main network element involved in a user identity authentication method according to the present invention
  • FIG. 2 is a flowchart of a user identity authentication method according to Embodiment 1 of the present invention.
  • FIG. 3 is an information interaction diagram of a user identity authentication method when a SIM card is registered according to Embodiment 2 of the present invention.
  • FIG. 4 is an information interaction diagram of a user identity authentication method in a call according to Embodiment 3 of the present invention.
  • FIG. 5 is a structural block diagram of a user identity authentication apparatus according to Embodiment 4 of the present invention.
  • FIG. 6 is a structural block diagram of a user identity authentication system according to Embodiment 5 of the present invention.
  • the embodiment of the invention provides a user identity authentication method and a system thereof, and is particularly applicable to a mobile terminal, and performs authentication restriction identification on a user of a SIM card of the mobile terminal. Therefore, when the mobile terminal is lost, the SIM card on the mobile terminal is easily moved to other terminals for use by the criminals for information fraud.
  • a main network element involved in a user identity authentication method of the present invention is shown in FIG. 1.
  • Embodiment 1 of a user identity authentication method which includes the following steps:
  • the network side device acquires first user biometric information from the mobile terminal.
  • the network side device After receiving the SIM registration request or the call request initiated by the mobile terminal, the network side device acquires the first user biometric information from the mobile terminal.
  • the network side device determines that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  • the network side device determines whether the acquired first user biometric information is the same as the second user biometric information stored in advance on the network side, and if not, does not allow access to the network or terminate the call; The same, allowing access to the network or connecting to the call.
  • the first user biometric information is that the current mobile phone user prompts according to the mobile terminal. Find the biometric information entered.
  • the second user biometric information is biometric information that the owner user needs to save the biometric information of the main user or a specific authorized person on the network side device when the owner user purchases the SIM card in the business hall.
  • the biometric information is fingerprint or/and iris information.
  • the embodiment of the present invention obtains the biometric information of the user by using the mobile terminal, and the network side device determines that the biometric information of the first user is the same as the biometric information of the second user pre-stored on the network side, and then allows access to the network; In this way, the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the SIM card of the mobile terminal is allowed to be accessed by the network, thereby restricting the user of the SIM card of the mobile terminal from being used by the criminals to perform information. The problem of fraud.
  • the technical solution of the present invention if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the current mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, it is possible to effectively avoid the problem that the criminals use the SIM card on the lost mobile terminal for information fraud.
  • FIG. 3 is an information interaction diagram of a user identity authentication method when a SIM card is registered according to Embodiment 2 of the present invention.
  • the user identity authentication method provided by the embodiment of the present invention is applied to a SIM card registration request. Includes the following steps:
  • the mobile terminal After detecting that the SIM card is inserted, the mobile terminal initiates a SIM card registration request to the network side device.
  • the MSC Mobile Switching Center
  • VLR Visitor Location Register
  • HLR Home Location Register
  • the HLR returns a SIM registration request response message to the MSC/VLR, where the response information carries service information supplemented by the SIM card user.
  • the service information may be an authentication service that the customer subscribes to, such as biometric information authentication, call forwarding, and the like.
  • the MSC determines whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP (the service control point SCP, which is the core of the intelligent network).
  • the contracted authentication service is a service in which the owner user saves the biometric information on the network side or other protocols of the contract authentication when the SIM card is purchased in the business hall.
  • the signed biometric information The authentication service stores fingerprints and/or iris information on the network side for the user.
  • the SCP After receiving the biometric information authentication request, the SCP determines whether the user has the contracted biometric information authentication service. If it is determined that there is a contracted biometric information authentication service, the SCP instructs the MSC to request the current mobile phone user to input the biometric information.
  • the biometric information is fingerprint or/and iris information.
  • the biometric information required to be input may be biometric information input by the current mobile phone user according to the prompt of the broadcast prompt or input according to the prompt of the play text.
  • the MSC instructs the MGW (Media Gateway Media Gateway) to play a prompt tone, and prompts the current mobile phone user to input the first user biometric information.
  • MGW Media Gateway Media Gateway
  • the biometric information may be fingerprint information or iris information.
  • the fingerprint and the iris verification information may be simultaneously requested.
  • the MSC receives the first user biometric information collected by the mobile terminal, and transmits the information to the SCP.
  • the SCP and the SCP After receiving the first user biometric information, the SCP and the SCP confirm whether the acquired first user biometric information is the same as the second user biometric information pre-stored on the network side. If not, the access network is not allowed. Or terminate the call; if the same, allow access to the network or call.
  • the owner user purchases the SIM card in the business hall
  • the host user or the specific authorized personnel's biometric information needs to be saved in the network side device.
  • the mobile phone user uses the mobile terminal with the SIM card
  • the biometric information of the current mobile phone user needs to be collected again, and the mobile terminal transmits the collected biometric information to the core network device, and the core network device receives the first User biometric information is authenticated, that is, if the currently collected first user biometric information is the same as the second user biometric information stored in the network side device, the authentication is passed, allowing the SIM card to access the network, instructing the MSC to continue the call; otherwise , the access network is not allowed, indicating that the MSC terminates the call.
  • the SIM card when the SIM card is registered, the first user biometric information of the current mobile terminal user is collected, and the collected first user biometric information is transmitted to the core network device, and the core network device selects the collected The user biometric information is compared with the second user biometric information of the pre-existing network side device. If the authentication is passed, the SIM card is allowed to access the network. Otherwise, the network is not allowed to access the network/terminating the call, and the mobile terminal cannot communicate.
  • the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the mobile terminal is allowed to access the network, thereby restricting the user of the mobile terminal SIM card from being used by the criminals for fraud. problem.
  • the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, the problem of information fraud by a fraudulent use of a SIM card on a lost mobile terminal can be effectively avoided.
  • FIG. 4 is an information interaction diagram of a user identity authentication method according to a third embodiment of the present invention.
  • a user identity authentication method is provided in the following steps. :
  • the mobile terminal initiates a call request after detecting that the SIM card is inserted.
  • the MSC//VLR After receiving the call request sent by the mobile terminal, the MSC//VLR initiates a route query request of the called user to the GMSC (Gateway Mobile Switching Center).
  • GMSC Gateway Mobile Switching Center
  • the GMSC initiates a route query request to the called HLR.
  • the HLR returns the routing query response information to the GMSC, where the response information carries the service information supplemented by the SIM card user.
  • the GMSC determines whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the control point SCP.
  • the SCP After receiving the biometric information authentication request, the SCP determines whether the user subscribes to the biometric information authentication service. If it is determined that there is a contracted biometric information authentication service, the SCP instructs the GMSC to request the mobile phone user to input the biometric information.
  • the biometric information is fingerprint or/and iris information.
  • the requesting to input the biometric information may be input by the mobile phone user according to the prompt of the broadcast or according to the prompt of the play text.
  • the GMSC instructs the MGW (Media Gateway Media Gateway) to play a prompt tone, and prompts the mobile phone user to input the first user biometric information.
  • MGW Media Gateway Media Gateway
  • the biometric information/first user biometric information may be fingerprint information or iris information.
  • the fingerprint and the iris verification information may also be input at the same time.
  • the GMGW plays a prompt tone, prompting the terminal user to input the first user biometric information.
  • the GMSC returns the first user biometric information to the SCP.
  • the SCP and the second user biometric information pre-stored on the network side are verified. If the comparison is the same as the second user biometric information in the network side, The SCP instructs the MSC to continue the call. If the comparison is determined to be different from the second user biometric information previously on the network side, the SCP instructs the MSC to terminate the call.
  • the first user biometric information is collected, and the collected first user biometric information is transmitted to the core network device, and the core network device collects the collected first user biometric information and The second user biometric information pre-existing on the network side device is compared and authenticated. If the authentication is passed, the SIM card is allowed to access the network. Otherwise, the network is not allowed to access the network, and the mobile terminal cannot perform call communication.
  • the invention authenticates the identity characteristics of the user of the mobile terminal user by using the network side device to control whether the SIM card is allowed to be accessed by the network, thereby restricting the user of the SIM card of the mobile terminal, and avoiding the problem of fraud by the criminals. .
  • the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, the problem of information fraud by a fraudulent use of a SIM card on a lost mobile terminal can be effectively avoided.
  • FIG. 5 is a structural block diagram of a user identity authentication apparatus according to the present invention.
  • the device is applied to the network side, and includes an identifier acquisition unit 201 and an identifier authentication unit 202 .
  • the identifier acquisition unit 201 is configured to acquire first user biometric information from the mobile terminal;
  • the identifier acquiring unit 201 acquires the first user biometric information from the mobile terminal.
  • the identifier authentication unit 202 is configured to determine that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  • the identifier authentication unit 202 is configured to confirm whether the acquired first user biometric information is the same as the second user biometric information stored in the network side in advance, and if not, the access network or the network is not allowed. Terminate the call; if the same, allow access to the network or call.
  • the user identity authentication device further includes a response feedback unit and a determination indication unit.
  • the response feedback unit 203 is configured to return response information of a SIM registration request or a call request, where the response information carries service information supplemented by a SIM card user;
  • the judgment instructing unit 204 is configured to determine whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP, and after receiving the biometric information authentication request, the SCP instructs the MSC to the mobile terminal. Collect biometric information of the user.
  • the pre-stored second user biometric information is biometric information stored by the owner user or a specific authorized person on the network side device when the owner user purchases the SIM card in the business hall.
  • the biometric information may be fingerprint information or iris information.
  • the fingerprint and the iris verification information may also be input at the same time.
  • the user identity authentication apparatus acquires the first user biometric information from the mobile terminal by the identifier acquisition unit 201; and the acquired first user biometric information and the advancement by the identifier authentication unit 202
  • the second user biometric information stored on the network side is compared to determine whether the comparison is the same. If not, the access network is not allowed to be terminated or the call is terminated; if the same, the access to the network or the call is allowed. Therefore, compared with the prior art, the identity of the user of the mobile terminal user can be authenticated and identified by the network side device to control whether the SIM card on the mobile terminal is allowed to access the network, thereby limiting the user of the SIM card of the mobile terminal. It can effectively avoid the loss of mobile terminals, and the criminals use the SIM card on the lost mobile terminal for information fraud.
  • FIG. 6 it is a structural block diagram of a user identity authentication system, which includes a mobile terminal 10 and a network side device 20 that performs communication interaction with the mobile terminal.
  • the network side device 20 includes the foregoing embodiment 4
  • the user identity authentication device For details of the specific configuration of the user identity authentication device, refer to the fourth embodiment, and details are not described herein again.
  • the user identity authentication system transmits the acquired first user biometric information to the core network by controlling the mobile terminal to acquire the first user biometric information when the SIM card initiates the registration request or the call request.
  • the identifier authentication unit 202 of the device compares the acquired first user biometric information with the second user biometric information pre-existing on the network side, and if the authentication passes, allows the SIM card to access. Network; otherwise, access to the network/terminating call is not allowed, and the mobile terminal cannot communicate.
  • the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the mobile terminal is allowed to access the network, thereby restricting the user of the SIM card of the mobile terminal to avoid causing fraud by the criminals.
  • the user identity authentication system using the present invention can be lost in the mobile terminal, and the SIM card on the mobile terminal is In the case of being used on other terminals, the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby effectively avoiding the use of the lost mobile terminal by the criminals relative to the prior art. SIM card for information fraud.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods of various embodiments of the present invention.
  • the method and apparatus of the present application are applicable to the field of communications.
  • the first user biometric information is acquired by the mobile terminal; and the first user biometric information is determined to be the same as the second user biometric information pre-stored on the network side, and the access network is allowed.
  • the identity of the user of the mobile terminal user is authenticated and identified by the network side device to control whether the SIM card on the mobile terminal is allowed to be accessed by the network, thereby limiting the user of the SIM card of the mobile terminal to avoid being used by criminals.
  • the problem of fraud is a problem of fraud.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The present invention relates to the technical field of communications, and provides a user identity authentication method, apparatus and system thereof. The method comprises: after a network side receives a SIM registration request or call request initiated by a mobile terminal, acquiring a user's biological characteristic information from the mobile terminal; when the network side device determines that the first user biological characteristic information is the same as the second user biological characteristic information pre-stored in the network side, permitting accessing a network; otherwise, not permitting accessing a network or stopping calling. By means of the technical solution of the present invention, authentication and identification are performed on identity characteristics of a user of a mobile terminal by means of a network side device, to control whether a SIM card on a mobile terminal is allowed to access a network, so as to restrict a user of the SIM card of the mobile terminal, thus avoiding the problem of fraud caused by a lawbreaker.

Description

一种用户身份认证方法、装置及其系统User identity authentication method, device and system thereof
本申请基于申请号为CN 201510945824.0、申请日为2015年12月16日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。The present application is based on a Chinese patent application filed on Jan. 16, 2015, the entire disclosure of which is hereby incorporated by reference.
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种用户身份认证方法、装置及其系统。The present invention relates to the field of communications technologies, and in particular, to a user identity authentication method, apparatus, and system thereof.
背景技术Background technique
智能网(IN)是在现有电话网的基础上发展而来的,是指带有智能的电话网或综合业务数字网。它的网络智能配置于分布在全网中的若干个业务控制点中的计算机上,而由软件实现网络智能的控制,以提供更为灵活的智能控制功能。智能网(IN)是在通信网上快速、经济、方便、有效地生成和提供智能业务的网络体系结构。它是在原有通信网络的基础上为用户提供新业务而设置的附加网络结构,它的最大特点是将网络的交换功能与控制功能分开。由于在原有通信网络中采用智能网技术可向用户提供业务特性强、功能全面、灵活多变的移动新业务,具有很大市场需求,因此,智能网已逐步成为现代通信提供新业务的首选解决方案。The Intelligent Network (IN) is developed on the basis of the existing telephone network, and refers to a telephone network with intelligence or an integrated service digital network. Its network intelligence is deployed on computers distributed among several service control points in the whole network, and software intelligent control is implemented by software to provide more flexible intelligent control functions. Intelligent Network (IN) is a network architecture that generates and provides intelligent services quickly, economically, conveniently, and efficiently on a communication network. It is an additional network structure set up to provide users with new services on the basis of the original communication network. Its biggest feature is to separate the switching function of the network from the control function. Since the intelligent network technology in the original communication network can provide users with new mobile services with strong service characteristics, comprehensive functions and flexible changes, it has great market demand. Therefore, the intelligent network has gradually become the first choice for modern communication to provide new services. Program.
如今的移动电话由于其便携性,几乎人手一机;而移动电话中的SIM卡更是记录了手机使用者与之密切联系的所有人的通讯联系信息。因此,当手机丢失后,很容易被不法分子利用以使用丢失的手机号码来对丢失者手机中的联系人进行信息欺诈。虽然现有的移动终端自身已经具备一定的安全功能,比如开机锁键及密码设置来阻止非机主使用,但是移动终端中的SIM卡还是可以很容易的从移动终端上拆卸下并挪到其他移动终端上继续使用。Today's mobile phones are almost hand-held because of their portability; the SIM card in mobile phones records the contact information of all the people who are in close contact with the mobile phone users. Therefore, when the mobile phone is lost, it is easy for the criminals to use the lost mobile phone number to fraudulently use the information in the lost mobile phone. Although the existing mobile terminal itself has certain security functions, such as a boot lock button and a password setting to prevent the use of the non-operator, the SIM card in the mobile terminal can be easily removed from the mobile terminal and moved to other Continue to use on the mobile terminal.
发明内容Summary of the invention
本发明的目的是提供一种用户身份认证方法、装置及其系统,以克服相关技术中移动终端丢失,网络侧设备无法识别终端用户使用者的身份信息而导致被不法分子利用进行信息欺诈的问题。 An object of the present invention is to provide a user identity authentication method, apparatus, and system thereof, to overcome the problem that the mobile terminal is lost in the related art, and the network side device cannot identify the identity information of the terminal user, and the information is fraudulently exploited by the criminal.
一方面,本发明提供一种用户身份认证方法,包括:In one aspect, the present invention provides a user identity authentication method, including:
网络侧设备向移动终端获取第一用户生物特征信息;The network side device acquires first user biometric information from the mobile terminal;
所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。The network side device determines that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
其中,所述方法还包括,所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息不相同,则不允许接入网络。The method further includes that the network side device determines that the first user biometric information is different from the second user biometric information stored in advance on the network side, and is not allowed to access the network.
其中,所述网络侧设备向移动终端获取第一用户生物特征信息步骤之前包括:网络侧设备接收到移动终端发起的SIM注册请求或呼叫请求。The step of the network side device acquiring the first user biometric information from the mobile terminal includes: the network side device receiving the SIM registration request or the call request initiated by the mobile terminal.
其中,所述网络侧设备向移动终端获取第一用户的生物特征信息包括:The acquiring, by the network side device, the biometric information of the first user to the mobile terminal includes:
移动交互中心MSC/拜访位置寄存器VLR接收移动终端发送的SIM卡注册请求后,传递给归属位置寄存器HLR;The mobile interaction center MSC/visit location register VLR receives the SIM card registration request sent by the mobile terminal, and then passes it to the home location register HLR;
HLR向MSC/VLR返回SIM注册请求响应信息,所述响应信息携带SIM卡用户补充的业务信息;The HLR returns a SIM registration request response message to the MSC/VLR, where the response information carries service information supplemented by the SIM card user;
MSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP;The MSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the service control point SCP;
SCP指示MSC向移动终端采集用户的生物特征信息;The SCP instructs the MSC to collect biometric information of the user from the mobile terminal;
MSC接收移动终端采集的用户的生物特征信息,并传递给SCP。The MSC receives the biometric information of the user collected by the mobile terminal and transmits the biometric information to the SCP.
其中,所述SCP指示MSC向移动终端采集用户的生物特征信息之后还包括:MSC指示媒体网关MGW播放提示音,提示输入第一用户生物特征信息。After the SCP indicates that the MSC collects the biometric information of the user from the mobile terminal, the MSC further includes: the MSC instructs the media gateway MGW to play the prompt tone, and prompts to input the first user biometric information.
其中,所述网络侧设备向移动终端获取用户的生物特征信息包括:The acquiring, by the network side device, the biometric information of the user to the mobile terminal includes:
MSC/VLR接收移动终端发送的呼叫请求后,向移动网关交互中心GMSC发起被叫用户的路由查询请求;After receiving the call request sent by the mobile terminal, the MSC/VLR initiates a route query request of the called user to the mobile gateway interaction center GMSC;
GMSC向被叫HLR发起路由查询请求;The GMSC initiates a routing query request to the called HLR;
HLR向GMSC返回路由查询响应信息,所述响应信息携带SIM卡用户补充的业务信息;The HLR returns a route query response message to the GMSC, where the response information carries service information supplemented by the SIM card user;
GMSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到SCP;The GMSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the SCP;
SCP收到生物特征信息认证请求后,指示GMSC向移动终端采集用户的生物特征信息;After receiving the biometric information authentication request, the SCP instructs the GMSC to collect the biometric information of the user from the mobile terminal;
GMSC接收移动终端采集到的生物特征信息,并传递给SCP。 The GMSC receives the biometric information collected by the mobile terminal and transmits it to the SCP.
其中,所述SCP指示GMSC向移动终端采集用户的生物特征信息之后还包括:GMSC指示媒体网关MGW播放提示音,提示输入第一用户生物特征信息。After the SCP indicates that the GMSC collects the biometric information of the user from the mobile terminal, the GMSC further includes: the GMSC instructs the media gateway MGW to play a prompt tone, and prompts to input the first user biometric information.
其中所述生物特征信息为指纹或/和虹膜信息。Wherein the biometric information is fingerprint or/and iris information.
另一方面,本发明还提供一种用户身份认证装置,应用于网络侧,其中,该装置包括识别码获取单元以及识别码认证单元;In another aspect, the present invention further provides a user identity authentication apparatus, which is applied to a network side, where the apparatus includes an identifier acquisition unit and an identifier authentication unit;
所述识别码获取单元,用于向移动终端获取第一用户生物特征信息;The identifier acquiring unit is configured to acquire first user biometric information from the mobile terminal;
所述识别码认证单元,用于确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。The identifier authentication unit is configured to determine that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
其中,所述装置还包括响应反馈单元和判断指示单元;The device further includes a response feedback unit and a determination indication unit;
所述响应反馈单元,用于返回SIM注册请求或呼叫请求的响应信息,所述响应信息携带SIM卡用户补充的业务信息;The response feedback unit is configured to return response information of a SIM registration request or a call request, where the response information carries service information supplemented by a SIM card user;
判断指示单元,用于判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP,SCP收到生物特征信息认证请求后,指示MSC向移动终端采集用户的生物特征信息。The determining indication unit is configured to determine whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP, and after receiving the biometric information authentication request, the SCP instructs the MSC to collect the user from the mobile terminal. Biometric information.
其中,所述生物特征信息为指纹或/和虹膜信息。The biometric information is fingerprint or/and iris information.
再一方面,本发明还提供一种用户身份认证系统,所述系统包括移动终端以及与移动终端进行通讯交互的网络侧设备,所述网络侧设备包括上述的所述的用户身份认证装置。In a further aspect, the present invention further provides a user identity authentication system, the system comprising a mobile terminal and a network side device for communicating with the mobile terminal, the network side device comprising the user identity authentication device described above.
本发明至少具有以下有益效果:在本发明实施例提供的一种用户身份认证方法、装置及其系统中,通过向移动终端获取第一用户生物特征信息;确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络;如此通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制移动终端上的SIM卡是否允许被接入网络,从而对移动终端SIM卡的使用者进行限制,避免被不法分子利用进行欺诈的问题。The present invention has at least the following beneficial effects: in a user identity authentication method, apparatus, and system thereof provided by an embodiment of the present invention, the first user biometric information is obtained by acquiring the first user biometric information; If the second user biometric information stored in the network side is the same, the access to the network is allowed; thus, the network side device authenticates and identifies the identity feature of the mobile terminal user to control whether the SIM card on the mobile terminal is allowed to be accessed. The network thus limits the users of the mobile terminal SIM card to avoid the problem of fraud by the criminals.
使用本发明技术方案能在移动终端丢失,移动终端上的SIM卡被挪到其他终端上使用的情况下,进一步对当前手机使用者进行身份验证以确定是否让SIM卡接入网络进行通讯,从而,相对于现有技术能有效避免被不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。By using the technical solution of the present invention, if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the current mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, it is possible to effectively avoid the problem that the criminals use the SIM card on the lost mobile terminal for information fraud.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本发明。 The above general description and the following detailed description are intended to be illustrative and not restrictive.
附图说明DRAWINGS
图1为本发明提供的一种用户身份认证方法涉及的主要网元框图;1 is a block diagram of a main network element involved in a user identity authentication method according to the present invention;
图2为本发明实施例一提供的一种用户身份认证方法的流程图;2 is a flowchart of a user identity authentication method according to Embodiment 1 of the present invention;
图3为本发明实施例二提供的SIM卡注册时一种用户身份认证方法的信息交互图;3 is an information interaction diagram of a user identity authentication method when a SIM card is registered according to Embodiment 2 of the present invention;
图4为本发明实施例三提供的呼叫时一种用户身份认证方法的信息交互图;4 is an information interaction diagram of a user identity authentication method in a call according to Embodiment 3 of the present invention;
图5为本发明实施例四提供的一种用户身份认证装置的结构框图;FIG. 5 is a structural block diagram of a user identity authentication apparatus according to Embodiment 4 of the present invention; FIG.
图6为本发明实施例五提供的一种用户身份认证系统的结构框图。FIG. 6 is a structural block diagram of a user identity authentication system according to Embodiment 5 of the present invention.
具体实施方式detailed description
以下结合说明书附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明,并且在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互组合。The preferred embodiments of the present invention are described in conjunction with the accompanying drawings, and the preferred embodiments described herein are intended to illustrate and explain the invention, and not to limit the invention, and The embodiments and the features in the embodiments can be combined with each other.
本发明实施例提供一种用户身份认证方法及其系统,尤其适用于移动终端上,对移动终端的SIM卡的使用者进行认证限制识别。从而防止移动终端丢失时,移动终端上的SIM卡容易被挪到其他终端上使用而被不法分子利用进行信息欺诈的问题。本发明一种用户身份认证方法涉及的主要网元如图1所示。The embodiment of the invention provides a user identity authentication method and a system thereof, and is particularly applicable to a mobile terminal, and performs authentication restriction identification on a user of a SIM card of the mobile terminal. Therefore, when the mobile terminal is lost, the SIM card on the mobile terminal is easily moved to other terminals for use by the criminals for information fraud. A main network element involved in a user identity authentication method of the present invention is shown in FIG. 1.
实施例一Embodiment 1
请参阅图2,其为本发明一种用户身份认证方法实施例一流程图,包括以下步骤:Referring to FIG. 2, it is a flowchart of Embodiment 1 of a user identity authentication method according to the present invention, which includes the following steps:
S21、网络侧设备向移动终端获取第一用户生物特征信息。S21. The network side device acquires first user biometric information from the mobile terminal.
具体地,网络侧设备接收到移动终端发起的SIM注册请求或呼叫请求后,向移动终端获取第一用户生物特征信息。Specifically, after receiving the SIM registration request or the call request initiated by the mobile terminal, the network side device acquires the first user biometric information from the mobile terminal.
S22、所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。S22. The network side device determines that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
具体地,所述网络侧设备确定所述获取的第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息是否相同,如果不相同,则不允许接入网络或终止呼叫;如果相同,则允许接入网络或接通呼叫。Specifically, the network side device determines whether the acquired first user biometric information is the same as the second user biometric information stored in advance on the network side, and if not, does not allow access to the network or terminate the call; The same, allowing access to the network or connecting to the call.
本实施例中,所述第一用户生物特征信息为当前手机使用者根据移动终端提示要 求所输入的生物特征信息。In this embodiment, the first user biometric information is that the current mobile phone user prompts according to the mobile terminal. Find the biometric information entered.
所述第二用户生物特征信息为机主用户在营业厅购买SIM卡时,需要将该机主用户或者特定授权人员的生物特征信息保存在网络侧设备上的生物特征信息。The second user biometric information is biometric information that the owner user needs to save the biometric information of the main user or a specific authorized person on the network side device when the owner user purchases the SIM card in the business hall.
所述生物特征信息为指纹或/和虹膜信息。The biometric information is fingerprint or/and iris information.
本发明实施例通过向移动终端获取用户的生物特征信息;所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络;如此,通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制移动终端SIM卡是否允许被接入网络,从而对移动终端SIM卡的使用者进行限制,避免被不法分子利用进行信息欺诈的问题。The embodiment of the present invention obtains the biometric information of the user by using the mobile terminal, and the network side device determines that the biometric information of the first user is the same as the biometric information of the second user pre-stored on the network side, and then allows access to the network; In this way, the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the SIM card of the mobile terminal is allowed to be accessed by the network, thereby restricting the user of the SIM card of the mobile terminal from being used by the criminals to perform information. The problem of fraud.
使用本发明技术方案能在移动终端丢失,移动终端上的SIM卡被挪到其他终端上使用的情况下,进一步对当前手机使用者进行身份验证以确定是否让SIM卡接入网络进行通讯,从而,相对于现有技术能有效避免被不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。By using the technical solution of the present invention, if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the current mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, it is possible to effectively avoid the problem that the criminals use the SIM card on the lost mobile terminal for information fraud.
实施例二Embodiment 2
请参阅图3,为本发明实施例二提供的SIM卡注册时一种用户身份认证方法的信息交互图,本发明实施例提供的一种用户身份认证方法,应用在SIM卡注册请求时,具体包括以下步骤:FIG. 3 is an information interaction diagram of a user identity authentication method when a SIM card is registered according to Embodiment 2 of the present invention. The user identity authentication method provided by the embodiment of the present invention is applied to a SIM card registration request. Includes the following steps:
S31、移动终端检测到SIM卡插入后,向网络侧设备发起SIM卡注册请求。S31. After detecting that the SIM card is inserted, the mobile terminal initiates a SIM card registration request to the network side device.
S32、MSC(Mobile Switching Center移动交互中心)/VLR(Visitor Location Register拜访位置寄存器)接收移动终端发送的SIM卡注册请求后,传递SIM卡注册请求给HLR(Home Location Register归属位置寄存器)。S32. The MSC (Mobile Switching Center)/VLR (Visitor Location Register) receives the SIM card registration request sent by the mobile terminal, and then transmits the SIM card registration request to the HLR (Home Location Register).
S33、HLR向MSC/VLR返回SIM注册请求响应信息,所述响应信息携带SIM卡用户补充的业务信息;S33. The HLR returns a SIM registration request response message to the MSC/VLR, where the response information carries service information supplemented by the SIM card user.
具体地,该业务信息可以为客户签约的认证业务,比如可以是生物特征信息认证、呼叫转移等业务。Specifically, the service information may be an authentication service that the customer subscribes to, such as biometric information authentication, call forwarding, and the like.
S34、MSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP(业务控制点SCP,其为智能网的核心)。S34. The MSC determines whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP (the service control point SCP, which is the core of the intelligent network).
所述签约的认证业务为机主用户在营业厅购买SIM卡时,保存在网络侧的生物特征信息或者是签约认证的其它协议等业务。本实施例中,所述签约的生物特征信息 认证业务为用户保存在网络侧的指纹或/和虹膜信息。The contracted authentication service is a service in which the owner user saves the biometric information on the network side or other protocols of the contract authentication when the SIM card is purchased in the business hall. In this embodiment, the signed biometric information The authentication service stores fingerprints and/or iris information on the network side for the user.
S35、SCP收到生物特征信息认证请求后,判断用户是否有签约生物特征信息认证业务。若确定有签约生物特征信息认证业务,则SCP指示MSC,要求当前手机使用者输入生物特征信息。After receiving the biometric information authentication request, the SCP determines whether the user has the contracted biometric information authentication service. If it is determined that there is a contracted biometric information authentication service, the SCP instructs the MSC to request the current mobile phone user to input the biometric information.
本实施例中,所述生物特征信息为指纹或/和虹膜信息。In this embodiment, the biometric information is fingerprint or/and iris information.
所述要求输入的生物特征信息可以是当前手机使用者根据播音提示输入或者根据播放文字提示要求输入的生物特征信息。The biometric information required to be input may be biometric information input by the current mobile phone user according to the prompt of the broadcast prompt or input according to the prompt of the play text.
S36、MSC指示MGW(Media Gateway媒体网关)播放提示音,提示当前手机使用者输入第一用户生物特征信息。S36. The MSC instructs the MGW (Media Gateway Media Gateway) to play a prompt tone, and prompts the current mobile phone user to input the first user biometric information.
所述生物特征信息可以是指纹信息,也可以是虹膜信息,为了进一步增加使用者权限的安全系数,在另一实施例中,还可以同时要求输入指纹和虹膜验证信息。The biometric information may be fingerprint information or iris information. In order to further increase the security factor of the user authority, in another embodiment, the fingerprint and the iris verification information may be simultaneously requested.
S37、MSC接收移动终端采集的第一用户生物特征信息,并传递给SCP。S37. The MSC receives the first user biometric information collected by the mobile terminal, and transmits the information to the SCP.
S38、SCP接收到第一用户生物特征信息后,确认所述获取的第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息是否相同,如果不相同,则不允许接入网络或终止呼叫;如果相同,则允许接入网络或接通呼叫。After receiving the first user biometric information, the SCP and the SCP confirm whether the acquired first user biometric information is the same as the second user biometric information pre-stored on the network side. If not, the access network is not allowed. Or terminate the call; if the same, allow access to the network or call.
具体地,机主用户在营业厅购买SIM卡时,需要将该机主用户或者特定授权人员的生物特征信息保存在网络侧设备。当手机使用者使用具有该SIM卡的移动终端时,需要再次采集当前手机使用者的生物特征信息,移动终端将采集的生物特征信息传递给核心网设备,核心网设备对所述采集的第一用户生物特征信息进行认证,即若当前采集的第一用户生物特征信息与保存在网络侧设备的第二用户生物特征信息相同,则认证通过,允许SIM卡接入网络,指示MSC继续呼叫;否则,则不允许接入网络,指示MSC终止本次呼叫。Specifically, when the owner user purchases the SIM card in the business hall, the host user or the specific authorized personnel's biometric information needs to be saved in the network side device. When the mobile phone user uses the mobile terminal with the SIM card, the biometric information of the current mobile phone user needs to be collected again, and the mobile terminal transmits the collected biometric information to the core network device, and the core network device receives the first User biometric information is authenticated, that is, if the currently collected first user biometric information is the same as the second user biometric information stored in the network side device, the authentication is passed, allowing the SIM card to access the network, instructing the MSC to continue the call; otherwise , the access network is not allowed, indicating that the MSC terminates the call.
S39、指示SIM卡注册成功或失败。S39. Indicate that the SIM card registration is successful or failed.
本发明实施例通过在SIM卡注册时,采集当前移动终端使用者的第一用户生物特征信息,并将采集的第一用户生物特征信息传递给核心网设备,核心网设备将所述采集的第一用户生物特征信息与预存在网络侧设备的第二用户生物特征信息进行比较认证,若认证通过,则允许SIM卡接入网络,否则不允许接入网络/终止呼叫,移动终端不能进行通讯。本发明实施例通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制是否允许移动终端接入网络,从而对移动终端SIM卡的使用者进行限制,避免被不法分子利用进行欺诈的问题。 In the embodiment of the present invention, when the SIM card is registered, the first user biometric information of the current mobile terminal user is collected, and the collected first user biometric information is transmitted to the core network device, and the core network device selects the collected The user biometric information is compared with the second user biometric information of the pre-existing network side device. If the authentication is passed, the SIM card is allowed to access the network. Otherwise, the network is not allowed to access the network/terminating the call, and the mobile terminal cannot communicate. In the embodiment of the present invention, the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the mobile terminal is allowed to access the network, thereby restricting the user of the mobile terminal SIM card from being used by the criminals for fraud. problem.
使用本发明技术方案能在移动终端丢失,移动终端上的SIM卡被挪到其他终端上使用的情况下,进一步对手机使用者进行身份验证以确定是否让SIM卡接入网络进行通讯,从而,相对于现有技术能有效避免被不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。By using the technical solution of the present invention, if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, the problem of information fraud by a fraudulent use of a SIM card on a lost mobile terminal can be effectively avoided.
实施例三Embodiment 3
请参阅图4,其为本发明实施例三提供的呼叫时一种用户身份认证方法的信息交互图,本发明实施例提供的一种用户身份认证方法,应用在用户呼叫时,具体包括如下步骤:Referring to FIG. 4, which is an information interaction diagram of a user identity authentication method according to a third embodiment of the present invention, a user identity authentication method is provided in the following steps. :
S401、移动终端检测到SIM卡插入后发起呼叫请求。S401. The mobile terminal initiates a call request after detecting that the SIM card is inserted.
S402、MSC//VLR接收移动终端发送的呼叫请求后,向GMSC(Gateway Mobile Switching Center移动网关交互中心)发起被叫用户的路由查询请求。S402. After receiving the call request sent by the mobile terminal, the MSC//VLR initiates a route query request of the called user to the GMSC (Gateway Mobile Switching Center).
S403、GMSC向被叫HLR发起路由查询请求。S403. The GMSC initiates a route query request to the called HLR.
S404、HLR向GMSC返回路由查询响应信息,所述响应信息携带SIM卡用户补充的业务信息。S404. The HLR returns the routing query response information to the GMSC, where the response information carries the service information supplemented by the SIM card user.
S405、GMSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到控制点SCP。S405. The GMSC determines whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the control point SCP.
S406、SCP收到生物特征信息认证请求后,判断用户是否签约生物特征信息认证业务。若确定有签约生物特征信息认证业务,则SCP指示GMSC,要求手机使用者输入生物特征信息。After receiving the biometric information authentication request, the SCP determines whether the user subscribes to the biometric information authentication service. If it is determined that there is a contracted biometric information authentication service, the SCP instructs the GMSC to request the mobile phone user to input the biometric information.
本实施例中,所述生物特征信息为指纹或/和虹膜信息。In this embodiment, the biometric information is fingerprint or/and iris information.
所述要求输入生物特征信息可以是手机使用者根据播音提示输入或者根据播放文字提示要求输入。The requesting to input the biometric information may be input by the mobile phone user according to the prompt of the broadcast or according to the prompt of the play text.
S407、GMSC指示MGW(Media Gateway媒体网关)播放提示音,提示手机使用者输入第一用户生物特征信息。S407. The GMSC instructs the MGW (Media Gateway Media Gateway) to play a prompt tone, and prompts the mobile phone user to input the first user biometric information.
所述生物特征信息/第一用户生物特征信息可以是指纹信息,也可以是虹膜信息,为了进一步增加使用者权限的安全系数,在一实施例中,还可以同时要求输入指纹和虹膜验证信息。The biometric information/first user biometric information may be fingerprint information or iris information. In order to further increase the security factor of the user authority, in an embodiment, the fingerprint and the iris verification information may also be input at the same time.
S408、GMGW播放提示音,提示终端用户输入第一用户生物特征信息。S408: The GMGW plays a prompt tone, prompting the terminal user to input the first user biometric information.
S409、GMSC把第一用户生物特征信息返回传递给SCP。 S409. The GMSC returns the first user biometric information to the SCP.
S410、SCP收到第一用户生物特征认证信息后,和预先保存在网络侧的第二用户生物特征信息进行校验,如果比对判断与预先在网络侧的第二用户生物特征信息相同,则SCP指示MSC继续呼叫,如果比对判断与预先在网络侧的第二用户生物特征信息不相同,则SCP指示MSC终止本次呼叫。After receiving the first user biometric authentication information, the SCP and the second user biometric information pre-stored on the network side are verified. If the comparison is the same as the second user biometric information in the network side, The SCP instructs the MSC to continue the call. If the comparison is determined to be different from the second user biometric information previously on the network side, the SCP instructs the MSC to terminate the call.
本发明实施例通过在SIM卡注册时,采集第一用户生物特征信息,并将采集的第一用户生物特征信息传递给核心网设备,核心网设备将所述采集的第一用户生物特征信息与预存在网络侧设备的第二用户生物特征信息进行比较认证,若认证通过,则允许SIM卡接入网络,否则不允许接入网络,移动终端不能进行呼叫通讯。本发明通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制SIM卡是否允许被接入网络,从而对移动终端SIM卡的使用者进行限制,避免被不法分子利用进行欺诈的问题。When the SIM card is registered, the first user biometric information is collected, and the collected first user biometric information is transmitted to the core network device, and the core network device collects the collected first user biometric information and The second user biometric information pre-existing on the network side device is compared and authenticated. If the authentication is passed, the SIM card is allowed to access the network. Otherwise, the network is not allowed to access the network, and the mobile terminal cannot perform call communication. The invention authenticates the identity characteristics of the user of the mobile terminal user by using the network side device to control whether the SIM card is allowed to be accessed by the network, thereby restricting the user of the SIM card of the mobile terminal, and avoiding the problem of fraud by the criminals. .
使用本发明技术方案能在移动终端丢失,移动终端上的SIM卡被挪到其他终端上使用的情况下,进一步对手机使用者进行身份验证以确定是否让SIM卡接入网络进行通讯,从而,相对于现有技术能有效避免被不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。By using the technical solution of the present invention, if the mobile terminal is lost and the SIM card on the mobile terminal is moved to another terminal, the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby Compared with the prior art, the problem of information fraud by a fraudulent use of a SIM card on a lost mobile terminal can be effectively avoided.
实施例四Embodiment 4
请参阅图5,其为本发明一种用户身份认证装置的结构框图,所述装置应用于网络侧,包括识别码获取单元201以及识别码认证单元202。Please refer to FIG. 5 , which is a structural block diagram of a user identity authentication apparatus according to the present invention. The device is applied to the network side, and includes an identifier acquisition unit 201 and an identifier authentication unit 202 .
所述识别码获取单元201,用于向移动终端获取第一用户生物特征信息;The identifier acquisition unit 201 is configured to acquire first user biometric information from the mobile terminal;
具体地,所述识别码获取单元201在接收到移动终端发起的SIM注册请求或呼叫请求后,向移动终端获取第一用户生物特征信息。Specifically, after receiving the SIM registration request or the call request initiated by the mobile terminal, the identifier acquiring unit 201 acquires the first user biometric information from the mobile terminal.
所述识别码认证单元202,用于确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。The identifier authentication unit 202 is configured to determine that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
具体地,所述识别码认证单元202用于确认所述获取的第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息是否相同,如果不相同,则不允许接入网络或终止呼叫;如果相同,则允许接入网络或接通呼叫。Specifically, the identifier authentication unit 202 is configured to confirm whether the acquired first user biometric information is the same as the second user biometric information stored in the network side in advance, and if not, the access network or the network is not allowed. Terminate the call; if the same, allow access to the network or call.
在一实施例中,所述用户身份认证装置还包括响应反馈单元和判断指示单元。In an embodiment, the user identity authentication device further includes a response feedback unit and a determination indication unit.
所述响应反馈单元203,用于返回SIM注册请求或呼叫请求的响应信息,所述响应信息携带SIM卡用户补充的业务信息; The response feedback unit 203 is configured to return response information of a SIM registration request or a call request, where the response information carries service information supplemented by a SIM card user;
所述判断指示单元204,用于判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP,SCP收到生物特征信息认证请求后,指示MSC向移动终端采集用户的生物特征信息。The judgment instructing unit 204 is configured to determine whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP, and after receiving the biometric information authentication request, the SCP instructs the MSC to the mobile terminal. Collect biometric information of the user.
具体地,所述预先存储的第二用户生物特征信息为机主用户在营业厅购买SIM卡时,机主用户或者特定授权人士保存在网络侧设备的生物特征信息。Specifically, the pre-stored second user biometric information is biometric information stored by the owner user or a specific authorized person on the network side device when the owner user purchases the SIM card in the business hall.
具体地,所述生物特征信息可以是指纹信息,也可以是虹膜信息,为了进一步增加使用者权限的安全系数,在一实施例中,还可以同时要求输入指纹和虹膜验证信息。Specifically, the biometric information may be fingerprint information or iris information. In order to further increase the security factor of the user authority, in an embodiment, the fingerprint and the iris verification information may also be input at the same time.
本发明实施例提供的所述用户身份认证装置,通过识别码获取单元201向移动终端获取第一用户生物特征信息;并通过识别码认证单元202将所述获取的第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息进行对比判断是否相同,如果不相同,则不允许接入网络或终止呼叫;如果相同,则允许接入网络或接通呼叫。从而,相对于现有技术能通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制移动终端上的SIM卡是否被允许接入网络,从而对移动终端SIM卡的使用者进行限制,能有效避免移动终端丢失,不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。The user identity authentication apparatus provided by the embodiment of the present invention acquires the first user biometric information from the mobile terminal by the identifier acquisition unit 201; and the acquired first user biometric information and the advancement by the identifier authentication unit 202 The second user biometric information stored on the network side is compared to determine whether the comparison is the same. If not, the access network is not allowed to be terminated or the call is terminated; if the same, the access to the network or the call is allowed. Therefore, compared with the prior art, the identity of the user of the mobile terminal user can be authenticated and identified by the network side device to control whether the SIM card on the mobile terminal is allowed to access the network, thereby limiting the user of the SIM card of the mobile terminal. It can effectively avoid the loss of mobile terminals, and the criminals use the SIM card on the lost mobile terminal for information fraud.
实施例五Embodiment 5
请参阅图6,其为本发明一种用户身份认证系统的结构框图,包括移动终端10以及与移动终端进行通讯交互的网络侧设备20,所述网络侧设备20包括上述实施例四中的所述用户身份认证装置。所述用户身份认证装置的具体结构详见实施例四,在此不再赘述。Referring to FIG. 6 , it is a structural block diagram of a user identity authentication system, which includes a mobile terminal 10 and a network side device 20 that performs communication interaction with the mobile terminal. The network side device 20 includes the foregoing embodiment 4 The user identity authentication device. For details of the specific configuration of the user identity authentication device, refer to the fourth embodiment, and details are not described herein again.
本发明提供的用户身份认证系统通过在SIM卡发起注册请求或者呼叫请求时,通过控制移动终端获取第一用户生物特征信息,识别码获取单元201将获取的第一用户生物特征信息传递给核心网设备的识别码认证单元202,识别码认证单元202将所述获取的第一用户生物特征信息与预存在网络侧的第二用户生物特征信息进行比较认证,若认证通过,则允许SIM卡接入网络;否则,不允许接入网络/终止呼叫,移动终端不能进行通讯。本发明实施例通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制是否允许移动终端接入网络,从而对移动终端SIM卡的使用者进行限制,避免导致被不法分子利用进行欺诈的问题The user identity authentication system provided by the present invention transmits the acquired first user biometric information to the core network by controlling the mobile terminal to acquire the first user biometric information when the SIM card initiates the registration request or the call request. The identifier authentication unit 202 of the device compares the acquired first user biometric information with the second user biometric information pre-existing on the network side, and if the authentication passes, allows the SIM card to access. Network; otherwise, access to the network/terminating call is not allowed, and the mobile terminal cannot communicate. In the embodiment of the present invention, the network side device authenticates and identifies the identity feature of the user of the mobile terminal user to control whether the mobile terminal is allowed to access the network, thereby restricting the user of the SIM card of the mobile terminal to avoid causing fraud by the criminals. The problem
使用本发明所述用户身份认证系统能在移动终端丢失,移动终端上的SIM卡被 挪到其他终端上使用的情况下,进一步对手机使用者进行身份验证以确定是否让SIM卡接入网络进行通讯,从而,相对于现有技术能有效避免被不法分子利用丢失的移动终端上的SIM卡进行信息欺诈的问题。The user identity authentication system using the present invention can be lost in the mobile terminal, and the SIM card on the mobile terminal is In the case of being used on other terminals, the mobile phone user is further authenticated to determine whether to allow the SIM card to access the network for communication, thereby effectively avoiding the use of the lost mobile terminal by the criminals relative to the prior art. SIM card for information fraud.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is to be understood that the term "comprises", "comprising", or any other variants thereof, is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a series of elements includes those elements. It also includes other elements that are not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods of various embodiments of the present invention.
工业实用性Industrial applicability
本申请的方法和装置可应用于通信领域中。在本申请的方法和装置中,通过向移动终端获取第一用户生物特征信息;确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络;如此通过网络侧设备对移动终端用户使用者的身份特征进行认证识别来控制移动终端上的SIM卡是否允许被接入网络,从而对移动终端SIM卡的使用者进行限制,避免被不法分子利用进行欺诈的问题。The method and apparatus of the present application are applicable to the field of communications. In the method and apparatus of the present application, the first user biometric information is acquired by the mobile terminal; and the first user biometric information is determined to be the same as the second user biometric information pre-stored on the network side, and the access network is allowed. In this way, the identity of the user of the mobile terminal user is authenticated and identified by the network side device to control whether the SIM card on the mobile terminal is allowed to be accessed by the network, thereby limiting the user of the SIM card of the mobile terminal to avoid being used by criminals. The problem of fraud.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (12)

  1. 一种用户身份认证方法,其中,该方法包括:A user identity authentication method, wherein the method includes:
    网络侧设备向移动终端获取第一用户生物特征信息;The network side device acquires first user biometric information from the mobile terminal;
    所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。The network side device determines that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  2. 根据权利要求1所述的方法,其中,所述方法还包括,所述网络侧设备确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息不相同,则不允许接入网络。The method according to claim 1, wherein the method further comprises: the network side device determining that the first user biometric information is different from the second user biometric information pre-stored on the network side, and not allowing Access to the network.
  3. 根据权利要求1或2所述的方法,其中,所述网络侧设备向移动终端获取第一用户生物特征信息步骤之前包括:网络侧设备接收到移动终端发起的SIM注册请求或呼叫请求。The method according to claim 1 or 2, wherein the step of the network side device acquiring the first user biometric information from the mobile terminal comprises: the network side device receiving the SIM registration request or the call request initiated by the mobile terminal.
  4. 根据权利要求1或3所述的方法,其中,所述网络侧设备向移动终端获取第一用户生物特征信息包括:The method according to claim 1 or 3, wherein the acquiring, by the network side device, the first user biometric information to the mobile terminal comprises:
    移动交互中心MSC/拜访位置寄存器VLR接收移动终端发送的SIM卡注册请求后,传递给归属位置寄存器HLR;The mobile interaction center MSC/visit location register VLR receives the SIM card registration request sent by the mobile terminal, and then passes it to the home location register HLR;
    HLR向MSC/VLR返回SIM注册请求响应信息,所述响应信息携带SIM卡用户补充的业务信息;The HLR returns a SIM registration request response message to the MSC/VLR, where the response information carries service information supplemented by the SIM card user;
    MSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP;The MSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the service control point SCP;
    SCP指示MSC向移动终端采集用户的生物特征信息;The SCP instructs the MSC to collect biometric information of the user from the mobile terminal;
    MSC接收移动终端采集的用户的生物特征信息,并传递给SCP。The MSC receives the biometric information of the user collected by the mobile terminal and transmits the biometric information to the SCP.
  5. 根据权利要求4所述的方法,其中,所述SCP指示MSC向移动终端采集用户的生物特征信息步骤之后包括:MSC指示媒体网关MGW播放提示音,提示输入第一用户生物特征信息。The method according to claim 4, wherein the step of the SCP indicating that the MSC collects biometric information of the user from the mobile terminal comprises: the MSC instructing the media gateway MGW to play a prompt tone, prompting to input the first user biometric information.
  6. 根据权利要求1或3所述的方法,其中,所述网络侧设备向移动终端获取第 一用户生物特征信息包括:The method according to claim 1 or 3, wherein the network side device acquires the mobile terminal A user biometric information includes:
    MSC/VLR接收移动终端发送的呼叫请求后,向移动网关交互中心GMSC发起被叫用户的路由查询请求;After receiving the call request sent by the mobile terminal, the MSC/VLR initiates a route query request of the called user to the mobile gateway interaction center GMSC;
    GMSC向被叫HLR发起路由查询请求;The GMSC initiates a routing query request to the called HLR;
    HLR向GMSC返回路由查询响应信息,所述响应信息携带SIM卡用户补充的业务信息;The HLR returns a route query response message to the GMSC, where the response information carries service information supplemented by the SIM card user;
    GMSC判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到SCP;The GMSC determines whether the user subscribes to the biometric information authentication service, and if so, initiates the biometric information authentication request to the SCP;
    SCP收到生物特征信息认证请求后,指示GMSC向移动终端采集用户的生物特征信息;After receiving the biometric information authentication request, the SCP instructs the GMSC to collect the biometric information of the user from the mobile terminal;
    GMSC接收移动终端采集到的生物特征信息,并传递给SCP。The GMSC receives the biometric information collected by the mobile terminal and transmits it to the SCP.
  7. 根据权利要求6所述的方法,其中,所述SCP指示GMSC向移动终端采集用户的生物特征信息之后还包括:GMSC指示媒体网关MGW播放提示音,提示输入第一用户生物特征信息。The method of claim 6, wherein the SCP after the GMSC collects the biometric information of the user from the mobile terminal further comprises: the GMSC instructing the media gateway MGW to play the prompt tone, prompting to input the first user biometric information.
  8. 根据权利要求1-7中任一项所述的方法,其中,所述生物特征信息为指纹或/和虹膜信息。The method of any of claims 1-7, wherein the biometric information is fingerprint or/and iris information.
  9. 一种用户身份认证装置,应用于网络侧,其中,该装置包括识别码获取单元以及识别码认证单元;A user identity authentication device is applied to a network side, where the device includes an identifier acquisition unit and an identifier authentication unit;
    所述识别码获取单元,设置为向移动终端获取第一用户生物特征信息;The identifier acquiring unit is configured to acquire first user biometric information from the mobile terminal;
    所述识别码认证单元,设置为确定所述第一用户生物特征信息与预先存储在网络侧的第二用户生物特征信息相同,则允许接入网络。The identifier authentication unit is configured to determine that the first user biometric information is the same as the second user biometric information pre-stored on the network side, and then allows access to the network.
  10. 根据权利要求9所述的装置,其中,还包括响应反馈单元和判断指示单元;The apparatus according to claim 9, further comprising a response feedback unit and a determination indicating unit;
    所述响应反馈单元,设置为返回SIM注册请求或呼叫请求的响应信息,所述响应信息携带SIM卡用户补充的业务信息;The response feedback unit is configured to return a response information of the SIM registration request or the call request, where the response information carries service information supplemented by the SIM card user;
    判断指示单元,设置为判断用户是否签约生物特征信息认证业务,如果是,则发起生物特征信息认证请求到业务控制点SCP,SCP收到生物特征信息认证请求后, 指示MSC向移动终端采集用户的生物特征信息。The determining indication unit is configured to determine whether the user subscribes to the biometric information authentication service, and if yes, initiates the biometric information authentication request to the service control point SCP, and the SCP receives the biometric information authentication request, Instructing the MSC to collect biometric information of the user from the mobile terminal.
  11. 根据权利要求9或10所述的装置,其中,所述生物特征信息为指纹或/和虹膜信息。The apparatus according to claim 9 or 10, wherein the biometric information is fingerprint or/and iris information.
  12. 一种用户身份认证系统,该系统包括移动终端和网络侧设备,其中,所述网络侧设备包括权利要求9至11任意一项权利要求所述的用户身份认证装置。 A user identity authentication system, the system comprising a mobile terminal and a network side device, wherein the network side device comprises the user identity authentication device according to any one of claims 9 to 11.
PCT/CN2016/101699 2015-12-16 2016-10-10 User identity authentication method, apparatus and system thereof WO2017101571A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510945824.0 2015-12-16
CN201510945824.0A CN106888193A (en) 2015-12-16 2015-12-16 A kind of method for authenticating user identity, device and its system

Publications (1)

Publication Number Publication Date
WO2017101571A1 true WO2017101571A1 (en) 2017-06-22

Family

ID=59055686

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/101699 WO2017101571A1 (en) 2015-12-16 2016-10-10 User identity authentication method, apparatus and system thereof

Country Status (2)

Country Link
CN (1) CN106888193A (en)
WO (1) WO2017101571A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10993107B2 (en) 2019-03-01 2021-04-27 At&T Intellectual Property I, L.P. Multi-factor autonomous SIM lock
WO2021213671A1 (en) * 2020-04-24 2021-10-28 Telefonaktiebolaget Lm Ericsson (Publ) Technique for authenticating operators of wireless terminal devices

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111310517B (en) * 2018-12-11 2024-01-19 上海耕岩智能科技有限公司 Authentication method, device and system based on SIM card
CN115175108B (en) * 2022-05-05 2024-07-02 中国信息通信研究院 Communication method, electronic device and storage medium for cooperation of separate carrier and communication terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710863A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Interacting method for customer apparatus and network apparatus
CN101605328A (en) * 2009-05-25 2009-12-16 厦门敏讯信息技术股份有限公司 Communication system, terminal, SIM and machine-card authentication method
CN103096316A (en) * 2011-11-04 2013-05-08 中兴通讯股份有限公司 Terminal, network side equipment system and method for authenticating user identification card

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101370185A (en) * 2008-09-24 2009-02-18 华为技术有限公司 Supplementary service implementing method, communication system and server
JP5852870B2 (en) * 2011-12-09 2016-02-03 株式会社日立製作所 Biometric authentication system
CN104507086A (en) * 2014-12-02 2015-04-08 上海斐讯数据通信技术有限公司 Intelligent terminal for replacing solid SIM (Subscriber Identity Module) card with biological identity recognition and implementation method thereof
CN104935575A (en) * 2015-04-29 2015-09-23 努比亚技术有限公司 Login method, and authentication method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710863A (en) * 2004-06-16 2005-12-21 华为技术有限公司 Interacting method for customer apparatus and network apparatus
CN101605328A (en) * 2009-05-25 2009-12-16 厦门敏讯信息技术股份有限公司 Communication system, terminal, SIM and machine-card authentication method
CN103096316A (en) * 2011-11-04 2013-05-08 中兴通讯股份有限公司 Terminal, network side equipment system and method for authenticating user identification card

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10993107B2 (en) 2019-03-01 2021-04-27 At&T Intellectual Property I, L.P. Multi-factor autonomous SIM lock
US11558751B2 (en) 2019-03-01 2023-01-17 At&T Intellectual Property I, L.P. Multi-factor autonomous sim lock
US12081992B2 (en) 2019-03-01 2024-09-03 At&T Intellectual Property I, L.P. Multi-factor autonomous SIM lock
WO2021213671A1 (en) * 2020-04-24 2021-10-28 Telefonaktiebolaget Lm Ericsson (Publ) Technique for authenticating operators of wireless terminal devices

Also Published As

Publication number Publication date
CN106888193A (en) 2017-06-23

Similar Documents

Publication Publication Date Title
US10764743B1 (en) Providing a service with location-based authorization
US11736292B2 (en) Access token management method, terminal, and server
US10425818B2 (en) Enforcing service policies in embedded UICCs
JP5514200B2 (en) Improved biometric authentication and identification
US8474017B2 (en) Identity management and single sign-on in a heterogeneous composite service scenario
US11025595B2 (en) Secure and anonymous data sharing
CN107483416A (en) The method and device of authentication
WO2017101571A1 (en) User identity authentication method, apparatus and system thereof
US20050138394A1 (en) Biometric access control using a mobile telephone terminal
JP2006344007A (en) Portable terminal identification system
US20130109351A1 (en) Authentication system, authentication method and authentication server
CN106385397B (en) Method and device for access control and type configuration of network access equipment
KR100766020B1 (en) Mobile communication terminal, control method thereof, and method for controlling a mobile communication service
CN110546937B (en) System and method for routing data using biometrics in a software defined network
KR20090061550A (en) User management method and system based on identification information in femtocell
WO2018209623A1 (en) Systems, devices, and methods for performing verification of communications received from one or more computing devices
CN116777441A (en) Information verification method, device, equipment and computer readable storage medium
EP3840322A1 (en) Method to facilitate user authenticating in a wireless network
WO2012000285A1 (en) Method and system for restricting area mobility in evdo system
WO2018209621A1 (en) Systems, devices, and methods for managing communications of one or more computing devices
US20230145137A1 (en) Technique for authenticating operators of wireless terminal devices
WO2018209624A1 (en) Systems, devices, and methods for performing verification of communications received from one or more computing devices
KR101542099B1 (en) Method for SNS Account Registration and Access Authentication of WiFi
KR102204416B1 (en) Authentication service method based on voice
WO2018193469A1 (en) System and method of subscriber verification and restricted communication for a subscriber identity module (sim)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16874630

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16874630

Country of ref document: EP

Kind code of ref document: A1