WO2019047714A1 - Temporary user credential generation method, user card, terminal, and network device - Google Patents

Temporary user credential generation method, user card, terminal, and network device Download PDF

Info

Publication number
WO2019047714A1
WO2019047714A1 PCT/CN2018/101677 CN2018101677W WO2019047714A1 WO 2019047714 A1 WO2019047714 A1 WO 2019047714A1 CN 2018101677 W CN2018101677 W CN 2018101677W WO 2019047714 A1 WO2019047714 A1 WO 2019047714A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification information
temporary user
terminal
network device
generating
Prior art date
Application number
PCT/CN2018/101677
Other languages
French (fr)
Chinese (zh)
Inventor
霍薇靖
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2019047714A1 publication Critical patent/WO2019047714A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the present disclosure relates to the field of communications technologies, and in particular, to a method for generating temporary user credentials, a user card, a terminal, and a network device.
  • the Subscriber Identity Module (U) card is an important physical identifier for the user's mobile identity and an important resource for the operator.
  • the (U)SIM card is an independent security carrier that can carry the user's code number resources for accessing the network and using services such as telephone, SMS, and data.
  • IoT Internet of Things
  • IMSI International Mobile Subscriber Identification Number
  • the equipment needs a certain period of time from the completion of production to the final sale.
  • the code number resources such as IMSI have certain invalidity. When the time exceeds a certain period of time, the code number resource will be invalid, which will cause the IoT device to lose connection when the device leaves the factory.
  • the capabilities of the carrier network In addition, the time of the IoT device in the warehouse is also a waste of resources for the code number resource.
  • the present disclosure provides a method for generating temporary user credentials, a user card, a terminal, and a network device.
  • the IoT terminal can access the limited network by means of the temporary user credentials, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
  • an embodiment of the present disclosure provides the following solution:
  • a method for generating temporary user credentials comprising:
  • a temporary user credential is generated according to the second verification information and the index number.
  • the step of generating the first verification information according to the trigger request includes:
  • the first verification information is generated according to the random number and the preset information.
  • the step of generating the first verification information according to the random number and the preset information includes:
  • the first verification information is generated according to the random number, the information input by the user, and the pre-stored key.
  • the key is a public key or a symmetric key of a network operator to which the user card belongs.
  • the step of generating a temporary user credential according to the second check information and the index number includes:
  • a temporary user credential is generated according to the second verification information and the index number.
  • the generating temporary user credentials further includes:
  • the index number of the temporary user credential is stored.
  • An embodiment of the present disclosure further provides a user card, including:
  • a transceiver configured to receive a trigger request generated by the terminal to generate a temporary user credential
  • a processor configured to generate first verification information according to the trigger request, and send, by the transceiver, the first verification information to a network device by using a terminal;
  • the transceiver is further configured to receive, by the terminal, second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
  • the processor is further configured to generate a temporary user credential according to the second verification information and the index number.
  • the method is specifically configured to generate a random number according to the trigger request, and generate first check information according to the random number and the preset information.
  • the processor is specifically configured to: generate first verification information according to the random number and a pre-stored key; or generate a first according to the random number, information input by the user, and a pre-stored key. Verify the information.
  • the processor is specifically configured to: perform verification on the network device according to the second verification information; and after the verification succeeds, generate a temporary user credential according to the second verification information and the index number. .
  • the user card also includes:
  • a memory for storing an index number of the temporary user credential.
  • An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • the step of sending a trigger request for generating a temporary user credential to the user card includes:
  • the first terminal generates a trigger request for the temporary user credential and sends the trigger request to the user card.
  • the step of receiving the first check information sent by the user card according to the trigger request, and sending the first check information to the network device includes:
  • the first terminal receives the first verification information generated by the user card according to the trigger request, and sends the first verification information to the network device.
  • the step of sending a trigger request for generating a temporary user credential to the user card includes:
  • the second terminal generates a trigger request for the temporary user credential and sends the request to the user card through the first terminal.
  • the step of receiving the first check information sent by the user card according to the trigger request, and sending the first check information to the network device includes:
  • the second terminal receives the first check information sent by the user card according to the trigger request by using the first terminal, and sends the first check information and the authentication information of the second terminal to the network device.
  • the method for generating temporary user credentials further includes:
  • the network device is accessed according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  • An embodiment of the present disclosure further provides a terminal, including:
  • a transceiver for transmitting a trigger request for generating a temporary user credential to the user card
  • the terminal further includes:
  • the network module is configured to access the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  • An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • a temporary user credential is generated, and the index number of the temporary user credential is assigned and sent to the terminal.
  • the step of generating a temporary user credential includes:
  • a temporary user credential is generated based on the random number and a pre-stored key.
  • the key is a public key or a symmetric key of an operator to which the network device belongs.
  • An embodiment of the present disclosure further provides a network device, including:
  • a transceiver configured to receive first verification information generated by a user card sent by the terminal
  • the processor is configured to perform verification according to the first verification information; after the verification succeeds, generate a temporary user credential, and allocate an index number of the temporary user credential, and send the identifier to the terminal by the transceiver.
  • the method is specifically configured to: generate a random number; and generate a temporary user credential according to the random number and the pre-stored key.
  • An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • the terminal sends a trigger request for generating a temporary user credential to the user card
  • the user card generates the first verification information according to the trigger request, and sends the first verification information to the terminal;
  • the terminal sends the first verification information to the network device
  • the network device performs verification on the user card according to the first verification information, and after the verification is passed, generates second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second verification information and the temporary The index number of the user credential is sent to the terminal;
  • the terminal sends the index number according to the second verification information and the temporary user credential to the user card;
  • the user card generates a temporary user credential according to the second verification information and the index number of the temporary user credential.
  • An embodiment of the present disclosure further provides a system for generating temporary user credentials, including: a user card, a terminal, and a network device;
  • the terminal is configured to send a trigger request for generating a temporary user credential to the user card; and send the first check information generated by the user card to the network device; and receive the second check information fed back by the network device and the index of the temporary user credential And sending the second verification information and the index number of the temporary user credential to the user card;
  • the user card is configured to generate first verification information according to the trigger request, and send the first verification information to the terminal, and generate a temporary user credential according to the second verification information sent by the terminal and the index number of the temporary user credential;
  • the network device is configured to perform verification on the user card according to the first verification information, and after the verification is passed, generate second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second school
  • the verification information and the index number of the temporary user credentials are sent to the terminal.
  • Embodiments of the present disclosure also provide a communication device comprising: a processor, a memory storing a computer program, and when the computer program is executed by the processor, performing the method as described above.
  • Embodiments of the present disclosure also provide a computer readable storage medium comprising instructions that, when executed by a computer, cause a computer to perform the method as described above.
  • the foregoing solution of the present disclosure by receiving a trigger request for generating a temporary user credential sent by the terminal; generating, according to the trigger request, the first check information, and transmitting, by the terminal, the first check information to the network device;
  • the terminal receives the second verification information fed back by the network device and the index number of the temporary user credential generated by the network device, and generates a temporary user credential according to the second verification information and the index number.
  • the IoT terminal can access the limited network by means of the temporary user credentials, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
  • FIG. 1 is a flowchart of a method for generating a temporary user credential on a user card side of the present disclosure
  • FIG. 2 is a flowchart of a method for generating temporary user credentials on the terminal side of the present disclosure
  • FIG. 3 is a flow chart of interaction between a user card, a terminal, and a network device in an embodiment of the present disclosure
  • FIG. 4 is a flowchart of interaction between another user card, a first terminal, a second terminal, and a network device according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart of a method for generating temporary user credentials on the network device side of the present disclosure
  • FIG. 6 is a schematic diagram of interaction between a user card and a network in the system of the present disclosure.
  • the embodiment of the present disclosure solves the problem of time-sensitive resource waste and resource waste in the (U)SIM card, and proposes that the user card and the network temporarily negotiate temporary user credentials, so that the device can access the device if the code number resource fails. Limit the network, and then complete the operation of writing or updating the official code number resource.
  • an embodiment of the present disclosure provides a method for generating a temporary user credential, including:
  • Step 11 Receive a trigger request generated by the terminal to generate a temporary user credential
  • Step 12 Generate first verification information according to the trigger request, and send the first verification information to the network device by using the terminal;
  • a random number is generated according to the trigger request, and the first check information is generated according to the random number and the preset information.
  • the step of generating the first verification information according to the random number and the preset information includes:
  • the first verification information is generated according to the random number, the information input by the user, and the pre-stored key.
  • the key is a public key or a symmetric key of a network operator to which the user card belongs.
  • Step 13 Receive, by the terminal, second check information fed back by the network device, and an index number of the temporary user credential of the network side generated by the network device;
  • Step 14 Generate a temporary user credential according to the second verification information and the index number.
  • the network device is verified according to the second verification information; after the verification is successful, the temporary user credentials are generated according to the second verification information and the index number.
  • the foregoing solution of the present disclosure by receiving a trigger request for generating a temporary user credential sent by the terminal; generating, according to the trigger request, the first check information, and transmitting, by the terminal, the first check information to the network device;
  • the terminal receives the second verification information fed back by the network device and the index number of the temporary user credential generated by the network device, and generates a temporary user credential according to the second verification information and the index number.
  • the terminal can use the temporary user credentials to access the restricted network, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
  • the method may further include:
  • Step 15 storing an index number of the temporary user credential.
  • an embodiment of the present disclosure further provides a user card, including:
  • a transceiver configured to receive a trigger request generated by the terminal to generate a temporary user credential
  • a processor configured to generate first verification information according to the trigger request, and send, by the transceiver, the first verification information to a network device by using a terminal;
  • the transceiver is further configured to receive, by the terminal, second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
  • the processor is further configured to generate a temporary user credential according to the second verification information and the index number.
  • the method is specifically configured to generate a random number according to the trigger request, and generate first check information according to the random number and the preset information.
  • the processor is specifically configured to: generate first verification information according to the random number and a pre-stored key; or generate a first according to the random number, information input by the user, and a pre-stored key. Verify the information.
  • the processor is specifically configured to: perform verification on the network device according to the second verification information; and after the verification succeeds, generate a temporary user credential according to the second verification information and the index number. .
  • the user card further includes: a memory, configured to store an index number of the temporary user credential.
  • the card of the user card has key information for generating the temporary user credential, and may be operator public key information or symmetric key information;
  • the user card generates a temporary user credential function.
  • the "key" stored in the card is called, and a random number is generated, and the verification information of the temporary user credential is calculated by the two (if there is user input) , the user input information must also be included, the algorithm of the key can be negotiated in advance, and then sent to the network, and when the network also sends a random number or the like, the final temporary user credentials are generated; the user card also needs to be stored.
  • User certificate index number delivered by the network is
  • the embodiment of the user card of the present disclosure is the device corresponding to the method embodiment shown in FIG. 1 , and various implementations of the method shown in FIG. 1 are applicable to the embodiment of the user card, and can also achieve the same. Technical effects.
  • an embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • Step 21 Send a trigger request for generating a temporary user credential to the user card
  • Step 22 Receive first verification information that is sent by the user card according to the trigger request, and send the first verification information to the network device.
  • Step 23 Receive second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device, and send the index number to the user card.
  • the step 21 includes: the first terminal generates a trigger request for the temporary user credential, and sends the trigger request to the user card.
  • Step 22 includes: the first terminal receives the first verification information generated by the user card according to the trigger request, and sends the first verification information to the network device.
  • the workflow is as follows:
  • the terminal triggers the “temporary user credential generation” process, and some user information can be input at this time;
  • the (U)SIM card generates the random number information, and invokes the user credential key stored in the card to generate the first verification information, and sends the first verification information to the network side through the terminal;
  • the network device verifies the first verification information, and generates a random number, and then generates a temporary user credential according to the information sent on the card, and allocates an index number of the temporary user credential;
  • the network device sends the random number verification information (that is, the second verification information) and the index number of the temporary user credentials;
  • the (U)SIM card performs verification after receiving the information, and generates a temporary user credential according to the issued information (including the second verification information and the index number of the temporary user credential), and stores the index number of the temporary user credential. ;
  • the subsequent terminal can access the network by using the temporary user credentials and its index number, but the function is limited, and the formal code number resource writing or updating is completed.
  • the temporary user credential access network function is limited, and the number of times or time that can be authenticated may be set, and the service aspect can be flexibly configured.
  • step 21 includes: the second terminal generates a trigger request for the temporary user credential, and sends the request to the user card through the first terminal.
  • Step 22 includes: the second terminal receives, by using the first terminal, first verification information that is sent by the user card according to the trigger request, and performs authentication of the first verification information and the second terminal. Information is sent to the network device.
  • the workflow includes:
  • the trusted agent terminal (second terminal) triggers the “temporary user credential generation” process, and then the first terminal triggers the “temporary user credential generation” process to the (U)SIM card, and some user information can be input at this time;
  • the (U)SIM card generates the random number information, and the user credential key stored in the card is used to generate the verification information (ie, the first verification information), and is sent to the first terminal;
  • the first terminal sends the information to the trusted proxy terminal, and the trusted proxy terminal replenishes some information of the self, and then sends the information to the network device;
  • the network device verifies the sending information, generates a random number, and then generates a temporary user credential according to the card sending information, and allocates an index number of the temporary user credential;
  • the network device sends the random number verification information (that is, the second verification information) and the index number of the temporary user certificate;
  • SIM card performs verification after receiving the information, and generates temporary user credential information according to the issued information and stores the index number;
  • the subsequent terminal can access the network by using the temporary user credentials and its index number, but the function is limited, and the formal code number resource writing or updating is completed.
  • the method may further include: Step 24: accessing the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  • an embodiment of the present disclosure further provides a terminal, including:
  • a transceiver configured to send a trigger request for generating a temporary user credential to the user card; and receive first verification information sent by the user card according to the trigger request, and send the first verification information to the network device; and receive The second check information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device are sent to the user card.
  • the terminal further includes: a network module, configured to access the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  • the embodiment of the terminal of the present disclosure is the device corresponding to the method embodiment shown in FIG. 2, and various implementations of the method shown in FIG. 2 are applicable to the embodiment of the terminal, and the same technical effect can be achieved. .
  • an embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • Step 51 Receive first verification information generated by a user card sent by the terminal.
  • Step 52 Perform verification according to the first verification information.
  • Step 53 After the verification succeeds, generate a temporary user credential, and assign an index number of the temporary user credential to the terminal.
  • the step of generating a temporary user credential includes:
  • Generating a random number generating a temporary user credential based on the random number and a pre-stored key.
  • the key is a public key or a symmetric key of an operator to which the network device belongs.
  • An embodiment of the present disclosure further provides a network device, including:
  • a transceiver configured to receive first verification information generated by a user card sent by the terminal
  • the processor is configured to perform verification according to the first verification information; after the verification succeeds, generate a temporary user credential, and allocate an index number of the temporary user credential, and send the identifier to the terminal by the transceiver.
  • the method is specifically configured to: generate a random number; and generate a temporary user credential according to the random number and the pre-stored key.
  • the network device mainly implements the function of generating and managing the temporary user credential.
  • the temporary user credential generation is triggered, the pre-stored “key” is invoked, and a random number is generated, and then the random number and other information sent by the card are combined.
  • the temporary user credential is temporarily negotiated by using the user card and the network device, so that if the device fails the code number resource, the device may have the opportunity to re-access the network, that is, access the restricted network, and then complete the formality. Operations such as writing or updating code number resources.
  • An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
  • the terminal sends a trigger request for generating a temporary user credential to the user card
  • the user card generates the first verification information according to the trigger request, and sends the first verification information to the terminal;
  • the terminal sends the first verification information to the network device
  • the network device performs verification on the user card according to the first verification information, and after the verification is passed, generates second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second verification information and the temporary The index number of the user credential is sent to the terminal;
  • the terminal sends the index number according to the second verification information and the temporary user credential to the user card;
  • the user card generates a temporary user credential according to the second verification information and the index number of the temporary user credential. Specifically, the workflow shown in Figure 3.
  • a "trusted proxy terminal” can be added to the process, which has the capability of accessing the network, and has the right to apply for temporary user credentials on the network side.
  • the workflow is as shown in Figure 4 above.
  • an embodiment of the present disclosure further provides a system for generating a temporary user credential, including: a user card, a terminal, and a network device;
  • the terminal is configured to send a trigger request for generating a temporary user credential to the user card; and send the first check information generated by the user card to the network device; and receive the second check information fed back by the network device and the index of the temporary user credential And sending the second verification information and the index number of the temporary user credential to the user card;
  • the user card is configured to generate first verification information according to the trigger request, and send the first verification information to the terminal, and generate a temporary user credential according to the second verification information sent by the terminal and the index number of the temporary user credential;
  • the network device is configured to perform verification on the user card according to the first verification information, and after the verification is passed, generate second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second school
  • the verification information and the index number of the temporary user credentials are sent to the terminal.
  • the terminal may be an IoT device
  • the user card may be a (U)SIM card
  • the operator's key information for generating a one-time/temporary user credential is pre-made in the user card (the key is not A card or a secret is required, which may be the operator's public key or a symmetric key.
  • the network side also initially stores the key information of the one-time/temporary user credentials.
  • Temporary user credentials are negotiated through the user card and the network, so that if the device fails the code number, the device may have the opportunity to re-access the network, that is, access the restricted network, thereby completing the writing or updating of the official code number resource. Wait for the operation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Meter Arrangements (AREA)

Abstract

Provided by embodiments of the present disclosure are a method for generating temporary user credentials, a user card, a terminal, and a network device, the method comprising: receiving a trigger request for generating temporary user credentials which is sent by a terminal; generating first checksum information according to the trigger request, and sending the first checksum information to a network device by means of the terminal; receiving, by means of the terminal, second checksum information fed back from the network device and an index number for temporary user credentials of a network side which is generated by the network device; generating the temporary user credentials according to the second checksum information and the index number.

Description

临时用户凭证的生成方法、用户卡、终端及网络设备Method for generating temporary user credentials, user card, terminal, and network device
相关申请的交叉引用Cross-reference to related applications
本申请主张在2017年9月5日在中国提交的中国专利申请号No.201710790458.5的优先权,其全部内容通过引用包含于此。Priority is claimed on Japanese Patent Application No. 201710790458.5, filed on Jan. 5,,,,,,,,,
技术领域Technical field
本公开涉及通信技术领域,特别是指一种临时用户凭证的生成方法、用户卡、终端及网络设备。The present disclosure relates to the field of communications technologies, and in particular, to a method for generating temporary user credentials, a user card, a terminal, and a network device.
背景技术Background technique
用户卡(U)SIM(Subscriber Identity Module)卡,是用户移动身份的重要物理标识,也是运营商掌握的重要资源。(U)SIM卡是一个独立的安全载体,其上可承载用户的码号资源,用于接入网络,使用电话、短信、数据等业务。The Subscriber Identity Module (U) card is an important physical identifier for the user's mobile identity and an important resource for the operator. The (U)SIM card is an independent security carrier that can carry the user's code number resources for accessing the network and using services such as telephone, SMS, and data.
随着物联网(Internet of Things,IoT)设备的蓬勃发展,为适应复杂的环境,很多IoT设备的体积较小,且封闭性要求较高,该类IoT设备大多采用焊接式的SIM卡,即在设备生产过程中就需要将卡片焊接在设备中,而为了保证设备的联网能力,此时SIM卡中已经预制了国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)等码号资源。With the rapid development of Internet of Things (IoT) devices, many IoT devices are smaller in size and have higher sealing requirements in order to adapt to complex environments. Most of these IoT devices use a soldered SIM card. In the production process of the device, the card needs to be soldered in the device, and in order to ensure the networking capability of the device, the code number resource such as the International Mobile Subscriber Identification Number (IMSI) has been pre-made in the SIM card.
但是设备从生产完成到最终售出,需要一定的时间周期,而IMSI等码号资源具有一定的失效性,当超过一定时间后,码号资源就会失效,从而导致设备出厂时IoT设备失去连接运营商网络的能力。此外,IoT设备在仓库的时间对于码号资源也是一种资源浪费。However, the equipment needs a certain period of time from the completion of production to the final sale. The code number resources such as IMSI have certain invalidity. When the time exceeds a certain period of time, the code number resource will be invalid, which will cause the IoT device to lose connection when the device leaves the factory. The capabilities of the carrier network. In addition, the time of the IoT device in the warehouse is also a waste of resources for the code number resource.
发明内容Summary of the invention
本公开提供了一种临时用户凭证的生成方法、用户卡、终端及网络设备。让物联网终端能借助该临时用户凭证接入受限的网络,提供临时的联网能力,解决上述码号资源时效性和资源浪费的问题。The present disclosure provides a method for generating temporary user credentials, a user card, a terminal, and a network device. The IoT terminal can access the limited network by means of the temporary user credentials, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
为解决上述技术问题,本公开的实施例提供如下方案:In order to solve the above technical problem, an embodiment of the present disclosure provides the following solution:
一种临时用户凭证的生成方法,包括:A method for generating temporary user credentials, comprising:
接收终端发送的生成临时用户凭证的触发请求;Receiving a trigger request generated by the terminal to generate a temporary user credential;
根据所述触发请求,产生第一校验信息,并通过终端将所述第一校验信息发送给网络设备;And generating, by the terminal, the first verification information, and sending, by the terminal, the first verification information to the network device;
通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;Receiving, by the terminal, second check information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
根据所述第二校验信息以及所述索引号,生成临时用户凭证。A temporary user credential is generated according to the second verification information and the index number.
其中,根据所述触发请求,产生第一校验信息的步骤包括:The step of generating the first verification information according to the trigger request includes:
根据所述触发请求,生成一随机数;Generating a random number according to the trigger request;
根据所述随机数和预置信息,生成第一校验信息。The first verification information is generated according to the random number and the preset information.
其中,根据所述随机数和预置信息,生成第一校验信息的步骤包括:The step of generating the first verification information according to the random number and the preset information includes:
根据所述随机数和预先存储的密钥,生成第一校验信息;或者Generating first verification information according to the random number and a pre-stored key; or
根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The first verification information is generated according to the random number, the information input by the user, and the pre-stored key.
其中,所述密钥为用户卡所属网络运营商的公钥或者对称密钥。The key is a public key or a symmetric key of a network operator to which the user card belongs.
其中,根据所述第二校验信息以及所述索引号,生成临时用户凭证的步骤包括:The step of generating a temporary user credential according to the second check information and the index number includes:
根据所述第二校验信息,对网络设备进行校验;Performing verification on the network device according to the second verification information;
校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。After the verification is successful, a temporary user credential is generated according to the second verification information and the index number.
其中,生成临时用户凭证后还包括:The generating temporary user credentials further includes:
存储所述临时用户凭证的索引号。The index number of the temporary user credential is stored.
本公开的实施例还提供一种用户卡,包括:An embodiment of the present disclosure further provides a user card, including:
收发机,用于接收终端发送的生成临时用户凭证的触发请求;a transceiver, configured to receive a trigger request generated by the terminal to generate a temporary user credential;
处理器,用于根据所述触发请求,产生第一校验信息,并由所述收发机通过终端将所述第一校验信息发送给网络设备;a processor, configured to generate first verification information according to the trigger request, and send, by the transceiver, the first verification information to a network device by using a terminal;
所述收发机还用于通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;The transceiver is further configured to receive, by the terminal, second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
所述处理器还用于根据所述第二校验信息以及所述索引号,生成临时用 户凭证。The processor is further configured to generate a temporary user credential according to the second verification information and the index number.
其中,所述处理器生成第一校验信息时,具体用于根据所述触发请求,生成一随机数;根据所述随机数和预置信息,生成第一校验信息。When the first check information is generated by the processor, the method is specifically configured to generate a random number according to the trigger request, and generate first check information according to the random number and the preset information.
其中,所述处理器具体用于:根据所述随机数和预先存储的密钥,生成第一校验信息;或者根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The processor is specifically configured to: generate first verification information according to the random number and a pre-stored key; or generate a first according to the random number, information input by the user, and a pre-stored key. Verify the information.
其中,所述处理器具体用于:根据所述第二校验信息,对网络设备进行校验;校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。The processor is specifically configured to: perform verification on the network device according to the second verification information; and after the verification succeeds, generate a temporary user credential according to the second verification information and the index number. .
其中,用户卡,还包括:Among them, the user card also includes:
存储器,用于存储所述临时用户凭证的索引号。a memory for storing an index number of the temporary user credential.
本公开的实施例还提供一种临时用户凭证的生成方法,包括:An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
向用户卡发送生成临时用户凭证的触发请求;Sending a trigger request to generate a temporary user credential to the user card;
接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;Receiving first verification information that is sent by the user card according to the trigger request, and sending the first verification information to the network device;
接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。Receiving the second verification information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device, and sending the index number to the user card.
其中,向用户卡发送生成临时用户凭证的触发请求的步骤包括:The step of sending a trigger request for generating a temporary user credential to the user card includes:
第一终端产生临时用户凭证的触发请求,并将所述触发请求发送给用户卡。The first terminal generates a trigger request for the temporary user credential and sends the trigger request to the user card.
其中,接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备的步骤包括:The step of receiving the first check information sent by the user card according to the trigger request, and sending the first check information to the network device includes:
所述第一终端接收用户卡根据所述触发请求产生的第一校验信息,并将所述第一校验信息发送给网络设备。The first terminal receives the first verification information generated by the user card according to the trigger request, and sends the first verification information to the network device.
其中,向用户卡发送生成临时用户凭证的触发请求的步骤包括:The step of sending a trigger request for generating a temporary user credential to the user card includes:
第二终端产生临时用户凭证的触发请求,并通过第一终端发送给用户卡。The second terminal generates a trigger request for the temporary user credential and sends the request to the user card through the first terminal.
其中,接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备的步骤包括:The step of receiving the first check information sent by the user card according to the trigger request, and sending the first check information to the network device includes:
所述第二终端通过第一终端接收所述用户卡根据所述触发请求发送的第 一校验信息,并将所述第一校验信息以及所述第二终端的认证信息发送给网络设备。The second terminal receives the first check information sent by the user card according to the trigger request by using the first terminal, and sends the first check information and the authentication information of the second terminal to the network device.
其中,临时用户凭证的生成方法,还包括:The method for generating temporary user credentials further includes:
根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。The network device is accessed according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
本公开的实施例还提供一种终端,包括:An embodiment of the present disclosure further provides a terminal, including:
收发机,用于向用户卡发送生成临时用户凭证的触发请求;以及a transceiver for transmitting a trigger request for generating a temporary user credential to the user card;
接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;以及Receiving first verification information that is sent by the user card according to the trigger request, and sending the first verification information to the network device;
接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。Receiving the second verification information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device, and sending the index number to the user card.
其中,终端,还包括:The terminal further includes:
网络模块,用于根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。The network module is configured to access the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
本公开的实施例还提供一种临时用户凭证的生成方法,包括:An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
接收终端发送的用户卡生成的第一校验信息;Receiving first verification information generated by a user card sent by the terminal;
根据所述第一校验信息进行校验;Performing verification according to the first verification information;
校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号,发送给终端。After the verification succeeds, a temporary user credential is generated, and the index number of the temporary user credential is assigned and sent to the terminal.
其中,所述生成临时用户凭证的步骤包括:The step of generating a temporary user credential includes:
产生一随机数;Generating a random number;
根据所述随机数以及预先存储的密钥,生成临时用户凭证。A temporary user credential is generated based on the random number and a pre-stored key.
其中,所述密钥为网络设备所属运营商的公钥或者对称密钥。The key is a public key or a symmetric key of an operator to which the network device belongs.
本公开的实施例还提供一种网络设备,包括:An embodiment of the present disclosure further provides a network device, including:
收发机,用于接收终端发送的用户卡生成的第一校验信息;a transceiver, configured to receive first verification information generated by a user card sent by the terminal;
处理器,用于根据所述第一校验信息进行校验;校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号,并由所述收发机发送给终端。The processor is configured to perform verification according to the first verification information; after the verification succeeds, generate a temporary user credential, and allocate an index number of the temporary user credential, and send the identifier to the terminal by the transceiver.
其中,所述处理器生成临时用户凭证时,具体用于:产生一随机数;并根据所述随机数以及预先存储的密钥,生成临时用户凭证。When the processor generates the temporary user credential, the method is specifically configured to: generate a random number; and generate a temporary user credential according to the random number and the pre-stored key.
本公开的实施例还提供一种临时用户凭证的生成方法,包括:An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
终端向用户卡发送生成临时用户凭证的触发请求;The terminal sends a trigger request for generating a temporary user credential to the user card;
用户卡根据所述触发请求,产生第一校验信息,并发送给终端;The user card generates the first verification information according to the trigger request, and sends the first verification information to the terminal;
终端将所述第一校验信息发送给网络设备;The terminal sends the first verification information to the network device;
网络设备根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端;The network device performs verification on the user card according to the first verification information, and after the verification is passed, generates second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second verification information and the temporary The index number of the user credential is sent to the terminal;
终端将所述根据所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal sends the index number according to the second verification information and the temporary user credential to the user card;
用户卡根据第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证。The user card generates a temporary user credential according to the second verification information and the index number of the temporary user credential.
本公开的实施例还提供一种临时用户凭证的生成系统,包括:用户卡、终端以及网络设备;其中,An embodiment of the present disclosure further provides a system for generating temporary user credentials, including: a user card, a terminal, and a network device;
所述终端用于向用户卡发送生成临时用户凭证的触发请求;并将用户卡产生的第一校验信息发送给网络设备;并接收网络设备反馈的第二校验信息以及临时用户凭证的索引号,并将所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal is configured to send a trigger request for generating a temporary user credential to the user card; and send the first check information generated by the user card to the network device; and receive the second check information fed back by the network device and the index of the temporary user credential And sending the second verification information and the index number of the temporary user credential to the user card;
所述用户卡用于根据所述触发请求,产生第一校验信息,并发送给终端;并根据终端发送的第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证;The user card is configured to generate first verification information according to the trigger request, and send the first verification information to the terminal, and generate a temporary user credential according to the second verification information sent by the terminal and the index number of the temporary user credential;
所述网络设备用于根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端。The network device is configured to perform verification on the user card according to the first verification information, and after the verification is passed, generate second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second school The verification information and the index number of the temporary user credentials are sent to the terminal.
本公开的实施例还提供一种通信设备,包括:处理器、存储有计算机程序的存储器,所述计算机程序被处理器运行时,执行如上所述的方法。Embodiments of the present disclosure also provide a communication device comprising: a processor, a memory storing a computer program, and when the computer program is executed by the processor, performing the method as described above.
本公开的实施例还提供一种计算机可读存储介质,包括指令,当所述指令在计算机运行时,使得计算机执行如上所述的方法。Embodiments of the present disclosure also provide a computer readable storage medium comprising instructions that, when executed by a computer, cause a computer to perform the method as described above.
本公开的上述方案至少包括以下有益效果:The above aspects of the present disclosure include at least the following beneficial effects:
本公开的上述方案,通过接收终端发送的生成临时用户凭证的触发请求; 根据所述触发请求,产生第一校验信息,并通过终端将所述第一校验信息发送给网络设备;通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;根据所述第二校验信息以及所述索引号,生成临时用户凭证。让物联网终端能借助该临时用户凭证接入受限的网络,提供临时的联网能力,解决上述码号资源时效性和资源浪费的问题。The foregoing solution of the present disclosure, by receiving a trigger request for generating a temporary user credential sent by the terminal; generating, according to the trigger request, the first check information, and transmitting, by the terminal, the first check information to the network device; The terminal receives the second verification information fed back by the network device and the index number of the temporary user credential generated by the network device, and generates a temporary user credential according to the second verification information and the index number. The IoT terminal can access the limited network by means of the temporary user credentials, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
附图说明DRAWINGS
为了更清楚地说明本公开实施例的技术方案,下面将对本公开实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings to be used in the embodiments of the present disclosure will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present disclosure, Those skilled in the art can also obtain other drawings based on these drawings without paying for creative labor.
图1为本公开的用户卡侧的临时用户凭证的生成方法的流程图;1 is a flowchart of a method for generating a temporary user credential on a user card side of the present disclosure;
图2为本公开的终端侧的临时用户凭证的生成方法的流程图;2 is a flowchart of a method for generating temporary user credentials on the terminal side of the present disclosure;
图3为本公开的实施例中,用户卡、终端和网络设备的交互流程图;3 is a flow chart of interaction between a user card, a terminal, and a network device in an embodiment of the present disclosure;
图4为本公开的实施例中,另一种用户卡、第一终端、第二终端和网络设备的交互流程图;FIG. 4 is a flowchart of interaction between another user card, a first terminal, a second terminal, and a network device according to an embodiment of the present disclosure;
图5为本公开的网络设备侧的临时用户凭证的生成方法的流程图;5 is a flowchart of a method for generating temporary user credentials on the network device side of the present disclosure;
图6为本公开的系统中,用户卡与网络的交互示意图。FIG. 6 is a schematic diagram of interaction between a user card and a network in the system of the present disclosure.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
本公开的实施例为解决(U)SIM卡中码号资源时效性和资源浪费的问题,提出用户卡和网络临时协商临时用户凭证,使得设备在码号资源失效的情况下,可以接入受限的网络,进而完成正式码号资源的写入或更新等操作。The embodiment of the present disclosure solves the problem of time-sensitive resource waste and resource waste in the (U)SIM card, and proposes that the user card and the network temporarily negotiate temporary user credentials, so that the device can access the device if the code number resource fails. Limit the network, and then complete the operation of writing or updating the official code number resource.
如图1所示,本公开的实施例提供一种临时用户凭证的生成方法,包括:As shown in FIG. 1 , an embodiment of the present disclosure provides a method for generating a temporary user credential, including:
步骤11,接收终端发送的生成临时用户凭证的触发请求;Step 11: Receive a trigger request generated by the terminal to generate a temporary user credential;
步骤12,根据所述触发请求,产生第一校验信息,并通过终端将所述第一校验信息发送给网络设备;Step 12: Generate first verification information according to the trigger request, and send the first verification information to the network device by using the terminal;
具体的,根据所述触发请求,生成一随机数;根据所述随机数和预置信息,生成第一校验信息。Specifically, a random number is generated according to the trigger request, and the first check information is generated according to the random number and the preset information.
具体的,根据所述随机数和预置信息,生成第一校验信息的步骤包括:Specifically, the step of generating the first verification information according to the random number and the preset information includes:
根据所述随机数和预先存储的密钥,生成第一校验信息;或者Generating first verification information according to the random number and a pre-stored key; or
根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The first verification information is generated according to the random number, the information input by the user, and the pre-stored key.
其中,所述密钥为用户卡所属网络运营商的公钥或者对称密钥。The key is a public key or a symmetric key of a network operator to which the user card belongs.
步骤13,通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;Step 13: Receive, by the terminal, second check information fed back by the network device, and an index number of the temporary user credential of the network side generated by the network device;
步骤14,根据所述第二校验信息以及所述索引号,生成临时用户凭证;Step 14: Generate a temporary user credential according to the second verification information and the index number.
具体的,根据所述第二校验信息,对网络设备进行校验;校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。Specifically, the network device is verified according to the second verification information; after the verification is successful, the temporary user credentials are generated according to the second verification information and the index number.
本公开的上述方案,通过接收终端发送的生成临时用户凭证的触发请求;根据所述触发请求,产生第一校验信息,并通过终端将所述第一校验信息发送给网络设备;通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;根据所述第二校验信息以及所述索引号,生成临时用户凭证。让终端能借助该临时用户凭证接入受限的网络,提供临时的联网能力,解决上述码号资源时效性和资源浪费的问题。The foregoing solution of the present disclosure, by receiving a trigger request for generating a temporary user credential sent by the terminal; generating, according to the trigger request, the first check information, and transmitting, by the terminal, the first check information to the network device; The terminal receives the second verification information fed back by the network device and the index number of the temporary user credential generated by the network device, and generates a temporary user credential according to the second verification information and the index number. The terminal can use the temporary user credentials to access the restricted network, provide temporary networking capabilities, and solve the problem of timeliness and resource waste of the above code number resources.
本公开的上述实施例中,生成临时用户凭证后还可以包括:In the foregoing embodiment of the present disclosure, after generating the temporary user credential, the method may further include:
步骤15,存储所述临时用户凭证的索引号。Step 15, storing an index number of the temporary user credential.
本公开的该实施例中,用户卡中预制运营商的用于生成一次性/临时用户凭证的密钥信息,用户卡和网络临时协商临时用户凭证,使得设备在码号资源失效的情况下,可以接入受限的网络,进而完成正式码号资源的写入或更新等操作。In this embodiment of the disclosure, the user information of the pre-made operator in the user card for generating the one-time/temporary user credentials, the user card and the network temporarily negotiating the temporary user credentials, so that the device fails in the code number resource, You can access restricted networks to complete the writing or updating of official code number resources.
与上述方法相应的,本公开的实施例还提供一种用户卡,包括:Corresponding to the foregoing method, an embodiment of the present disclosure further provides a user card, including:
收发机,用于接收终端发送的生成临时用户凭证的触发请求;a transceiver, configured to receive a trigger request generated by the terminal to generate a temporary user credential;
处理器,用于根据所述触发请求,产生第一校验信息,并由所述收发机 通过终端将所述第一校验信息发送给网络设备;a processor, configured to generate first verification information according to the trigger request, and send, by the transceiver, the first verification information to a network device by using a terminal;
所述收发机还用于通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;The transceiver is further configured to receive, by the terminal, second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
所述处理器还用于根据所述第二校验信息以及所述索引号,生成临时用户凭证。The processor is further configured to generate a temporary user credential according to the second verification information and the index number.
其中,所述处理器生成第一校验信息时,具体用于根据所述触发请求,生成一随机数;根据所述随机数和预置信息,生成第一校验信息。When the first check information is generated by the processor, the method is specifically configured to generate a random number according to the trigger request, and generate first check information according to the random number and the preset information.
其中,所述处理器具体用于:根据所述随机数和预先存储的密钥,生成第一校验信息;或者根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The processor is specifically configured to: generate first verification information according to the random number and a pre-stored key; or generate a first according to the random number, information input by the user, and a pre-stored key. Verify the information.
其中,所述处理器具体用于:根据所述第二校验信息,对网络设备进行校验;校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。The processor is specifically configured to: perform verification on the network device according to the second verification information; and after the verification succeeds, generate a temporary user credential according to the second verification information and the index number. .
其中,用户卡还包括:存储器,用于存储所述临时用户凭证的索引号。The user card further includes: a memory, configured to store an index number of the temporary user credential.
具体的,用户卡的的卡内存有用于临时用户凭证生成的密钥信息,可为运营商公钥信息,或对称密钥信息;Specifically, the card of the user card has key information for generating the temporary user credential, and may be operator public key information or symmetric key information;
用户卡生成临时用户凭证功能,当临时用户凭证生成被触发时,调用卡内存储的“密钥”,并生成一个随机数,通过两者计算出临时用户凭证的校验信息(如果有用户输入,则还需包含用户输入信息),密钥的算法可事先协商好,然后上发给网络,待网络也下发一个随机数或类似信息时,生成最终的临时用户凭证;用户卡还需存储网络下发的用户凭证索引号。The user card generates a temporary user credential function. When the temporary user credential generation is triggered, the "key" stored in the card is called, and a random number is generated, and the verification information of the temporary user credential is calculated by the two (if there is user input) , the user input information must also be included, the algorithm of the key can be negotiated in advance, and then sent to the network, and when the network also sends a random number or the like, the final temporary user credentials are generated; the user card also needs to be stored. User certificate index number delivered by the network.
本公开的该用户卡的实施例是与上述图1所示方法实施例对应的设备,上述图1所示方法中各种实现方式均适用于该用户卡的实施例中,也能达到相同的技术效果。The embodiment of the user card of the present disclosure is the device corresponding to the method embodiment shown in FIG. 1 , and various implementations of the method shown in FIG. 1 are applicable to the embodiment of the user card, and can also achieve the same. Technical effects.
如图2所示,本公开的实施例还提供一种临时用户凭证的生成方法,包括:As shown in FIG. 2, an embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
步骤21,向用户卡发送生成临时用户凭证的触发请求;Step 21: Send a trigger request for generating a temporary user credential to the user card;
步骤22,接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;Step 22: Receive first verification information that is sent by the user card according to the trigger request, and send the first verification information to the network device.
步骤23,接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。Step 23: Receive second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device, and send the index number to the user card.
其中,步骤21包括:第一终端产生临时用户凭证的触发请求,并将所述触发请求发送给用户卡。The step 21 includes: the first terminal generates a trigger request for the temporary user credential, and sends the trigger request to the user card.
其中,步骤22包括:所述第一终端接收用户卡根据所述触发请求产生的第一校验信息,并将所述第一校验信息发送给网络设备。 Step 22 includes: the first terminal receives the first verification information generated by the user card according to the trigger request, and sends the first verification information to the network device.
具体的,如图3所示,工作流程如下:Specifically, as shown in Figure 3, the workflow is as follows:
1)终端触发“临时用户凭证生成”流程,此时可输入一些用户信息;1) The terminal triggers the “temporary user credential generation” process, and some user information can be input at this time;
2)(U)SIM卡生成随机数信息,并调用卡内存储的用户凭证密钥,生成第一校验信息,并通过终端上发给网络侧;2) The (U)SIM card generates the random number information, and invokes the user credential key stored in the card to generate the first verification information, and sends the first verification information to the network side through the terminal;
3)网络设备校验第一校验信息,并生成随机数,然后根据卡片上发的信息生成临时用户凭证,并分配临时用户凭证的索引号;3) the network device verifies the first verification information, and generates a random number, and then generates a temporary user credential according to the information sent on the card, and allocates an index number of the temporary user credential;
4)网络设备下发随机数校验信息(即上述第二校验信息)及临时用户凭证的索引号;4) The network device sends the random number verification information (that is, the second verification information) and the index number of the temporary user credentials;
5)(U)SIM卡接收到信息后进行校验,并根据下发信息(包括第二校验信息以及临时用户凭证的索引号)生成临时用户凭证,并进行临时用户凭证的索引号的存储;5) The (U)SIM card performs verification after receiving the information, and generates a temporary user credential according to the issued information (including the second verification information and the index number of the temporary user credential), and stores the index number of the temporary user credential. ;
6)后续终端可利用临时用户凭证及其索引号接入网络,但功能受限,完成正式码号资源写入或更新等操作。6) The subsequent terminal can access the network by using the temporary user credentials and its index number, but the function is limited, and the formal code number resource writing or updating is completed.
本公开的该实施例中,临时用户凭证接入网络功能受限,也可设置后续可以鉴权的次数或者时间,业务方面可灵活配置。In this embodiment of the present disclosure, the temporary user credential access network function is limited, and the number of times or time that can be authenticated may be set, and the service aspect can be flexibly configured.
该实施例中的另一种情况,步骤21包括:第二终端产生临时用户凭证的触发请求,并通过第一终端发送给用户卡。In another aspect of the embodiment, step 21 includes: the second terminal generates a trigger request for the temporary user credential, and sends the request to the user card through the first terminal.
其中,步骤22包括:所述第二终端通过第一终端接收所述用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息以及所述第二终端的认证信息发送给网络设备。 Step 22 includes: the second terminal receives, by using the first terminal, first verification information that is sent by the user card according to the trigger request, and performs authentication of the first verification information and the second terminal. Information is sent to the network device.
具体的,如图4所示,工作流程包括:Specifically, as shown in FIG. 4, the workflow includes:
1)可信代理终端(第二终端)触发“临时用户凭证生成”流程,接着第一终端向(U)SIM卡触发“临时用户凭证生成”流程,此时可输入一些用户信 息;1) The trusted agent terminal (second terminal) triggers the “temporary user credential generation” process, and then the first terminal triggers the “temporary user credential generation” process to the (U)SIM card, and some user information can be input at this time;
2)(U)SIM卡生成随机数信息,并调用卡内存储的用户凭证密钥生成校验信息(即上述第一校验信息),并上发给第一终端;2) The (U)SIM card generates the random number information, and the user credential key stored in the card is used to generate the verification information (ie, the first verification information), and is sent to the first terminal;
3.)第一终端将信息发送给可信代理终端,可信代理终端补充自身的一些信息后上发给网络设备;3.) The first terminal sends the information to the trusted proxy terminal, and the trusted proxy terminal replenishes some information of the self, and then sends the information to the network device;
4)网络设备校验上发信息,并生成随机数,然后根据卡片上发信息生成临时用户凭证,并分配临时用户凭证的索引号;4) The network device verifies the sending information, generates a random number, and then generates a temporary user credential according to the card sending information, and allocates an index number of the temporary user credential;
5)网络设备下发随机数校验信息(即上述第二校验信息)及临时用户凭证的索引号;5) The network device sends the random number verification information (that is, the second verification information) and the index number of the temporary user certificate;
6)(U)SIM卡接收到信息后进行校验,并根据下发信息生成临时用户凭证信息并进行索引号的存储;6) (U) SIM card performs verification after receiving the information, and generates temporary user credential information according to the issued information and stores the index number;
7)后续终端可利用临时用户凭证及其索引号接入网络,但功能受限,完成正式码号资源写入或更新等操作。7) The subsequent terminal can access the network by using the temporary user credentials and its index number, but the function is limited, and the formal code number resource writing or updating is completed.
本公开的上述实施例中,还可以包括:步骤24,根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。In the foregoing embodiment of the present disclosure, the method may further include: Step 24: accessing the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
本公开的该实施例中,用户卡中预制运营商的用于生成一次性/临时用户凭证的密钥信息,用户卡和网络临时协商临时用户凭证,使得设备在码号资源失效的情况下,可以接入受限的网络,进而完成正式码号资源的写入或更新等操作。In this embodiment of the disclosure, the user information of the pre-made operator in the user card for generating the one-time/temporary user credentials, the user card and the network temporarily negotiating the temporary user credentials, so that the device fails in the code number resource, You can access restricted networks to complete the writing or updating of official code number resources.
与上述图2所示方法对应的,本公开的实施例还提供一种终端,包括:Corresponding to the method shown in Figure 2 above, an embodiment of the present disclosure further provides a terminal, including:
收发机,用于向用户卡发送生成临时用户凭证的触发请求;以及接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;以及接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。a transceiver, configured to send a trigger request for generating a temporary user credential to the user card; and receive first verification information sent by the user card according to the trigger request, and send the first verification information to the network device; and receive The second check information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device are sent to the user card.
其中,终端还包括:网络模块,用于根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。The terminal further includes: a network module, configured to access the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
本公开的该终端的实施例是与上述图2所示方法实施例对应的设备,上述图2所示方法中各种实现方式均适用于该终端的实施例中,也能达到相同的技术效果。The embodiment of the terminal of the present disclosure is the device corresponding to the method embodiment shown in FIG. 2, and various implementations of the method shown in FIG. 2 are applicable to the embodiment of the terminal, and the same technical effect can be achieved. .
如图5所示,本公开的实施例还提供一种临时用户凭证的生成方法,包括:As shown in FIG. 5, an embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
步骤51,接收终端发送的用户卡生成的第一校验信息;Step 51: Receive first verification information generated by a user card sent by the terminal.
步骤52,根据所述第一校验信息进行校验;Step 52: Perform verification according to the first verification information.
步骤53,校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号,发送给终端。Step 53: After the verification succeeds, generate a temporary user credential, and assign an index number of the temporary user credential to the terminal.
其中,所述生成临时用户凭证的步骤包括:The step of generating a temporary user credential includes:
产生一随机数;根据所述随机数以及预先存储的密钥,生成临时用户凭证。其中,所述密钥为网络设备所属运营商的公钥或者对称密钥。Generating a random number; generating a temporary user credential based on the random number and a pre-stored key. The key is a public key or a symmetric key of an operator to which the network device belongs.
本公开的实施例还提供一种网络设备,包括:An embodiment of the present disclosure further provides a network device, including:
收发机,用于接收终端发送的用户卡生成的第一校验信息;a transceiver, configured to receive first verification information generated by a user card sent by the terminal;
处理器,用于根据所述第一校验信息进行校验;校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号,并由所述收发机发送给终端。The processor is configured to perform verification according to the first verification information; after the verification succeeds, generate a temporary user credential, and allocate an index number of the temporary user credential, and send the identifier to the terminal by the transceiver.
其中,所述处理器生成临时用户凭证时,具体用于:产生一随机数;并根据所述随机数以及预先存储的密钥,生成临时用户凭证。When the processor generates the temporary user credential, the method is specifically configured to: generate a random number; and generate a temporary user credential according to the random number and the pre-stored key.
具体的,网络设备主要实现生成和管理临时用户凭证功能,当临时用户凭证生成被触发时,调用预先存储的“密钥”,并生成一个随机数,再结合卡片上发的随机数等信息,生成临时用户凭证;并校验卡片上发的信息是否合法,同时为卡片分配一个用户凭证索引号。Specifically, the network device mainly implements the function of generating and managing the temporary user credential. When the temporary user credential generation is triggered, the pre-stored “key” is invoked, and a random number is generated, and then the random number and other information sent by the card are combined. Generate temporary user credentials; and verify that the information sent on the card is legal, and assign a user credential index number to the card.
本公开的该实施例,利用用户卡和网络设备临时协商临时用户凭证,使得设备在码号资源失效的情况下,可以有重新接入网络的机会,即接入受限的网络,进而完成正式码号资源的写入或更新等操作。In this embodiment of the present disclosure, the temporary user credential is temporarily negotiated by using the user card and the network device, so that if the device fails the code number resource, the device may have the opportunity to re-access the network, that is, access the restricted network, and then complete the formality. Operations such as writing or updating code number resources.
本公开的实施例还提供一种临时用户凭证的生成方法,包括:An embodiment of the present disclosure further provides a method for generating a temporary user credential, including:
终端向用户卡发送生成临时用户凭证的触发请求;The terminal sends a trigger request for generating a temporary user credential to the user card;
用户卡根据所述触发请求,产生第一校验信息,并发送给终端;The user card generates the first verification information according to the trigger request, and sends the first verification information to the terminal;
终端将所述第一校验信息发送给网络设备;The terminal sends the first verification information to the network device;
网络设备根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端;The network device performs verification on the user card according to the first verification information, and after the verification is passed, generates second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second verification information and the temporary The index number of the user credential is sent to the terminal;
终端将所述根据所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal sends the index number according to the second verification information and the temporary user credential to the user card;
用户卡根据第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证。具体的,如图3所示的工作流程。The user card generates a temporary user credential according to the second verification information and the index number of the temporary user credential. Specifically, the workflow shown in Figure 3.
进一步的,可以在流程中增加一个“可信代理终端”,其拥有接入网络能力,并且在网络方面拥有代申请临时用户凭证的权限。工作流程如上述图4所示。Further, a "trusted proxy terminal" can be added to the process, which has the capability of accessing the network, and has the right to apply for temporary user credentials on the network side. The workflow is as shown in Figure 4 above.
如图6所示,本公开的实施例还提供一种临时用户凭证的生成系统,包括:用户卡、终端以及网络设备;其中,As shown in FIG. 6 , an embodiment of the present disclosure further provides a system for generating a temporary user credential, including: a user card, a terminal, and a network device;
所述终端用于向用户卡发送生成临时用户凭证的触发请求;并将用户卡产生的第一校验信息发送给网络设备;并接收网络设备反馈的第二校验信息以及临时用户凭证的索引号,并将所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal is configured to send a trigger request for generating a temporary user credential to the user card; and send the first check information generated by the user card to the network device; and receive the second check information fed back by the network device and the index of the temporary user credential And sending the second verification information and the index number of the temporary user credential to the user card;
所述用户卡用于根据所述触发请求,产生第一校验信息,并发送给终端;并根据终端发送的第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证;The user card is configured to generate first verification information according to the trigger request, and send the first verification information to the terminal, and generate a temporary user credential according to the second verification information sent by the terminal and the index number of the temporary user credential;
所述网络设备用于根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端。The network device is configured to perform verification on the user card according to the first verification information, and after the verification is passed, generate second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second school The verification information and the index number of the temporary user credentials are sent to the terminal.
本公开的上述实施例中,终端可以是IoT设备,用户卡可以是(U)SIM卡,在用户卡中预制运营商的用于生成一次性/临时用户凭证的密钥信息(该密钥不要求一卡一密,可以是运营商的公钥,也可以是对称密钥),网络侧也要初始存储一次性/临时用户凭证的密钥信息。通过用户卡和网络临时协商临时用户凭证,使得设备在码号资源失效的情况下,可以有重新接入网络的机会,即接入受限的网络,进而完成正式码号资源的写入或更新等操作。In the foregoing embodiment of the present disclosure, the terminal may be an IoT device, and the user card may be a (U)SIM card, and the operator's key information for generating a one-time/temporary user credential is pre-made in the user card (the key is not A card or a secret is required, which may be the operator's public key or a symmetric key. The network side also initially stores the key information of the one-time/temporary user credentials. Temporary user credentials are negotiated through the user card and the network, so that if the device fails the code number, the device may have the opportunity to re-access the network, that is, access the restricted network, thereby completing the writing or updating of the official code number resource. Wait for the operation.
以上所述是本公开的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本公开所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本公开的保护范围。The above is a preferred embodiment of the present disclosure, and it should be noted that those skilled in the art can also make several improvements and refinements without departing from the principles of the present disclosure. It should be considered as the scope of protection of this disclosure.

Claims (28)

  1. 一种临时用户凭证的生成方法,包括:A method for generating temporary user credentials, comprising:
    接收终端发送的生成临时用户凭证的触发请求;Receiving a trigger request generated by the terminal to generate a temporary user credential;
    根据所述触发请求,产生第一校验信息,并通过终端将所述第一校验信息发送给网络设备;And generating, by the terminal, the first verification information, and sending, by the terminal, the first verification information to the network device;
    通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;Receiving, by the terminal, second check information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
    根据所述第二校验信息以及所述索引号,生成临时用户凭证。A temporary user credential is generated according to the second verification information and the index number.
  2. 根据权利要求1所述的临时用户凭证的生成方法,其中,根据所述触发请求,产生第一校验信息的步骤包括:The method for generating a temporary user credential according to claim 1, wherein the step of generating the first verification information according to the trigger request comprises:
    根据所述触发请求,生成一随机数;Generating a random number according to the trigger request;
    根据所述随机数和预置信息,生成第一校验信息。The first verification information is generated according to the random number and the preset information.
  3. 根据权利要求2所述的临时用户凭证的生成方法,其中,根据所述随机数和预置信息,生成第一校验信息的步骤包括:The method for generating a temporary user credential according to claim 2, wherein the step of generating the first verification information according to the random number and the preset information comprises:
    根据所述随机数和预先存储的密钥,生成第一校验信息;或者Generating first verification information according to the random number and a pre-stored key; or
    根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The first verification information is generated according to the random number, the information input by the user, and the pre-stored key.
  4. 根据权利要求3所述的临时用户凭证的生成方法,其中,所述密钥为用户卡所属网络运营商的公钥或者对称密钥。The method for generating a temporary user credential according to claim 3, wherein the key is a public key or a symmetric key of a network operator to which the user card belongs.
  5. 根据权利要求1所述的临时用户凭证的生成方法,其中,根据所述第二校验信息以及所述索引号,生成临时用户凭证的步骤包括:The method for generating a temporary user credential according to claim 1, wherein the step of generating a temporary user credential according to the second verification information and the index number comprises:
    根据所述第二校验信息,对网络设备进行校验;Performing verification on the network device according to the second verification information;
    校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。After the verification is successful, a temporary user credential is generated according to the second verification information and the index number.
  6. 根据权利要求5所述的临时用户凭证的生成方法,其中,生成临时用户凭证后还包括:The method for generating a temporary user credential according to claim 5, wherein after the generating the temporary user credential, the method further comprises:
    存储所述临时用户凭证的索引号。The index number of the temporary user credential is stored.
  7. 一种用户卡,包括:A user card that includes:
    收发机,用于接收终端发送的生成临时用户凭证的触发请求;a transceiver, configured to receive a trigger request generated by the terminal to generate a temporary user credential;
    处理器,用于根据所述触发请求,产生第一校验信息,并由所述收发机通过终端将所述第一校验信息发送给网络设备;a processor, configured to generate first verification information according to the trigger request, and send, by the transceiver, the first verification information to a network device by using a terminal;
    所述收发机还用于通过所述终端接收网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号;The transceiver is further configured to receive, by the terminal, second verification information fed back by the network device and an index number of the temporary user credential of the network side generated by the network device;
    所述处理器还用于根据所述第二校验信息以及所述索引号,生成临时用户凭证。The processor is further configured to generate a temporary user credential according to the second verification information and the index number.
  8. 根据权利要求7所述的用户卡,其中,所述处理器生成第一校验信息时,具体用于根据所述触发请求,生成一随机数;根据所述随机数和预置信息,生成第一校验信息。The user card according to claim 7, wherein when the processor generates the first verification information, the method is specifically configured to generate a random number according to the trigger request, and generate a first according to the random number and the preset information. A verification message.
  9. 根据权利要求8所述的用户卡,其中,所述处理器具体用于:根据所述随机数和预先存储的密钥,生成第一校验信息;或者根据所述随机数、用户输入的信息和预先存储的密钥,生成第一校验信息。The user card according to claim 8, wherein the processor is specifically configured to: generate first verification information according to the random number and a pre-stored key; or according to the random number, information input by a user The first verification information is generated with a pre-stored key.
  10. 根据权利要求7所述的用户卡,其中,所述处理器具体用于:根据所述第二校验信息,对网络设备进行校验;校验成功后,并根据所述第二校验信息以及所述索引号,生成临时用户凭证。The user card according to claim 7, wherein the processor is specifically configured to: perform verification on the network device according to the second verification information; after the verification is successful, and according to the second verification information And the index number, generating a temporary user credential.
  11. 根据权利要求10所述的用户卡,还包括:The user card of claim 10, further comprising:
    存储器,用于存储所述临时用户凭证的索引号。a memory for storing an index number of the temporary user credential.
  12. 一种临时用户凭证的生成方法,包括:A method for generating temporary user credentials, comprising:
    向用户卡发送生成临时用户凭证的触发请求;Sending a trigger request to generate a temporary user credential to the user card;
    接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;Receiving first verification information that is sent by the user card according to the trigger request, and sending the first verification information to the network device;
    接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。Receiving the second verification information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device, and sending the index number to the user card.
  13. 根据权利要求12所述的临时用户凭证的生成方法,其中,向用户卡发送生成临时用户凭证的触发请求的步骤包括:The method for generating a temporary user credential according to claim 12, wherein the step of transmitting a trigger request for generating a temporary user credential to the user card comprises:
    第一终端产生临时用户凭证的触发请求,并将所述触发请求发送给用户卡。The first terminal generates a trigger request for the temporary user credential and sends the trigger request to the user card.
  14. 根据权利要求13所述的临时用户凭证的生成方法,其中,接收用户 卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备的步骤包括:The method for generating a temporary user credential according to claim 13, wherein the step of receiving the first verification information sent by the user card according to the trigger request and transmitting the first verification information to the network device comprises:
    所述第一终端接收用户卡根据所述触发请求产生的第一校验信息,并将所述第一校验信息发送给网络设备。The first terminal receives the first verification information generated by the user card according to the trigger request, and sends the first verification information to the network device.
  15. 根据权利要求12所述的临时用户凭证的生成方法,其中,向用户卡发送生成临时用户凭证的触发请求的步骤包括:The method for generating a temporary user credential according to claim 12, wherein the step of transmitting a trigger request for generating a temporary user credential to the user card comprises:
    第二终端产生临时用户凭证的触发请求,并通过第一终端发送给用户卡。The second terminal generates a trigger request for the temporary user credential and sends the request to the user card through the first terminal.
  16. 根据权利要求15所述的临时用户凭证的生成方法,其中,接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备的步骤包括:The method for generating a temporary user credential according to claim 15, wherein the step of receiving the first verification information sent by the user card according to the trigger request and transmitting the first verification information to the network device comprises:
    所述第二终端通过第一终端接收所述用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息以及所述第二终端的认证信息发送给网络设备。The second terminal receives the first verification information that is sent by the user card according to the trigger request, and sends the first verification information and the authentication information of the second terminal to the network device.
  17. 根据权利要求12所述的临时用户凭证的生成方法,其中,还包括:The method for generating a temporary user credential according to claim 12, further comprising:
    根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。The network device is accessed according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  18. 一种终端,包括:A terminal comprising:
    收发机,用于向用户卡发送生成临时用户凭证的触发请求;以及a transceiver for transmitting a trigger request for generating a temporary user credential to the user card;
    接收用户卡根据所述触发请求发送的第一校验信息,并将所述第一校验信息发送给网络设备;以及Receiving first verification information that is sent by the user card according to the trigger request, and sending the first verification information to the network device;
    接收所述网络设备反馈的第二校验信息以及网络设备生成的网络侧的临时用户凭证的索引号,并发送给用户卡。Receiving the second verification information fed back by the network device and the index number of the temporary user credential of the network side generated by the network device, and sending the index number to the user card.
  19. 根据权利要求18所述的终端,还包括:The terminal of claim 18, further comprising:
    网络模块,用于根据用户卡生成的临时用户凭证及临时用户凭证的索引号,接入网络设备。The network module is configured to access the network device according to the temporary user credentials generated by the user card and the index number of the temporary user credentials.
  20. 一种临时用户凭证的生成方法,包括:A method for generating temporary user credentials, comprising:
    接收终端发送的用户卡生成的第一校验信息;Receiving first verification information generated by a user card sent by the terminal;
    根据所述第一校验信息进行校验;Performing verification according to the first verification information;
    校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号, 发送给终端。After the verification succeeds, a temporary user credential is generated, and the index number of the temporary user credential is assigned and sent to the terminal.
  21. 根据权利要求20所述的临时用户凭证的生成方法,其中,所述生成临时用户凭证的步骤包括:The method of generating a temporary user credential according to claim 20, wherein said step of generating a temporary user credential comprises:
    产生一随机数;Generating a random number;
    根据所述随机数以及预先存储的密钥,生成临时用户凭证。A temporary user credential is generated based on the random number and a pre-stored key.
  22. 根据权利要求21所述的临时用户凭证的生成方法,其中,所述密钥为网络设备所属运营商的公钥或者对称密钥。The method for generating a temporary user credential according to claim 21, wherein the key is a public key or a symmetric key of an operator to which the network device belongs.
  23. 一种网络设备,包括:A network device, including:
    收发机,用于接收终端发送的用户卡生成的第一校验信息;a transceiver, configured to receive first verification information generated by a user card sent by the terminal;
    处理器,用于根据所述第一校验信息进行校验;校验成功后,生成临时用户凭证,并分配所述临时用户凭证的索引号,并由所述收发机发送给终端。The processor is configured to perform verification according to the first verification information; after the verification succeeds, generate a temporary user credential, and allocate an index number of the temporary user credential, and send the identifier to the terminal by the transceiver.
  24. 根据权利要求23所述的网络设备,其中,所述处理器生成临时用户凭证时,具体用于:产生一随机数;并根据所述随机数以及预先存储的密钥,生成临时用户凭证。The network device according to claim 23, wherein when the processor generates the temporary user credential, the method is specifically configured to: generate a random number; and generate a temporary user credential according to the random number and the pre-stored key.
  25. 一种临时用户凭证的生成方法,包括:A method for generating temporary user credentials, comprising:
    终端向用户卡发送生成临时用户凭证的触发请求;The terminal sends a trigger request for generating a temporary user credential to the user card;
    用户卡根据所述触发请求,产生第一校验信息,并发送给终端;The user card generates the first verification information according to the trigger request, and sends the first verification information to the terminal;
    终端将所述第一校验信息发送给网络设备;The terminal sends the first verification information to the network device;
    网络设备根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端;The network device performs verification on the user card according to the first verification information, and after the verification is passed, generates second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second verification information and the temporary The index number of the user credential is sent to the terminal;
    终端将所述根据所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal sends the index number according to the second verification information and the temporary user credential to the user card;
    用户卡根据第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证。The user card generates a temporary user credential according to the second verification information and the index number of the temporary user credential.
  26. 一种临时用户凭证的生成系统,包括:用户卡、终端以及网络设备;其中,A system for generating temporary user credentials, comprising: a user card, a terminal, and a network device; wherein
    所述终端用于向用户卡发送生成临时用户凭证的触发请求;并将用户卡产生的第一校验信息发送给网络设备;并接收网络设备反馈的第二校验信息 以及临时用户凭证的索引号,并将所述第二校验信息以及临时用户凭证的索引号发送给用户卡;The terminal is configured to send a trigger request for generating a temporary user credential to the user card; and send the first check information generated by the user card to the network device; and receive the second check information fed back by the network device and the index of the temporary user credential And sending the second verification information and the index number of the temporary user credential to the user card;
    所述用户卡用于根据所述触发请求,产生第一校验信息,并发送给终端;并根据终端发送的第二校验信息以及所述临时用户凭证的索引号,生成临时用户凭证;The user card is configured to generate first verification information according to the trigger request, and send the first verification information to the terminal, and generate a temporary user credential according to the second verification information sent by the terminal and the index number of the temporary user credential;
    所述网络设备用于根据所述第一校验信息对用户卡进行校验,校验通过后,生成第二校验信息、临时用户凭证以及分配临时用户凭证的索引号,并将第二校验信息以及临时用户凭证的索引号发送给终端。The network device is configured to perform verification on the user card according to the first verification information, and after the verification is passed, generate second verification information, temporary user credentials, and an index number of the temporary user credentials, and the second school The verification information and the index number of the temporary user credentials are sent to the terminal.
  27. 一种通信设备,包括:处理器、存储有计算机程序的存储器,所述计算机程序被处理器运行时,执行如权利要求1-6任一项所述的方法或者12-17任一项所述的方法或者20-22任一项所述的方法。A communication device comprising: a processor, a memory storing a computer program, the computer program being executed by a processor, performing the method of any of claims 1-6 or any one of 12-17 The method of any of 20-22.
  28. 一种计算机可读存储介质,包括指令,当所述指令在计算机运行时,使得计算机执行如权利要求1-6任一项所述的方法或者12-17任一项所述的方法或者20-22任一项所述的方法。A computer readable storage medium comprising instructions which, when executed by a computer, cause the computer to perform the method of any of claims 1-6 or the method of any of 12-17 or 20- The method of any of the preceding claims.
PCT/CN2018/101677 2017-09-05 2018-08-22 Temporary user credential generation method, user card, terminal, and network device WO2019047714A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710790458.5 2017-09-05
CN201710790458.5A CN109429226B (en) 2017-09-05 2017-09-05 Temporary user certificate generation method, user card, terminal and network equipment

Publications (1)

Publication Number Publication Date
WO2019047714A1 true WO2019047714A1 (en) 2019-03-14

Family

ID=65514070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/101677 WO2019047714A1 (en) 2017-09-05 2018-08-22 Temporary user credential generation method, user card, terminal, and network device

Country Status (2)

Country Link
CN (1) CN109429226B (en)
WO (1) WO2019047714A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113872765B (en) * 2020-06-30 2023-02-03 华为技术有限公司 Identity credential application method, identity authentication method, equipment and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118356A (en) * 2013-02-07 2013-05-22 中国联合网络通信集团有限公司 Embedded type intelligent card e universal integrated circuit card (eUICC) activating method, system, terminal and platform
CN103517267A (en) * 2012-06-29 2014-01-15 中国移动通信集团公司 System, method and device for determining actual code number
EP2747368A1 (en) * 2012-12-19 2014-06-25 Gemalto SA Method for customising a security element
CN104661210A (en) * 2015-03-12 2015-05-27 中国联合网络通信集团有限公司 SIM-card registration method, terminal and SIM-card activation device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613479B2 (en) * 2003-09-15 2009-11-03 At&T Mobility Ii Llc Automatic device configuration to receive network services
FI122163B (en) * 2007-11-27 2011-09-15 Teliasonera Ab Nätaccessautentisering
CN101997824B (en) * 2009-08-20 2016-08-10 中国移动通信集团公司 Identity identifying method based on mobile terminal and device thereof and system
CN103167465B (en) * 2013-02-04 2016-03-23 中国联合网络通信集团有限公司 A kind of embedded UICC card activation processing method and device
CN104717646B (en) * 2013-12-11 2019-01-01 中国移动通信集团公司 A kind of cut-in method of mobile network, equipment and system
CN105263132B (en) * 2015-09-07 2018-07-10 中国联合网络通信集团有限公司 The standby configuration file selection method and user terminal of eUICC

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103517267A (en) * 2012-06-29 2014-01-15 中国移动通信集团公司 System, method and device for determining actual code number
EP2747368A1 (en) * 2012-12-19 2014-06-25 Gemalto SA Method for customising a security element
CN103118356A (en) * 2013-02-07 2013-05-22 中国联合网络通信集团有限公司 Embedded type intelligent card e universal integrated circuit card (eUICC) activating method, system, terminal and platform
CN104661210A (en) * 2015-03-12 2015-05-27 中国联合网络通信集团有限公司 SIM-card registration method, terminal and SIM-card activation device

Also Published As

Publication number Publication date
CN109429226B (en) 2021-08-06
CN109429226A (en) 2019-03-05

Similar Documents

Publication Publication Date Title
US11956361B2 (en) Network function service invocation method, apparatus, and system
CN111213339B (en) Authentication token with client key
KR102242218B1 (en) User authentication method and apparatus, and wearable device registration method and apparatus
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
US20180270662A1 (en) Method and apparatus for passpoint eap session tracking
CN113347206A (en) Network access method and device
CN110266642A (en) Identity identifying method and server, electronic equipment
CN112311543B (en) GBA key generation method, terminal and NAF network element
CN112929881A (en) Machine card verification method applied to extremely simple network and related equipment
US11122033B2 (en) Multi factor authentication
US20180083777A1 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN110999215A (en) Secure device access token
WO2014180431A1 (en) Network management security authentication method, device and system, and computer storage medium
WO2013071836A1 (en) Method and apparatus for processing client application access authentication
CN110610418A (en) Transaction state query method, system, device and storage medium based on block chain
WO2019047714A1 (en) Temporary user credential generation method, user card, terminal, and network device
CN114158046B (en) Method and device for realizing one-key login service
US20190190904A1 (en) Multi Factor Authentication
WO2022094936A1 (en) Access method, device, and cloud platform device
CN112423300A (en) Wireless network access authentication method and device
CN114640992A (en) Method and device for updating user identity
CN114024692A (en) Signing method, device and system
CN113453230B (en) Terminal management method and system and security agent
CN113206817B (en) Equipment connection confirmation method and block chain network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18854145

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18854145

Country of ref document: EP

Kind code of ref document: A1