HK1207233B - Communication control apparatus, authentication device, central control apparatus and communication system - Google Patents
Communication control apparatus, authentication device, central control apparatus and communication system Download PDFInfo
- Publication number
- HK1207233B HK1207233B HK15107543.0A HK15107543A HK1207233B HK 1207233 B HK1207233 B HK 1207233B HK 15107543 A HK15107543 A HK 15107543A HK 1207233 B HK1207233 B HK 1207233B
- Authority
- HK
- Hong Kong
- Prior art keywords
- authentication
- setting information
- communication control
- attribute
- unit
- Prior art date
Links
Abstract
本申请提供一种通信控制装置、鉴权装置、中心控制装置及通信系统,该通信控制装置对设置于移动终端的用于进行移动用户身份鉴权的鉴权装置进行控制,以使该移动终端选择不同运营商网络进行通信,该通信控制装置具有:第一获取单元,其获取鉴权装置的识别信息;第一认证单元,其将识别信息发送给服务器,以便服务器进行身份认证;第二获取单元,其获取来自服务器的会话密钥,以及经会话密钥加密的属性设置信息;第一发送单元,其用于将会话密钥和加密的属性设置信息发送给鉴权装置,以便鉴权装置通过解密得到属性设置信息,并根据属性设置信息来设置鉴权装置的运营商属性。本申请能帮助使用者自主改写鉴权装置,以选择使用运营商的网络服务。The present application provides a communication control device, an authentication device, a central control device, and a communication system. The communication control device controls an authentication device installed in a mobile terminal for performing mobile user identity authentication, so that the mobile terminal selects different operator networks for communication. The communication control device comprises: a first acquisition unit, which acquires identification information of the authentication device; a first authentication unit, which sends the identification information to a server so that the server can perform identity authentication; a second acquisition unit, which acquires a session key from the server and attribute setting information encrypted with the session key; and a first sending unit, which is used to send the session key and the encrypted attribute setting information to the authentication device, so that the authentication device obtains the attribute setting information by decryption and sets the operator attributes of the authentication device according to the attribute setting information. The present application can help users independently rewrite the authentication device to select the network services of the operator.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication control apparatus, an authentication apparatus, and a central control apparatus.
Background
A Subscriber Identity Module (SIM) card, which is a device for implementing authentication of mobile subscriber identity, and the SIM card of each subscriber needs to be written with different number data by an operator, so that the SIM card can be uniquely identified and accessed by a network after logging in a mobile network.
A common method for writing number data into an SIM card is remote card writing, which is an operation in which an operator issues data to a point-of-sale (POS) terminal through a remote server during an operation process when a user opens an account, and then writes number data into the SIM card in real time by using a card writer.
In the prior art, a SIM film card technology exists, which is to add a layer of bridging film card with bidirectional Input and Output (IO) processing capability between a mobile phone SIM card and a mobile phone SIM card slot, so as to implement a customized extension function by having a programmable film card on the basis of ensuring normal interaction of commands between the mobile phone and the SIM card. Common extended functions include subscriber identity application development tool (STK) extension to SIM cards, Over-The-Air (OTA) update applications, and The like.
It should be noted that the above background description is only for the convenience of clear and complete description of the technical solutions of the present application and for the understanding of those skilled in the art. Such solutions are not considered to be known to the person skilled in the art merely because they have been set forth in the background section of the present application.
Disclosure of Invention
The inventor of the present application found that in the prior art, for remote card writing, additional card writing hardware equipment is required for support, and the user needs to go to the business hall to be handled by the agent. Therefore, the conventional method for writing number data has the following problems in practical application:
1) due to the existence of monopoly factors, foreign operators cannot simply write and issue cards for users at home through the technology;
2) because of the limitation of hardware, special SIM cards and the like, the SIM cards can only be issued indirectly for users, and the users cannot independently and quickly complete the operations of writing and clearing the SIM cards and the like, and cannot independently customize and replace operators and services;
3) the design of the technology and the corresponding system is based on the single-party operation of each operator instead of a third-party public platform, so that multi-operator service sharing cannot be quickly provided for a user on one SIM card through modes of multi-number writing, number switching of different operators and the like, or number information is rewritten to realize the exit of an old operator and the joining of a new operator.
Thus, the above three problems increase the cost and inconvenience of network operators and mobile network users.
In addition, for the SIM film card technology, the prior art mainly attaches the SIM film card to the surface of the SIM card in the form of a film, and combines the use to realize the STK extension of the ordinary SIM card, so the SIM film card mainly plays a role of assisting the SIM card, and the SIM film card is less allowed to realize the user identification and network access functions equivalent to those of the SIM card and to be expanded in application.
The embodiment of the application provides a communication control device, an authentication device, a central control device and a communication system, wherein the central control device authenticates the authentication device and issues attribute setting information, and controls the authentication device through the communication control device, so that the authentication device sets the attribute of the authentication device according to the attribute setting information, and the mobile terminal can select different operator networks for communication.
According to an aspect of the embodiments of the present application, there is provided a communication control apparatus for controlling an authentication apparatus for authenticating a mobile subscriber identity, the authentication apparatus being provided in a mobile terminal, so that the mobile terminal can select different operator networks for communication, the communication control apparatus comprising:
a first acquisition unit configured to acquire identification information of the authentication apparatus;
a first authentication unit, configured to send the identification information to a server, so that the server performs identity authentication on the authentication device;
a second acquisition unit for acquiring a session key from a server, and attribute setting information encrypted by the session key; and
a first sending unit, configured to send the session key and the encrypted attribute setting information to the authentication device, so that the authentication device obtains the attribute setting information through decryption, and sets an operator attribute of the authentication device according to the attribute setting information, where the attribute setting information at least includes an International Mobile Subscriber Identity (IMSI) and an authentication key (Ki).
According to another aspect of the embodiment of the present application, the communication control device is disposed in the mobile terminal.
According to another aspect of the embodiments of the present application, wherein the communication control apparatus further has a handover control unit,
and a handover control unit, configured to receive a notification that the authentication device successfully sets the operator attribute, and, when the operator attribute is two or more, select an operator attribute according to a received handover instruction, so that the mobile terminal is handed over to a network corresponding to the selected operator attribute to perform communication.
According to another aspect of the embodiments of the present application, the communication control apparatus further includes:
and the deletion control unit is used for controlling the authentication device to delete the operator attribute according to the received deletion instruction.
According to another aspect of the embodiments of the present application, there is provided an authentication apparatus, disposed in a mobile terminal, for performing mobile subscriber identity authentication to enable the mobile terminal to communicate in a network, the authentication apparatus including:
a third acquiring unit, configured to acquire, via a communication control apparatus of the mobile terminal, a session key issued by a server and attribute setting information encrypted by the session key;
a decryption unit configured to decrypt, according to a decryption algorithm and the session key, the attribute setting information encrypted by the session key to obtain the attribute setting information;
a setting unit for setting an operator attribute of the authentication apparatus according to the attribute setting information.
According to another aspect of the embodiments of the present application, the authentication apparatus further includes a storage unit that stores the attribute setting information, an encryption algorithm, and the decryption algorithm.
According to another aspect of the embodiment of the present application, the authentication apparatus further includes a notification unit, which sends notification information after the setting unit successfully sets the operator attribute.
According to another aspect of the embodiment of the present application, the authentication device is a Subscriber Identity Module (SIM) card, a chip attached to the SIM card, or a device built in the mobile terminal and having the same function as the SIM card.
According to another aspect of the embodiments of the present application, there is provided a central control apparatus provided in a server, the central control apparatus including:
a first receiving unit, which receives the identification information of an authentication device arranged on the mobile terminal and used for carrying out the identity authentication of the mobile user;
a second authentication unit, configured to perform identity authentication on the authentication apparatus according to the identification information and the encryption information, and establish a session key if authentication is successful; and
a second sending unit, configured to send the session key and the attribute setting information encrypted by the session key to the mobile terminal, so that the authentication apparatus obtains the attribute setting information through decryption, and sets an operator attribute of the authentication apparatus according to the attribute setting information, where the attribute setting information is stored in the server.
According to another aspect of the embodiment of the present application, the central control apparatus further has a management unit for managing the attribute setting information. .
The beneficial effect of this application lies in: the communication control device can send the encrypted attribute setting information and the session key obtained from the server to the authentication device, and the authentication device can set or update the operator attribute of the authentication device according to the attribute setting information issued by the server, so that a user can write a card into the authentication device conveniently through the communication control device, the card writing flexibility of the user is improved, the authentication device has number resources of a plurality of operators, and the user can independently select and use network services of the plurality of operators at any time and any place.
Specific embodiments of the present application are disclosed in detail with reference to the following description and drawings, indicating the manner in which the principles of the application may be employed. It should be understood that the embodiments of the present application are not so limited in scope. The embodiments of the application include many variations, modifications and equivalents within the spirit and scope of the appended claims.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments, in combination with or instead of the features of the other embodiments.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps or components.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the application, are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 is a schematic composition diagram of a communication control apparatus according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an authentication device according to an embodiment of the present application;
FIG. 3 is a schematic diagram of the central control unit according to an embodiment of the present application;
fig. 4 is a flowchart of setting operator attributes for an authentication apparatus in the communication system according to the present embodiment.
Detailed Description
The foregoing and other features of the present application will become apparent from the following description, taken in conjunction with the accompanying drawings. In the description and drawings, particular embodiments of the application are disclosed in detail as being indicative of some of the embodiments in which the principles of the application may be employed, it being understood that the application is not limited to the described embodiments, but, on the contrary, is intended to cover all modifications, variations, and equivalents falling within the scope of the appended claims.
In the present Application, the communication control means and the central control means may be implemented by software, for example, the communication control means may be an Application (APP) used by the mobile terminal, and the central control means may be a program used by the server; however, the present embodiment is not limited to this, and the communication control apparatus and the central control apparatus may also be implemented by hardware, or may also be implemented by hardware in combination with software, and a specific implementation manner may refer to the prior art.
In the present application, the authentication device may be a Subscriber Identity Module (SIM) card, a chip attached to the SIM card, such as a SIM film card, or a device integrated into the mobile terminal, such as an eSIM card, having the same function as the SIM card; the functions of the components of the authentication device may be implemented by software running on the authentication device, for example, the software may be a Chip Operating System (COS). However, the present embodiment is not limited to this, and the functions of the components of the authentication apparatus may also be implemented by hardware, or by hardware and software, and the specific implementation manner may refer to the prior art.
In the application, the mobile terminal may be a portable electronic device such as a functional mobile phone, a smart phone, or a tablet computer.
Example 1
The embodiment of the application provides a communication control device, which controls an authentication device which is arranged on a mobile terminal and used for carrying out mobile user identity authentication, so that the mobile terminal can select different operator networks for communication.
Fig. 1 is a schematic diagram of a configuration of the communication control apparatus of the present embodiment, and as shown in fig. 1, the communication control apparatus 100 may include a first acquisition unit 101, a first authentication unit 102, a second acquisition unit 103, and a first transmission unit 104.
The first obtaining unit 101 is configured to obtain identification information of the authentication apparatus, for example, the identification information may be an integrated circuit card identification code (ICCID), and the identification information may also be other information; the first authentication unit 102 is configured to send the identification information to a server, so that the server performs identity authentication on the authentication device; the second acquisition unit 103 is used for acquiring a session key from the server and attribute setting information encrypted by the session key; the first sending unit 104 is configured to send the session key and the encrypted attribute setting information to the authentication apparatus, so that the authentication apparatus obtains the attribute setting information through decryption and sets an operator attribute of the authentication apparatus according to the attribute setting information.
In this embodiment, the attribute setting information may be, for example, an International Mobile Subscriber Identity (IMSI), an authentication key (Ki), and the like; however, the present embodiment is not limited to this, and the attribute setting information may be other information as long as the authentication device can be controlled to set its operator attribute so that the mobile terminal can communicate in the network corresponding to the operator attribute.
Through the embodiment, the communication control device can send the encrypted attribute setting information and the session key obtained from the server to the authentication device, so that under the control of the communication control device, the authentication device can set or update the operator attribute of the authentication device according to the attribute setting information sent by the server, such as information of IMSI and Ki, and the like, wherein the operator attribute can be, for example, IMSI and Ki, and the like, so that a user can write a card to the authentication device in a convenient manner, and therefore, under the condition that the operator attribute is selected, the communication is carried out in a network corresponding to the operator attribute by using a corresponding telephone number.
In this embodiment, the first obtaining unit 101 may obtain the ICCID of the authentication device through an ICCID query interface of the authentication device; in addition, the first obtaining unit 101 may further obtain information whether an operator attribute of the authentication device is set, for example, the first obtaining unit 101 may obtain information whether the IMSI of the authentication device is configured through an IMSI configuration information query interface of the authentication device.
In this embodiment, if the operator attribute acquired by the communication control apparatus to the authentication apparatus has not been set, the server may be requested to issue attribute setting information, and if the operator attribute acquired by the communication control apparatus to the authentication apparatus has been set, the mobile terminal may be caused to perform communication using a network corresponding to the operator attribute.
In this embodiment, the first authentication unit 102 may, for example, call a server interaction interface of the communication control apparatus to send an ICCID of the authentication apparatus to the server, so that the server performs identity authentication on the authentication apparatus according to the ICCID. If the identity authentication is successful, the server can provide service for the authentication device, and if the identity authentication is unsuccessful, the server indicates that the authentication device is not registered in the server in advance and does not belong to the service object of the server. In addition, the first authentication unit 102 may also perform identity authentication on the server to confirm whether the server is a legitimate server, so as to prevent the mobile terminal from connecting to a fake server. In this embodiment, a specific manner of the authentication device by the server and the identity authentication of the server by the communication control device may be a manner in the prior art, and this embodiment is not particularly limited.
In the present embodiment, the second acquisition unit 103 may call, for example, a server interaction interface of the communication control apparatus to receive the session key and the encrypted attribute setting information from the server. In addition, in this embodiment, the encrypted attribute setting information from the server may be two or more, so that two or more operator attributes may be set in the authentication apparatus, and the two or more attributes may correspond to different network operators, respectively, so that the mobile terminal may be switched between networks provided by a plurality of different network operators.
In this embodiment, the first sending unit 104 may send the session key and the encrypted attribute setting information to the authentication apparatus through an interface for data interaction with the authentication apparatus, so that the authentication apparatus obtains the attribute setting information through decryption and sets the operator attribute of the authentication apparatus according to the attribute setting information.
In this embodiment, as shown in fig. 1, the communication control apparatus 100 may further include a handover control unit 105, configured to receive a notification that the authentication apparatus successfully sets the operator attribute, and, when the operator attribute is two or more, select an operator attribute according to a received handover instruction, so that the mobile terminal is handed over to a network corresponding to the selected operator attribute to perform communication. For example, when the authentication device of the mobile terminal is provided with two or more operator attributes, or the mobile terminal is provided with two or more authentication devices, and each authentication device is provided with at least one operator attribute, the operators corresponding to the two or more operator attributes may be displayed on a User Interface (UI) of the mobile terminal, and a selection operation of a user on a certain operator on the interface may be converted into a switching instruction to be sent to the switching control unit, and further, the switching control unit sends a control signal to the authentication device, so that the authentication device selects the IMSI and Ki corresponding to the operator selected by the user, so that the mobile terminal is switched to the network corresponding to the selected IMSI and Ki for communication. In this embodiment, the authentication device selects the corresponding IMSI and Ki to enable the mobile terminal to perform a specific method of communication in the corresponding network, which may refer to the prior art and is not described in detail in this embodiment.
The handover control unit 105 may select one of the operator attributes to cause the mobile to handover to a network corresponding to the selected operator attribute for communication.
In this embodiment, as shown in fig. 1, the communication control apparatus 100 may further have a deletion control unit 106, configured to control the authentication apparatus to delete the operator attribute, for example, the deletion control unit 106 may send a control instruction for deleting the operator attribute to the authentication apparatus through an interface performing data interaction with the authentication apparatus, so that the authentication apparatus deletes the corresponding operator attribute according to the control instruction.
In the present application, the communication control apparatus may be connected to the internet through a network connection module of the mobile terminal via a wireless lan or the like to perform data interaction with the server, and thus, the operator attribute may be set for the authentication apparatus even when the mobile network of the operator cannot be covered.
In addition, in this embodiment, the communication control apparatus 100 may further include an internet banking payment unit (not shown), where the internet banking payment unit is configured to provide an internet banking payment function, and as for an implementation manner of the internet banking payment unit, reference may be made to the prior art, and details of this embodiment are not repeated.
In this embodiment, the communication control apparatus 100 may be disposed in the mobile terminal, thereby controlling an authentication apparatus of the mobile terminal. However, the embodiment is not limited thereto, and the communication device 100 may also be disposed in other mobile terminals or electronic devices, and control the authentication device on the mobile terminal by way of remote control.
Through the embodiment of the application, the communication control device can send the encrypted attribute setting information and the session key obtained from the server to the authentication device, so that under the control of the communication control device, the authentication device can set or update the operator attribute of the authentication device, such as IMSI, Ki and the like, according to the attribute setting information, such as IMSI, Ki and the like, sent by the server; moreover, the mobile terminal can be switched among different networks by arranging the switching control unit without replacing an authentication device, so that a user can conveniently switch the operator network used by the mobile terminal; the communication control device may be connected to the internet via a wireless lan or the like, and may set an operator attribute for the authentication device by performing data interaction with the server, thereby enabling card writing without depending on the coverage of the mobile network.
Example 2
An authentication device is provided in a mobile terminal, configured to perform identity authentication for a mobile subscriber so that the mobile terminal communicates in a network, and the authentication device is controlled by the communication control device in embodiment 1.
Fig. 2 is a schematic diagram of the authentication apparatus of the embodiment, and as shown in fig. 2, the authentication apparatus may have a third obtaining unit 201, a decrypting unit 202 and a setting unit 203.
A third obtaining unit 201, configured to obtain, via a communication control apparatus of the mobile terminal, a session key issued by a server and attribute setting information encrypted by the session key; the decryption unit 202 is configured to decrypt, according to a decryption algorithm and the session key, to obtain the attribute setting information; the setting unit 203 is configured to set an operator attribute of the authentication apparatus according to the attribute setting information.
In this embodiment, the third acquiring unit 201 may acquire the session key issued by the server and the attribute setting information encrypted by the session key from the communication control apparatus 100 through an interface for data interaction with the communication control apparatus 100 of embodiment 1.
In this embodiment, the decryption unit 202 may decrypt the attribute setting information encrypted by the session key according to the decryption algorithm and the session key to obtain the attribute setting information. In this embodiment, the decryption algorithm may be, for example, SM4 data decryption algorithm and/or SM3-HMAC (Hash-based message authentication code) algorithm, and the decryption unit 202 may implement the decryption operation by, for example, calling an SM4 data encryption and decryption interface and/or an SM3-HMAC algorithm interface, etc., to obtain the attribute setting information, such as IMSI and KI. Of course, the embodiment is not limited to this, and other decryption algorithms may be used for decryption.
In this embodiment, the setting unit 203 may set an operator attribute of the authentication apparatus itself according to the attribute setting information, for example, the setting unit 203 may call an IMSI configuration interface and a Ki configuration interface, and set the IMSI and Ki of the authentication apparatus itself according to the IMSI and Ki sent by the server obtained by decryption, where the IMSI may distinguish and identify a user of a mobile network, Ki is a key for encrypted data transmission between the authentication apparatus and the operator, and the mobile terminal may communicate in a network provided by a network operator corresponding to the ISMI and Ki according to the IMSI and Ki.
In this embodiment, as shown in fig. 1, the authentication apparatus may further have a notification unit 204 that transmits notification information to the communication control apparatus of embodiment 1 after the setting unit 203 successfully sets the operator attribute, whereby the communication control apparatus can confirm that the operator attribute is successfully configured according to the notification information.
In this embodiment, as shown in fig. 1, the authentication apparatus may further include a storage unit 205 for storing the attribute setting information, the encryption algorithm, and the decryption algorithm, such as the SM4 data encryption and decryption algorithm, the SM3-HMAC algorithm, and the like.
In addition, in this embodiment, the authentication device may further provide a data path conforming to a Transport Protocol Data Unit (TPDU) protocol, so that the authentication device can perform data transmission with the outside; furthermore, the authentication device may also have a noise source reading interface, for the description of which reference is also made to the prior art.
In addition, in this embodiment, the authentication apparatus may further have an ICCID query interface, an IMSI configuration information query interface, and the like, for providing the query result of the ICCID and IMSI configuration information of the authentication apparatus to the communication control apparatus of embodiment 1.
According to the embodiment, the authentication device can decrypt the encrypted attribute setting information received by the communication control device of the mobile terminal and send the encrypted attribute setting information to the server, and further set the operator attribute of the authentication device according to the attribute setting information, so that the mobile terminal can communicate in the network provided by the network operator corresponding to the operator attribute.
Example 3
The embodiment of the application provides a central control device which is arranged on a server.
Fig. 3 is a schematic diagram of a central control device according to an embodiment of the present application, and as shown in fig. 3, the central control device 300 has a first receiving unit 301, a second authenticating unit 302, and a second transmitting unit 303.
The first receiving unit 301 receives identification information of an authentication device for authenticating a mobile subscriber identity, which is disposed in a mobile terminal, for example, the identification information may be an integrated circuit card identifier, and of course, the identification information may also be other information; the second authentication unit 302 performs identity authentication on the authentication device according to the identification information and the encryption information, and establishes a session key if the authentication is successful; the second sending unit 303 sends the session key and the attribute setting information encrypted by the session key to the mobile terminal, so that the authentication apparatus obtains the attribute setting information by decryption, and sets the operator attribute of the authentication apparatus according to the attribute setting information, wherein the attribute setting information is stored in the server.
In this embodiment, the first receiving unit 301 may receive the ICCID of the authentication apparatus from the communication control apparatus 100 of embodiment 1, for example, the first receiving unit 301 may call an interface for communicating with the mobile terminal in the server to receive the ICCID.
In this embodiment, the second authentication unit 302 can authenticate the authentication device according to the received ICCID and the encryption information to determine whether to provide a service for the authentication device. If the authentication fails, the central control device refuses to provide service for the authentication device; if the authentication is successful, the central control device provides service for the authentication device and establishes a session key.
In this embodiment, the second sending unit 303 may call an interface in the server for communicating with the mobile terminal, and send the session key and the attribute setting information encrypted by the session key to the mobile terminal, so that the authentication apparatus obtains the attribute setting information by decryption, and sets the operator attribute of the authentication apparatus according to the attribute setting information.
In this embodiment, the attribute setting information may be stored in advance in a database of the server, for example, and the central control apparatus may obtain the attribute setting information by calling an interface that accesses the database and encrypt the attribute setting information using the session key.
In this embodiment, the central control apparatus 300 may further include a management unit 304 for managing the attribute setting information. In a specific embodiment, the management unit 304 may be configured to update the attribute setting information stored in the server according to data of a network operator, for example, when a user hangs up a mobile phone number, the database of the network operator may be cleared or changed by information related to the mobile phone number in the database, at this time, the central control apparatus obtains data update information of the network operator through an interface provided for the network operator, and further, the management unit 304 performs update processing such as clearing or changing the corresponding attribute setting information stored in the server according to the data update information of the network operator.
In addition, in this embodiment, the central control apparatus 300 may further have an internet banking payment interface (not shown). When the mobile terminal carries out internet bank payment, the internet bank payment interface can be used as an authentication interface between the server and the internet bank.
According to the embodiment, the central server may issue the attribute setting information to the authentication device in an encrypted manner, so that the authentication device can obtain the attribute setting information in a secure manner and set the operator attribute of itself, so that the mobile terminal communicates in the network provided by the network operator corresponding to the operator attribute.
Example 4
Embodiment 4 of the present application provides a communication system, which is composed of the communication control device 100 of embodiment 1, the authentication device 200 of embodiment 2, and the central control device of embodiment 3, and for the specific description of each component device of the system, reference may be made to embodiment 1 to embodiment 3, and the description of this embodiment is not repeated.
Fig. 4 is a flowchart of setting operator attributes for an authentication apparatus in the communication system according to the present embodiment. As shown in fig. 4, the process includes:
s1, starting the communication control device 100, and acquiring the identification information (e.g. ICCID, etc.) of the authentication device and the information whether IMSI is set;
s2, if the IMSI is not set, it indicates that the authentication device is not turned on, and further, after receiving the instruction sent by the user to turn on the authentication device, the communication control device 100 sends identification information (e.g. ICCID, etc.) to the central control device 300;
s3, the central control device authenticates the identity according to the identification information (such as ICCID) and the encryption information, and if the authentication is successful, a session key is established and IMSI and Ki are encrypted by using the session key;
s4, sending the session key and the encrypted IMSI and Ki to the communication control apparatus 100;
s5, the communication control apparatus 100 sends the session key and the encrypted IMSI and Ki to the authentication apparatus 200;
s6, the authentication device 200 decrypts according to the session key and the decryption algorithm to obtain the IMSI and Ki sent by the server;
s7, the authentication device 200 sets IMSI and Ki in the authentication device 200 according to the IMSI and Ki sent by the server;
s8, the authentication device 200 transmits notification information of successful setting of the IMSI and Ki to the communication control device 100.
The operator attribute, i.e., the card writing operation to the authentication apparatus 200 can be set for the authentication apparatus 200 according to S1-S8 of fig. 4.
In addition, in this embodiment, the communication control device may further control the authentication device to delete the operator attribute, that is, perform a card clearing operation on the authentication device.
Further, in the present embodiment, in the case where it is determined in the above step S2 that the IMSI of the authentication apparatus 200 has been set, the communication control apparatus 100 may control the authentication apparatus to select the IMSI and Ki so that the mobile apparatus switches to a network provided by an operator corresponding to the selected IMSI and Ki and performs communication.
In addition, in this embodiment, the management unit 304 of the central control device 300 can update the attribute setting information stored in the server according to the data of the network operator, so that the lost authentication device can be stopped providing service, i.e. the authentication device can be card-lost.
In addition, in the present embodiment, the internet bank payment unit of the communication control apparatus 100 and the central control apparatus 300 may further have a function of implementing internet bank payment through an internet bank payment interface.
According to the embodiment, the traditional intermediate links and limiting conditions for card writing and network access can be effectively reduced, functions such as card writing, card clearing, network switching and the like can be conveniently performed, and the independent option of a user is improved.
The above devices in the present application may be implemented by hardware, or may be implemented by hardware in combination with software. The present application relates to a computer-readable program which, when executed by a logic component, enables the logic component to implement the above-described apparatus or constituent components, or to implement various methods or steps described above. The present application also relates to a storage medium such as a hard disk, a magnetic disk, an optical disk, a DVD, a flash memory, or the like, for storing the above program.
The present application has been described in conjunction with specific embodiments, but it should be understood by those skilled in the art that these descriptions are intended to be illustrative, and not limiting. Various modifications and adaptations of the present application may occur to those skilled in the art based on the spirit and principles of the application and are within the scope of the application.
Claims (10)
1. A communication control apparatus that controls an authentication apparatus provided in a mobile terminal for performing mobile subscriber identity authentication so that the mobile terminal selects a different carrier network for communication, the communication control apparatus being provided in the mobile terminal, and comprising:
a first acquisition unit configured to acquire identification information of the authentication apparatus;
a first authentication unit, configured to send the identification information to a server, so that the server performs identity authentication on the authentication device;
a second acquisition unit that acquires a session key from the server and attribute setting information encrypted by the session key, in a case where the server succeeds in authentication; and
a first sending unit, configured to send the session key and the encrypted attribute setting information to the authentication apparatus, so that the authentication apparatus obtains the attribute setting information through decryption and sets an operator attribute of the authentication apparatus according to the attribute setting information,
wherein the attribute setting information at least has an International Mobile Subscriber Identity (IMSI) and an authentication key (Ki),
the communication control device performs data exchange with the server by connecting to the internet.
2. The communication control apparatus according to claim 1,
the communication control device is arranged on the mobile terminal.
3. The communication control apparatus according to claim 1, wherein the communication control apparatus further has:
and a handover control unit, configured to receive a notification that the authentication device successfully sets the operator attribute, and, when the operator attribute is two or more, select an operator attribute according to a received handover instruction, so that the mobile terminal is handed over to a network corresponding to the selected operator attribute to perform communication.
4. The communication control apparatus according to claim 1, wherein the communication control apparatus further has:
and the deletion control unit is used for controlling the authentication device to delete the operator attribute according to the received deletion instruction.
5. An authentication device, disposed in a mobile terminal, for performing mobile subscriber identity authentication to enable the mobile terminal to communicate in a network, the authentication device comprising:
a third acquiring unit, which communicates with a communication control device provided in the mobile terminal, to receive a session key issued by a server acquired by the communication control device and attribute setting information encrypted by the session key;
a decryption unit configured to decrypt, according to a decryption algorithm and the session key, the attribute setting information encrypted by the session key to obtain the attribute setting information;
a setting unit for setting an operator attribute of the authentication apparatus according to the attribute setting information,
wherein the attribute setting information at least has an International Mobile Subscriber Identity (IMSI) and an authentication key (Ki),
the communication control device performs data exchange with the server by connecting to the internet.
6. The authentication apparatus as claimed in claim 5, wherein the authentication apparatus further has:
a storage unit that stores the attribute setting information, the encryption algorithm, and the decryption algorithm.
7. The authentication apparatus as claimed in claim 5, wherein the authentication apparatus further has:
a notification unit that transmits notification information after the setting unit successfully sets the operator attribute.
8. The authentication apparatus of claim 5,
the authentication device is a Subscriber Identity Module (SIM) card, a chip attached to the SIM card, or a device built in the mobile terminal and having the same function as the SIM card.
9. A central control device provided in a server, the central control device comprising:
a first receiving unit, which communicates with a communication control device arranged on the mobile terminal so as to receive the identification information of an authentication device arranged on the mobile terminal and used for carrying out mobile user identity authentication;
a second authentication unit, configured to perform identity authentication on the authentication apparatus according to the identification information and the encryption information, and establish a session key if authentication is successful; and
a second transmitting unit for transmitting the session key and the attribute setting information encrypted by the session key to the communication control apparatus provided in the mobile terminal so that the communication control apparatus transmits the session key and the encrypted attribute setting information to the authentication apparatus, and the authentication apparatus obtains the attribute setting information by decryption and sets an operator attribute of the authentication apparatus according to the attribute setting information,
wherein the attribute setting information at least has an International Mobile Subscriber Identity (IMSI) and an authentication key (Ki),
the communication control device performs data exchange with the server by connecting to the internet.
10. The central control apparatus according to claim 9, wherein the central control apparatus further has:
a management unit for managing the attribute setting information.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410838428.3A CN104519480B (en) | 2014-12-30 | 2014-12-30 | Communication control unit, authentication device, central controller and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1207233A1 HK1207233A1 (en) | 2016-01-22 |
| HK1207233B true HK1207233B (en) | 2016-10-07 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2913456C (en) | Communication control apparatus, authentication device, central control apparatus and communication system | |
| US12028934B2 (en) | Method and terminal for keeping subscriber identity module card in standby state | |
| US9831903B1 (en) | Update of a trusted name list | |
| CN107979835B (en) | eSIM card and management method thereof | |
| KR20160101626A (en) | Method and apparatus for receiving profile information at a terminal in a wireless communication system | |
| BR112012031747B1 (en) | APPARATUS AND METHODS FOR PROVISIONING SUBSCRIBER IDENTITY DATA ON A WIRELESS NETWORK | |
| JP2019033510A (en) | Multi-number service offering method | |
| KR20160143333A (en) | Method for Double Certification by using Double Channel | |
| CN115997398A (en) | Method and apparatus for moving profiles with different versions during device change | |
| CN102667806A (en) | Chip card, electronic system and method performed by chip card and computer program product | |
| CN106028313A (en) | Virtual SIM card transplantation method, device, management server and mobile terminal | |
| KR101604927B1 (en) | Automatic connection ststem and method using near field communication | |
| HK1207233B (en) | Communication control apparatus, authentication device, central control apparatus and communication system | |
| KR101365889B1 (en) | Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof | |
| CN105228130A (en) | Personal data method for down loading, terminal and Operator remote management platform | |
| EP3910898A1 (en) | Esim profile policy management | |
| US20220278985A1 (en) | Method and device for transferring bundle between devices | |
| KR20160143334A (en) | System and Method for Certification using Authentication Called Party Number based Dual Channel | |
| KR20160143335A (en) | System and Method for Dual Certification based Dual Channel | |
| KR20160143337A (en) | System and Method for Double Certification by using Double Channel | |
| KR20160143332A (en) | System and Method for Dual Certification by using Dual Channel | |
| KR20160143336A (en) | Method for Dual Authentication using Dual Channel |