[go: up one dir, main page]

WO2007033550A1 - Method for controlling terminal to access 3g network - Google Patents

Method for controlling terminal to access 3g network Download PDF

Info

Publication number
WO2007033550A1
WO2007033550A1 PCT/CN2006/001562 CN2006001562W WO2007033550A1 WO 2007033550 A1 WO2007033550 A1 WO 2007033550A1 CN 2006001562 W CN2006001562 W CN 2006001562W WO 2007033550 A1 WO2007033550 A1 WO 2007033550A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network
authentication
version
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2006/001562
Other languages
French (fr)
Chinese (zh)
Inventor
Yongli Jia
Yong Wang
Hailei Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2007033550A1 publication Critical patent/WO2007033550A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to a third generation (3G) network technology, and more particularly to a control method for a terminal to access a 3G network.
  • 3G third generation
  • Figure 1 shows the basic networking diagram of 3G.
  • the network side includes NODE B (access node), RC (radio network controller), MSC (mobile switching center), VLR (visiting location server), HLR (home location). Server), AuC (authentication center), where MSC and VLR can be combined into one device, which is recorded as MSC/VLR, HLR and AuC can be combined into one device, which is recorded as HLR/AuC;
  • the UE When the user equipment (UE, User Equipment) needs to access the 3G network, for example, when the UE enters the 3G network or the UE performs location update, the UE initiates a location update request to access the 3G network, and the location update request passes NODE B and RC.
  • the MSC sends the location update request to the VLR, and the VLR accesses the HLR/AuC to obtain the subscription information and the authentication parameter information of the UE.
  • the VLR authenticates the UE according to the obtained subscription information and the authentication parameter. After the authentication is passed, a response message is sent to the UE to prompt the location update success, allowing the UE to access the 3G network.
  • the SIM card user has the following restrictions in the 3GPP 33.102 document: R99+ ME with a SIM inserted, shall participate only in GSM AKA.
  • the terminal using the R99 version of the SIM card can only use GSMAKA (AKA: is a mutual authentication protocol, which enables communication) Both parties authenticate each other's identity and generate the same key on both sides of the communication.
  • the protocol accesses the GSM network, that is, the terminal above the R99 version of the SIM card is not allowed to access the 3G network.
  • this protocol indicates that an AUTN message can only be processed when a terminal of the R99 version and above uses a USIM card (the AUTN message is an authentication message). Therefore, when the USIM card is used by the terminal below the R99 version, the AUTN authentication message may not be processed correctly, and the user cannot access the network or the call fails.
  • the prior art does not provide a specific implementation method for accessing a 3G network by using a terminal below the R99 version of the USIM card. This results in the use of the USIM card R99 version when the terminal accesses the 3G network. As described above, the AUTN authentication message cannot be processed correctly and the 3G network cannot be accessed or the call fails. Summary of the invention
  • the main object of the present invention is to provide a control method for a terminal to access a 3G network, so as to enable the 3G network to control whether to allow access of the terminal.
  • the present invention provides a control method for a terminal to access a 3G network, and the method includes the following steps:
  • the terminal initiates an access request, and the access request carries the terminal to the R99 version protocol.
  • Information on support capabilities
  • the network receives the access request, and obtains, from the network side device that records the terminal authentication information, the authentication information of the terminal that includes the authentication set;
  • the network determines whether the terminal supports the R99 version protocol to support the R99 version or later, and determines whether the authentication set in the obtained authentication information is a 3-tuple or a 5-tuple; Control whether the terminal is allowed to access the 3G network.
  • the control in step C1 includes:
  • the terminal is determined to support the R99 version protocol to support the R99 version or higher, and when the authentication set is a 3-tuple group, the terminal is denied access to the 3G network.
  • the control in step C1 includes:
  • the terminal determines that the terminal supports the R99 version protocol to support the R99 version or less, and when the authentication set is a 5-tuple group, the AUTN authentication message is not sent to the terminal to allow the terminal to access the 3G network.
  • the step B1 includes the following steps:
  • the MSC receives the access request, and records the support capability information of the terminal that is carried in the access request to the R99 version protocol; the MSC requests the authentication information from the network side device that records the terminal authentication information;
  • the network side device that records the terminal authentication information sends the authentication information of the terminal, including the authentication set, to the MSC.
  • the network also includes a visit location server VLR;
  • the VLR is transited.
  • the network side device that records the terminal authentication information is one of the following: a home location server HLR, an authentication center AuC, or a combination of a home location server and an authentication center, HLR/AuC.
  • the step CI determines the support capability of the terminal for the R99 version protocol, and determines that the execution device of the authentication set in the obtained authentication information is one of the following:
  • MSC VLR, HLR or AuC.
  • the information about the support capability of the carrying terminal to the R99 version protocol in step A1 is carried by the level information Classmark field in the access request.
  • the determining terminal's support capability for the R99 version protocol is determined according to the level information Classmark field value.
  • the determining terminal supports the R99 version protocol to support the R99 version or higher: according to the level information, the 7th and 6th bits of the Classmark field are respectively determined to be 1, 0.
  • the determining terminal supports the R99 version protocol to support the R99 version as follows: According to the level information, the 7th and 6th bits of the Classmark field are 0, 0 or 0, respectively.
  • step C1 the method further includes:
  • the network side returns a response message to the user to allow the user to access the 3G network or refuse to access the 3G network.
  • the present invention can implement the access of the terminal above the R99 version of the 3G network that refuses to use the SIM card, and conforms to the description of the 3GPP 33.102 document, thereby complying with the security of the UE accessing the 3G network described in the 3GPP 33.102 document. Claim.
  • the implementation of the present invention rejects the illegal user during the user access phase, and avoids such illegal access. After the service phase is used, the user is found to be illegal and refused, thereby saving network resources.
  • the network determines that the user terminal is the terminal of the R99 version of the USIM card, the network does not send the AUTN message, so that the terminal can smoothly access the 3G network, and the terminal is used for the R99 version or lower.
  • the compatibility of the USIM card improves the call success rate and improves the compatibility of the 3G network.
  • Figure 1 is a basic networking diagram of a 3G grid
  • FIG. 2 is a flowchart of a first embodiment of controlling a UE to access a 3G network
  • FIG. 3 is a flow chart of a second embodiment of controlling a UE to access a 3G network. Mode for carrying out the invention
  • the core idea of the present invention is: obtaining the support capability of requesting access to the 3G network terminal for the R99 version protocol, and the type of SIM card used; determining whether to allow according to the support capability of the terminal for the R99 version protocol and the type of SIM card used.
  • the terminal accesses the 3G network.
  • the first embodiment is mainly directed to a control method for accessing a 3G network by using a terminal of the R99 version or higher of the SIM card; the second embodiment is mainly for using the R99 version of the USIM card.
  • the terminal accesses the control method of the 3G network.
  • the MSC when the UE requests to access the 3G network, the MSC first obtains whether the support capability of the UE is greater than or equal to the R99 version from the request message of the UE, and the MSC obtains the authentication parameter of the UE from the HLR/AuC request, according to the authentication.
  • the authentication set included in the parameter determines whether the UE uses the SIM card type; and then determines whether to reject the UE to access the network according to the version information of the UE and whether it is the SIM card type.
  • Step 201 When the UE is powered on or enters the 3G network, the UE initiates a location update request to access the 3G network.
  • the location update request carries the support capability of the terminal, as shown in Table 1 below.
  • the content of the level information (Classmark) field in the request message when the 7th and 6th bits of the field correspond to the value of 1, 0 (see italics in Table 1), indicating that the UE is the R99 version.
  • the above terminal The above terminal.
  • Step 202 The step includes the step 202a and the step 202b.
  • the request message of the UE is transmitted to the MSC through the NODE B and the RNC, and the MSC determines the capability of the terminal according to the support capability of the terminal carried in the location update request message, and performs recording.
  • the MSC also sends a Location Update Request message to the VLR, which also contains the identity of the UE, such as an IMSI (International Mobile Subscriber Identity).
  • IMSI International Mobile Subscriber Identity
  • Step 203 After receiving the location update request, the VLR initiates authentication for accessing the UE.
  • the authentication parameter is first requested from the HLR/AuC, and the request includes the identity of the UE.
  • KC encryption key
  • the information about the UE opening account is stored in the HLR.
  • the authentication set returned by the HLR to the VLR is a triplet.
  • Step 205 The step includes step 205a and step 205b. Specifically, the VLR authenticates the UE according to the received authentication parameter of the UE. This process is the same as the authentication process of the background technology, and the VLR authenticates the UE. After the authentication is passed, the authentication parameters are sent to
  • Step 206 After obtaining the authentication parameter, the MSC determines whether the authentication set is a 3-tuple or a 5-tuple. When it is determined to be a 3-tuple, it indicates that the UE uses the SIM card; meanwhile, the MSC determines that it is in step 202. Whether the recorded UE is a terminal above the R99 version. When the recorded UE terminal is a terminal of the R99 version or higher, and the authentication set in the authentication parameter is a 3-tuple number, the MSC rejects the access of the UE, and sends the UE to the UE. Returns a response message for the location update rejection to prompt the user and end the current processing flow.
  • the MSC determines that the authentication set in the authentication parameter is a 5-tuple, or the UE is not a terminal above the R99 version, then according to the existing UE accessing the network, the MSC continues to perform the normal steps, and the information sent by the VLR is passed. RNC and NODE B are sent to the UE.
  • Step 207 After receiving the authentication request, the terminal returns an authentication response message, and carries the authentication response number (SERS) information.
  • SERS authentication response number
  • Step 208 The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns to the MSC to receive the location update request. The message, if the authentication fails, the VLR returns a reject location update request message to the MSC.
  • Step 209 After receiving the response message of the VLR, the MSC returns the content of the response message. Give the terminal.
  • the UE when the UE accesses the 3G network, it can be determined whether the UE is using the terminal of the R99 version or more of the SIM card, thereby determining whether to allow access of the UE.
  • the foregoing embodiment implements the determining process by the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, such as RC, VLR>HLR/AuC, or in a new device. on.
  • the MSC when the UE requests to access the network, the MSC first obtains, from the request message of the UE, whether the support capability of the UE is below the R99 version, and the MSC requests the authentication parameter from the HLR/AuC, according to the authentication parameter.
  • the authentication set determines whether the SIM card type used by the user is a USIM, thereby determining whether to send the AUTN authentication information to the UE.
  • Step 301 When the UE enters the 3G network, the UE initiates a location update request message requesting access to the network.
  • the location update request message carries the support capability of the terminal, as shown in Table 1 above, which is part of the content included in the Classmark field in the request message, when the 7th and 6th bits of the field correspond to the 00 or 01 value.
  • the time indicates that the UE is a terminal below the R99 version.
  • Step 302 The step includes the step 302a and the step 302b.
  • the request message of the UE is transmitted to the MSC through the NODE B and the RC.
  • the MSC determines the terminal capability according to the support capability of the terminal carried in the request message, so as to know whether the UE is R99.
  • the terminal below the version is recorded; in addition, the MSC also sends a location update request to the VLR, including the identity of the UE, such as an MSI (International Mobile Subscriber Identity).
  • MSI International Mobile Subscriber Identity
  • Step 303 After receiving the location update request, the VLR starts authentication and requests an authentication parameter from the HLR/AuC, where the request includes an identifier of the UE, such as an IMSI.
  • KC encryption key
  • the authentication set returned by the HLR is a five-tuple.
  • Step 305 The step includes step 305a and step 305b. Specifically, the VLR initiates an authentication process for the terminal. This process is the same as the existing authentication process. The VLR authenticates the UE. After the authentication is passed, The authentication parameter is sent to the MSC through the authentication request information.
  • Step 306 After obtaining the authentication parameter, the MSC determines whether the authentication set is a 5-tuple or a 3-tuple. When it is determined to be a 5-tuple, it indicates that the SIM card type used by the user is USIM. Meanwhile, the MSC determines that it is in the step. Whether the UE recorded in 302 is a terminal below the R99 version. When the recorded UE terminal is a terminal of the R99 version or less, and the authentication set in the authentication parameter is a 5-tuple group, the MSC does not send an AUTN message to the terminal, directly The current UE sends a response message that the location update is accepted, so as to prevent the terminal from being correctly processed and unable to access the network.
  • the MSC determines that the authentication set in the authentication parameter is a 3-tuple number, or the UE is a terminal of the R99 version or the R99 version, the MSC continues to perform the normal steps according to the existing UE access network procedure, and the VLR
  • the sent authentication request information is sent to the UE through RC and NODE B.
  • Step 307 After receiving the authentication request, the terminal returns an authentication response message to the MSC, and carries the SERS.
  • Step 308 The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns an accept request message to the MSC. If the authentication fails, the VLR returns a reject request message to the MSC.
  • Step 309 After receiving the response message of the VLR, the MSC returns to the terminal according to the content of the response message. It can be seen from this example that when the user accesses the 3G network, it can be determined whether the user is using the terminal below the R99 version of the USIM card, thereby determining whether to send an AUTN message to the UE.
  • the foregoing embodiment implements the determining process at the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, or on a newly added device.
  • the MSC and the VLR may be one device, and the MSC may also directly communicate with the HLR/AuC without going through the VLR. '

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method for controlling terminal to access 3G network, when terminal wants to access 3G network, the 3G network control the terminal to access 3G network or not according to the supporting ability for the terminal to R99 version protocol and the authentication set in the corresponding authentication information. On one hand, the present invention can realize that the 3G network can refuse the access of terminal which uses SIM card with extend R99 version, thereby complying the description of 3GPP 33.102, and complying the requirement of security described in 3GPP 33.102 document when UE accessing 3G network. On the other hand, the present invention will not send out AUTN message when the user terminal is using USIM card with lower version of R99, thereby making the terminal can access 3G network easily, and realizing the compatibility for terminal with lower version of R99 to USIM card, improving the successful rate of call, and the compatibility of 3G network.

Description

一种终端接入第三代网络的控制方法 技术领戈  Control method for terminal accessing third generation network

本发明涉及第三代(3G ) 网络技术, 特别是指一种终端接入 3G网 络的控制方法。 发明背景  The present invention relates to a third generation (3G) network technology, and more particularly to a control method for a terminal to access a 3G network. Background of the invention

如图 1示出了 3G的基本组网图, 网络侧包括 NODE B (接入节点)、 R C (无线网络控制器)、 MSC (移动交换中心)、 VLR (拜访位置服务 器)、 HLR (归属位置服务器)、 AuC (鉴权中心), 其中 MSC和 VLR 可以合设为一个设备, 记做 MSC/VLR, HLR和 AuC可以合设为一个设 备, 记做 HLR/AuC;。  Figure 1 shows the basic networking diagram of 3G. The network side includes NODE B (access node), RC (radio network controller), MSC (mobile switching center), VLR (visiting location server), HLR (home location). Server), AuC (authentication center), where MSC and VLR can be combined into one device, which is recorded as MSC/VLR, HLR and AuC can be combined into one device, which is recorded as HLR/AuC;

用户设备 ( UE, User Equipment )需要接入 3G网络时, 例如 UE在 开机进入 3G网络或 UE进行位置更新时, UE会发起位置更新请求以接 入 3G网络, 该位置更新请求通过 NODE B和 R C传送给 MSC, 然后 MSC将位置更新请求发送给 VLR, VLR访问 HLR/AuC, 获得所述 UE 的签约信息以及鉴权参数信息, VLR根据获得的签约信息及鉴权参数对 该 UE进行鉴权。 在鉴权通过后, 向 UE回复响应消息提示位置更新成 功, 允许该 UE接入 3G网络。  When the user equipment (UE, User Equipment) needs to access the 3G network, for example, when the UE enters the 3G network or the UE performs location update, the UE initiates a location update request to access the 3G network, and the location update request passes NODE B and RC. The MSC sends the location update request to the VLR, and the VLR accesses the HLR/AuC to obtain the subscription information and the authentication parameter information of the UE. The VLR authenticates the UE according to the obtained subscription information and the authentication parameter. After the authentication is passed, a response message is sent to the UE to prompt the location update success, allowing the UE to access the 3G network.

目前, 出于安全性的要求, 在 3GPP 33.102文档中对 SIM卡用户有 如下的限制: R99+ ME with a SIM inserted, shall participate only in GSM AKA。  Currently, for security requirements, the SIM card user has the following restrictions in the 3GPP 33.102 document: R99+ ME with a SIM inserted, shall participate only in GSM AKA.

具体来说, 这段英文指明,使用 SIM卡的 R99版本以上的终端只能 使用 GSMAKA ( AKA: 是一种互鉴权协议, 执行这个协议能够使通信 的双方互相认证对方的身份, 并且在通信的双方生成相同的密钥)协议 接入 GSM网络, 也就是不允许使用 SIM卡的 R99版本以上的终端接入 3G网络。 Specifically, this paragraph indicates that the terminal using the R99 version of the SIM card can only use GSMAKA (AKA: is a mutual authentication protocol, which enables communication) Both parties authenticate each other's identity and generate the same key on both sides of the communication. The protocol accesses the GSM network, that is, the terminal above the R99 version of the SIM card is not allowed to access the 3G network.

目前, 由于对使用 SIM卡的 R99版本以上终端, 尚没有提供如何控 制其接入 3G网络的实现方法。这导致使用 SIM卡的 R99版本以上终端 接入 3G网络时, 也可能成功接入, 因此就不符合 3GPP 33.102文档所 描述的对 UE接入 3G网络时的安全性要求。  At present, there is no way to control how to control the access to the 3G network due to the use of the R99 version of the SIM card. This results in the successful access of the terminal above the R99 version of the SIM card when accessing the 3G network, and thus does not meet the security requirements for the UE to access the 3G network as described in the 3GPP 33.102 document.

又如, 在 3GPP协议 33.102中对 2G终端使用 UMTS卡( USIM, Subscriber Identity Module ) 时有如下限制: A GSM security context in UTRAN is only established for a GSM subscribers with a R99+ ME。  For example, in the 3GPP protocol 33.102, when the UMTS card (USIM, Subscriber Identity Module) is used for the 2G terminal, the following restrictions are imposed: A GSM security context in UTRAN is only established for a GSM subscribers with a R99+ ME.

具体来说, 这段协议指明, 仅 R99版本以及以上的终端使用 USIM 卡时, 才能处理 AUTN消息 (AUTN消息是一种鉴权信息)。 那么对于 R99版本以下的终端在使用 USIM卡时,就有可能对 AUTN鉴权消息不 能正确处理, 导致用户不能接入网络或者呼叫失败。  Specifically, this protocol indicates that an AUTN message can only be processed when a terminal of the R99 version and above uses a USIM card (the AUTN message is an authentication message). Therefore, when the USIM card is used by the terminal below the R99 version, the AUTN authentication message may not be processed correctly, and the user cannot access the network or the call fails.

目前, 现有技术也没有提供使用 USIM卡的 R99版本以下终端接入 3G网络的具体实现方法。 这导致使用 USIM卡 R99版本以下终端接入 3G网络时,如上所述由于无法正确处理 AUTN鉴权消息而无法接入 3G 网络或者呼叫失败。 发明内容  At present, the prior art does not provide a specific implementation method for accessing a 3G network by using a terminal below the R99 version of the USIM card. This results in the use of the USIM card R99 version when the terminal accesses the 3G network. As described above, the AUTN authentication message cannot be processed correctly and the 3G network cannot be accessed or the call fails. Summary of the invention

有鉴于此,本发明的主要目的在于提供了一种终端接入 3G网络的控 制方法, 以实现 3G网络能够控制是否允许终端的接入。  In view of this, the main object of the present invention is to provide a control method for a terminal to access a 3G network, so as to enable the 3G network to control whether to allow access of the terminal.

本发明提供了一种终端接入 3G网络的控制方法,该方法包括以下步 骤:  The present invention provides a control method for a terminal to access a 3G network, and the method includes the following steps:

Al、终端发起接入请求, 该接入请求中携带有该终端对 R99版本协 议的支持能力信息; Al, the terminal initiates an access request, and the access request carries the terminal to the R99 version protocol. Information on support capabilities;

Bl、 网 矣收所述接入请求, 并从记录有终端鉴权信息的网络侧设 备中获取所述终端的、 包含鉴权集的鉴权信息;  Bl. The network receives the access request, and obtains, from the network side device that records the terminal authentication information, the authentication information of the terminal that includes the authentication set;

C1、网络确定所述终端对 R99版本协议的支持能力为支持 R99版本 以上还是以下,并确定获取的鉴权信息中的鉴权集为 3元组还是 5元组; 根据确定出的两个结果控制是否允许所述终端接入 3G网络。  The network determines whether the terminal supports the R99 version protocol to support the R99 version or later, and determines whether the authentication set in the obtained authentication information is a 3-tuple or a 5-tuple; Control whether the terminal is allowed to access the 3G network.

其中, 步骤 C1所述控制包括:  The control in step C1 includes:

确定所述终端对 R99版本协议的支持能力为支持 R99版本以上,且 所述鉴权集为 3元组时, 拒绝所述终端接入 3G网络。  The terminal is determined to support the R99 version protocol to support the R99 version or higher, and when the authentication set is a 3-tuple group, the terminal is denied access to the 3G network.

其中, 步骤 C1所述控制包括:  The control in step C1 includes:

确定所述终端对 R99版本协议的支持能力为支持 R99版本以下,且 所述鉴权集为 5元组时, 不向终端发送 AUTN鉴权消息, 以允许所述终 端接入 3G网络。  It is determined that the terminal supports the R99 version protocol to support the R99 version or less, and when the authentication set is a 5-tuple group, the AUTN authentication message is not sent to the terminal to allow the terminal to access the 3G network.

其中, 所述步骤 B1包括以下步骤:  The step B1 includes the following steps:

Bll、 MSC接收所述接入请求, 记录该接入请求中携带的所述终端 对 R99版本协议的支持能力信息; MSC向记录有终端鉴权信息的网络 侧设备请求鉴权信息;  Bll, the MSC receives the access request, and records the support capability information of the terminal that is carried in the access request to the R99 version protocol; the MSC requests the authentication information from the network side device that records the terminal authentication information;

B12、 记录有终端鉴权信息的网络侧设备将所述终端的、 包括鉴权 集的鉴权信息发送给 MSC。  B12. The network side device that records the terminal authentication information sends the authentication information of the terminal, including the authentication set, to the MSC.

其中, 网络还包括拜访位置服务器 VLR;  The network also includes a visit location server VLR;

所述 MSC 与记录有终端鉴权信息的网络侧设备之间的通信经过 The communication between the MSC and the network side device that records the terminal authentication information

VLR进行中转。 The VLR is transited.

其中, 所述记录有终端鉴权信息的网络侧设备为以下之一: 归属位置服务器 HLR、 鉴权中心 AuC或归属位置服务器与鉴权中 心的结合 HLR/AuC。 其中, 步骤 CI所述确定终端对 R99版本协议的支持能力, 确定获 取的鉴权信息中的鉴权集的执行设备为以下之一: The network side device that records the terminal authentication information is one of the following: a home location server HLR, an authentication center AuC, or a combination of a home location server and an authentication center, HLR/AuC. The step CI determines the support capability of the terminal for the R99 version protocol, and determines that the execution device of the authentication set in the obtained authentication information is one of the following:

MSC、 VLR、 HLR或 AuC。  MSC, VLR, HLR or AuC.

其中, 步骤 A1所述携带终端对 R99版本协议的支持能力信息是通 过所述接入请求中的级别信息 Classmark字段携带的;  The information about the support capability of the carrying terminal to the R99 version protocol in step A1 is carried by the level information Classmark field in the access request.

步骤 C1所述确定终端对 R99版本协议的支持能力是根据所述级别 信息 Classmark字段值确定的。  The determining terminal's support capability for the R99 version protocol is determined according to the level information Classmark field value.

其中,所述确定终端对 R99版本协议的支持能力为支持 R99版本以 上为: 根据所述级别信息 Classmark字段第 7、 6两比特位分别为 1、 0 时确定。  The determining terminal supports the R99 version protocol to support the R99 version or higher: according to the level information, the 7th and 6th bits of the Classmark field are respectively determined to be 1, 0.

其中,所述确定终端对 R99版本协议的支持能力为支持 R99版本以 下为: 根据所述级别信息 Classmark字段第 7、 6两比特位分别为 0、 0 或 0、 1时确定。  The determining terminal supports the R99 version protocol to support the R99 version as follows: According to the level information, the 7th and 6th bits of the Classmark field are 0, 0 or 0, respectively.

另外, 步骤 C1后进一步包括:  In addition, after step C1, the method further includes:

网络侧向终端返回响应信息以提示用户允许接入 3G网络或者是拒 绝接入 3G网络。  The network side returns a response message to the user to allow the user to access the 3G network or refuse to access the 3G network.

由上述方法可以看出, 本发明可以实现 3G网絡拒绝使用 SIM卡的 R99版本以上终端的接入,符合 3GPP 33.102文档的描述,从而符合 3GPP 33.102文档描述的对 UE接入 3G网络时的安全性要求。 另外, 本发明 的实现方式, 在用户接入阶段就对不合法用户拒绝, 避免这类非法接入 后, 在使用业务阶段才发现用户不合法再拒绝, 节省了网络资源。  It can be seen from the foregoing method that the present invention can implement the access of the terminal above the R99 version of the 3G network that refuses to use the SIM card, and conforms to the description of the 3GPP 33.102 document, thereby complying with the security of the UE accessing the 3G network described in the 3GPP 33.102 document. Claim. In addition, the implementation of the present invention rejects the illegal user during the user access phase, and avoids such illegal access. After the service phase is used, the user is found to be illegal and refused, thereby saving network resources.

另一方面, 本发明在网络判断出用户终端为使用 USIM卡的 R99版 本以下终端时, 不再下发 AUTN 消息, 从而使这种终端可以顺利接入 3G网络, 实现了对 R99版本以下终端使用 USIM卡的兼容, 提高了呼 叫成功率, 提高了 3G网络的兼容性。 附图简要说明 On the other hand, when the network determines that the user terminal is the terminal of the R99 version of the USIM card, the network does not send the AUTN message, so that the terminal can smoothly access the 3G network, and the terminal is used for the R99 version or lower. The compatibility of the USIM card improves the call success rate and improves the compatibility of the 3G network. BRIEF DESCRIPTION OF THE DRAWINGS

图 1为 3G网格的基本組网图;  Figure 1 is a basic networking diagram of a 3G grid;

图 2为控制 UE接入 3G网络第一实施例的流程图;  2 is a flowchart of a first embodiment of controlling a UE to access a 3G network;

图 3为控制 UE接入 3G网络第二实施例的流程图。 实施本发明的方式  3 is a flow chart of a second embodiment of controlling a UE to access a 3G network. Mode for carrying out the invention

为使本发明的目的、 技术方案及优点更加清楚明白, 以下参照附图 并举实施例, 对本发明做进一步的详细说明。  The present invention will be further described in detail below with reference to the drawings and embodiments.

本发明的核心思想是: 获取请求接入 3G网络终端对 R99版本协议 的支持能力、以及使用的 SIM卡类型;根据所述终端对 R99版本协议的 支持能力以及使用的 SIM卡类型, 确定是否允许终端接入 3G网络。  The core idea of the present invention is: obtaining the support capability of requesting access to the 3G network terminal for the R99 version protocol, and the type of SIM card used; determining whether to allow according to the support capability of the terminal for the R99 version protocol and the type of SIM card used. The terminal accesses the 3G network.

在本发明中分别介绍了两个实施例, 实施例一主要针对的是使用 SIM卡的 R99版本以上的终端接入 3G网络的控制方法; 实施例二主要 针对的是使用 USIM卡的 R99版本以下的终端接入 3G网络的控制方法。  Two embodiments are respectively introduced in the present invention. The first embodiment is mainly directed to a control method for accessing a 3G network by using a terminal of the R99 version or higher of the SIM card; the second embodiment is mainly for using the R99 version of the USIM card. The terminal accesses the control method of the 3G network.

实施例一  Embodiment 1

该例中, 在 UE请求接入 3G网络时, MSC首先从 UE的请求消息 中获得 UE的支持能力是否为 R99版本以上,并且 MSC从 HLR/AuC请 求获得该 UE的鉴权参数, 根据鉴权参数中包含的鉴权集来判断 UE是 否使用的是 SIM卡类型; 然后再根据 UE的版本信息、是否为 SIM卡类 型来确定是否拒绝所述 UE接入网络。  In this example, when the UE requests to access the 3G network, the MSC first obtains whether the support capability of the UE is greater than or equal to the R99 version from the request message of the UE, and the MSC obtains the authentication parameter of the UE from the HLR/AuC request, according to the authentication. The authentication set included in the parameter determines whether the UE uses the SIM card type; and then determines whether to reject the UE to access the network according to the version information of the UE and whether it is the SIM card type.

下面参见图 2示出的 UE接入 3G网络的流程图,对本发明进行详细 说明, 包括以下步骤:  Referring to the flowchart of the UE accessing the 3G network shown in FIG. 2, the present invention is described in detail, including the following steps:

步骤 201 : UE在开机或进入 3G网络时, UE发起位置更新倩求以 请求接入 3G网络。  Step 201: When the UE is powered on or enters the 3G network, the UE initiates a location update request to access the 3G network.

该位置更新请求中携带了终端的支持能力, 具体如下表 1所示, 为 该请求消息中的级别信息(Classmark )字段中包含的部分内容, 该字段 的第 7、 6两比特位对应为 1、 0值时(参见表 1 中的斜体字), 表示该 UE是 R99版本以上的终端。 The location update request carries the support capability of the terminal, as shown in Table 1 below. The content of the level information (Classmark) field in the request message, when the 7th and 6th bits of the field correspond to the value of 1, 0 (see italics in Table 1), indicating that the UE is the R99 version. The above terminal.

Figure imgf000007_0002
Figure imgf000007_0002

Figure imgf000007_0001
Figure imgf000007_0001

步骤 202: 该步骤包括步驟 202a和步骤 202b, 具体为, UE的请求 消息通过 NODE B、 RNC传送给 MSC, MSC根据位置更新请求消息中 携带的终端的支持能力确定终端的能力, 并进行记录; 另外, MSC还将 位置更新请求消息发送给 VLR,该消息还包含所述 UE的标识,如 IMSI (国际移动用户识别码)。  Step 202: The step includes the step 202a and the step 202b. Specifically, the request message of the UE is transmitted to the MSC through the NODE B and the RNC, and the MSC determines the capability of the terminal according to the support capability of the terminal carried in the location update request message, and performs recording. In addition, the MSC also sends a Location Update Request message to the VLR, which also contains the identity of the UE, such as an IMSI (International Mobile Subscriber Identity).

步骤 203 : VLR收到所述位置更新请求后, 启动对 UE接入的鉴权, 首先向 HLR/AuC请求鉴权参数, 该请求中包含 UE的标识。 步骤 204: HLR/AuC根据其记录的信息向 VLR返回该 UE的鉴权参 数, 包括加密键(KC )、 随机数、 三元组或者五元组的鉴权集等。 Step 203: After receiving the location update request, the VLR initiates authentication for accessing the UE. The authentication parameter is first requested from the HLR/AuC, and the request includes the identity of the UE. Step 204: The HLR/AuC returns an authentication parameter of the UE to the VLR according to the information it records, including an encryption key (KC), a random number, a triplet or a five-tuple authentication set, and the like.

这里需要说明的是, UE开户的信息保存在 HLR中, 当 UE开户时 为使用 SIM卡用户时, HLR向 VLR返回的鉴权集为三元组。  It should be noted that the information about the UE opening account is stored in the HLR. When the SIM card user is used when the UE is opened, the authentication set returned by the HLR to the VLR is a triplet.

步骤 205: 该步骤包括步骤 205a和步驟 205b, 具体为, VLR才艮据 接收的 UE的鉴权参数对 UE进行鉴权, 这个过程与背景技术的鉴权过 程相同, 由 VLR对 UE进行鉴权; 当鉴权通过后, 将鉴权参数发送给 Step 205: The step includes step 205a and step 205b. Specifically, the VLR authenticates the UE according to the received authentication parameter of the UE. This process is the same as the authentication process of the background technology, and the VLR authenticates the UE. After the authentication is passed, the authentication parameters are sent to

MSC。 MSC.

步骤 206: MSC获得鉴权参数后, 判断其中的鉴权集是 3元组还是 5元组, 当判断是 3元組时, 表示 UE使用的为 SIM卡; 同时, MSC判 断其在步骤 202 中记录的 UE是否是 R99版本以上的终端, 当记录的 UE终端为 R99版本以上的终端、且鉴权参数中的鉴权集为 3元组数时, MSC拒绝该 UE的接入, 并向 UE返回位置更新拒绝的响应消息, 以提 示用户, 并结束当前处理流程。  Step 206: After obtaining the authentication parameter, the MSC determines whether the authentication set is a 3-tuple or a 5-tuple. When it is determined to be a 3-tuple, it indicates that the UE uses the SIM card; meanwhile, the MSC determines that it is in step 202. Whether the recorded UE is a terminal above the R99 version. When the recorded UE terminal is a terminal of the R99 version or higher, and the authentication set in the authentication parameter is a 3-tuple number, the MSC rejects the access of the UE, and sends the UE to the UE. Returns a response message for the location update rejection to prompt the user and end the current processing flow.

若 MSC判断鉴权参数中的鉴权集为 5元组, 或者 UE并非 R99版 本以上的终端, 那么按照现有的 UE接入网络的流程, MSC继续执行正 常的步骤, 将 VLR发送的信息通过 RNC、 NODE B发送给 UE。  If the MSC determines that the authentication set in the authentication parameter is a 5-tuple, or the UE is not a terminal above the R99 version, then according to the existing UE accessing the network, the MSC continues to perform the normal steps, and the information sent by the VLR is passed. RNC and NODE B are sent to the UE.

步骤 207; 终端收到鉴权请求后返回鉴权响应消息, 携带鉴权响应 数(SERS )信息。  Step 207: After receiving the authentication request, the terminal returns an authentication response message, and carries the authentication response number (SERS) information.

步骤 208: 鉴权响应消息上行传送到 VLR, VLR比较从 HLR/AuC 获得的 SERS和终端鉴权响应消息中返回的 SERS是否相同,当相同时, 鉴权成功, VLR向 MSC返回接受位置更新请求消息, 如果鉴权失败, VLR向 MSC返回拒绝位置更新请求消息。  Step 208: The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns to the MSC to receive the location update request. The message, if the authentication fails, the VLR returns a reject location update request message to the MSC.

步骤 209: MSC收到 VLR的响应消息后, 将响应消息的内容返回 给终端。 Step 209: After receiving the response message of the VLR, the MSC returns the content of the response message. Give the terminal.

从上面可以看出, 在 UE接入 3G网络时, 便可以判断出 UE是否为 使用 SIM卡的 R99版本以上的终端, 从而确定是否允许该 UE的接入。 另外, 上述实施例是将该判断过程由 MSC处实现的, 但不难理解, 该 判断过程可以发生在网络侧的任一设备上, 如 R C、 VLR> HLR/AuC, 或在一新增设备上。  As can be seen from the above, when the UE accesses the 3G network, it can be determined whether the UE is using the terminal of the R99 version or more of the SIM card, thereby determining whether to allow access of the UE. In addition, the foregoing embodiment implements the determining process by the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, such as RC, VLR>HLR/AuC, or in a new device. on.

实施例二  Embodiment 2

该例中, 在 UE请求接入网络时, MSC首先从 UE的请求消息中获 得 UE的支持能力是否为 R99版本以下,并且 MSC从 HLR/AuC请求获 得鉴权参数,根据鉴权参数中包括的鉴权集来判断用户使用的 SIM卡类 型是否为 USIM, 从而确定是否向 UE发送 AUTN鉴权信息。  In this example, when the UE requests to access the network, the MSC first obtains, from the request message of the UE, whether the support capability of the UE is below the R99 version, and the MSC requests the authentication parameter from the HLR/AuC, according to the authentication parameter. The authentication set determines whether the SIM card type used by the user is a USIM, thereby determining whether to send the AUTN authentication information to the UE.

下面参见图 3示出的 UE接入 3G网络的流程图,对本发明进行详细 说明, 包括以下步骤:  Referring to the flowchart of the UE accessing the 3G network shown in FIG. 3, the present invention is described in detail, including the following steps:

步骤 301 : UE在进入 3G网络时, UE发起位置更新请求消息, 请 求接入网络。  Step 301: When the UE enters the 3G network, the UE initiates a location update request message requesting access to the network.

该位置更新请求消息中携带了终端的支持能力, 如上表 1所示, 为 该请求消息中的 Classmark字段中包含的部分内容, 当该字段的第 7、 6 两比特位对应为 00或 01值时表示该 UE是 R99版本以下的终端。  The location update request message carries the support capability of the terminal, as shown in Table 1 above, which is part of the content included in the Classmark field in the request message, when the 7th and 6th bits of the field correspond to the 00 or 01 value. The time indicates that the UE is a terminal below the R99 version.

步骤 302: 该步驟包括步骤 302a和步骤 302b, 具体为, UE的请求 消息通过 NODE B、 R C传送给 MSC, MSC根据请求消息中携带的终 端的支持能力确定终端能力, 从而可以获知 UE是否是 R99版本以下的 终端, 并进行记录; 另外, MSC还将位置更新请求发送给 VLR, 包含 所述 UE的标识, 如 MSI (国际移动用户识别码)。  Step 302: The step includes the step 302a and the step 302b. Specifically, the request message of the UE is transmitted to the MSC through the NODE B and the RC. The MSC determines the terminal capability according to the support capability of the terminal carried in the request message, so as to know whether the UE is R99. The terminal below the version is recorded; in addition, the MSC also sends a location update request to the VLR, including the identity of the UE, such as an MSI (International Mobile Subscriber Identity).

步骤 303: VLR收到所述位置更新请求后, 启动鉴权, 向 HLR/AuC 请求鉴权参数, 该请求中包含 UE的标识, 如 IMSI。 步骤 304: HLR/AuC向 VLR返回其所记录的该 UE的鉴权参数, 包 括加密键(KC )、 随机数、 三元组或者五元组的鉴权集等。 Step 303: After receiving the location update request, the VLR starts authentication and requests an authentication parameter from the HLR/AuC, where the request includes an identifier of the UE, such as an IMSI. Step 304: The HLR/AuC returns the recorded authentication parameters of the UE to the VLR, including an encryption key (KC), a random number, a triplet or a five-tuple authentication set, and the like.

这里需要说明的是, 由于用户开户的信息保存在 HLR中, 因此当用 户为 USIM卡用户时, HLR返回的鉴权集为五元组。  It should be noted that, since the user account information is stored in the HLR, when the user is a USIM card user, the authentication set returned by the HLR is a five-tuple.

步骤 305: 该步骤包括步骤 305a和步骤 305b, 具体为, VLR启动 对终端的鉴权过程, 这个过程和现有的鉴权过程相同, 由 VLR对 UE进 行鉴权;当鉴权通过后,还要通过鉴权请求信息将鉴权参数发送给 MSC。  Step 305: The step includes step 305a and step 305b. Specifically, the VLR initiates an authentication process for the terminal. This process is the same as the existing authentication process. The VLR authenticates the UE. After the authentication is passed, The authentication parameter is sent to the MSC through the authentication request information.

步骤 306: MSC获得鉴权参数后, 判断其中的鉴权集为 5元组还是 3元组, 当判断是 5元组时, 表示用户使用的 SIM卡类型为 USIM; 同 时, MSC判断其在步骤 302中记录的 UE是否是 R99版本以下的终端, 当记录的 UE终端为 R99版本以下的终端、 且鉴权参数中的鉴权集为 5 元组时, MSC不下发 AUTN消息到终端, 直接向当前 UE发送位置更 新接受的响应消息, 以避免终端不能正确处理而不能接入到网络。  Step 306: After obtaining the authentication parameter, the MSC determines whether the authentication set is a 5-tuple or a 3-tuple. When it is determined to be a 5-tuple, it indicates that the SIM card type used by the user is USIM. Meanwhile, the MSC determines that it is in the step. Whether the UE recorded in 302 is a terminal below the R99 version. When the recorded UE terminal is a terminal of the R99 version or less, and the authentication set in the authentication parameter is a 5-tuple group, the MSC does not send an AUTN message to the terminal, directly The current UE sends a response message that the location update is accepted, so as to prevent the terminal from being correctly processed and unable to access the network.

若 MSC判断鉴权参数中的鉴权集为 3元组数, 或者 UE为 R99版 本或 R99版本以上的终端, 那么按照现有的 UE接入网络的流程, MSC 继续执行正常的步驟,将 VLR发送的鉴权请求信息通过 R C、 NODE B 发送给 UE。  If the MSC determines that the authentication set in the authentication parameter is a 3-tuple number, or the UE is a terminal of the R99 version or the R99 version, the MSC continues to perform the normal steps according to the existing UE access network procedure, and the VLR The sent authentication request information is sent to the UE through RC and NODE B.

步骤 307; 终端收到鉴权请求后向 MSC返回鉴权响应消息, 携带有 SERS。  Step 307: After receiving the authentication request, the terminal returns an authentication response message to the MSC, and carries the SERS.

步骤 308: 鉴权响应消息上行传送到 VLR, VLR比较从 HLR/AuC 获得的 SERS和终端鉴权响应消息中返回的 SERS是否相同,当相同时, 鉴权成功, VLR向 MSC返回接受请求消息, 如果鉴权失败, VLR向 MSC返回拒绝请求消息。  Step 308: The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns an accept request message to the MSC. If the authentication fails, the VLR returns a reject request message to the MSC.

步骤 309: MSC收到 VLR的响应消息后, 根据响应消息的内容返 回给终端。 从该例可以看出, 在用户接入 3G 网络时, 便可以判断出用户是否 为使用 USIM卡的 R99版本以下的终端,从而确定是否下发 AUTN消息 给 UE。另外,上述实施例是将判断过程在 MSC处实现的,但不难理解, 该判断过程可以发生在网络侧的任一设备上, 或一新增设备上。 Step 309: After receiving the response message of the VLR, the MSC returns to the terminal according to the content of the response message. It can be seen from this example that when the user accesses the 3G network, it can be determined whether the user is using the terminal below the R99 version of the USIM card, thereby determining whether to send an AUTN message to the UE. In addition, the foregoing embodiment implements the determining process at the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, or on a newly added device.

根据实际的组网, MSC和 VLR可能为一个设备, MSC也可能直接 与 HLR/AuC进行通信, 而不经过 VLR迂回。 '  According to the actual networking, the MSC and the VLR may be one device, and the MSC may also directly communicate with the HLR/AuC without going through the VLR. '

以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均 应包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalents, improvements, etc., which are included in the spirit and scope of the present invention, should be included in the present invention. Within the scope of protection.

Claims

权利要求 Rights request 1、 一种终端接入第三代 3G网络的控制方法, 其特征在于, 该方法 包括以下步骤:  A control method for a terminal to access a third-generation 3G network, characterized in that the method comprises the following steps: Al、终端发起接入请求, 该接入请求中携带有该终端对 R99版本协 议的支持能力信息;  Al, the terminal initiates an access request, where the access request carries the support capability information of the terminal for the R99 version protocol; Bl、 网络接收所述接入请求, 并从记录有终端鉴权信息的网络侧设 备中获取所述终端的、 包含鉴权集的鉴权信息;  Bl, the network receives the access request, and obtains, from the network side device that records the terminal authentication information, the authentication information of the terminal that includes the authentication set; C1、网络确定所述终端对 R99版本协议的支持能力为支持 R99版本 以上还是以下,并确定获取的鉴权信息中的鉴权集为 3元组还是 5元组; 才艮据确定出的两个结果控制是否允许所述终端接入 3G网络。  The network determines whether the terminal supports the R99 version protocol to support the R99 version or later, and determines whether the authentication set in the obtained authentication information is a 3-tuple or a 5-tuple; The result controls whether the terminal is allowed to access the 3G network. 2、 才艮据权利要求 1所述的方法, 其特征在于, 步骤 C1所述控制包 括:  2. The method according to claim 1, wherein the controlling in step C1 comprises: 确定所述终端对 R99版本协议的支持能力为支持 R99版本以上,且 所述鉴权集为 3元组时, 拒绝所述终端接入 3G网络。  The terminal is determined to support the R99 version protocol to support the R99 version or higher, and when the authentication set is a 3-tuple group, the terminal is denied access to the 3G network. 3、 才 据权利要求 1所述的方法, 其特征在于, 步骤 C1所述控制包 括:  3. The method according to claim 1, wherein the controlling in step C1 comprises: 确定所述终端对 R99版本协议的支持能力为支持 R99版本以下,且 所述鉴权集为 5元组时, 不向终端发送 AUTN鉴权消息, 以允许所述终 端接入 3G网络。  It is determined that the terminal supports the R99 version protocol to support the R99 version or less, and when the authentication set is a 5-tuple group, the AUTN authentication message is not sent to the terminal to allow the terminal to access the 3G network. 4、 根据权利要求 1所述的方法, 其特征在于, 所述步骤 B1包括以 下步骤:  4. The method according to claim 1, wherein the step B1 comprises the following steps: Bll、 MSC接收所述接入请求, 记录该接入请求中携带的所述终端 对 R99版本协议的支持能力信息; MSC向记录有终端鉴权信息的网络 侧设备请求鉴权信息; B12、 记录有终端鉴权信息的网络侧设备将所述终端的、 包括鉴权 集的鉴权信息发送给 MSG, Bll, the MSC receives the access request, and records the support capability information of the terminal to the R99 version protocol carried in the access request; the MSC requests the authentication information from the network side device that records the terminal authentication information; B12. The network side device that records the terminal authentication information sends the authentication information of the terminal, including the authentication set, to the MSG. 5、根据权利要求 4所述的方法, 其特征在于, 网络还包括拜访位置 服务器 VLR;  The method according to claim 4, wherein the network further comprises a visit location server VLR; 所述 MSC 与记录有终端鉴权信息的网络侧设备之间的通信经过 VLR进行中转。  The communication between the MSC and the network side device that records the terminal authentication information is relayed through the VLR. 6、 根据权利要求 1至 5中任一权利要求所述的方法, 其特征在于, 所述记录有终端鉴权信息的网络侧设备为以下之一:  The method according to any one of claims 1 to 5, wherein the network side device that records the terminal authentication information is one of the following: 归属位置服务器 HLR、 鉴权中心 AuC或归属位置服务器与鉴权中 心的结合 HLR/AuC。  The home location server HLR, the authentication center AuC or the combination of the home location server and the authentication center HLR/AuC. 7、 居权利要求 1所述的方法, 其特征在于, 步骤 C1所述确定终 端对 R99版本协议的支持能力 ,确定获取的鉴权信息中的鉴权集的执行 设备为以下之一:  The method of claim 1, wherein the step C1 determines the terminal's support capability for the R99 version protocol, and determines that the execution device of the authentication set in the obtained authentication information is one of the following: MSC、 VLR、 HLR或 AuC。  MSC, VLR, HLR or AuC. 8、 t权利要求 1、 2、 3、 4、 5或 7所述的方法, 其特征在于, 步 骤 A1所述携带终端对 R99版本协议的支持能力信息是通过所述接入请 求中的级别信息 Classmark字段携带的;  The method of claim 1, 2, 3, 4, 5 or 7, wherein the supporting capability information of the carrying terminal to the R99 version protocol in step A1 is the level information in the access request. Carryed by the Classmark field; 步骤 C1所述确定终端对 R99版本协议的支持能力是根据所述级别 信息 Classmark字段值确定的。  The determining terminal's support capability for the R99 version protocol is determined according to the level information Classmark field value. 9、根据权利要求 8所述的方法, 其特征在于, 所述确定终端对 R99 版本协议的支持能力为支持 R99 版本以上为: 根据所述级别信息 Classmark字段第 7、 6两比特位分别为 1、 0时确定。  The method according to claim 8, wherein the determining terminal supports the R99 version protocol to support the R99 version or higher: according to the level information, the 7th and 6th bits of the Classmark field are respectively 1 , 0 is determined. 10、 ^据权利要求 8所述的方法,其特征在于,所述确定终端对 R99 版本协议的支持能力为支持 R99 版本以下为: 根据所述级别信息 Classmark字段第 7、 6两比特位分别为 0、 0或 0、 1时确定。 10. The method according to claim 8, wherein the determining terminal supports the R99 version protocol to support the R99 version. The following are: According to the level information, the 7th and 6th bits of the Classmark field are respectively 0, 0 or 0, 1 is determined. 11、 根据权利要求 1所述的方法, 其特征在于, 步骤 C1后进一步 包括: The method according to claim 1, wherein after step C1, the method further comprises: 网络侧向终端返回响应信息以提示用户允许接入 3G网络或者是拒 绝接入 3G网络。  The network side returns a response message to the user to allow the user to access the 3G network or refuse to access the 3G network.
PCT/CN2006/001562 2005-09-20 2006-07-04 Method for controlling terminal to access 3g network Ceased WO2007033550A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005101033906A CN100417296C (en) 2005-09-20 2005-09-20 A control method for terminal access to 3G network
CN200510103390.6 2005-09-20

Publications (1)

Publication Number Publication Date
WO2007033550A1 true WO2007033550A1 (en) 2007-03-29

Family

ID=37888536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001562 Ceased WO2007033550A1 (en) 2005-09-20 2006-07-04 Method for controlling terminal to access 3g network

Country Status (2)

Country Link
CN (1) CN100417296C (en)
WO (1) WO2007033550A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056169A (en) * 2009-11-05 2011-05-11 中兴通讯股份有限公司 Method and system for preventing illegal terminal from accessing as well as terminal

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508992A (en) * 2002-12-15 2004-06-30 华为技术有限公司 Method for accessing radio network controller in broadband code division multiple access mobile network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6754482B1 (en) * 2000-02-02 2004-06-22 Lucent Technologies Inc. Flexible access authorization feature to enable mobile users to access services in 3G wireless networks
DE60223951T2 (en) * 2002-05-01 2008-11-27 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for SIM based authentication and encryption when accessing a wireless local area network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508992A (en) * 2002-12-15 2004-06-30 华为技术有限公司 Method for accessing radio network controller in broadband code division multiple access mobile network

Also Published As

Publication number Publication date
CN1937835A (en) 2007-03-28
CN100417296C (en) 2008-09-03

Similar Documents

Publication Publication Date Title
CN105934926B (en) Method and apparatus for session and service control of wireless devices using common subscriber information
CN1327663C (en) Method of user access radio communication network and radio network cut in control device
JP4864094B2 (en) Communication control system
JP5199405B2 (en) Authentication in communication systems
US7096014B2 (en) Roaming arrangement
CN1947453B (en) The user authentication of the improvement of unauthorized mobile access signaling
US20060128362A1 (en) UMTS-WLAN interworking system and authentication method therefor
CN111869182B (en) Method for authenticating equipment, communication system, communication equipment
WO2019017837A1 (en) Network security management method and apparatus
US7076799B2 (en) Control of unciphered user traffic
JP2005525758A (en) Method and system for performing preparation data transfer in a wireless communication system
CN110278556B (en) Security authentication policy determination method, device and computer readable storage medium
EP2317694B1 (en) Method and system and user equipment for protocol configuration option transmission
WO2008125062A1 (en) Method of admittance judgment and paging user in mobile communication system, system and device thereof
WO2010069202A1 (en) Authentication negotiation method and the system thereof, security gateway, home node b
WO2018170703A1 (en) Connection establishment method and device
WO2007033550A1 (en) Method for controlling terminal to access 3g network
KR101485801B1 (en) Method and system for supporting authentication and security protected non-access stratum protocol in mobile telecommunication system
CN101247630B (en) System and method for implementing multimedia broadcasting service cryptographic key negotiation
KR100578375B1 (en) User terminal authentication method and system in high speed packet data communication system
TWI852479B (en) Methods and user equipment for wireless communications
JP7572568B2 (en) Information processing method, device, communication device, and readable storage medium
US12452670B2 (en) Systems and methods for secure connections and data transfer
WO2014121613A1 (en) Method and corresponding device for acquiring location information
WO2023169206A1 (en) Authorization verification method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06753098

Country of ref document: EP

Kind code of ref document: A1