WO2018076922A1 - 用于实现移动终端一卡多号同时在线的系统及方法 - Google Patents
用于实现移动终端一卡多号同时在线的系统及方法 Download PDFInfo
- Publication number
- WO2018076922A1 WO2018076922A1 PCT/CN2017/099423 CN2017099423W WO2018076922A1 WO 2018076922 A1 WO2018076922 A1 WO 2018076922A1 CN 2017099423 W CN2017099423 W CN 2017099423W WO 2018076922 A1 WO2018076922 A1 WO 2018076922A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile terminal
- card
- instruction
- authentication
- core network
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/16—Communication-related supplementary services, e.g. call-transfer or call-hold
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Definitions
- the present invention relates to the field of mobile communication technologies, and in particular, to a system and method for implementing simultaneous online access of a mobile terminal.
- One-card multi-number service is a value-added service for all user groups, which means that one user identity module SIM card corresponds to multiple numbers.
- the implementation of one card multi-number service is mainly by setting one number as the main number and the other as the sub-number. By setting the card number data of the main number to the standard file location, the network authentication is realized, and the use is required. For other numbers, set the other number as the primary number and perform network authentication to make it online. But in the same time, only one number can be implemented online.
- an object of the present invention is to provide a system and method for realizing a mobile terminal with one card and multiple numbers simultaneously, so as to realize simultaneous online connection of all card numbers of the SIM card.
- a system for realizing a mobile terminal with one card and multiple numbers simultaneously comprising a SIM card, a mobile terminal, and a background server accessing a carrier core network, wherein the SIM card communicates with the background server through the mobile terminal; the SIM card stores n international mobile subscriber identity IMSI, one IMSI corresponding to one MSISDN number, n ⁇ 1;
- the SIM card includes:
- a security module configured to store n sets of card number authentication data corresponding to the n IMSIs; each set of card number authentication data includes an IMSI card number identifier and an IMSI authentication data corresponding to the card number identifier;
- the mobile terminal is configured to send, by using a background server, a network access request of the n IMSIs of the SIM card to an operator core network;
- a card number identification database configured to store a one-to-one mapping relationship between n IMSIs and n card number identifiers of the SIM card;
- a data forwarding module configured to send a network access request of the n IMSIs of the SIM card sent by the mobile terminal to the operator core network, and receive n authentication requests returned by the carrier core network for the n network access requests And sending the authentication request processed by the data encapsulation module to the SIM card through the mobile terminal;
- a data encapsulating module configured to add a card number identifier of the IMSI corresponding to each authentication request to the authentication request, to obtain a processed authentication request;
- the mobile terminal is further configured to forward the processed authentication request sent by the background server to the SIM card;
- the security module After receiving the processed authentication request, the security module invokes the corresponding card number authentication data according to the card number identifier in each authentication request, processes each authentication request, and uses the mobile terminal and the background server to The carrier core network communicates to complete the authentication of each IMSI by the carrier core network.
- the data forwarding module is further configured to: after completing the authentication of each IMSI by the core network of the operator, receive the first instruction sent by the operator core network, and send the second instruction processed by the data encapsulating module to the mobile terminal.
- receive the first instruction sent by the operator core network receives the first instruction sent by the operator core network, and send the second instruction processed by the data encapsulating module to the mobile terminal.
- the data encapsulating module is further configured to: after receiving the first instruction, add the card number identifier of the IMSI corresponding to the channel to the first instruction according to the source channel of the first instruction, to obtain a second instruction;
- the SIM card After receiving the second instruction, the SIM card calls the corresponding card number data according to the card number identifier in the second instruction to process the instruction.
- the first instruction includes a call instruction or a short message instruction.
- the security module includes a secure element SE, an embedded secure element eSE, a trusted execution environment TEE module, or a host based card emulation HCE module.
- the security module communicates with the mobile terminal through a card slot;
- the card channel includes an OpenMobile interface, a Bluetooth interface, and a bearer-independent protocol.
- the present invention also provides a method for implementing simultaneous online access of a mobile terminal with a card number based on the above system, comprising the following steps:
- the mobile terminal sends a network access request of the n IMSIs of the SIM card to the carrier core network through the background server;
- the operator core network After receiving the network access request, the operator core network sends an authentication request for each network access request to the background server;
- the background server After receiving the authentication request, the background server adds the card number identifier of the IMSI corresponding to each authentication request to the authentication request, and sends the processed authentication request to the SIM card through the mobile terminal;
- the security module After receiving the processed authentication request, the security module invokes the corresponding card number authentication data according to the card number identifier in the processed authentication request, processes the authentication request, and passes the mobile terminal and the background server. Communicate with the carrier core network to complete the authentication of each IMSI.
- the method for realizing the simultaneous online access of the mobile terminal with one card and multiple numbers as described above, after completing the authentication of each IMSI further includes:
- the background server receives the first instruction sent by the operator core network, adds the card number identifier of the IMSI corresponding to the channel to the first instruction according to the source channel of the first instruction, obtains the second instruction, and sends the second instruction to the mobile terminal. ;
- the mobile terminal sends the second instruction to the SIM card, and the SIM card calls the corresponding card number data according to the card number identifier in the second instruction to process the instruction.
- the first instruction includes a call instruction or a short message instruction.
- the security module of the SIM card includes a secure element SE, an embedded secure element eSE, a trusted execution environment TEE module or a host-based card simulation HCE module.
- a method for implementing simultaneous online access of a mobile terminal with a card number the security module communicating with the mobile terminal through a card channel;
- the card channel includes an OpenMobile interface, a Bluetooth interface, and a bearer-independent protocol BIP interface or SPI interface.
- the invention has the beneficial effects that the system and the method provided by the invention realize the simultaneous online of one card and multiple numbers without adding additional equipment, and better meet the user's use requirements, and further, the system and the system The method realizes that when the SIM card receives the request information (first instruction) sent by the operator core network for any of its card numbers, the SIM card can call the corresponding card number data to process the information.
- FIG. 1 is a schematic structural diagram of a system for implementing simultaneous online access of a mobile terminal with a card number in a specific embodiment of the present invention
- FIG. 2 is a schematic diagram of data transmission for implementing parts of a system in which a mobile terminal has a plurality of cards simultaneously online in a specific embodiment of the present invention
- FIG. 3 is a flowchart of a method for implementing simultaneous online access of a mobile terminal with multiple cards in a specific embodiment of the present invention.
- FIG. 1 is a structural diagram of a system for implementing simultaneous online access of a mobile terminal with a card number in a specific embodiment of the present invention.
- the system includes a SIM card, a mobile terminal, and an access operator.
- the background server of the core network, the SIM card communicates with the background server through the mobile terminal.
- the SIM card stores n international mobile subscriber identity codes (IMSIs), and one IMSI corresponds to one MSISDN number, n ⁇ 1; correspondingly, the carrier core network also stores the SIMs. n sets of card number relationships of cards (one-to-one correspondence between n IMSIs and n MSISDN numbers).
- IMSIs international mobile subscriber identity codes
- MSISDN number MSISDN number
- the SIM card includes a security module, and the security module is configured to store n sets of card number authentication data corresponding to the n IMSI numbers of the SIM card; each set of card number authentication data includes an IMSI card number identifier and an IMSI corresponding to the card number identifier.
- Authentication data wherein the authentication data is commonly used authentication data when the existing SIM card is authenticated, including IMSI, Ki, and OPC (calculated by Ki and the operator root key OP);
- the authentication center of the carrier core network also stores n sets of authentication data corresponding to the n IMSIs of the SIM card.
- the mobile terminal is configured to send, by using a background server, a network access request of the n IMSIs of the SIM card to an operator core network;
- a card number identification database configured to store a one-to-one mapping relationship between n IMSIs and n card number identifiers of the SIM card;
- a data forwarding module configured to send a network access request of the n IMSIs of the SIM card sent by the mobile terminal to the operator core network, and receive n authentication requests returned by the carrier core network for the n network access requests And sending the authentication request processed by the data encapsulation module to the SIM card through the mobile terminal;
- a data encapsulating module configured to add a card number identifier of the IMSI corresponding to each authentication request to the authentication request, to obtain a processed authentication request;
- the mobile terminal is further configured to forward the processed authentication request sent by the background server to the SIM card;
- the security module After receiving the processed authentication request, the security module invokes the corresponding card number authentication data according to the card number identifier in each authentication request, processes each authentication request, and uses the mobile terminal and the background server to The carrier core network communicates to complete the authentication of each IMSI on the carrier's core network.
- the mobile terminal acquires the n IMSI numbers of the SIM card, and uses the background server to
- the operator core network sends a network access request of the n IMSI numbers of the SIM card, and after receiving the n network access requests, the core network returns a corresponding authentication request to the background server for each incoming network access request, due to
- the communication channel between the background server and the carrier core network is one-to-one correspondence, that is, one IMSI corresponds to a communication channel between the background server and the core network, and therefore, the background server receives the core network.
- the communication channel from which the authentication request is sent can know which IMSI the authentication request is for, and add the card number identifier of the IMSI to the authentication request, and the processed authentication is performed.
- the request is sent to the SIM card through the mobile terminal, so that the security module of the SIM card can call the corresponding card number authentication data according to the card number identifier in the processed authentication request, and then communicate with the operator core network through the mobile terminal and the background server. , complete the network authentication of each IMSI of the SIM card.
- the data forwarding module After completing the network access authentication of each IMSI of the SIM card, the data forwarding module receives the first instruction sent by the operator core network, and sends the second instruction processed by the data encapsulating module to the SIM by using the mobile terminal.
- the first instruction includes but is not limited to a call instruction or a short message instruction;
- the data encapsulating module is further configured to: after receiving the first instruction, add the card number identifier of the IMSI corresponding to the channel to the first instruction according to the source channel of the first instruction, to obtain a second instruction;
- the SIM card After receiving the second instruction, the SIM card calls the corresponding card number data according to the card number identifier in the second instruction to process the instruction.
- the security module of the SIM card communicates with the mobile terminal through the card channel, and the implementation manner of the card channel includes but is not limited to the OpenMobile interface, the Bluetooth interface, the bearer-independent protocol BIP interface, or the SPI interface.
- the security module includes a secure element SE, an embedded secure element eSE, a trusted execution environment TEE module, or a host based card emulation HCE module.
- the mobile terminal communicates with the background server through the Internet, and the background server is used to establish a connection with the operator core network (the network shown in FIG. 2) for the mobile terminal, and complete signaling transmission between the mobile terminal and the carrier core network.
- the communication interface between the backend server and the carrier core network includes but is not limited to an Iuh interface or an S1 interface.
- the form of the SIM card includes, but is not limited to, a commonly used mobile phone card, as long as it can be used to identify the identity of the user.
- a security chip SE may be directly used, which has n International Mobile Subscriber Identity (IMSI) that can uniquely identify the mobile subscriber (other identifiers may also be used), and the operator's core network stores an MSISDN number corresponding to each identifier name; the SIM card may also have no physical card. But the SIM card will be pre-wired when the mobile terminal is shipped. Installed as part of a mobile terminal.
- IMSI International Mobile Subscriber Identity
- the SIM card communicates with the operator core network through the mobile terminal and the background server, and encapsulates the authentication data sent by the core network through the background server.
- the background server sends the card number corresponding to the source channel of the instruction to the SIM card through the mobile terminal, and the SIM card identifies the card according to the card number. The card number data that needs to be called can be identified, and the processing of the instruction is completed.
- the present embodiment further provides a method for implementing simultaneous online access of a mobile terminal with multiple numbers of cards.
- the method mainly includes the following steps:
- Step S1 The mobile terminal sends a network access request of the n IMSIs of the SIM card to the carrier core network through the background server;
- Step S2 The background server sends the network access request to the operator core network, and receives the authentication request sent by the operator core network;
- Step S3 The background server adds the card number identifier to the authentication request, and sends the processed authentication request to the SIM card through the mobile terminal;
- Step S4 The SIM card invokes the corresponding card number authentication data according to the received card number identifier in the processed authentication request, processes the authentication request, communicates with the operator core network, and completes each IMSI. Authentication.
- the mobile terminal when the SIM card network authentication needs to be performed, the mobile terminal first acquires n IMSIs in the SIM card, and sends n IMSI network access requests to the background server, and the background server respectively sets n networks.
- the access request is sent to the carrier core network.
- the communication channels between the background server and the core network are one-to-one correspondence, that is, one IMSI has a communication channel between the dedicated core network and the background server, which is related to the prior art.
- the communication channels corresponding to the core network and each mobile terminal are unique.
- the carrier core network After receiving the n network access requests sent by the background server, the carrier core network returns an authentication request to the background server for each network access request, and the background server receives the request. After the authentication request returned by the core network, the card number identifier of the IMSI corresponding to the source communication channel of each authentication request is added to the authentication request, and the processed authentication request is sent to the SIM card through the mobile terminal, and the SIM card is sent.
- the security module invokes the corresponding card number authentication data according to the card number identifier in the processed authentication request, processes the authentication request, and processes and operates through the mobile terminal and the background server. The core network communication is completed, and the authentication of each IMSI is completed.
- the SIM card has two IMSIs, which are recorded as IMSI1 and IMSI2, and the card number identifiers of IMSI1 and IMSI2 are respectively recorded as 0001 and 0002, and the security module of the SIM card stores two sets of card number authentication data.
- the set includes the identifier 0001 and the authentication key k1 corresponding to the identifier, and the other set includes the identifier 0002 and the authentication key k2.
- the background server sends two network access requests for IMSI1 and IMSI2, and the background server sends the network access request of IMSI1 to the core network through channel A, and sends the network access request of IMSI2 to the core network through channel B, and the core network passes Channel A returns an authentication request, and an authentication request is returned through channel B.
- the background server adds the identifier 0001 to the authentication request received by channel A, and adds the identifier 0002 to the authentication request received by channel B, and Sending the two processed authentication requests to the SIM card through the mobile terminal, and the security module of the SIM card can respectively perform corresponding authentication data according to the identifiers in the two requests.
- ISMI is a network authentication.
- SIM card network access authentication In the prior art, the specific implementation manner of SIM card network access authentication is diverse. In practical applications, the authentication method can be selected according to actual needs.
- the MSISDN number corresponding to the IMSI through which the authentication is passed is in an online state, that is, the call or short message information sent by other user terminals through the core network can be received. That is, the method provided by the present invention further includes:
- Step S5 The background server receives the first instruction sent by the operator core network, adds the card number identifier of the IMSI corresponding to the channel to the first instruction according to the source channel of the first instruction, obtains the second instruction, and sends the second instruction.
- the background server receives the first instruction sent by the operator core network, adds the card number identifier of the IMSI corresponding to the channel to the first instruction according to the source channel of the first instruction, obtains the second instruction, and sends the second instruction.
- Step S6 The mobile terminal sends the second instruction to the SIM card, and the SIM card calls the corresponding card number data according to the card number identifier in the second instruction to process the instruction.
- the first instruction includes but is not limited to a call instruction or a short message instruction.
- the specific card number data to be called is determined by the type of the instruction.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
本发明公开了一种实现移动终端一卡多号同时在线的系统及方法,属于移动通信技术领域。该系统及方法中,SIM卡通过移动终端和接入运营商核心网的后台服务器与运营商核心网进行通信,后台服务器在接收到运营商核心网发送的鉴权请求后,会首先将IMSI的卡号标识添加到鉴权请求中再通过移动终端发送到SIM卡,以使SIM卡能够根据卡号标识调用正确的卡号鉴权数据来完成对其IMSI的入网鉴权。本发明所述的系统及方法,在无需增加额外设备的情况下,实现了一卡多号的同时在线,且保证了核心网下发的指令的正确传输与处理。
Description
本发明涉及移动通信技术领域,具体涉及一种用于实现移动终端一卡多号同时在线的系统及方法。
一卡多号业务时一种面向所有用户群的增值业务,是指一个用户身份识别模块SIM卡对应多个号码。在现有技术中,实现一卡多号业务主要是通过将一个号码设置为主号码,其它为副号码,通过将主号码的卡号数据放到标准文件位置上,实现其入网鉴权,需要使用其它号码时,在将其它号码设置为主号码,进行入网鉴权,以使其在线。但在同一个时间内,只能实现一个号码在线。
发明内容
针对现有技术中存在的缺陷,本发明的目的在于提供一种用于实现移动终端一卡多号同时在线的系统及方法,以实现SIM卡所有卡号的同时在线。
为实现上述目的,本发明采用的技术方案如下:
一种用于实现移动终端一卡多号同时在线的系统,包括SIM卡、移动终端以及接入运营商核心网的后台服务器,SIM卡通过移动终端与后台服务器通信;所述SIM卡中存储有n个国际移动用户识别码IMSI,一个IMSI对应一个MSISDN号,n≥1;
所述SIM卡包括:
安全模块,用于存储与所述n个IMSI相对应的n套卡号鉴权数据;每套卡号鉴权数据包括一个IMSI的卡号标识和卡号标识对应的IMSI的鉴权数据;
所述移动终端,用于通过后台服务器向运营商核心网发送所述SIM卡的n个IMSI的网络接入请求;
所述后台服务器包括:
卡号标识数据库,用于存储SIM卡的n个IMSI与n个卡号标识的一一映射关系;
数据转发模块,用于将所述移动终端发送的SIM卡的n个IMSI的网络接入请求发送到运营商核心网,接收运营商核心网针对n个网络接入请求返回的n个鉴权请求,并将数据封装模块处理后的鉴权请求通过移动终端发送到SIM卡;
数据封装模块,用于将每个鉴权请求所对应的IMSI的卡号标识添加到鉴权请求中,得到处理后的鉴权请求;
所述移动终端还用于将后台服务器发送的所述处理后的鉴权请求转发到SIM卡;
SIM卡接收到所述处理后的鉴权请求后,其安全模块根据每个鉴权请求中的卡号标识调用对应的卡号鉴权数据,处理每个鉴权请求,并通过移动终端和后台服务器与运营商核心网通信,以完成运营商核心网对每个IMSI的鉴权。
进一步,如上所述的用于实现移动终端一卡多号同时在线的系统,
所述数据转发模块,还用在完成运营商上核心网对每个IMSI的鉴权后,接收运营商核心网发送的第一指令,并将数据封装模块处理后的第二指令通过移动终端发送到SIM卡;
所述数据封装模块,还用于在接收到第一指令后,根据第一指令的来源通道将该通道对应的IMSI的卡号标识添加到第一指令中,得到第二指令;
SIM卡在接收到所述第二指令后,根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的系统,所述第一指令包括通话指令或短信指令。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的系统,
所述安全模块包括安全元件SE、嵌入式安全元件eSE、可信执行环境TEE模块或基于主机的卡模拟HCE模块。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的系统,所述安全模块通过机卡通道与移动终端通信;所述机卡通道包括OpenMobile接口、蓝牙接口、承载无关协议BIP接口或SPI接口。
本发明还提供了基于上述系统的一种用于实现移动终端一卡多号同时在线的方法,包括以下步骤:
移动终端通过后台服务器向运营商核心网发送SIM卡的n个IMSI的网络接入请求;
运营商核心网接收到所述网络接入请求后,将针对每一个网络接入请求的鉴权请求发送到后台服务器;
后台服务器接收到所述鉴权请求后,将每个鉴权请求所对应的IMSI的卡号标识添加到鉴权请求中,并将处理后的鉴权请求通过移动终端发送到SIM卡;
SIM卡接收到所述处理后的鉴权请求后,其安全模块根据处理后的鉴权请求中的卡号标识调用对应的卡号鉴权数据,对鉴权请求进行处理,并通过移动终端和后台服务器与运营商核心网通信,完成对每个IMSI的鉴权。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的方法,在完成对每个IMSI的鉴权后,还包括:
后台服务器接收运营商核心网发送的第一指令,根据第一指令的来源通道将通道所对应的IMSI的卡号标识添加到第一指令中,得到第二指令,并将第二指令发送到移动终端;
移动终端将所述第二指令发送SIM卡,SIM卡根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的方法,所述第一指令包括通话指令或短信指令。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的方法,SIM卡的安全模块包括安全元件SE、嵌入式安全元件eSE、可信执行环境TEE模块或基于主机的卡模拟HCE模块。
进一步,如上所述的一种用于实现移动终端一卡多号同时在线的方法,所述安全模块通过机卡通道与移动终端通信;所述机卡通道包括OpenMobile接口、蓝牙接口、承载无关协议BIP接口或SPI接口。
本发明的有益效果在于:本发明所提供的系统及方法,在无需增加额外设备的情况下,实现了一卡多号的同时在线,更好的满足了用户的使用需求,此外,该系统及方法实现了SIM卡在接收到运营商核心网针对其任意卡号发送的请求信息(第一指令)时,都能够调用对应的卡号数据进行信息的处理。
图1为本发明具体实施方式中用于实现移动终端一卡多号同时在线的系统的架构示意图;
图2为本发明具体实施方式中用于实现移动终端一卡多号同时在线的系统的各部分的数据传输示意图;
图3为本发明具体实施方式中用于实现移动终端一卡多号同时在线的方法的流程图。
下面结合说明书附图与具体实施方式对本发明做进一步的详细说明。
图1示出了本发明具体实施方式中一种用于实现移动终端一卡多号同时在线的系统的架构图,由图中可以看出,该系统包括SIM卡、移动终端以及接入运营商核心网的后台服务器,SIM卡通过移动终端与后台服务器通信。
本实施方式中,所述SIM卡中存储有n个国际移动用户识别码IMSI,一个IMSI对应一个MSISDN号,n≥1;相应的,运营商核心网也存储有所述SIM
卡的n套卡号关系(n个IMSI与n个MSISDN号的一一对应关系)。
所述SIM卡包括安全模块,安全模块用于存储与SIM卡的n个IMSI号相对应的n套卡号鉴权数据;每套卡号鉴权数据包括一个IMSI的卡号标识和该卡号标识对应的IMSI的鉴权数据,其中,鉴权数据即现有SIM卡鉴权时的常用鉴权数据,包括IMSI、Ki和OPC(由Ki和运营商根密钥OP经过计算得来的)等;同样的,运营商核心网的鉴权中心也存储有所述SIM卡的n个IMSI对应的n套鉴权数据。
所述移动终端,用于通过后台服务器向运营商核心网发送所述SIM卡的n个IMSI的网络接入请求;
所述后台服务器包括:
卡号标识数据库,用于存储SIM卡的n个IMSI与n个卡号标识的一一映射关系;
数据转发模块,用于将所述移动终端发送的SIM卡的n个IMSI的网络接入请求发送到运营商核心网,接收运营商核心网针对n个网络接入请求返回的n个鉴权请求,并将数据封装模块处理后的鉴权请求通过移动终端发送到SIM卡;
数据封装模块,用于将每个鉴权请求所对应的IMSI的卡号标识添加到鉴权请求中,得到处理后的鉴权请求;
所述移动终端还用于将后台服务器发送的所述处理后的鉴权请求转发到SIM卡;
SIM卡接收到所述处理后的鉴权请求后,其安全模块根据每个鉴权请求中的卡号标识调用对应的卡号鉴权数据,处理每个鉴权请求,并通过移动终端和后台服务器与运营商核心网通信,以完成运营商上核心网对每个IMSI的鉴权。
本实施方式中,在需要对SIM卡进行鉴权的时机(如用户首次接入网络、开机等时刻),移动终端会获取SIM卡的中n个IMSI号,通过后台服务器向
运营商核心网发送SIM卡的n个IMSI号的网络接入请求,核心网接收到n个网络接入请求后,针对每个入网接入请求,向后台服务器返回一个对应的鉴权请求,由于对于每一个IMSI而言,后台服务器与运营商核心网之间的通信通道是一一对应的,即一个IMSI对应一个后台服务器与核心网之间的通信通道,因此,后台服务器在接收到核心网发送的鉴权请求时,可以根据鉴权请求的所来自的通信通道知道该鉴权请求是针对哪一个IMSI的,并将该IMSI的卡号标识添加到鉴权请求中,将处理后的鉴权请求再通过移动终端发送到SIM卡,从而SIM卡的安全模块可以根据处理后的鉴权请求中的卡号标识调用对应的卡号鉴权数据,再通过移动终端和后台服务器与运营商核心网进行通信,完成对SIM卡的每个IMSI的入网鉴权。
在完成对所述SIM卡的每个IMSI的入网鉴权后,所述数据转发模块接收运营商核心网发送的第一指令,并将数据封装模块处理后的第二指令通过移动终端发送到SIM卡;其中,第一指令包括但不限于通话指令或短信指令等;
所述数据封装模块,还用于在接收到第一指令后,根据第一指令的来源通道将该通道对应的IMSI的卡号标识添加到第一指令中,得到第二指令;
SIM卡在接收到所述第二指令后,根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
如图2所示,本实施方式中,SIM卡的安全模块通过机卡通道与移动终端通信,机卡通道的实现方式包括但不限于OpenMobile接口、蓝牙接口、承载无关协议BIP接口或SPI接口等。所述安全模块包括安全元件SE、嵌入式安全元件eSE、可信执行环境TEE模块或基于主机的卡模拟HCE模块等。
移动终端通过Internet与后台服务器通信,后台服务器用于为移动终端建立与运营商核心网(图2中所示的网络)的连接,完成移动终端与运营商核心网之间的信令传输。后台服务器与运营商核心网之间的通信接口包括但不限于Iuh接口或S1接口。
需要说明的是,本实施方式中,所述SIM卡的形式包括但不限于常用的手机卡,只要是能够用于标识用户身份的模块均可,例如,可以直接采用一安全芯片SE,其具有n个能够唯一标识移动用户的国际移动用户识别码ISMI(也可以采用其他标识名称),运营商核心网中存储有与每个标识名称对应的MSISDN号;所述SIM卡也可以无实体卡,而是移动终端出厂时SIM卡会被预
装,作为移动终端的一部分。
本发明所提供的用于实现移动终端一卡多号同时在线的系统,SIM卡通过移动终端和后台服务器与运营商核心网进行通信,通过后台服务器对核心网下发的鉴权数据进行封装处理,以使SIM卡能够知道核心网所下发的是针对其哪个IMSI的鉴权数据,从而可以调用对应的卡号鉴权数据依次完成其对应的多个IMSI的入网鉴权,实现多个卡号同时在线。在后续通信过程中,后台服务器在接收到运营商核心网需要发送到SIM卡的指令时,通过将指令的来源信道对应的卡号标识一并通过移动终端发送到SIM卡,SIM卡根据卡号标识便可以识别出需要调用的卡号数据,完成指令的处理。
基于图1中所示的系统,本实施方式中还提供了一种用于实现移动终端一卡多号同时在线的方法,如图3所示,该方法主要包括以下步骤:
步骤S1:移动终端通过后台服务器向运营商核心网发送SIM卡的n个IMSI的网络接入请求;
步骤S2:后台服务器将网络接入请求发送到运营商核心网,并接收运营商核心网发送的鉴权请求;
步骤S3:后台服务器将卡号标识添加到鉴权请求中,并将处理后的鉴权请求通过移动终端发送到SIM卡;
步骤S4:SIM卡根据接收到的所述处理后的鉴权请求中的卡号标识调用对应的卡号鉴权数据,对鉴权请求进行处理,与运营商核心网通信,完成对其每个IMSI的鉴权。
本实施方式中,在需要进行SIM卡入网鉴权的时机,移动终端首先获取SIM卡中的n个IMSI,并向后台服务器发送n个IMSI的网络接入请求,由后台服务器分别将n个网络接入请求发送到运营商核心网。
需要说明的是,对于每一个IMSI,后台服务器与核心网之间的通信通道都是一一对应的,即一个IMSI有一个专门的核心网与后台服务器之间的通信通道,这与现有技术中,多个用户移动终端进行其SIM卡的入网鉴权时,核心网与每个移动终端对应的通信通道都是唯一的。
运营商核心网接收到后台服务器发送来的n个网络接入请求后,针对每一个网络接入请求,都向后台服务器返回一个鉴权请求,后台服务器接收到
核心网返回的鉴权请求后,将每个鉴权请求的来源通信通道对应的IMSI的卡号标识添加到鉴权请求中,并将处理后的鉴权请求通过移动终端发送到SIM卡,SIM卡接收到所述处理后的鉴权请求后,其安全模块根据处理后的鉴权请求中的卡号标识调用对应的卡号鉴权数据,对鉴权请求进行处理,并通过移动终端和后台服务器与运营商核心网通信,完成对每个IMSI的鉴权。
在实际应用中,假设所述SIM卡中具有两个IMSI,记为IMSI1和IMSI2,IMSI1和IMSI2的卡号标识分别记为0001和0002,SIM卡的安全模块则存储了两套卡号鉴权数据,一套中包含标识0001和该标识对应的鉴权键k1,另一套包含标识0002和鉴权键k2,在移动终端开机时,移动终端首先与SIM卡通信,获取IMSI1和IMSI2,并发送到后台服务器发送针对IMSI1和IMSI2的两个网络接入请求,后台服务器通过通道A将IMSI1的网络接入请求发送到核心网,通过通道B将IMSI2的网络接入请求发送到核心网,核心网通过通道A返回一个鉴权请求,通过通道B返回一个鉴权请求,后台服务器将标识0001添加到通道A接收到的鉴权请求中,将标识0002添加到通道B接收到的鉴权请求中,并将两个处理后的鉴权请求通过移动终端发送给SIM卡,SIM卡的安全模块便可以根据两个请求中的标识分别调用对应的鉴权数据完成两个ISMI的入网鉴权。
现有技术中SIM卡入网鉴权的具体实现方式是多样的,实际应用中,可以根据实际需要选择鉴权方法。
完成对SIM卡的每个IMSI的入网鉴权后,鉴权通过的IMSI所对应的MSISDN号便都处于在线状态,即可以接收其它用户终端通过核心网发送来的通话或短信信息等。即本发明所提供的方法还包括:
步骤S5:后台服务器接收运营商核心网发送的第一指令,根据第一指令的来源通道将通道所对应的IMSI的卡号标识添加到第一指令中,得到第二指令,并将第二指令发送到移动终端;
步骤S6:移动终端将所述第二指令发送SIM卡,SIM卡根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
其中,所述第一指令包括但不限于通话指令或短信指令等。SIM卡接收到第二指令后,具体需要调用哪些卡号数据是由指令的类型决定的。
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其同等技术的范围之内,则本发明也意图包含这些改动和变型在内。
Claims (10)
- 一种用于实现移动终端一卡多号同时在线的系统,其特征在于:包括SIM卡、移动终端以及接入运营商核心网的后台服务器,SIM卡通过移动终端与后台服务器通信;所述SIM卡中存储有n个国际移动用户识别码IMSI,一个IMSI对应一个MSISDN号,n≥1;所述SIM卡包括:安全模块,用于存储与所述n个IMSI相对应的n套卡号鉴权数据;每套卡号鉴权数据包括一个IMSI的卡号标识和该卡号标识对应的IMSI的鉴权数据;所述移动终端,用于通过后台服务器向运营商核心网发送所述SIM卡的n个IMSI的网络接入请求;所述后台服务器包括:卡号标识数据库,用于存储SIM卡的n个IMSI与n个卡号标识的一一映射关系;数据转发模块,用于将所述移动终端发送的SIM卡的n个IMSI的网络接入请求发送到运营商核心网,接收运营商核心网针对n个网络接入请求返回的n个鉴权请求,并将数据封装模块处理后的鉴权请求通过移动终端发送到SIM卡;数据封装模块,用于将每个鉴权请求所对应的IMSI的卡号标识添加到鉴权请求中,得到处理后的鉴权请求;所述移动终端还用于将后台服务器发送的所述处理后的鉴权请求转发到SIM卡;SIM卡接收到所述处理后的鉴权请求后,其安全模块根据每个鉴权请求中的卡号标识调用对应的卡号鉴权数据,处理每个鉴权请求,并通过移动终端和后台服务器与运营商核心网通信,以完成运营商核心网对每个IMSI的鉴权。
- 根据权利要求1所述的用于实现移动终端一卡多号同时在线的系统,其特征在于:所述数据转发模块,还用在完成运营商上核心网对每个IMSI的鉴权后,接收运营商核心网发送的第一指令,并将数据封装模块处理后的第二指令通过移动终端发送到SIM卡;所述数据封装模块,还用于在接收到第一指令后,根据第一指令的来源通道将该通道对应的IMSI的卡号标识添加到第一指令中,得到第二指令;SIM卡在接收到所述第二指令后,根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
- 根据权利要求2所述的一种用于实现移动终端一卡多号同时在线的系统,其特征在于:所述第一指令包括通话指令或短信指令。
- 根据权利要求1至3之一所述的一种用于实现移动终端一卡多号同时在线的系统,其特征在于:所述安全模块包括安全元件SE、嵌入式安全元件eSE、可信执行环境TEE模块或基于主机的卡模拟HCE模块。
- 根据权利要求4所述的一种用于实现移动终端一卡多号同时在线的系统,其特征在于:所述安全模块通过机卡通道与移动终端通信;所述机卡通道包括OpenMobile接口、蓝牙接口、承载无关协议BIP接口或SPI接口。
- 一种用于实现移动终端一卡多号同时在线的方法,包括以下步骤:移动终端通过后台服务器向运营商核心网发送SIM卡的n个IMSI的网络接入请求;运营商核心网接收到所述网络接入请求后,将针对每一个网络接入请求的鉴权请求发送到后台服务器;后台服务器接收到所述鉴权请求后,将每个鉴权请求所对应的IMSI的卡号标识添加到鉴权请求中,并将处理后的鉴权请求通过移动终端发送到SIM卡;SIM卡接收到所述处理后的鉴权请求后,其安全模块根据处理后的鉴权 请求中的卡号标识调用对应的卡号鉴权数据,对鉴权请求进行处理,并通过移动终端和后台服务器与运营商核心网通信,完成对每个IMSI的鉴权。
- 根据权利要求6所述的一种用于实现移动终端一卡多号同时在线的方法,其特征在于:在完成对每个IMSI的鉴权后,还包括:后台服务器接收运营商核心网发送的第一指令,根据第一指令的来源通道将通道所对应的IMSI的卡号标识添加到第一指令中,得到第二指令,并将第二指令发送到移动终端;移动终端将所述第二指令发送SIM卡,SIM卡根据第二指令中的卡号标识调用对应的卡号数据处理该指令。
- 根据权利要求7所述的一种用于实现移动终端一卡多号同时在线的方法,其特征在于:所述第一指令包括通话指令或短信指令。
- 根据权利要求6至8之一所述的一种用于实现移动终端一卡多号同时在线的方法,其特征在于:SIM卡的安全模块包括安全元件SE、嵌入式安全元件eSE、可信执行环境TEE模块或基于主机的卡模拟HCE模块。
- 根据权利要求9所述的一种用于实现移动终端一卡多号同时在线的方法,其特征在于:所述安全模块通过机卡通道与移动终端通信;所述机卡通道包括OpenMobile接口、蓝牙接口、承载无关协议BIP接口或SPI接口。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610937546.9 | 2016-10-24 | ||
CN201610937546.9A CN106535148B (zh) | 2016-10-24 | 2016-10-24 | 用于实现移动终端一卡多号同时在线的系统及方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018076922A1 true WO2018076922A1 (zh) | 2018-05-03 |
Family
ID=58293281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/099423 WO2018076922A1 (zh) | 2016-10-24 | 2017-08-29 | 用于实现移动终端一卡多号同时在线的系统及方法 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106535148B (zh) |
WO (1) | WO2018076922A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113329403A (zh) * | 2021-05-24 | 2021-08-31 | 爱讯智联科技(北京)有限公司 | 一种一号多终端鉴权入网方法及系统 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106535148B (zh) * | 2016-10-24 | 2021-09-07 | 北京握奇智能科技有限公司 | 用于实现移动终端一卡多号同时在线的系统及方法 |
CN108990058B (zh) * | 2017-05-31 | 2021-02-09 | 北京华弘集成电路设计有限责任公司 | 软sim和嵌入式安全单元 |
CN116318216A (zh) * | 2023-03-17 | 2023-06-23 | 深圳市中巨伟业信息科技有限公司 | 电子装置及其数据处理方法 |
CN116980878B (zh) * | 2023-09-22 | 2024-02-02 | 紫光同芯微电子有限公司 | 入网通信方法、终端、存储介质和智能卡 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014387A (zh) * | 2009-09-07 | 2011-04-13 | 展讯通信(上海)有限公司 | 无线终端及其注册和鉴权方法 |
CN102821380A (zh) * | 2012-08-01 | 2012-12-12 | 惠州Tcl移动通信有限公司 | 用于实现移动终端一卡多号的方法及移动终端 |
CN103974252A (zh) * | 2014-04-21 | 2014-08-06 | 捷德(中国)信息科技有限公司 | 鉴权设备及其使用方法、装置 |
CN106535148A (zh) * | 2016-10-24 | 2017-03-22 | 北京握奇智能科技有限公司 | 用于实现移动终端一卡多号同时在线的系统及方法 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101790157B (zh) * | 2009-01-23 | 2015-07-29 | 华为技术有限公司 | 实现一卡多号业务的方法及设备 |
CN101959182B (zh) * | 2010-09-19 | 2013-01-09 | 宇龙计算机通信科技(深圳)有限公司 | 实现移动终端的一号多卡的方法和系统 |
GB2491889A (en) * | 2011-06-17 | 2012-12-19 | Sony Corp | Trial period cellular network connection with identity modules of multiple devices loaded with multiple identities from a shared pool |
-
2016
- 2016-10-24 CN CN201610937546.9A patent/CN106535148B/zh active Active
-
2017
- 2017-08-29 WO PCT/CN2017/099423 patent/WO2018076922A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014387A (zh) * | 2009-09-07 | 2011-04-13 | 展讯通信(上海)有限公司 | 无线终端及其注册和鉴权方法 |
CN102821380A (zh) * | 2012-08-01 | 2012-12-12 | 惠州Tcl移动通信有限公司 | 用于实现移动终端一卡多号的方法及移动终端 |
CN103974252A (zh) * | 2014-04-21 | 2014-08-06 | 捷德(中国)信息科技有限公司 | 鉴权设备及其使用方法、装置 |
CN106535148A (zh) * | 2016-10-24 | 2017-03-22 | 北京握奇智能科技有限公司 | 用于实现移动终端一卡多号同时在线的系统及方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113329403A (zh) * | 2021-05-24 | 2021-08-31 | 爱讯智联科技(北京)有限公司 | 一种一号多终端鉴权入网方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN106535148A (zh) | 2017-03-22 |
CN106535148B (zh) | 2021-09-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018076922A1 (zh) | 用于实现移动终端一卡多号同时在线的系统及方法 | |
CN108476399B (zh) | 用于在通信系统中发送和接收简档的方法和装置 | |
US11778458B2 (en) | Network access authentication method and device | |
US11039299B2 (en) | ESIM card activation method, wireless router, and user terminal | |
US11989543B2 (en) | Method for interoperating between bundle download process and eSIM profile download process by SSP terminal | |
CN106717042B (zh) | 用于将订阅配置文件提供到移动终端设备上的方法和装置 | |
WO2016161832A1 (zh) | 一种通过托管sim卡实现移动通信的系统及相应的方法 | |
EP3433994A1 (en) | Methods and apparatus for sim-based authentication of non-sim devices | |
KR20160143333A (ko) | 이중 채널을 이용한 이중 인증 방법 | |
KR20190117302A (ko) | eUICC 버전을 협상하는 방법 및 장치 | |
US10136283B2 (en) | Methods for providing a response to a command requesting the execution of a proactive command | |
CN106134165B (zh) | 工作环境设定系统、便携式终端以及中继装置 | |
CN114025349A (zh) | 网络服务方法、装置、系统和存储介质 | |
US11064344B2 (en) | Physical address-based communication method, mobile terminal and communication database | |
CN103108316A (zh) | 空中写卡认证方法、装置和系统 | |
CN110677843A (zh) | 一种基于区块链的虚拟sim卡的应用方法及装置 | |
CN107277935B (zh) | 蓝牙通信方法、装置及其应用系统和设备 | |
KR102658615B1 (ko) | SSP 단말의 번들 다운로드 과정과 eSIM 프로파일 다운로드 과정 호환 연동 방법 | |
CN116868609A (zh) | 用于边缘数据网络的用户装备认证和授权规程 | |
JP6640949B2 (ja) | 接続情報送信装置、方法およびプログラム | |
US11343675B2 (en) | Communication device authentication for multiple communication devices | |
CN102567088B (zh) | 处理于软件及应用控制管理对象中步骤执行结果的方法 | |
CN106507499A (zh) | 一种无线通信方法、装置和及其应用设备 | |
WO2017215265A1 (zh) | 一种垂直行业用户系统、设备以及分发身份识别号的方法 | |
CN114760195B (zh) | 一种网络接入点配置方法、装置、系统、设备及介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17864516 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17864516 Country of ref document: EP Kind code of ref document: A1 |