[go: up one dir, main page]

WO2007033550A1 - Procede pour controler un terminal et acceder au reseau 3g - Google Patents

Procede pour controler un terminal et acceder au reseau 3g Download PDF

Info

Publication number
WO2007033550A1
WO2007033550A1 PCT/CN2006/001562 CN2006001562W WO2007033550A1 WO 2007033550 A1 WO2007033550 A1 WO 2007033550A1 CN 2006001562 W CN2006001562 W CN 2006001562W WO 2007033550 A1 WO2007033550 A1 WO 2007033550A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network
authentication
version
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2006/001562
Other languages
English (en)
Chinese (zh)
Inventor
Yongli Jia
Yong Wang
Hailei Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2007033550A1 publication Critical patent/WO2007033550A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to a third generation (3G) network technology, and more particularly to a control method for a terminal to access a 3G network.
  • 3G third generation
  • Figure 1 shows the basic networking diagram of 3G.
  • the network side includes NODE B (access node), RC (radio network controller), MSC (mobile switching center), VLR (visiting location server), HLR (home location). Server), AuC (authentication center), where MSC and VLR can be combined into one device, which is recorded as MSC/VLR, HLR and AuC can be combined into one device, which is recorded as HLR/AuC;
  • the UE When the user equipment (UE, User Equipment) needs to access the 3G network, for example, when the UE enters the 3G network or the UE performs location update, the UE initiates a location update request to access the 3G network, and the location update request passes NODE B and RC.
  • the MSC sends the location update request to the VLR, and the VLR accesses the HLR/AuC to obtain the subscription information and the authentication parameter information of the UE.
  • the VLR authenticates the UE according to the obtained subscription information and the authentication parameter. After the authentication is passed, a response message is sent to the UE to prompt the location update success, allowing the UE to access the 3G network.
  • the SIM card user has the following restrictions in the 3GPP 33.102 document: R99+ ME with a SIM inserted, shall participate only in GSM AKA.
  • the terminal using the R99 version of the SIM card can only use GSMAKA (AKA: is a mutual authentication protocol, which enables communication) Both parties authenticate each other's identity and generate the same key on both sides of the communication.
  • the protocol accesses the GSM network, that is, the terminal above the R99 version of the SIM card is not allowed to access the 3G network.
  • this protocol indicates that an AUTN message can only be processed when a terminal of the R99 version and above uses a USIM card (the AUTN message is an authentication message). Therefore, when the USIM card is used by the terminal below the R99 version, the AUTN authentication message may not be processed correctly, and the user cannot access the network or the call fails.
  • the prior art does not provide a specific implementation method for accessing a 3G network by using a terminal below the R99 version of the USIM card. This results in the use of the USIM card R99 version when the terminal accesses the 3G network. As described above, the AUTN authentication message cannot be processed correctly and the 3G network cannot be accessed or the call fails. Summary of the invention
  • the main object of the present invention is to provide a control method for a terminal to access a 3G network, so as to enable the 3G network to control whether to allow access of the terminal.
  • the present invention provides a control method for a terminal to access a 3G network, and the method includes the following steps:
  • the terminal initiates an access request, and the access request carries the terminal to the R99 version protocol.
  • Information on support capabilities
  • the network receives the access request, and obtains, from the network side device that records the terminal authentication information, the authentication information of the terminal that includes the authentication set;
  • the network determines whether the terminal supports the R99 version protocol to support the R99 version or later, and determines whether the authentication set in the obtained authentication information is a 3-tuple or a 5-tuple; Control whether the terminal is allowed to access the 3G network.
  • the control in step C1 includes:
  • the terminal is determined to support the R99 version protocol to support the R99 version or higher, and when the authentication set is a 3-tuple group, the terminal is denied access to the 3G network.
  • the control in step C1 includes:
  • the terminal determines that the terminal supports the R99 version protocol to support the R99 version or less, and when the authentication set is a 5-tuple group, the AUTN authentication message is not sent to the terminal to allow the terminal to access the 3G network.
  • the step B1 includes the following steps:
  • the MSC receives the access request, and records the support capability information of the terminal that is carried in the access request to the R99 version protocol; the MSC requests the authentication information from the network side device that records the terminal authentication information;
  • the network side device that records the terminal authentication information sends the authentication information of the terminal, including the authentication set, to the MSC.
  • the network also includes a visit location server VLR;
  • the VLR is transited.
  • the network side device that records the terminal authentication information is one of the following: a home location server HLR, an authentication center AuC, or a combination of a home location server and an authentication center, HLR/AuC.
  • the step CI determines the support capability of the terminal for the R99 version protocol, and determines that the execution device of the authentication set in the obtained authentication information is one of the following:
  • MSC VLR, HLR or AuC.
  • the information about the support capability of the carrying terminal to the R99 version protocol in step A1 is carried by the level information Classmark field in the access request.
  • the determining terminal's support capability for the R99 version protocol is determined according to the level information Classmark field value.
  • the determining terminal supports the R99 version protocol to support the R99 version or higher: according to the level information, the 7th and 6th bits of the Classmark field are respectively determined to be 1, 0.
  • the determining terminal supports the R99 version protocol to support the R99 version as follows: According to the level information, the 7th and 6th bits of the Classmark field are 0, 0 or 0, respectively.
  • step C1 the method further includes:
  • the network side returns a response message to the user to allow the user to access the 3G network or refuse to access the 3G network.
  • the present invention can implement the access of the terminal above the R99 version of the 3G network that refuses to use the SIM card, and conforms to the description of the 3GPP 33.102 document, thereby complying with the security of the UE accessing the 3G network described in the 3GPP 33.102 document. Claim.
  • the implementation of the present invention rejects the illegal user during the user access phase, and avoids such illegal access. After the service phase is used, the user is found to be illegal and refused, thereby saving network resources.
  • the network determines that the user terminal is the terminal of the R99 version of the USIM card, the network does not send the AUTN message, so that the terminal can smoothly access the 3G network, and the terminal is used for the R99 version or lower.
  • the compatibility of the USIM card improves the call success rate and improves the compatibility of the 3G network.
  • Figure 1 is a basic networking diagram of a 3G grid
  • FIG. 2 is a flowchart of a first embodiment of controlling a UE to access a 3G network
  • FIG. 3 is a flow chart of a second embodiment of controlling a UE to access a 3G network. Mode for carrying out the invention
  • the core idea of the present invention is: obtaining the support capability of requesting access to the 3G network terminal for the R99 version protocol, and the type of SIM card used; determining whether to allow according to the support capability of the terminal for the R99 version protocol and the type of SIM card used.
  • the terminal accesses the 3G network.
  • the first embodiment is mainly directed to a control method for accessing a 3G network by using a terminal of the R99 version or higher of the SIM card; the second embodiment is mainly for using the R99 version of the USIM card.
  • the terminal accesses the control method of the 3G network.
  • the MSC when the UE requests to access the 3G network, the MSC first obtains whether the support capability of the UE is greater than or equal to the R99 version from the request message of the UE, and the MSC obtains the authentication parameter of the UE from the HLR/AuC request, according to the authentication.
  • the authentication set included in the parameter determines whether the UE uses the SIM card type; and then determines whether to reject the UE to access the network according to the version information of the UE and whether it is the SIM card type.
  • Step 201 When the UE is powered on or enters the 3G network, the UE initiates a location update request to access the 3G network.
  • the location update request carries the support capability of the terminal, as shown in Table 1 below.
  • the content of the level information (Classmark) field in the request message when the 7th and 6th bits of the field correspond to the value of 1, 0 (see italics in Table 1), indicating that the UE is the R99 version.
  • the above terminal The above terminal.
  • Step 202 The step includes the step 202a and the step 202b.
  • the request message of the UE is transmitted to the MSC through the NODE B and the RNC, and the MSC determines the capability of the terminal according to the support capability of the terminal carried in the location update request message, and performs recording.
  • the MSC also sends a Location Update Request message to the VLR, which also contains the identity of the UE, such as an IMSI (International Mobile Subscriber Identity).
  • IMSI International Mobile Subscriber Identity
  • Step 203 After receiving the location update request, the VLR initiates authentication for accessing the UE.
  • the authentication parameter is first requested from the HLR/AuC, and the request includes the identity of the UE.
  • KC encryption key
  • the information about the UE opening account is stored in the HLR.
  • the authentication set returned by the HLR to the VLR is a triplet.
  • Step 205 The step includes step 205a and step 205b. Specifically, the VLR authenticates the UE according to the received authentication parameter of the UE. This process is the same as the authentication process of the background technology, and the VLR authenticates the UE. After the authentication is passed, the authentication parameters are sent to
  • Step 206 After obtaining the authentication parameter, the MSC determines whether the authentication set is a 3-tuple or a 5-tuple. When it is determined to be a 3-tuple, it indicates that the UE uses the SIM card; meanwhile, the MSC determines that it is in step 202. Whether the recorded UE is a terminal above the R99 version. When the recorded UE terminal is a terminal of the R99 version or higher, and the authentication set in the authentication parameter is a 3-tuple number, the MSC rejects the access of the UE, and sends the UE to the UE. Returns a response message for the location update rejection to prompt the user and end the current processing flow.
  • the MSC determines that the authentication set in the authentication parameter is a 5-tuple, or the UE is not a terminal above the R99 version, then according to the existing UE accessing the network, the MSC continues to perform the normal steps, and the information sent by the VLR is passed. RNC and NODE B are sent to the UE.
  • Step 207 After receiving the authentication request, the terminal returns an authentication response message, and carries the authentication response number (SERS) information.
  • SERS authentication response number
  • Step 208 The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns to the MSC to receive the location update request. The message, if the authentication fails, the VLR returns a reject location update request message to the MSC.
  • Step 209 After receiving the response message of the VLR, the MSC returns the content of the response message. Give the terminal.
  • the UE when the UE accesses the 3G network, it can be determined whether the UE is using the terminal of the R99 version or more of the SIM card, thereby determining whether to allow access of the UE.
  • the foregoing embodiment implements the determining process by the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, such as RC, VLR>HLR/AuC, or in a new device. on.
  • the MSC when the UE requests to access the network, the MSC first obtains, from the request message of the UE, whether the support capability of the UE is below the R99 version, and the MSC requests the authentication parameter from the HLR/AuC, according to the authentication parameter.
  • the authentication set determines whether the SIM card type used by the user is a USIM, thereby determining whether to send the AUTN authentication information to the UE.
  • Step 301 When the UE enters the 3G network, the UE initiates a location update request message requesting access to the network.
  • the location update request message carries the support capability of the terminal, as shown in Table 1 above, which is part of the content included in the Classmark field in the request message, when the 7th and 6th bits of the field correspond to the 00 or 01 value.
  • the time indicates that the UE is a terminal below the R99 version.
  • Step 302 The step includes the step 302a and the step 302b.
  • the request message of the UE is transmitted to the MSC through the NODE B and the RC.
  • the MSC determines the terminal capability according to the support capability of the terminal carried in the request message, so as to know whether the UE is R99.
  • the terminal below the version is recorded; in addition, the MSC also sends a location update request to the VLR, including the identity of the UE, such as an MSI (International Mobile Subscriber Identity).
  • MSI International Mobile Subscriber Identity
  • Step 303 After receiving the location update request, the VLR starts authentication and requests an authentication parameter from the HLR/AuC, where the request includes an identifier of the UE, such as an IMSI.
  • KC encryption key
  • the authentication set returned by the HLR is a five-tuple.
  • Step 305 The step includes step 305a and step 305b. Specifically, the VLR initiates an authentication process for the terminal. This process is the same as the existing authentication process. The VLR authenticates the UE. After the authentication is passed, The authentication parameter is sent to the MSC through the authentication request information.
  • Step 306 After obtaining the authentication parameter, the MSC determines whether the authentication set is a 5-tuple or a 3-tuple. When it is determined to be a 5-tuple, it indicates that the SIM card type used by the user is USIM. Meanwhile, the MSC determines that it is in the step. Whether the UE recorded in 302 is a terminal below the R99 version. When the recorded UE terminal is a terminal of the R99 version or less, and the authentication set in the authentication parameter is a 5-tuple group, the MSC does not send an AUTN message to the terminal, directly The current UE sends a response message that the location update is accepted, so as to prevent the terminal from being correctly processed and unable to access the network.
  • the MSC determines that the authentication set in the authentication parameter is a 3-tuple number, or the UE is a terminal of the R99 version or the R99 version, the MSC continues to perform the normal steps according to the existing UE access network procedure, and the VLR
  • the sent authentication request information is sent to the UE through RC and NODE B.
  • Step 307 After receiving the authentication request, the terminal returns an authentication response message to the MSC, and carries the SERS.
  • Step 308 The authentication response message is uplinked to the VLR, and the VLR compares whether the SERS obtained from the HLR/AuC and the SERS returned in the terminal authentication response message are the same. When the authentication is successful, the VLR returns an accept request message to the MSC. If the authentication fails, the VLR returns a reject request message to the MSC.
  • Step 309 After receiving the response message of the VLR, the MSC returns to the terminal according to the content of the response message. It can be seen from this example that when the user accesses the 3G network, it can be determined whether the user is using the terminal below the R99 version of the USIM card, thereby determining whether to send an AUTN message to the UE.
  • the foregoing embodiment implements the determining process at the MSC, but it is not difficult to understand that the determining process may occur on any device on the network side, or on a newly added device.
  • the MSC and the VLR may be one device, and the MSC may also directly communicate with the HLR/AuC without going through the VLR. '

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé pour contrôler un terminal afin d'accéder au réseau 3G. Lorsque le terminal veut accéder au réseau 3G, le réseau 3G contrôle le terminal pour accéder au réseau 3G ou non en fonction de la capacité de soutien pour le terminal du protocole version R99 et l'authentification établie dans les informations d'authentification correspondantes. D'une part, l'invention peut réaliser que le réseau 3G refuse l'accès du terminal qui utilise la carte SIM avec une version R99 prolongée, se conformant ainsi à la description du 3GPP 33.102 et aux critères de sécurité décrits dans le document 3GPP 33.102 lorsque l'UE accède au réseau 3G. D'autre part, l'invention n'envoie pas de message AUTN lorsque le terminal utilisateur utilise une carte USIM avec une version inférieure du R99; le terminal peut donc accéder aisément au réseau 3G et réaliser la compatibilité pour le terminal avec la version inférieure de R99 à la carte USIM, ce qui améliore le taux de réussite des appels et la compatibilité du réseau 3G.
PCT/CN2006/001562 2005-09-20 2006-07-04 Procede pour controler un terminal et acceder au reseau 3g Ceased WO2007033550A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005101033906A CN100417296C (zh) 2005-09-20 2005-09-20 一种终端接入3g网络的控制方法
CN200510103390.6 2005-09-20

Publications (1)

Publication Number Publication Date
WO2007033550A1 true WO2007033550A1 (fr) 2007-03-29

Family

ID=37888536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001562 Ceased WO2007033550A1 (fr) 2005-09-20 2006-07-04 Procede pour controler un terminal et acceder au reseau 3g

Country Status (2)

Country Link
CN (1) CN100417296C (fr)
WO (1) WO2007033550A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056169A (zh) * 2009-11-05 2011-05-11 中兴通讯股份有限公司 一种防止非法终端接入的方法、终端及系统

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508992A (zh) * 2002-12-15 2004-06-30 华为技术有限公司 在宽带码分多址移动网络中接入无线网络控制器的方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6754482B1 (en) * 2000-02-02 2004-06-22 Lucent Technologies Inc. Flexible access authorization feature to enable mobile users to access services in 3G wireless networks
DE60223951T2 (de) * 2002-05-01 2008-11-27 Telefonaktiebolaget Lm Ericsson (Publ) System, Apparat und Methode zur SIM basierten Authentifizierung und Verschlüsselung beim Zugriff auf ein drahtloses lokales Netz

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508992A (zh) * 2002-12-15 2004-06-30 华为技术有限公司 在宽带码分多址移动网络中接入无线网络控制器的方法

Also Published As

Publication number Publication date
CN1937835A (zh) 2007-03-28
CN100417296C (zh) 2008-09-03

Similar Documents

Publication Publication Date Title
CN105934926B (zh) 使用公共订户信息的无线装置的会话和服务控制的方法和设备
CN1327663C (zh) 用户接入无线通信网络的方法和无线网络接入控制装置
JP4864094B2 (ja) 通信制御システム
JP5199405B2 (ja) 通信システムにおける認証
US7096014B2 (en) Roaming arrangement
CN1947453B (zh) 未经许可的移动接入信令的改进的用户认证
US20060128362A1 (en) UMTS-WLAN interworking system and authentication method therefor
CN111869182B (zh) 对设备进行认证的方法、通信系统、通信设备
WO2019017837A1 (fr) Procédé de gestion de sécurité de réseau et appareil
US7076799B2 (en) Control of unciphered user traffic
JP2005525758A (ja) 無線通信システムにおいて準備データの転送を実行する方法及びシステム
CN110278556B (zh) 一种安全认证策略确定方法、设备和计算机可读存储介质
EP2317694B1 (fr) Procédé de transmission d'options de configuration du protocole, système et équipement utilisateur s'y rapportant
WO2008125062A1 (fr) Procédé de détermination d'admission et de radiomessagerie d'utilisateur dans un système de communication mobile, système et dispositif apparentés
WO2010069202A1 (fr) Procédé de négociation d'authentification et système associé, passerelle de sécurité, noeud local b
WO2018170703A1 (fr) Procédé et dispositif d'établissement de connexion
WO2007033550A1 (fr) Procede pour controler un terminal et acceder au reseau 3g
KR101485801B1 (ko) 이동 통신 시스템의 인증과 비계층 프로토콜 보안 운영을 효율적으로 지원하는 관리 방법 및 시스템
CN101247630B (zh) 实现多媒体广播业务密钥协商的系统及方法
KR100578375B1 (ko) 고속 패킷 데이터 통신 시스템에서의 사용자 단말기 인증방법 및 시스템
TWI852479B (zh) 用於無線通訊的方法及使用者設備
JP7572568B2 (ja) 情報処理方法、装置、通信機器及び可読記憶媒体
US12452670B2 (en) Systems and methods for secure connections and data transfer
WO2014121613A1 (fr) Procédé et dispositif correspondant pour acquérir des informations de localisation
WO2023169206A1 (fr) Procédé et dispositif de vérification d'autorisation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06753098

Country of ref document: EP

Kind code of ref document: A1