CN1710982A - Interaction method for mobile terminal and network side in mobile communication system - Google Patents
Interaction method for mobile terminal and network side in mobile communication system Download PDFInfo
- Publication number
- CN1710982A CN1710982A CN200410048774.8A CN200410048774A CN1710982A CN 1710982 A CN1710982 A CN 1710982A CN 200410048774 A CN200410048774 A CN 200410048774A CN 1710982 A CN1710982 A CN 1710982A
- Authority
- CN
- China
- Prior art keywords
- portable terminal
- home system
- mobile
- authentication parameter
- clone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The method sets up and saves secret code of service at home system on network side in advance. When interaction between mobile terminal and network side is carried out, following steps are carried out: (1) through mobile exchange center on network side, mobile terminal sends authentication parameter to its home system; based on the parameter, the home system carries out authentication; if passed, the flow is continued; otherwise, access of the mobile terminal is rejected; (2) through mobile exchange center, the home system prompts user to input secret code of service; the home system determines whether the secret code is correct; if yes, authentication parameter stored in home system and in the mobile terminal is updated; otherwise, access is rejected, or the home system updates authentication parameter stored in mobile terminal, and then rejects its access. The invention prevents user from loss and invade caused by cloned mobile terminal.
Description
Technical field
The present invention relates to the interaction technique of mobile communcations system, relate in particular to the exchange method of portable terminal and network side in a kind of mobile communcations system.
Background technology
Along with the develop rapidly of mechanics of communication, increasing user brings into use portable terminals such as mobile phone (MS, Mobile Station) to carry out communication, and the convenient and swift of portable terminal brings great convenience for people's life.But, the phenomenon that portable terminal is cloned has appearred at present.For example, when the user keeps in repair mobile phone, subscriber identification module (SIM in user's mobile phone, User Identity Model) card is usually illegally cloned by illegal maintenance personal, this clone's SIM card another mobile phone of packing into, then this mobile phone will become the clone of former mobile phone, illegal molecule can be cloned the mobile phone free call on somebody else's expense through illegal means with this, bring enormous economic loss for thus real portable terminal telephone subscriber, and expose real portable terminal telephone subscriber's conversation privacy.
Portable terminal described here is the equipment that is used for identifying user in the mobile communcations system, and usually, clone's portable terminal is: the machine card integrated mobile phone that its intrinsic parameter is cloned, and perhaps for being furnished with the mobile phone of cloned subscriber identity module card.Described subscriber identify module card is subscriber identification module (UIM, User Identity Module) card in code division multiple access (CDMA) system, is subscriber identify module card in global system for mobile communications (GSM).
The illegal molecule that obtains clone's portable terminal can utilize this clone portable terminal access mobile communication network, thereby makes real mobile phone users suffer economic loss or be subjected to the infringement of right.For example: illegal molecule can directly use clone's machine card integrated mobile phone, maybe will clone the UIM/SIM card and be installed on the mobile phone, usurps user telephone fee and makes a phone call; And, after illegal molecule utilization clone portable terminal inserts mobile communication network, mobile communication network will be refused real portable terminal logging in network, thereby making that real mobile phone users can't be enjoyed should one's own conversation right, even can therefore bring massive losses to the user.Therefore, how to stop illegal use clone's portable terminal, become the problem that vast mobile phone users is concerned about gradually.
In the prior art, the solution that has a kind of prevention illegally to use clone's portable terminal to call out based on coded lock (SPINA), this scheme provides SPINA business for the mobile phone user: the user is at first signatory to activate the SPINA business, and by portable terminal or in the business hall of service provider password is set; When the user called out, the password that needs input to be provided with if password authentification is passed through, then deactivated the SPINA business, and the user can normal call, otherwise the SPINA business still is in state of activation, and the user cannot normal call.Because the illegal molecule of cloning portable terminal is not generally speaking known the password of former portable terminal, therefore by above-mentioned solution, can prevent that to a certain degree cloning portable terminal calls out, the interests of protection actual user.But such scheme can only protect call business not cloned the infringement of portable terminal, and can not protect called voice service, called short message service and data service; And such scheme uses inconvenient, and when the user used portable terminal to call out at every turn, all input password deactivation SPINA business just can be carried out normal call earlier.
Summary of the invention
In view of this, main purpose of the present invention provides the exchange method of portable terminal and network side in a kind of mobile communcations system, to stop since portable terminal caused damage and encroach on to the user by the clone.
To achieve these goals, technical scheme of the present invention specifically is achieved in that
The exchange method of portable terminal and network side in a kind of mobile communcations system, this method are provided with and preserve the service password of portable terminal in advance on the Home System of network side, when portable terminal and network side carry out comprising when mutual:
A, portable terminal send authentication parameter by the mobile switching centre of network side to Home System, Home System carries out authentication according to the authentication parameter of this portable terminal of the authentication parameter of receiving and self preservation, if authentication is passed through, then continue to carry out follow-up flow process, otherwise, the refusal connection of mobile terminal into network;
B, Home System are imported service password by the prompting user of mobile switching centre, and the operation that collects the digits, and obtain the service password of user's input;
C, Home System judge whether the service password of this portable terminal of self preserving is identical with the service password that the user who receives imports, if identical, the authentication parameter that then upgrades in the portable terminal to be preserved, and the authentication parameter after self preserving this renewal; Otherwise the refusal connection of mobile terminal into network perhaps upgrades the authentication parameter that portable terminal is preserved earlier, refuses connection of mobile terminal into network again.
Described method is provided with and preserves the history identification of portable terminal in advance on portable terminal and Home System, and after step a, further comprises before the step b:
A1, portable terminal send the history identification that this portable terminal is preserved by mobile switching centre to Home System;
A2, Home System judge whether the history identification of receiving is identical with the history identification of this portable terminal of self preserving, if it is identical, judge that then not having clone's portable terminal exists, and the history identification of being preserved in the renewal portable terminal, and the history identification of Home System after self preserving this renewal carried out normal interaction flow again; Otherwise judging has clone's portable terminal to exist, continue to carry out subsequent step, and in step c, further upgrade the history identification of being preserved in the portable terminal, and the history identification of Home System after self preserving this renewal.
After described step a2, before the step b, further comprise: location registers flow process and information indication flow process.
The method that described Home System upgrades the portable terminal history identification is:
By aerial parameter management OTAPA flow process, and utilize Diffie-Hellman to upgrade the history identification of portable terminal;
Perhaps, by short message, and utilize Diffie-Hellman to upgrade the history identification of portable terminal.
Described mobile communcations system is a CDMA systems, and described history identification is the value of call history counter;
Perhaps, described mobile communcations system is global system for mobile communications GSM, and described history identification is the sequence number SQN of described authentication parameter.
Among the step c,, then upgrade the authentication parameter that portable terminal is preserved, and self be provided with and there are sign in preservation and the pairing clone of this portable terminal if the service password that Home System self is preserved is inequality with the service password of user's input.And after step a, before the step b, further comprise: Home System judges that self whether preserving the clone corresponding with described portable terminal exists sign, if, then judging has clone's portable terminal to exist, and continues execution in step b, otherwise, judge that not cloning portable terminal exists, and continues to carry out normal interaction flow.
The method that described Home System upgrades the portable terminal authentication parameter is:
By the OTAPA flow process, and utilize Diffie-Hellman to upgrade the authentication parameter of portable terminal;
Perhaps, by short message, and utilize Diffie-Hellman to upgrade the authentication parameter of portable terminal.
Described mobile communcations system is CDMA, and described authentication parameter comprises top KI A_Key and shared secret data SSD at least.
Perhaps, described mobile communcations system is GSM, and described authentication parameter comprises subscriber authentication key KI at least.
Described portable terminal is: the mobile phone of being furnished with subscriber identification module UIM card among the CDMA, the mobile phone of being furnished with the subscriber identification module SIM card among the GSM, perhaps machine card integrated mobile phone.
Because whether method of the present invention can identify the active user according to the service password of portable terminal is real user, and clone's portable terminal was lost efficacy by the top KI that upgrades portable terminal, thereby stop of the infringement of illegal molecule utilization clone portable terminal to real mobile phone users rights and interests, improve the fail safe of mobile communication network, protected user's legitimate interests; Simultaneously, method of the present invention also is provided with history identification in the Home System of portable terminal and network side, and in each reciprocal process, upgrade this history identification, if portable terminal is cloned, then can cause the history identification in portable terminal and the mobile network appliance different, whether can fast and effeciently detect portable terminal is in view of the above cloned, if cloned, then further make its inefficacy, if do not cloned, normal service then is provided, therefore can goes out on the basis whether clone is arranged in fast detecting, user-friendly; In addition, owing to exchange method of the present invention can carry out in any business, so can protect user's miscellaneous service not cloned the infringement of portable terminal all sidedly.
Description of drawings
Fig. 1 is the flow chart of the embodiment of the invention one described portable terminal and network side exchange method;
Fig. 2 is the flow chart of the embodiment of the invention two described portable terminals and network side exchange method;
Fig. 3 is the flow chart of the embodiment of the invention three described portable terminals and network side exchange method;
Fig. 4 is a kind of flow chart of revising the portable terminal service password of the present invention.
Embodiment
Further specify implementation method of the present invention below in conjunction with the drawings and specific embodiments.
Mobile communcations system of the present invention can be code division multiple access (CDMA) system, also can be global system for mobile communications (GSM).Portable terminal of the present invention is a mobile phone of being furnished with UIM card or SIM card, perhaps machine card integrated mobile phone, the network side of mobile communcations system of the present invention comprises: mobile switching centre and Home System, wherein, mobile switching centre comprises mobile switching centre (MSC) and VLR Visitor Location Register (VLR), Home System comprises attaching position register (HLR), over the air, OTA functional entity (OTAF, Over-the-Air Service Provisioning Function) and AUC (AC, Authentication Center).
Current, network side judges that can a portable terminal pass through authentication, and the method for access network is on this basis: directly or indirectly relatively portable terminal whether send to the authentication parameter of this portable terminal of authentication parameter and network side self preservation of this portable terminal of network side identical, if it is identical, then pass through authentication, otherwise, can not pass through authentication, and the refusal connection of mobile terminal into network.
The authentication parameter of portable terminal and mobile terminal identification are stored on this portable terminal as the intrinsic parameter of portable terminal, wherein authentication parameter comprises international mobile terminal identification (IMSI, International MobileStation Identity), top KI and Electronic Serial Number (ESN, Electronic Serial Number) etc., in cdma system, described top KI is A_Key, in gsm system, described top KI is subscriber authentication key (Subscriber Authentication Key) KI, the intrinsic parameter of clone's portable terminal and the real portable terminal of being cloned is the same, in the prior art, the intrinsic parameter that portable terminal is preserved is constant all the time, therefore cause network side to think that clone's portable terminal is also legal, thereby for clone's portable terminal provides service, and the portable terminal that causes cloning has disguise, is difficult to be found.
The key of clone's portable terminal is to obtain the intrinsic parameter of portable terminal.At present, obtaining in the intrinsic parameter of portable terminal ESN, subscriber identify module card ID number, IMSI etc. eats dishes without rice or wine to transmit the mode of parameter and is: obtain to eat dishes without rice or wine to transmit parameter by the interception of eating dishes without rice or wine, perhaps can be by obtaining former portable terminal earlier, the parameter of eating dishes without rice or wine to transmit of the former portable terminal of reentrying; The mode that obtains the top KI of portable terminal is: obtain former portable terminal, the top KI of the former portable terminal of reentrying earlier.Certainly, also may be because the leakage of data of network side obtains the intrinsic parameter of portable terminal.In a word, no matter by which kind of mode,, just can implement the clone as long as illegal molecule obtains the intrinsic parameter of portable terminal.
Based on to the characteristic of above-mentioned mobile communications network and to the analysis of clone's portable terminal principle, the method for the invention can be divided three steps substantially:
1, detect whether there is clone's portable terminal, and the report testing result.
2, whether the portable terminal of the current access of identification is real portable terminal.
3, clone's portable terminal was lost efficacy.
At first, for performing step 1, the method for the invention in the Home System of portable terminal and network side, be provided with and preserve one identical, and all can upgrade the history identification of variation along with the each access network of portable terminal.The parameter of described history identification for changing, the value of call history counter (CallHistoryCount) that can system in cdma system is set to history identification, in GSM, the sequence number (SQN, Sequence Number) of authentication parameter can be set to history identification.History identification when clone's portable terminal can only obtain the intrinsic parameter of former portable terminal and carry out clone operations, an in case access network in former portable terminal and clone's the portable terminal, then Home System upgrades the history identification that self preserves with this portable terminal, thereby make the history identification of former portable terminal and clone's portable terminal inequality, therefore make illegal molecule can not accomplish to clone fully portable terminal.During connection of mobile terminal into network, send authentication parameter and this history identification to Home System, Home System is except judging that authentication parameter is whether identical with the authentication parameter of self preserving, judge also whether this history identification is identical with the history identification of self preserving, if identical, then judge not have clone's portable terminal, if inequality, then judge to have portable terminal, and give a warning.
For example: if former portable terminal access network at first, Home System can upgrade the history identification that self and former portable terminal are preserved, so when clone's connection of mobile terminal into network, because the history identification of clone's portable terminal is different with the history identification of Home System, then ownership will warn the clone that portable terminal exists.
If clone's portable terminal is access network at first, Home System can upgrade self and clone the history identification of portable terminal, so when former connection of mobile terminal into network, because the history identification that the history identification of former portable terminal and Home System are preserved is inconsistent, Home System will warn the clone that portable terminal exists.
Secondly, for performing step 2, the method of the invention sets in advance and preserves service password in Home System, this service password can not be kept in user's the portable terminal as the password of bank card, can only be preserved by the Home System and the user of network side, during connection of mobile terminal into network, the user imports this service password, and Home System judges by this service password correctness of checking whether the portable terminal of current access is real portable terminal.
At last, for performing step 3, the method of the invention is upgraded the authentication parameter of preserving in real portable terminal and the Home System that uses simultaneously in authentication process, the perhaps authentication parameter of new clone portable terminal more only can't pass through authentication thereby make the DCRP portable terminal because self authentication parameter is different with the authentication parameter in the Home System.
In order to increase clone's difficulty, hinder illegal molecule time cloning and use portable terminal again, must comprise top KI in the above-mentioned authentication parameter that upgrades, because top KI can't obtain by the interception of eating dishes without rice or wine.The lawless person will seek out the top KI after the renewal, must obtain former portable terminal once more, could clone the top KI after upgrading then; Perhaps, the lawless person will seek out the top KI of former portable terminal, also must obtain former portable terminal once more, could clone former top KI then.
Perhaps, for performing step 3, also renewable above-mentioned history identification, behind clone's connection of mobile terminal into network, Home System can require to discern the true and false of clone's portable terminal because of the difference of history identification, promptly requires clone's mobile phone users input service password, if service password is different with the service password that Home System is preserved, then refuse this clone's connection of mobile terminal into network, and illegal molecule is not generally known service password, clone's portable terminal was lost efficacy.
Be example with the exchange method between portable terminal in cdma system and the network side below, three kinds of embodiment of the method for the invention are described.
Embodiment one:
Present embodiment has been described portable terminal and carried out mutual method for tackling the clone with network side under the situation of carrying out location registers, and as shown in Figure 1, the idiographic flow of present embodiment comprises:
Behind step 101, the mobile terminal-opening, send the value of position registering and authentifying request and call history counter to the mobile switching centre of network side.
Contain the intrinsic parameter in the portable terminal in the described authentication request, comprising: the sign of portable terminal and authentication parameter.Wherein, authentication parameter comprises top KI A_Key, IMSI, ESN, shared secret data parameters such as (SSD).Described SSD is the authentication parameter that generates according to A_Key, and this SSD is peculiar by CDMA, this SSD not in the GSM network.
Step 102, mobile switching centre send the value of authentication request AUTHREQ and call history counter to the Home System of network side.Contain the authentication parameter in the portable terminal among this authentication request AUTHREQ.
Step 103, Home System carry out normal authorizing procedure according to the authentication parameter that comprises among the authentication request AUTHREQ, if not by authentication, then refuse this portable terminal access to mobile network; If pass through authentication, then return normal authentication request response authreq to mobile switching centre, inform that mobile switching centre's authentication passes through, and read the value of the call history counter of this portable terminal of self preserving according to mobile terminal identification, relatively whether the value of the call history counter of portable terminal is identical with the value of the call history counter of this portable terminal of self preserving, if it is identical, then judge and do not clone portable terminal, initiate known aerial parameter management (OTAPA) flow process, upgrade the value of the call history counter of portable terminal preservation, the value of the call history counter in Home System after this renewal of preservation, and after continuing execution in step 104 and step 105, carry out normal interaction flow; Otherwise judging has clone's portable terminal, continues execution in step 104.
Step 104, mobile switching centre initiate position register request REGNOT.
After step 105, Home System carry out location registers, return normal location registers response regnot to mobile switching centre.
Above-mentioned steps 104 and step 105 are the location registers flow process, can carry out location registers to portable terminal.
Because current mobile terminal is not carried out active call or is called out when location registers, also do not set up a Traffic Channel that is used to communicate by letter between this portable terminal and network side, whether and next will discern current mobile terminal is the clone, need the user to import service password, therefore need between portable terminal and network side, set up a Traffic Channel, be used for transmitting coherent signal.Following steps 106 are set up flow process to the described channel of step 109 and are used to set up this Traffic Channel.
Step 106, Home System send information indication request INFOFWD to mobile switching centre, and indication mobile switching centre sets up Traffic Channel.
Step 107, mobile switching centre send bell signal to portable terminal, and set up Traffic Channel.
Step 108, portable terminal send the ring answer signal to mobile switching centre, and Traffic Channel is successfully set up and connected.
Step 109, mobile switching centre are to Home System return information indication request response infofwd, and the expression Traffic Channel is successfully set up and connected, and so far, the portable terminal and the network equipment can transmit coherent signal by Traffic Channel.
Step 110, Home System start the playback identification process that collects the digits, send remote subscriber control request RUIDIR by Traffic Channel to mobile switching centre, comprise playback information in this RUIDIR request, be used to indicate mobile phone users input service password, such as, playback can be: " this card may be replicated, and please import service password and confirm your identity, otherwise ask on-hook ".
Step 111, mobile switching centre send above-mentioned playback information by Traffic Channel to portable terminal, and the operation that begins to collect the digits, and portable terminal is to the mobile phone users playback.
Step 112, portable terminal obtain the password of user's input, and send this service password by Traffic Channel to mobile switching centre.
Step 113, mobile switching centre be by the service password of the operation mobile terminal receive input that collects the digits, by Traffic Channel and utilize remote subscriber control request response ruidir to send described service password to Home System.
Step 114, Home System read the service password of this portable terminal of self preserving according to the sign of portable terminal, and whether the service password of judging user's input of receiving is identical with the service password of this portable terminal of self preserving, if it is identical, judge that then this portable terminal is real portable terminal, and carry out next step 115, clone's portable terminal was lost efficacy; Otherwise, judge the portable terminal of this portable terminal for the clone, initiate the OTAPA flow process and upgrade the value of top KI A_Key, shared secret data (SSD) and the call history counter of this clone's portable terminal, self preserves the value of the call history counter after upgrading, but self do not preserve A_Key and SSD after the renewal, and directly initiate cancel location message, disconnect the communication of portable terminal and network mobile switching centre and Home System, process ends.
Step 115, Home System are initiated known OTAPA flow process, and utilize Diffie-Hellman to upgrade the A_Key that portable terminal is preserved, and the A_Key after self preserving this renewal.
Step 116, Home System are initiated known OTAPA flow process once more, upgrade portable terminal shared secret data (SSD) according to the A_Key after upgrading, upgrade the value of the call history counter of portable terminal simultaneously, and preserve the SSD after the described renewal and upgrade after the value of call history counter.
The method of the invention also can be by known short message way, and utilizes Diffie-Hellman to upgrade A_Key, the SSD of portable terminal and the value of call history counter.
The foregoing description one for portable terminal under the situation of location registers in order to tackle a kind of exchange method of clone's portable terminal and network side, following embodiment two for when portable terminal under the situation of non-location registers in order to tackle the exchange method of clone's portable terminal and network side.
Embodiment two:
As shown in Figure 2, among the embodiment two, because portable terminal is active call or called process under the situation of non-location registers, portable terminal has just been set up Traffic Channel when active call or quilt calling, do not need the special flow process of setting up Traffic Channel, therefore the flow process of present embodiment two is compared with the flow process of embodiment one, in step 101, only send the value of authentication request and historical counter, and cancelled step 104 and indicated flow process to the information of step 109, be that canceling position registering flow path and channel are set up flow process, other step is identical with the step of embodiment one, is after execution of step 103, directly execution in step 110.
Among the foregoing description one and the embodiment two, the Home System elder generation of network side judges according to the value of the call history counter of portable terminal whether portable terminal is cloned, if do not cloned then carried out normal interaction flow, if cloned, then whether the portable terminal of discerning current access network according to service password is real portable terminal, if then clone's portable terminal was lost efficacy by the authentication parameter that upgrades portable terminal and Home System simultaneously; Otherwise, only upgrade the authentication parameter of this clone's portable terminal, make its inefficacy.
In addition, clone's portable terminal might be swindled Home System in the OTAPA flow process, for example: clone's portable terminal does not upgrade top KI, upgrades successful message but return top KI to Home System, thereby in afterwards mutual, can continue by the authentication access network.In order to prevent to clone portable terminal swindle Home System, the method of the invention is in above-mentioned steps 114, the angelica system judges current mobile terminal and is clone's portable terminal, and after upgrading the top KI and call history counter that portable terminal preserves, further clone's existence sign is being set self, this clone's existence is designated an additional identification, corresponding preservation with the sign of described portable terminal.Home System carries out when mutual with portable terminal afterwards, after authentication is passed through, judge according to the sign of portable terminal whether this portable terminal has corresponding clone to have sign, if have, then directly initiate the playback identification process that collects the digits, obtain the service password of user's input, judge according to this service password whether portable terminal is the clone again.Can prevent to clone the right that portable terminal is invaded the user so fully.
If the user suspects that the portable terminal of oneself is cloned, then can initiatively initiate to make the flow process of clone's portable terminal inefficacy, promptly directly realize above-mentioned step 2 and step 3, initiatively upgrade the authentication parameter of portable terminal, its idiographic flow is referring to following examples three.
Embodiment three:
The embodiment three main portable terminals of describing initiatively initiate to make the flow process of cloning the portable terminal inefficacy, and as shown in Figure 3, present embodiment specifically may further comprise the steps:
Step 301, portable terminal are initiated the operation requests flow process, by dialing the particular opcode that A_Key is upgraded in expression, to the transmit operation request Feature of mobile switching centre, and set up Traffic Channel, comprise the sign and the authentication parameters such as A_Key, IMSI, ESN and SSD of described particular opcode and this portable terminal in this operation requests.
Step 302, mobile switching centre send authentication request AUTHREQ to Home System, comprising the sign of authentication parameter such as A_Key, IMSI, ESN and SSD and portable terminal.
Step 303, Home System carry out normal authorizing procedure according to the authentication parameter that comprises in the authentication request, if not by authentication, then refuse this portable terminal access to mobile network, process ends; If by authentication, then return normal authentication request response authreq to mobile switching centre.
Step 304, mobile switching centre comprise in this operation requests to Home System transmit operation request FEATURE: the particular opcode of A_Key is upgraded in expression.
Command code in step 305, the home system identification operation requests, start the playback identification process that collects the digits, send remote subscriber control request RUIDIR by Traffic Channel to mobile switching centre, comprise playback information among this RUIDIR, this playback information is used to remind the user to import service password, can be " it is professional that you have enabled anti-clone, please import service password and finish by #, otherwise ask on-hook " such as this playback information.
Step 306, mobile switching centre send playback information by Traffic Channel to portable terminal, and the operation that begins to collect the digits, and portable terminal is to the mobile phone users playback.
Step 307, portable terminal obtain the service password of user's input, and send this service password by Traffic Channel to mobile switching centre.
Step 308, mobile switching centre be by the service password of the operation mobile terminal receive input that collects the digits, by Traffic Channel and utilize remote subscriber control request response ruidir to transmit the service password of user's input to Home System.
Step 309, Home System read the service password of this portable terminal of self storing according to the sign of portable terminal, judge whether service password that mobile switching centre sends is identical with the service password of this portable terminal of self storage, if it is identical, judge that then current mobile terminal is real portable terminal, continue to carry out next step; Otherwise, judge that current mobile terminal is clone's portable terminal, execution in step 312.
Step 310, Home System are initiated the OTAPA flow process, utilize Diffie-Hellman to upgrade the A_Key of portable terminal, and preserve the A_Key after this renewal.
Step 311, Home System are initiated the OTAPA flow process once more, upgrade SSD.
Step 312, Home System are to the back operations request response feature of mobile switching centre, if the described OTAPA flow performing success of step 310 and step 311, then comprise the successful information of sign operation among this feature, otherwise, comprise the information that identifies operation failure among this feature.
Described the method that portable terminal can initiatively make clone's portable terminal lose efficacy in the foregoing description three, whether a wherein crucial step is correct for checking user's service password.But,, and obtained the service password of this portable terminal if illegal molecule has not only been cloned portable terminal, then can cause incalculable damage, therefore, the invention also discloses a kind of method of revising the portable terminal service password to portable terminal, as shown in Figure 4, its idiographic flow is:
Step 401, portable terminal are initiated the operation requests flow process, by dialing the particular opcode that service password is revised in expression, to the transmit operation request Feature of mobile switching centre, and set up Traffic Channel, comprise the authentication parameter such as A_Key, IMSI, ESN and SSD of particular opcode and this portable terminal and the sign of this portable terminal in this operation requests.
Step 402, mobile switching centre send authentication request AUTHREQ to Home System, comprising the sign of authentication parameter such as A_Key, IMSI, ESN and SSD and this portable terminal.
Step 403, Home System carry out normal authorizing procedure according to the parameter that comprises in the authentication request, if not by authentication, then refuse this portable terminal access to mobile network, process ends; If by authentication, then return normal authentication request response authreq to mobile switching centre.
Step 404, mobile switching centre comprise in this operation requests to Home System transmit operation request FEATURE: the command code of service password is revised in request.
Command code in step 405, the home system identification operation requests, start the playback flow process that collects the digits, send remote subscriber control request RUIDIR by Traffic Channel to mobile switching centre, comprise playback information among this RUIDIR, this playback information is used to remind the user to import old service password, can be " you have enabled password and have revised professionally, please import old service password and finish by #, otherwise ask on-hook " such as this playback information.
Step 406, mobile switching centre send playback information by Traffic Channel to portable terminal, and the operation that begins to collect the digits, and portable terminal is to the mobile phone users playback.
Step 407, portable terminal obtain the old service password of user's input, and send this old service password by Traffic Channel to mobile switching centre.
Step 408, mobile switching centre receive the old service password that the user imports by the operation that collects the digits, and by Traffic Channel, and utilize remote subscriber control request response ruidir to transmit the old service password of user's input to Home System.
Step 409, Home System read the old service password of this portable terminal of self storing according to the sign of portable terminal, judge whether old service password that mobile switching centre sends is identical with the old service password of this portable terminal of self storage, if identical, then continue to carry out next step; Otherwise, judge service password modification failure, execution in step 415.
Step 410, Home System are initiated the playback flow process that collects the digits once more, send remote subscriber control request RUIDIR to mobile switching centre, comprise playback information among this RUIDIR, this playback information is used to remind the user to import new service password, can be " please import new service password and finish, otherwise ask on-hook " such as this playback information by #.
Step 411, mobile switching centre send playback information by Traffic Channel to portable terminal, and the operation that begins to collect the digits, and portable terminal is to user's playback.
Step 412, portable terminal obtain the new service password of user's input, and send this new service password by Traffic Channel to mobile switching centre.
Step 413, mobile switching centre receive the new service password that the user imports by the operation that collects the digits, and by Traffic Channel, and utilize remote subscriber control request response ruidir to transmit the new service password of user's input to Home System.
Step 414, Home System utilize this new service password to upgrade the old service password of this portable terminal of self storing.
Step 415, Home System are to the back operations request response feature of mobile switching centre, if service password is revised successfully, then this feature comprises the information that operation is successful; Otherwise the information that comprises operation failure among this feature.
By the described flow process of Fig. 4, mobile phone users can be revised the service password of portable terminal at any time, thereby protects the legitimate interests of oneself to greatest extent.
In addition, because exchange method of the present invention is not subjected to concrete professional restriction, can in any business, use, so can protect user's miscellaneous service not cloned the infringement of portable terminal all sidedly.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.
Claims (10)
1, the exchange method of portable terminal and network side in a kind of mobile communcations system is characterized in that, is provided with and preserves the service password of portable terminal in advance on the Home System of network side, and when portable terminal and network side carry out when mutual, this method comprises:
A, portable terminal send authentication parameter by the mobile switching centre of network side to Home System, Home System carries out authentication according to the authentication parameter of this portable terminal of the authentication parameter of receiving and self preservation, if authentication is passed through, then continue to carry out follow-up flow process, otherwise, the refusal connection of mobile terminal into network;
B, Home System are imported service password by the prompting user of mobile switching centre, and the operation that collects the digits, and obtain the service password of user's input;
C, Home System judge whether the service password of this portable terminal of self preserving is identical with the service password that the user who receives imports, if identical, the authentication parameter that then upgrades in the portable terminal to be preserved, and the authentication parameter after self preserving this renewal; Otherwise the refusal connection of mobile terminal into network perhaps upgrades the authentication parameter that portable terminal is preserved earlier, refuses connection of mobile terminal into network again.
2, the method for claim 1 is characterized in that, this method further comprises: be provided with and preserve the history identification of portable terminal in advance on portable terminal and Home System, and after step a, further comprise before the step b:
A1, portable terminal send the history identification that this portable terminal is preserved by mobile switching centre to Home System;
A2, Home System judge whether the history identification of receiving is identical with the history identification of this portable terminal of self preserving, if it is identical, judge that then not having clone's portable terminal exists, and the history identification of being preserved in the renewal portable terminal, and the history identification of Home System after self preserving this renewal carried out normal interaction flow again; Otherwise judging has clone's portable terminal to exist, continue to carry out subsequent step, and in step c, further upgrade the history identification of being preserved in the portable terminal, and the history identification of Home System after self preserving this renewal.
3, method as claimed in claim 2 is characterized in that, after described step a2, before the step b, further comprises: location registers flow process and information indication flow process.
4, method as claimed in claim 2 is characterized in that, the method that described Home System upgrades the portable terminal history identification is:
By aerial parameter management OTAPA flow process, and utilize Diffie-Hellman to upgrade the history identification of portable terminal;
Perhaps, by short message and utilize Diffie-Hellman to upgrade the history identification of portable terminal.
5, as claim 2 or 4 described methods, it is characterized in that,
Described mobile communcations system is a CDMA systems, and described history identification is the value of call history counter;
Perhaps, described mobile communcations system is global system for mobile communications GSM, and described history identification is the sequence number SQN of described authentication parameter.
6, the method for claim 1, it is characterized in that, in step c, if the service password of the service password that Home System self is preserved and user's input is inequality, when then Home System upgrades the authentication parameter that portable terminal preserves, there is sign self being provided with and preserving the clone corresponding with this portable terminal.
7, method as claimed in claim 6, it is characterized in that, after step a, before the step b, further comprise: Home System judges that self whether preserving the clone corresponding with described portable terminal exists sign, if, then judging has clone's portable terminal to exist, and continues execution in step b, otherwise, judge that not cloning portable terminal exists, and continues to carry out normal interaction flow.
As claim 1 or 6 described methods, it is characterized in that 8, the method that described Home System upgrades the portable terminal authentication parameter is:
By aerial parameter management OTAPA flow process, and utilize Diffie-Hellman to upgrade the authentication parameter of portable terminal;
Perhaps, by short message and utilize Diffie-Hellman to upgrade the authentication parameter of portable terminal.
As claim 1 or 6 described methods, it is characterized in that 9, described mobile communcations system is CDMA, and described authentication parameter comprises top KI A_Key and shared secret data SSD at least.
Perhaps, described mobile communcations system is GSM, and described authentication parameter comprises subscriber authentication key KI at least.
10, as claim 1,2,4,6 or 7 described methods, it is characterized in that, described portable terminal is: the mobile phone of being furnished with subscriber identification module UIM card among the CDMA, the mobile phone of being furnished with the subscriber identification module SIM card among the GSM, perhaps machine card integrated mobile phone.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100487748A CN100415032C (en) | 2004-06-18 | 2004-06-18 | Interaction method for mobile terminal and network side in mobile communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100487748A CN100415032C (en) | 2004-06-18 | 2004-06-18 | Interaction method for mobile terminal and network side in mobile communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1710982A true CN1710982A (en) | 2005-12-21 |
| CN100415032C CN100415032C (en) | 2008-08-27 |
Family
ID=35707140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100487748A Expired - Fee Related CN100415032C (en) | 2004-06-18 | 2004-06-18 | Interaction method for mobile terminal and network side in mobile communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100415032C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008049376A1 (en) * | 2006-10-25 | 2008-05-02 | Huawei Technologies Co., Ltd. | Processing location update request method, network entity, congestion control method and apparatus |
| CN101707771A (en) * | 2009-11-17 | 2010-05-12 | 中兴通讯股份有限公司 | Network authentication system and method for network side receiving terminal access |
| CN101203038B (en) * | 2006-12-13 | 2010-10-13 | 华为技术有限公司 | Method for processing location updating request and network entity |
| CN101895880A (en) * | 2010-08-11 | 2010-11-24 | 华为技术有限公司 | Method, system and device for establishing data service connection |
| CN101835150B (en) * | 2010-02-09 | 2013-01-30 | 华为技术有限公司 | Method, device and system for updating shared enciphered data |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI102499B1 (en) * | 1997-03-10 | 1998-12-15 | Nokia Telecommunications Oy | Search for copied SIM cards |
| WO1998041044A2 (en) * | 1997-03-14 | 1998-09-17 | Northern Telecom Inc. | Method and apparatus for network initiated parameter updating |
| KR100315641B1 (en) * | 1999-03-03 | 2001-12-12 | 서평원 | Mutual Authentication Method Of Mobile Station And System For OTAPA |
| KR100293944B1 (en) * | 1998-04-17 | 2001-07-12 | 윤종용 | User identification method in mobile communication system |
| CN1434626A (en) * | 2002-01-25 | 2003-08-06 | 英业达集团(上海)电子技术有限公司 | Theft-proof device and method for mobile telephone |
-
2004
- 2004-06-18 CN CNB2004100487748A patent/CN100415032C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008049376A1 (en) * | 2006-10-25 | 2008-05-02 | Huawei Technologies Co., Ltd. | Processing location update request method, network entity, congestion control method and apparatus |
| CN101203038B (en) * | 2006-12-13 | 2010-10-13 | 华为技术有限公司 | Method for processing location updating request and network entity |
| CN101707771A (en) * | 2009-11-17 | 2010-05-12 | 中兴通讯股份有限公司 | Network authentication system and method for network side receiving terminal access |
| WO2010148872A1 (en) * | 2009-11-17 | 2010-12-29 | 中兴通讯股份有限公司 | Network authentication system and terminal access method |
| CN101707771B (en) * | 2009-11-17 | 2014-03-12 | 中兴通讯股份有限公司 | Network authentication system and method for network side receiving terminal access |
| CN101835150B (en) * | 2010-02-09 | 2013-01-30 | 华为技术有限公司 | Method, device and system for updating shared enciphered data |
| CN101895880A (en) * | 2010-08-11 | 2010-11-24 | 华为技术有限公司 | Method, system and device for establishing data service connection |
| CN101895880B (en) * | 2010-08-11 | 2012-09-19 | 华为技术有限公司 | Method, system and device for establishing data service connection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100415032C (en) | 2008-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7949329B2 (en) | Network support for mobile handset anti-virus protection | |
| CN1285235C (en) | Method and system of preventing handset from theft by using international id code of mobile facilities | |
| KR101536489B1 (en) | Authentication of access terminal identities in roaming networks | |
| EP2196045B1 (en) | System and method for protecting data in wireless devices | |
| CN1134204C (en) | Substriber validation method in cellular communication system | |
| CN101189859B (en) | Wireless communication network security method and system | |
| CN1157982C (en) | A security procedure in universal mobile telephone service | |
| KR101187457B1 (en) | Method for providing smart cardsim security by checking a temporary subscriber identifiertmsi | |
| CN1829365A (en) | User recognition module and method capable of realizing mobile terminal area locking | |
| CN1913679A (en) | Protection method and system for preventing fraudulent use of mobile terminal | |
| EP2578005A1 (en) | Method and systems for the management of non volatile items and provisioning files for a communication device with multiple service accounts | |
| CN1215293A (en) | Communication controller and radio communication system | |
| CN104080148A (en) | Method and device for achieving rapid network connection | |
| EP3675541B1 (en) | Authentication method and device | |
| CN1889773A (en) | Mobile phone virtus examining and protecting method and system based on base station | |
| Rao et al. | Unblocking stolen mobile devices using SS7-MAP vulnerabilities: Exploiting the relationship between IMEI and IMSI for EIR access | |
| CN1940955A (en) | System and method for registering entities for code signing services | |
| CN101711023B (en) | Method and system for realizing interlocking of phone and card | |
| CN102158846B (en) | Mobile terminal and network locking method thereof | |
| US20030220094A1 (en) | Mobile equipment theft deterrent system and method | |
| CN1940956A (en) | System and method for providing code signing services | |
| CN1241129C (en) | Equipment control system | |
| EP2293218B1 (en) | A chip card, an electronic system, a method being implemented by a chip card and a computer program product | |
| CN104239790B (en) | Treatment method of virus and device | |
| CN1710982A (en) | Interaction method for mobile terminal and network side in mobile communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080827 Termination date: 20130618 |