CN100364262C - Access discrimination method and device for EV-DO network - Google Patents
Access discrimination method and device for EV-DO network Download PDFInfo
- Publication number
- CN100364262C CN100364262C CNB2004100559943A CN200410055994A CN100364262C CN 100364262 C CN100364262 C CN 100364262C CN B2004100559943 A CNB2004100559943 A CN B2004100559943A CN 200410055994 A CN200410055994 A CN 200410055994A CN 100364262 C CN100364262 C CN 100364262C
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- network
- message
- cdma
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to an access discrimination method and a device for an EV-DO network. The access discrimination method on a discrimination and authorization charging server comprises: storing user discrimination data of a CDMA 1x user registered in the EV-DO network; receiving a request message of access discrimination to the CDMA 1x user registered in the network sent by an access network of the EV-DO network, wherein the request message at least comprises a random number and a discrimination result of the user based on the random number; searching the user discrimination data of the user from the stored user discrimination data; using the random number and the searched user discrimination data and producing a discrimination result based on discrimination algorithm used for the CDMA 1x user; judging whether the produced discrimination result and the discrimination result of the user are equal or not; if the two discrimination results are equal, then sending a messgae of allowing the user to access the EV-DO network to the access network. Through the method, a UIM card of the CDMA 1x user does not need to be changed, and the EV-DO network can carry out the access discrimination to the CDMA 1x user registered in the network.
Description
Technical field
The present invention relates to a kind of mobile communications network, relate in particular to and a kind ofly in EV-DO network (being also referred to as cdma 2000 1x EV-DO), CDMA 1x (being also referred to as cdma 2000 1x) user is carried out the method and the device of access authentication.
Technical background
CDMA 1x and EV-DO are two standards that CDMA 2000 successively forms in evolution.CDMA 1x and EV-DO network can both provide Packet data service, but, the EV-DO network provides the ability of Packet data service to be far longer than CDMA 1x network, therefore, when reality is built CDMA 1x and EV-DO network, CDMA 1x network mainly provides the speech business service, and the EV-DO network mainly provides profuse Packet data service service.
Because CDMA 1x standard occurs early than EV-DO standard, so CDMA 1x network occurs early than EV-DO network, and CDMA 1x network has had a large amount of users when the EV-DO network occurs.Because the EV-DO network can provide profuse Packet data service service, therefore after the EV-DO network occurs, should allow existing CDMA 1x user also can enjoy these services.
Because separation between machine and card has many advantages, therefore, in some countries and regions, the portable terminal of CDMA 1x is separated from each other with the subscriber card (UIM) of identification user identity.Concerning each CDMA 1x user, the UIM card has become its resource that is of great rarity, if the service in order to use the EV-DO network to provide, and must change original UIM card, cause very big loss and inconvenience then will for each CDMA 1x user.For minimum level ground reduces user's loss and inconvenience, the UIM card that allows existing CDMA 1x user be used for the CDMA1x network can insert CDMA 1x, and also to insert the EV-DO network be optimal mode.
In order to allow the user use a UIM card just can visit CDMA 1x and EV-DO network, developed a kind of mode mobile terminal, this mode mobile terminal can be visited CDMA 1x network also can visit the EV-DO network.But when the user used mode mobile terminal to visit the EV-DO network with the UIM card that is used for CDMA 1x network, the EV-DO network but can not be successful to user's access authentication, because the UIM card does not have function and the information relevant with the access authentication of EV-DO network.For this problem is had more clearly understanding, below the access authentication process of CDMA 1x and EV-DO network is simply described.
Before the user can visit CDMA 1x or EV-DO network, CDMA 1x or EV-DO network at first carried out access authentication to the user, to determine user's identity authenticity.CDMA 1X network message and the signaling process different with the EV-DO network using realized access authentication, but has similar inquiry response mechanism, that is: network terminal passes to the random number that authentication of user is used, the user utilizes this random number and the subscription authentication data of preserving in advance (such as, user's shared secure data (SSD), IMSI International Mobile Subscriber Identity (IMSI) and subscriber identification module sign (UIMID) etc.) produce an authenticating result based on the corresponding authentication algorithm, and this authenticating result is returned to network terminal; After network terminal is received this user's authenticating result, utilize this user's subscription authentication data and the random number that sends to this user, produce a authenticating result based on identical authentication arithmetic in network terminal, whether network terminal detects these two authenticating result and equates then, if equate, show that then this user is validated user, allows its access network, otherwise does not allow its access network.Usually, at user side, access authentication is carried out in user's UIM card, the UIM jig has the corresponding authentication algoritic module and preserves the subscription authentication data of himself in advance, and in network terminal, the access authentication of CDMA 1x network is carried out in attaching position register/AUC (HLR/AC), attaching position register/AUC has the authentication arithmetic that CDMA 1x network access authentication uses, and preserve subscription authentication data the user of CDMA 1x network registration, and the access authentication of EV-DO network is carried out in differentiating mandate accounting server (AN-AAA), have the authentication arithmetic that the EV-DO network access authentication uses, and the user's who preserves in the EV-DO network registration subscription authentication data.
Because the EV-DO network uses and the different authentication arithmetic of CDMA 1x network, such as, the access authentication of CDMA 1x network uses the CAVE authentication arithmetic, and the access authentication of EV-DO network uses the MD5 authentication arithmetic, and, the discriminating mandate accounting server (AN-AAA) of EV-DO network only is kept at the EV-DO user's of this network registration subscription authentication data, be not kept at the CDMA 1x user's of CDMA 1x network registration subscription authentication data, therefore, do not do under the situation of any change at CDMA 1x user's UIM card and EV-DO network, the EV-DO network is impossible success to CDMA 1x user's access authentication.
Summary of the invention
The access authentication method and the device that the purpose of this invention is to provide the EV-DO network, adopt this access authentication method and device, do not need to do any change at CDMA 1x user's UIM card, the EV-DO network is only done under the situation of a small amount of change, the EV-DO network just can carry out access authentication to CDMA1x user.
In order to realize goal of the invention of the present invention,, comprise step according to an a kind of access authentication method of differentiating execution in the mandate accounting server (AN-AAA) of the present invention at the EV-DO network:
(a) the CDMA 1x user's that registered at this EV-DO network of storage subscription authentication data, these subscription authentication data comprise at least the user IMSI International Mobile Subscriber Identity (IMSI), share secure data (SSD) and subscriber identification module identifies (UIMID);
(b) receive request that the Access Network (AN) of this EV-DO network sends to a message of carrying out access authentication the CDMA of this network registration 1x user, this request message comprises a random number and this user authenticating result based on this random number at least;
(c) according to this request message, from the CDMA 1x user's of described storage subscription authentication data, the subscription authentication data of searching for this user;
(d) utilize the subscription authentication data of random number that this request message comprises and this user who searches, produce the authenticating result of a network terminal based on the authentication arithmetic that is used for CDMA 1x user access authentication;
(e) whether this user's who comprises in the authenticating result of judging this network terminal and this request message authenticating result equates;
(f) if judged result shows these two authenticating result to be equated, then send a message that allows this user to insert this EV-DO network to this Access Network.
In order to realize goal of the invention of the present invention, the discriminating mandate accounting server (AN-AAA) according to a kind of EV-DO network of the present invention comprising:
A memory cell, the subscription authentication data that are used to store the CDMA1x user who registers at this EV-DO network, these subscription authentication data comprise at least the user IMSI International Mobile Subscriber Identity (IMSI), share secure data (SSD) and subscriber identification module identifies (UIMID);
A receiving element, be used to receive request that the Access Network (AN) of this EV-DO network sends to a message of carrying out access authentication the CDMA of this network registration 1x user, this request message comprises a random number and this user authenticating result based on this random number at least;
A subscription authentication data capture unit is used for according to this request message, from the CDMA 1x user's of described storage subscription authentication data, and the subscription authentication data of searching for this user;
An authenticating unit is used to utilize the subscription authentication data of random number that this request message comprises and this user who searches, and produces the authenticating result of a network terminal based on the authentication arithmetic that is used for CDMA 1x user access authentication;
An authenticating result judging unit, whether the authenticating result that is used for judging this network terminal equates with this user's that this request message comprises authenticating result;
A transmitting element is used for when judged result shows that these two authenticating result equate, sends a message that allows this user to insert this EV-DO network to this Access Network.
The accompanying drawing summary
Figure 1A and 1B are that the EV-DO of being used for network of the present invention is to carrying out the flow chart of the method for access authentication the CDMA of this network registry 1x user;
Fig. 2 is the block diagram of discriminating mandate accounting server (AN-AAA) of the EV-DO network of one embodiment of the present of invention.
Detailed Description Of The Invention
In the present invention, can carry out access authentication to CDMA 1x user, need carry out following setting the EV-DO network in order to make the EV-DO network:
The first, increase the authentication arithmetic module that is used for CDMA 1x user access authentication at the discriminating mandate accounting server (AN-AAA) of EV-DO network.For the convenience of describing, the hypothesis authentication arithmetic that is used for CDMA 1x user access authentication is the CAVE authentication arithmetic in the present invention, therefore, increases CAVE authentication arithmetic module in the accounting server differentiating to authorize;
Second, the registration desire is visited its CDMA 1x user in the EV-DO network, and, in differentiating the mandate accounting server, each CDMA 1x user's that storage has been registered at the EV-DO network subscription authentication data, these subscription authentication data comprise IMSI International Mobile Subscriber Identity (IMSI) at least, share secure data (SSD) and subscriber identification module identifies (UIMID).Simultaneously, also distribute an Access status word for each CDMA 1x user who has registered at the EV-DO network, a failed authentication counter and an authentication success counter, wherein, the Access status word is used to show whether registered CDMA 1x user had visited the EV-DO network, initial condition is set to not visit the EV-DO network, the failed authentication counter is used to write down the number of times that registered CDMA 1x user carries out the access authentication failure at the EV-DO network, and authentication success counter is used to write down the number of times that registered CDMA 1x user carries out the access authentication success based on current shared secure data (SSD).
Above-mentioned setting based on the EV-DO network, below in conjunction with Fig. 1, access authentication with a CDMA 1x user who has registered at the EV-DO network (below abbreviate CDMA1x/EV-DO user U1 as) is an example, describes the access authentication method of EV-DO network of the present invention in detail.
As shown in Figure 1, the mode mobile terminal (AT) 10 with UIM card of CDMA 1x/EV-DO user U1 is set up EV-DO session (S10) with the Access Network (AN) 20 of EV-DO network.
Mode mobile terminal 10 is access authentication initiation PPP and the LCP negotiation (S20) of CDMA 1x/EV-DO user U1 with Access Network 20.
Access Network 20 is that CDMA 1x/EV-DO user U1 produces a random number, and this random number is sent to mode mobile terminal 10 (S30) by challenge message.
After receiving the challenge message of Access Network 20 transmissions, mode mobile terminal 20 produces the Access Network 20 that comprises in this challenge message for CDMA 1x/EV-DO user U1 random number sends to the UIM card of CDMA 1x/EV-DO user U1, CDMA 1x/EV-DO user U1 uses the random number of receiving, and the subscription authentication data of the CDMA 1x/EV-DO user U1 that stores in advance, that is: the IMSI International Mobile Subscriber Identity of user U1 (IMSI), share secure data (SSD) and subscriber identification module sign (UIMID) etc., produce an authenticating result based on built-in CAVE authentication arithmetic, and this authenticating result sent to mode mobile terminal 10, mode mobile terminal 10 sends to Access Network 20 (S40) by challenge responses message with the authenticating result of CDMA 1x/EV-DO user U1 then.
After Access Network 20 receives the challenge responses message of mode mobile terminal 10 transmissions, the authenticating result of the CDMA 1x/EV-DO user U1 that comprises based on this challenge responses message, and before be the random number that CDMA 1x/EV-DO user U1 produces, construct an access authentication request message, and this access authentication request message is sent to discriminating mandate accounting server (AN-AAA) 30 (S50).
After differentiating that mandate accounting server 30 is received the access authentication request message of Access Network 20 transmissions, at first detect the Access status word of CDMA 1x/EV-DO user U1, whether visited EV-DO network (S70) to judge CDMA1x/EV-DO user U1.
One, CDMA 1x/EV-DO user U1 visits the EV-DO network first
If judged result shows that CDMA 1x/EV-DO user U1 visits the EV-DO network first, then differentiate and authorize accounting server 30 that the Access Network 20 that the access authentication request message of receiving comprises is the random number of CDMA 1x/EV-DO user U1 generation and authentication request message of authenticating result formation of CDMA1x/EV-DO user U1, and this authentication request message sent in the CDMA 1x network corresponding attaching position register/AUC (HLR/AC) 40 (S80), execution in step S150 then.
Two, CDMA 1x/EV-DO user U1 visits the EV-DO network first
If judged result shows that CDMA 1x/EV-DO user U1 visits the EV-DO network first, then differentiate the failed authentication counter of authorizing accounting server 30 to detect CDMA 1x/EV-DO user U1, whether reach predetermined threshold value (S90) with the failed authentication number of times of judging CDMA 1x/EV-DO user U1.
If judged result shows that the failed authentication number of times of CDMA 1x/EV-DO user U1 reaches predetermined threshold value, then execution in step S230 that is: sends a message of refusing CDMA 1x/EV-DO user U1 access network to Access Network 20.
If judged result shows that the failed authentication number of times of CDMA 1x/EV-DO user U1 does not reach predetermined threshold value, then differentiate the authentication success counter of authorizing accounting server 30 to detect CDMA 1x/EV-DO user U1, whether reach predetermined threshold value (S100) based on the number of times that current shared secure data (SSD) carries out the access authentication success to judge CDMA 1x/EV-DO user U1.
2.1, share the secure data usage counter and reach predetermined threshold value
If judged result shows that CDMA 1x/EV-DO user U1 reaches predetermined threshold value based on the number of times that current shared secure data (SSD) carries out the access authentication success, execution in step S80 then, that is: differentiate that authorizing the Access Network 20 that comprises in the access authentication request message of accounting server 30 with described reception is that the random number of CDMA 1x/EV-DO user U1 generation and the authenticating result of CDMA 1x/EV-DO user U1 constitute an authentication request message, and this authentication request message is sent to the attaching position register/AUC (HLR/AC) 40 of CDMA 1x/EV-DO user U1 in the CDMA 1x network.
2.2, share the secure data usage counter and do not reach predetermined threshold value
If judged result shows that CDMA 1x/EV-DO user U1 does not reach predetermined threshold value based on the number of times that current shared secure data (SSD) carries out the access authentication success, then differentiate and authorize accounting server 30 from the CDMA 1x user's who the EV-DO network, has registered of storage subscription authentication data, the subscription authentication data (S110) of search CDMA 1x/EV-DO user U1.Then, differentiate to authorize accounting server 30 to use the subscription authentication data of described Access Network 20 as the random number of CDMA1x/EV-DO user U1 generation and the CDMA 1x/EV-DO user U1 that searches, produce the authenticating result (S120) of a network terminal based on the CAVE authentication arithmetic, and the authenticating result of the CDMA 1x/EV-DO user U1 that comprises in the access authentication request message of the authenticating result of this network terminal and described reception is compared (S130).
If comparative result shows two authenticating result and equates, then differentiate and authorize accounting server 30 to judge the success of CDMA 1x/EV-DO user U1 access authentication, the shared secure data usage counter of CDMA 1x/EV-DO user U1 is increased by 1 (S140), execution in step S220 that is: sends a message that allows CDMA 1x/EV-DO user U1 access network to Access Network 20 then.
If comparative result shows that two authenticating result are unequal, execution in step S80 then, that is: differentiate that authorizing the Access Network 20 that comprises in the access authentication request message of accounting server 30 with described reception is that the random number of CDMA 1x/EV-DO user U1 generation and the encrypted result of CDMA 1x/EV-DO user U1 constitute an authentication request message, and this authentication request message is sent to corresponding attaching position register/AUC (HLR/AC) 40 in the CDMA 1x network.
If receive the authentication request message of differentiating that mandate accounting server 30 sends in attaching position register/AUC (HLR/AC) 40 of CDMA 1x, then attaching position register/AUC (HLR/AC) 40 is at first from CDMA 1x user's the subscription authentication data of storage, the subscription authentication data of search CDMA 1x/EV-DO user U1, these subscription authentication data comprise at least: the IMSI International Mobile Subscriber Identity of user U1 (IMSI), share secure data (SSD) and subscriber identification module sign (UIMID) (S150), then, the Access Network 20 that uses this authentication request message to comprise is the random number of CDMA 1x/EV-DO user U1 generation and the subscription authentication data of the user U1 that searches, produce an authenticating result (S160) based on the CAVE authentication arithmetic, and the authenticating result of the CDMA1x/EV-DO user U1 that this authenticating result and this authentication request message are comprised compares (S170).If comparative result shows two authenticating result and equates, the shared secure data (SSD) that comprises based on the subscription authentication data of the user U1 that is searched then, construct an authentication success message, and this authentication success message is sent to discriminating mandate accounting server 30 (S180); If comparative result shows that two authenticating result are unequal, then authorize accounting server 30 to send failed authentication message (S190) to differentiating.
Differentiate and authorize accounting server 30 to receive the message that attaching position register/AUC 40 sends, if the message that receives is the authentication success message, then the shared secure data (SSD) that this authentication success message is comprised is stored as the shared secure data (SSD) of CDMA 1x/EV-DO user U1, and the authentication of CDMA 1x/EV-DO user U1 success counter is initialized as 0 (S200), whether the Access status of judging CDMA 1x/EV-DO user U1 simultaneously was for not visiting the EV-DO network, if do not visit the EV-DO network, then Access status is set to visit the EV-DO network, sends a message (S220) that allows CDMA1x/EV-DO user U1 access network to Access Network 20 then.If the message that receives is failed authentication message, then the failed authentication counter with CDMA 1x/EV-DO user U1 increases by 1 (S210), sends the message (S230) of a refusal CDMA 1x/EV-DO user U1 access network then to Access Network 20.
Access Network 20 receives differentiates the message of authorizing accounting server 30 to send, if the message of this reception is the message that allows CDMA 1x/EV-DO user U1 access network, then Access Network 20 sends an authentication success message (S240) to mode mobile terminal 10; If the message of this reception is the message of refusal CDMA 1x/EV-DO user U1 access network, then send a CHAP failed authentication message (S250) to mode mobile terminal 10.
Mode mobile terminal 10 receives the message that Access Network 20 sends, and this forwards is given the UIM card of CDMA 1x/EV-DO user U1.The message from mode mobile terminal 10 is received in the UIM clamping of CDMA 1x user U1, if this message is a CHAP failed authentication message, does not then insert EV-DO network (S260); If this message is a CHAP authentication success message, then insert EV-DO network (S270).
The access authentication method of the above-mentioned EV-DO of being used for network of the present invention both can use software mode to realize, also can use hardware mode, perhaps used the software and hardware combining mode to realize.
According to can forming as shown in Figure 2 of one embodiment of the present of invention to the hardware of discriminating mandate accounting server (AN-AAA) that carries out the EV-DO network of access authentication the CDMA of EV-DO network registry 1x user, wherein, identical with conventional communication networks parts are not shown in Figure 2.
As shown in Figure 2, differentiate and authorize accounting server (AN-AAA) 30, comprise: a memory cell 301, the subscription authentication data that are used to store the CDMA 1x user who registers at the EV-DO network, these subscription authentication data comprise at least the user IMSI International Mobile Subscriber Identity (IMSI), share secure data (SSD) and subscriber identification module identifies (UIMID); A plurality of failed authentication counters 303, wherein, each failed authentication counter is corresponding the CDMA of EV-DO network registration 1x user with one, is used to calculate this CDMA 1x user carries out the access authentication failure at the EV-DO network number of times; A plurality of authentication success counters 305, wherein, each authentication success counter is corresponding the CDMA of EV-DO network registration 1x user with one, is used to calculate this CDMA 1x user carries out the access authentication success based on the shared secure data of its current use number of times; A receiving element 307, be used to receive request that the Access Network (AN) 20 of EV-DO network sends to a message of carrying out access authentication at the CDMA of this network registration 1x user U1, this request message comprises a random number and the user U1 authenticating result based on this random number at least; A counting judging unit 309, be used to detect authentication success counter and the failed authentication counter of user U1, to judge that user U1 carries out the number of times of access authentication success based on the shared secure data of its current use and whether the number of times of failed authentication reaches predetermined threshold; A subscription authentication data capture unit 311, be used for when authentication success counter that judge to find user U1 and failed authentication counter all do not reach predetermined threshold value, from CDMA 1x user's the subscription authentication data of storage, the subscription authentication data of search subscriber U1; An authenticating unit 313 is used to utilize the subscription authentication data of random number that this request message comprises and the user U1 that searches, and produces the authenticating result of a network terminal based on the authentication arithmetic that is used for CDMA 1x user access authentication; An authenticating result judging unit 315, whether the authenticating result that is used for judging this network terminal equates with the authenticating result of the user U1 that this request message comprises; A transmitting element 317 is used for when judged result shows that these two authenticating result equate, sends a message that allows user U1 to insert this EV-DO network to Access Network 20; The authentication success counter 305 of user U1 is used for when judged result shows that these two authenticating result equate, calculating user U1 carries out the access authentication success once based on the shared secure data of its current use.
This is differentiated and authorizes accounting server (AN-AAA) 30, also comprise: transmitting element 317, be used for judging the authenticating result of finding described network terminal and be not equal to the authenticating result of user U1 when authenticating result judging unit 315, perhaps, counting judging unit 309 is judged when the authentication success counter of finding user U1 or failed authentication counter reach predetermined threshold value, send authentication is carried out in a request to user 1 authentication message to the attaching position register/AUC (HLR/AC) 40 of user U1 in CDMA 1x network, wherein, this authentication message comprises the random number that comprises in the described request message and the user U1 authenticating result based on this random number at least; Whether successful receiving element 307 be used to receive indication user U1 authentication that attaching position register/AUC (HLR/AC) 40 sends message;
If receiving element 307 is received the message of indication user U1 authentication success, wherein, this message comprises a shared secure data (SSD), and then: memory cell 301 is used for shared secure data storage that the message with the success of this indication user U1 authentication the comprises shared secure data for user U1; The authentication of user U1 success counter 305 is used for after shared secure data storage that memory cell 301 will indicate the message of user U1 authentication success to comprise is the shared secure data of user U1, and its count value of initialization is 0; Transmitting element 317 is used for sending a message that allows user U1 to insert this EV-DO network to Access Network 20;
If receiving element 307 is received the message of indication user U1 failed authentication, then: the failed authentication counter 303 of user U1 is used to calculate user U1 failed authentication once; Transmitting element 317 is used for sending the message that a refusing user's U1 inserts this EV-DO network to Access Network 20.
Beneficial effect
By above-mentioned in conjunction with the accompanying drawings to the detailed description of embodiments of the invention, therefrom as can be seen: owing to access authentication method that is used for the EV-DO network that proposes in the present invention and device, in the discriminating mandate accounting server (AN-AAA) of EV-DO network, increased the authentication arithmetic that is used for CDMA 1x user is carried out access authentication, and, each CDMA 1x user's who has also stored in the EV-DO network registration subscription authentication data are so the EV-DO network can be to carrying out access authentication the CDMA of this network registration 1x user.
In addition,, CDMA 1x user's UIM card is not done any change, therefore can not cause any inconvenience and loss the user owing to access authentication method that is used for the EV-DO network that proposes in the present invention and device; And, owing to only the discriminating mandate accounting server (AN-AAA) in the EV-DO network is carried out a spot of change, so improvement cost is very low.
It will be appreciated by those skilled in the art that the access authentication method and the device of the EV-DO of being used for network disclosed in this invention, can also on the basis that does not break away from content of the present invention, make various improvement.Therefore, protection scope of the present invention should be determined by the content of appending claims.
Claims (14)
1. the access authentication method of carrying out in the accounting server (AN-AAA) is authorized in a discriminating at the EV-DO network, comprises step:
(a) the CDMA 1x user's that registered at this EV-DO network of storage subscription authentication data, these subscription authentication data comprise at least the user IMSI International Mobile Subscriber Identity (IMSI), share secure data (SSD) and subscriber identification module identifies (UIMID);
(b) receive request that the Access Network (AN) of this EV-DO network sends to a message of carrying out access authentication the CDMA of this network registration 1x user, this request message comprises a random number and this user authenticating result based on this random number at least;
(c) according to this request message, from the CDMA 1x user's of described storage subscription authentication data, the subscription authentication data of searching for this user;
(d) utilize the subscription authentication data of random number that this request message comprises and this user who searches, produce the authenticating result of a network terminal based on the authentication arithmetic that is used for CDMA 1x user access authentication;
(e) whether this user's who comprises in the authenticating result of judging this network terminal and this request message authenticating result equates;
(f) if judged result shows these two authenticating result to be equated, then send a message that allows this user to insert this EV-DO network to this Access Network.
2. access authentication method as claimed in claim 1 wherein, also comprises step:
If judged result shows that described two authenticating result are unequal, then send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in CDMA 1x network, wherein, this authentication message comprises described random number and the described user authenticating result based on this random number at least;
If receive the message of the described subscription authentication success of indication that this attaching position register/AUC sends, then send a message that allows described user to insert this EV-DO network to described Access Network.
3. access authentication method as claimed in claim 2, wherein, the message of described indication subscription authentication success comprises a shared secure data, also comprises step:
The shared secure data storage that the message of described indication subscription authentication success is comprised is described user's a shared secure data.
4. access authentication method as claimed in claim 1 wherein, has distributed a counter that is used to calculate its failed authentication number of times for described user in this discriminating mandate accounting server, described step (b) further comprises:
Detect the number of times that described user's failed authentication counter calculated and whether reach predetermined threshold value;
If judged result shows that the number of times that described user's failed authentication counter is calculated does not reach predetermined threshold value, then from the subscription authentication data of described storage, search for described user's subscription authentication data.
5. access authentication method as claimed in claim 4 wherein, also comprises step:
If judged result shows that described two authenticating result are unequal, then send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in the CDMA1x network, wherein, this authentication message comprises described random number, described user's sign and authenticating result thereof at least;
If receive the described subscription authentication failure of indication that this attaching position register/AUC sends, then described user's failed authentication counter calculates described subscription authentication failure once.
6. access authentication method as claimed in claim 1, wherein, authorizing in the accounting server in this discriminating is that described user distributes an authentication success counter, is used to calculate the number of times that described user carries out the access authentication success based on current shared secure data, and described step (b) further comprises:
Detect the number of times that described user's authentication success counter calculated and whether reach predetermined threshold; And
If testing result shows the number of times that this authentication success counter is calculated and does not reach predetermined threshold, then from the subscription authentication data of described storage, search for described user's subscription authentication data,
Described step (f) also comprises:
Described user's authentication success counter calculates described user and carries out the access authentication success once based on current shared secure data.
7. access authentication method as claimed in claim 6 wherein, also comprises step:
If judged result shows that described two authenticating result are unequal, then send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in CDMA 1x network, wherein, this authentication message comprises described random number, described user's sign and authenticating result thereof at least;
Receive the message of the described subscription authentication success of indication of this attaching position register/AUC's transmission, wherein, this message comprises a shared secure data;
With the shared secure data storage that comprises in this message is described user's shared secure data;
The described user's of initialization authentication success counter.
8. the discriminating mandate accounting server (AN-AAA) of an EV-DO network comprises:
A memory cell, the subscription authentication data that are used to store the CDMA1x user who registers at this EV-DO network, these subscription authentication data comprise at least the user IMSI International Mobile Subscriber Identity (IMSI), share secure data (SSD) and subscriber identification module identifies (UIMID);
A receiving element, be used to receive request that the Access Network (AN) of this EV-DO network sends to a message of carrying out access authentication the CDMA of this network registration 1x user, this request message comprises a random number and this user authenticating result based on this random number at least;
A subscription authentication data capture unit is used for according to this request message, from the CDMA 1x user's of described storage subscription authentication data, and the subscription authentication data of searching for this user;
An authenticating unit is used to utilize the subscription authentication data of random number that this request message comprises and this user who searches, and produces the authenticating result of a network terminal based on the authentication arithmetic that is used for CDMA 1x user access authentication;
An authenticating result judging unit, whether the authenticating result that is used for judging this network terminal equates with this user's that this request message comprises authenticating result;
A transmitting element is used for when judged result shows that these two authenticating result equate, sends a message that allows this user to insert this EV-DO network to this Access Network.
9. discriminating mandate accounting server as claimed in claim 8, wherein,
Described transmitting element, also be used for when judged result shows that described two authenticating result are unequal, send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in CDMA 1x network, wherein, this authentication message comprises described random number and the described user authenticating result based on this random number at least;
Whether successful described receiving element also be used to receive the described subscription authentication of indication that this attaching position register/AUC sends message;
Described transmitting element also is used for sending a message that allows described user to insert this EV-DO network to described Access Network when receiving the message of the described subscription authentication success of indication.
10. discriminating mandate accounting server as claimed in claim 9, wherein, described indication subscription authentication success message comprises a shared secure data,
Described memory cell, also being used for the shared secure data storage that the message with described indication subscription authentication success comprises is described user's shared secure data.
11. discriminating mandate accounting server as claimed in claim 8 wherein, also comprises:
A failed authentication counter is used to calculate the number of times of described subscription authentication failure; And
A counting judging unit is used to detect the number of times that this failed authentication counter calculated and whether reaches predetermined threshold value,
Wherein, described subscription authentication data capture unit, also be used for when judged result shows that number of times that described user's failed authentication counter is calculated does not reach predetermined threshold value, from the described subscription authentication data of storage, the subscription authentication data of searching for described user.
12. discriminating mandate accounting server as claimed in claim 11, wherein,
Described transmitting element, also be used for when judged result shows that described two authenticating result are unequal, send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in CDMA 1x network, wherein, this authentication message comprises described random number and the described user authenticating result based on this random number at least;
Whether successful described receiving element also be used to receive the described subscription authentication of indication that this attaching position register/AUC sends message;
Described failed authentication counter is used for calculating described subscription authentication failure once when receiving indication subscription authentication failure.
13. discriminating mandate accounting server as claimed in claim 8 wherein, also comprises:
An authentication success counter is used to calculate described user carries out the access authentication success based on the shared secure data of its current use number of times; And
A counting judging unit is used to detect the number of times that this authentication success counter calculated and whether reaches predetermined threshold,
Wherein, described subscription authentication data capture unit also is used for when testing result shows that number of times that this authentication success counter is calculated does not reach predetermined threshold, from the described subscription authentication data of storage, and the subscription authentication data of searching for described user;
Described authentication success counter also is used for when described authenticating result judgment unit judges shows that described two authenticating result equate, calculates described user and carries out access authentication successfully once based on the shared secure data of its current use.
14. discriminating mandate accounting server as claimed in claim 13, wherein,
Described transmitting element, also be used for showing that when judged result described two authenticating result are unequal, perhaps, when described authentication success counter reaches predetermined threshold, send authentication is carried out in a request to described user authentication message to the attaching position register/AUC (HLR/AC) of described user in CDMA 1x network, wherein, this authentication message comprises described random number and the described user authenticating result based on this random number at least;
Described receiving element also is used to receive the message of the described subscription authentication success of indication that this attaching position register/AUC sends, and wherein, the message of this authentication success comprises a shared secure data;
Described memory cell, also being used for the shared secure data storage that the message with this authentication success comprises is described user's shared secure data;
Described authentication success counter also is used for after the shared secure data storage that the message with this authentication success comprises is described user's shared secure data its count value of initialization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100559943A CN100364262C (en) | 2004-08-04 | 2004-08-04 | Access discrimination method and device for EV-DO network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100559943A CN100364262C (en) | 2004-08-04 | 2004-08-04 | Access discrimination method and device for EV-DO network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1599315A CN1599315A (en) | 2005-03-23 |
| CN100364262C true CN100364262C (en) | 2008-01-23 |
Family
ID=34666205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100559943A Active CN100364262C (en) | 2004-08-04 | 2004-08-04 | Access discrimination method and device for EV-DO network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100364262C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100749745B1 (en) | 2005-09-23 | 2007-08-17 | 엘지전자 주식회사 | Mobile terminal and system for controlling an access to evdo system and method thereof |
| CN101009572B (en) * | 2006-01-24 | 2012-07-04 | 朗迅科技公司 | IMS budget control for media change in the IMS session period |
| CN101026506B (en) * | 2007-01-25 | 2011-05-25 | 中兴通讯股份有限公司 | Access network monitoring system and its realizing method |
| CN101964976B (en) * | 2009-07-21 | 2016-08-24 | 中兴通讯股份有限公司 | Terminal authentication method and base station |
| CN102404734B (en) * | 2010-09-13 | 2016-03-23 | 中国电信股份有限公司 | A kind of Shared Secret Data upgrades implementation method and system |
| CN102547686B (en) * | 2010-12-07 | 2015-03-04 | 中国电信股份有限公司 | M2M (Machine-to-Machine) terminal security access method and terminal and management platform |
| CN108024241B (en) * | 2016-10-31 | 2021-07-23 | 中国电信股份有限公司 | Terminal access authentication method, system and authentication server |
| CN106686594A (en) * | 2017-01-17 | 2017-05-17 | 北京首信科技股份有限公司 | EVDO network authentication method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000010287A1 (en) * | 1998-08-17 | 2000-02-24 | Gemplus | Method and device for authenticating with symmetrical algorithm |
| CN1291390A (en) * | 1998-01-27 | 2001-04-11 | Dsc电信有限合伙公司 | Method for dynamically updating cellular-phone-unique-encryption key |
-
2004
- 2004-08-04 CN CNB2004100559943A patent/CN100364262C/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1291390A (en) * | 1998-01-27 | 2001-04-11 | Dsc电信有限合伙公司 | Method for dynamically updating cellular-phone-unique-encryption key |
| WO2000010287A1 (en) * | 1998-08-17 | 2000-02-24 | Gemplus | Method and device for authenticating with symmetrical algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1599315A (en) | 2005-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2385661B1 (en) | Authentication in a mobile communications network | |
| US6427073B1 (en) | Preventing misuse of a copied subscriber identity in a mobile communication system | |
| US20040162998A1 (en) | Service authentication in a communication system | |
| US7224800B1 (en) | System and method for authentication of a roaming subscriber | |
| EP1758417B1 (en) | Authentication method | |
| AU782981B2 (en) | Fraud detection method for mobile telecommunication networks | |
| US10681546B2 (en) | Processing method for sim card equipped terminal access to 3GPP network and apparatus | |
| CN103039097B (en) | Method for establishing data security channel for tunnel | |
| CN101841812B (en) | Terminal legality verifying method and device and communication system | |
| CN102883320A (en) | WiFi (Wireless Fidelity) authentication method and system thereof | |
| EP1603361A1 (en) | A self-synchronizing authentication and key agreement protocol | |
| CN101577908A (en) | User equipment verification method, device identification register and access control system | |
| EP2340656A1 (en) | Secure negotiation of authentication capabilities | |
| CN101662768B (en) | Authenticating method and equipment based on user identification module of personal handy phone system | |
| CN100364262C (en) | Access discrimination method and device for EV-DO network | |
| WO2013185709A1 (en) | Call authentication method, device, and system | |
| KR101671188B1 (en) | Method and system for certificating universal subscriber identity module | |
| US20060192000A1 (en) | Method for authenticating RUIM card | |
| CN101730098B (en) | Femtocell authentication method, device and system | |
| KR100945138B1 (en) | System and method for limiting use of mobile communication terminal | |
| KR100723678B1 (en) | Method and System for Preventing Handset Replication in 1x EV-DO Packet Network | |
| CN102056171A (en) | Method, system and device for authentication of user card roaming in different networks | |
| EP1580936A1 (en) | Subscriber authentication | |
| CN108040349A (en) | Based on more virtual SIM card methods built in virtual SIM card | |
| WO2021213671A1 (en) | Technique for authenticating operators of wireless terminal devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20081219 Address after: No. 31, Finance Street, Beijing, Xicheng District Patentee after: China Telecom Co., Ltd. Address before: Beijing, Xidan, Xicheng District North Street, No. 133, China Unicom Technology Department Patentee before: China United Communication Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: CHINA TELECOMMUNICATIONS GROUP CO.,LTD. Free format text: FORMER OWNER: CHINA UNITED COMMUNICATION CO., LTD. Effective date: 20081219 |
|
| ASS | Succession or assignment of patent right |
Owner name: CHINA TELECOMMUNICATION CO., LTD. Free format text: FORMER OWNER: CHINA TELECOMMUNICATION GROUP CORP. Effective date: 20130318 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100032 XICHENG, BEIJING TO: 100033 XICHENG, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130318 Address after: 100033 Beijing Finance Street, No. 31, Xicheng District Patentee after: China Telecommunication Co., Ltd. Address before: 100032 Beijing Finance Street, No. 31, Xicheng District Patentee before: China Telecom Co., Ltd. |