CN102202305A - Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server - Google Patents

Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server Download PDF

Info

Publication number
CN102202305A
CN102202305A CN2011101440965A CN201110144096A CN102202305A CN 102202305 A CN102202305 A CN 102202305A CN 2011101440965 A CN2011101440965 A CN 2011101440965A CN 201110144096 A CN201110144096 A CN 201110144096A CN 102202305 A CN102202305 A CN 102202305A
Authority
CN
China
Prior art keywords
dynamic
authentication
aaa
parameters
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011101440965A
Other languages
Chinese (zh)
Inventor
邱永庆
詹亚军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2011101440965A priority Critical patent/CN102202305A/en
Publication of CN102202305A publication Critical patent/CN102202305A/en
Priority to PCT/CN2012/074603 priority patent/WO2012163203A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data

Abstract

The invention discloses a method for updating dynamic authentication parameters of user equipment. The method comprises the steps of: authenticating the received authentication parameters of User Equipment (UE), which are sent by a packet-based network, by an authentication, authorization and accounting (AAA) server, determining whether the dynamic authentication parameters of the UE meet an updating condition after the authentication, updating the dynamic authentication parameters of the UE when the dynamic authentication parameters meet the updating condition, and triggering the OTAF (Over the Air Function) of an over-the-air activation entity to update the updated dynamic authentication parameters to the UE. Simultaneously, the invention discloses a device and the AAA server for realizing the method for updating the dynamic authentication parameters of the user equipment. According to the invention, the possibility that the account of a UE user is stolen is maximally reduced, and even if the account is stolen, the loss of the UE user whose account is stolen can be maximally lowered.

Description

The update method of subscriber equipment dynamic authentication parameter and device, AAA
Technical field
The present invention relates to a kind of subscriber equipment (UE, User Equipment) anti-copy technology, relate in particular to a kind of update method and device, checking, mandate and accounting server (AAA, Authentication, Authorization, Accounting) of subscriber equipment dynamic authentication parameter.
Background technology
Subscriber equipment (UE for separation between machine and card, User Equipment), directly the relevant information with Subscriber Identity Module writes in the card, Subscriber Identity Module is concentrated by operator and is made, card is bound with Subscriber Number, the user buys card by the operation site, will block and insert UE, and the service of opening an account and using operator to provide can be provided.
For the UE of machine card integratedization, its marketing is not subjected to the control of operator, and operator can't carry out the lumped parameter setting to UE.By introducing aerial download technology (OTA, Over the Air Technology), the user is after buying UE, buy the card of opening an account again, utilize UE to dial special clothes central number, under the prompting of voice, finish by Self-Service and to open an account, the service of using operator to provide.
OTA classifies from the initiator, can be divided into two classes, is respectively:
1, air traffic provides (OTASP, Over the Air Service Provisioning), is initiated by user side, triggers by dialing the OTA function code;
2, aerial parameter management (OTAPA, Over the Air Parameter Administration) is initiated by network side, finishes issuing of desired parameters.
Current, some lawless persons obtain the relevant parameter of the Subscriber Identity Module of UE by all means, and copy in some UE or the Subscriber Identity Module, and utilize the UE or the Subscriber Identity Module that are duplicated to usurp the business that is replicated the user, like this, the employed business of legal UE is stolen, brings great loss for legal UE user and operator.
In that preventing mechanism is not instantly preferably, usually business record that can only be by UE user, or UE user's expense comes unusually to determine whether UE user is stolen, like this, even determine UE user stolen related service, also quite huge to the loss that UE user causes.At present, at the steal-number problem, still there is not preferable preventive means.The UE of machine card integratedization particularly is owing to be not that therefore stolen possibility is bigger, also more difficult control by the unified relevant parameter information of setting Subscriber Identity Module of operator.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of update method and device, checking, mandate and accounting server of subscriber equipment dynamic authentication parameter, can effectively prevent duplicating the UE user identification number.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of update method of subscriber equipment dynamic authentication parameter comprises:
Checking, mandate and accounting server AAA authenticate the parameters for authentication of the user equipment (UE) that the packet network that receives sends, authentication determines by the back whether the dynamic authentication parameter of described UE satisfies update condition, dynamic authentication parameter to described UE when satisfying is upgraded, and the dynamic authentication parameter update that will trigger after over the air, OTA entity OTAF will upgrade arrives described UE.
Preferably, described parameters for authentication comprises at least a of following parameter:
Network access Identifier NAI, inquiry Challenge-Handshake Authentication Protocol password CHAP password, CHAP challenge and packet network insert IP.
Preferably, described dynamic authentication parameter comprises at least a of following parameter:
Dynamic AAANAI and dynamic password.
Preferably, the dynamic authentication parameter of UE satisfies update condition, for:
The dynamic N AI of described UE or dynamic password are empty;
Perhaps, the dynamic AAA NAI of described UE is original AAA NAI, or the dynamic password of described UE is an original password;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the access times of setting;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the setting time limit of using;
Perhaps, described UE is in the update mode of dynamic authentication parameter, but does not upgrade successfully.
Preferably, described dynamic AAANAI comprises user identification code form and domain-name information;
Dynamic authentication parameter to described UE is upgraded, for:
User identification code form and/or domain name to the dynamic N AI of described UE are upgraded, and/or, the dynamic password of described UE is upgraded.
Preferably, the parameters for authentication of the UE that described AAA sends the packet network that receives, for:
Described UE inserts described packet network by packet switch domain service, and carries out point-to-point protocol PPP and LCP LCP negotiation with access network AN;
Described AN obtains the parameters for authentication of described UE, and inserts request message by A12 the parameters for authentication of described UE is sent to AN AAA.
Preferably, the parameters for authentication of the UE that described AAA sends the packet network that receives, for:
Described UE carries out LCP with packet data serving node PDSN and consults after authenticating by Access Network;
Described PDSN obtains described UE parameters for authentication, and inserts request message by remote dial authentification of user service RADIUS the parameters for authentication of described UE is sent to AAA.
A kind of updating device of subscriber equipment dynamic authentication parameter comprises receiving element, authentication ' unit, determining unit and updating block, wherein,
Receiving element is used to receive the parameters for authentication of the UE that packet network sends;
Authentication ' unit is used for the parameters for authentication of described UE is authenticated;
Determining unit is used for determining by the back whether the dynamic authentication parameter of described UE satisfies update condition in authentication, triggers updating block when satisfying;
Updating block is used for the dynamic authentication parameter of described UE is upgraded, and the dynamic authentication parameter update that will trigger after OTAF will upgrade arrives described UE.
Preferably, described parameters for authentication comprises at least a of following parameter:
NAI, CHAP password, CHAP challenge and packet network insert IP;
Described dynamic authentication parameter comprises at least a of following parameter:
Dynamic AAANAI and dynamic password.
Preferably, the dynamic authentication parameter of UE satisfies update condition, for:
The dynamic N AI of described UE or dynamic password are empty;
Perhaps, the dynamic AAA NAI of described UE is original AAA NAI, or the dynamic password of described UE is an original password;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the access times of setting;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the setting time limit of using;
Perhaps, described UE is in the update mode of dynamic authentication parameter, but does not upgrade successfully.
Preferably, described dynamic AAANAI comprises user identification code form and domain-name information;
Described updating block is further used for, user identification code form and/or the domain name of the dynamic N AI of described UE upgraded, and/or, the dynamic password of described UE is upgraded.
A kind of checking, mandate and accounting server comprise the updating device of aforesaid subscriber equipment dynamic authentication parameter.
Among the present invention, AAA upgrades the dynamic authentication parameter of UE when UE is carried out Certificate Authority, upgrades the back and being issued to UE by the dynamic authentication parameter that will trigger after OTAF will upgrade, thereby finish dynamically updating UE parameters for authentication (NAI and password).Even if UE user is by steal-number like this, because some parameter meeting dynamic change of UE, can't be by aaa authentication by steal-number UE owing to can't receive the dynamic authentication parameter, can not access network, thereby avoided UE user to greatest extent by the possibility of steal-number, even also can be reduced to greatest extent by steal-number UE user's loss by steal-number.
Description of drawings
Fig. 1 is an application network structural representation of the present invention;
Fig. 2 is the flow chart of update method of the subscriber equipment dynamic authentication parameter of the embodiment of the invention one;
Fig. 3 is the flow chart of update method of the subscriber equipment dynamic authentication parameter of the embodiment of the invention two;
Fig. 4 is the flow chart of the update method of the user equipment authority identification sign indicating number of application examples of the present invention;
Fig. 5 is the composition structural representation of the updating device of subscriber equipment dynamic authentication parameter of the present invention.
Embodiment
Basic thought of the present invention is: AAA upgrades the dynamic authentication parameter of UE when UE is carried out Certificate Authority, upgrade the back and be issued to UE, thereby finish dynamically updating UE parameters for authentication (NAI and password) by the dynamic authentication parameter that will trigger after OTAF will upgrade.
Fig. 1 is an application network structural representation of the present invention, as shown in Figure 1, there is shown the schematic diagram of UE accessing group data net in code division multiple access (CDMA, the Code Division Multiple Access) system.Each network element and networking mode thereof all have clearly regulation among the figure in related protocol, and the network element very not close with the realization correlation of technical solution of the present invention will no longer be described its function.Only network element related to the present invention and function thereof are carried out corresponding description.
Technical scheme of the present invention mainly is to have finished the user at machine card integratedization UE by OTASP to open work, has also stored UE user's authentication information among the AAA, and this moment, UE user's essential information was stored in each related network elements.Concrete, in OTAF, store UE user's MIN, ESN, MDN, OTAPWD, and the NAM of user terminal, PRL, parameters such as Validation, 3GPD.In attaching position register (HLR, Home Location Register), MIN, ESN, MDN, the AKey, the terminal that comprise UE user are in parameters such as circuit domain positional informations.In AN AAA, comprise user's IMSI, MDN, original AN-AAA NAI and original PWD, dynamically AN-AAA NAI and dynamically PWD (dynamic password), ESN, parameters such as MEID.In AAA, comprise user's original number of the account NAIUSERNAME, original PASSWORD, dynamic number of the account NAIUSERNAME, dynamic password PASSWORD, IMSI, MDN, parameters such as CDMA NAI service identifiers.Among the present invention, AN-AAA is meant the AAA of Access Network side, the usefulness of not chargeing usually, and AAA is the AAA of core-network side.Among the present invention, no matter be AN-AAA or AAA, the function that is realized is identical in the present invention, just, and the network difference under it.In following examples, distinguish at different application scenarioss.Based on above-mentioned network configuration, the essence of technical scheme of the present invention is further elaborated.
For making the purpose, technical solutions and advantages of the present invention clearer, by the following examples and with reference to accompanying drawing, the present invention is described in more detail.
Embodiment one
Fig. 2 is the flow chart of update method of the subscriber equipment dynamic authentication parameter of the embodiment of the invention one, and as shown in Figure 2, the update method of the subscriber equipment dynamic authentication parameter of this example specifically may further comprise the steps:
Step 101, UE user uses packet switch domain service (as inserting Internet, sending and receiving multimedia message, WAP (wireless application protocol) (WAP, Wireless Application Protocol) access) etc., makes the UE access of radio network; Setting up point-to-point protocol (PPP, Point to Point Protocol) and LCP (LCP, Link Control Protocol) between UE and the Access Network (AN, Access Network) consults.
Step 102, AN is carrying out in the PPP reciprocal process with UE, obtain UE user's AN AAA network access Identifier (NAI, Network Access Identifier), inquiry Challenge-Handshake Authentication Protocol (CHAP, Challenge Handshake Authentication Protocol) password (CHAP Pas sword) and CHAP challenge access authentication parameters such as (CHAP-Challenge).
Step 103, AN sends A12 to AN-AAA and inserts request message, comprises parameters for authentication such as AN-AAA NAI, CHAP Password, CHAP-Challenge and AN-IP.
Step 104, AN-AAA carries out the authentication verification according to the parameters for authentication that A12 inserts in the request message, if check successfully, then returns success and authorizes relevant information to AN, otherwise return admission reject, and flow process stops.
Step 105, AN-AAA determines whether user's NAI or password have reached update condition, and these update condition can be:
1) dynamically AN-AAA NAI and dynamic password (PWD) are empty;
2) the dynamic original AN-AAA NAI of AN-AAA NAI=, or the dynamic original PWD of PWD=;
3) dynamically AN-AAA NAI or dynamic PWD have reached access times;
4) dynamically AN-AAA NAI or dynamic PWD have reached the prescribed time-limit of using;
5) be in update mode, but do not upgraded success last time, be in parameters for authentication state to be updated.
AN-AAA produces new dynamic AN-AAA NAI and dynamic PWD by rule, and these rules are determined according to practical application, can be:
1) for dynamic N AI, it comprises identity information and the domain information of NAI, like this, can change the identity information of NAI, or changes the domain information of NAI, or changes identity information and the domain information of NAI simultaneously;
2) for dynamic password, can calculate the password of new encryption with corresponding password generating algorithm, use the MD5 algorithm usually.It will be appreciated by those skilled in the art that and use other any cryptographic algorithm also can realize.
AN-AAA is to over the air, OTA entity (OTAF, Over the Air Service Provisioning Function) sends dynamic AN-AAA NAI and dynamic PWD update request (promptly sending UpAuthParaReq message), carry the relevant parameter of UE in the UpAuthParaReq message, comprise international mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number), Mobile Directory Number (MDN, Mobile Directory Number), new AN-AAA NAI, new PWD, old AN-AAA NAI, old PWD etc. are changed to parameters for authentication state to be updated with this user's updating mark simultaneously.
Step 106, OTAF receives AN-AAA parameters for authentication update request, initiates the OTAPA flow process, carries out the over-the-air updating of UE parameters for authentication (AN-AAA NAI or PWD).
Step 107:OTAF will upgrade the result and return to AN-AAA (upgrading the result as carrying by UpAuthParaAck message), if AN-AAA determines that this upgrades successfully, then new AN-AAA NAI and PWD come into force, and this UE user's updating mark is changed to parameters for authentication, and this finishes renewal.
Embodiment two
Fig. 3 is the flow chart of update method of the subscriber equipment dynamic authentication parameter of the embodiment of the invention two, and as shown in Figure 3, the update method of the subscriber equipment dynamic authentication parameter of this example specifically may further comprise the steps:
Step 201, UE carries out LCP and consults after authenticating by Access Network between UE and the packet data serving node (PDSN, Packet Data Serving Node);
Step 202, PDSN is carrying out in the LCP negotiations process obtaining access authentication parameters such as user's AAA NAI, CHAP Password and CHAP-Challenge with UE;
Step 203, PDSN sends Radius to AAA and inserts request message, comprises parameters for authentication such as AAA NAI, CHAP Password, CHAP-Challenge and PDSN-IP;
Step 204, AAA is according to remote dial authentification of user service (RADIUS, Remote Authentication Dial In User Service) parameters for authentication that inserts in the request message is carried out the authentication verification, if check successfully, then return success and authorize relevant information to PDSN, otherwise return admission reject, flow process stops.
Step 205, AAA determines whether user's NAI or password have reached update condition, and these update condition can be:
1) dynamically AAA NAI and dynamic PWD (Password) are empty;
2) the dynamic original AAANAI of AAA NAI=, or the dynamic original PWD of PWD=;
3) dynamically AAA NAI or dynamic PWD have reached access times;
4) dynamically AAA NAI or dynamic PWD have reached prescribed time-limit;
5) be in update mode, but do not upgraded success last time.
AAA produces new dynamic AAANAI and dynamic PWD by rule, and these rules are determined according to practical application, can be:
1) for NAI, can change the identity information of NAI, or change the domain information of NAI, perhaps change identity information and the domain information of NAI simultaneously;
2) for password, can calculate the password of new encryption with certain cryptographic algorithm, use the MD5 algorithm usually.
AAA sends dynamic AAA NAI and dynamic PWD update request (UpAuthParaReReq message) to OTAF, the parameter of carrying in the UpAuthParaReReq message comprises IMSI, MDN, new AAANAI, new PWD, old AAA NAI, old PWD etc. are changed to parameters for authentication state to be updated with this UE user's updating mark simultaneously.
Step 206, OTAF receives the aaa authentication parameter updating request, initiates the OTAPA flow process, carries out the over-the-air updating of UE parameters for authentication (AAA NAI or PWD).
Step 207, OTAF will upgrade the result and return to AAA (carrying the renewal result by UpAuthParaAck message), if AAA determines that this upgrades successfully then new AAA NAI, new PWD comes into force, and this UE user's updating mark is changed to parameters for authentication, and this finishes renewal.
Below introduce certain class UE and dynamically update the actual use scene of NAI, further to illustrate the essence of technical solution of the present invention by AN-AAA.
The precondition of realization that should use-case is: machine card integratedization UE has finished the user by OTASP and has opened work, and wherein the loCal number parameter of this type UE is configured to the IMSI form, and the NAI of this UE is made up of following like this: [IMSI form] @ domain name.User's essential information has been stored in the above-mentioned corresponding net element.Concrete, in OTAF, mobile logo number (the MIN that comprises the user, Mobile Identification Number), Electronic Serial Number (ESN, Electronic Serial Number), MDN, password (OTAPWD, Over the Air PWD), and the Number Assignment Module (NAM of UE in the air, Number Assignment Module), optimum roaming list parameters such as (PRL, Preferred Roaming List).
In HLR, MIN, ESN, MDN, the authentication code (AKey), the UE that comprise the user are in parameters such as circuit domain positional informations.
In AN-AAA, comprise user's IMSI, MDN, original AN-AAA NAI, dynamic AN-AAANAI, ESN, mobile device identification number parameters such as (MEID, Mobile Equipment Identifier).
Fig. 4 is the flow chart of the update method of the user equipment authority identification sign indicating number of application examples of the present invention, and as shown in Figure 4, the update method of the user equipment authority identification sign indicating number of application examples of the present invention specifically may further comprise the steps:
Step 301, UE user uses packet switch domain service etc., the UE access of radio network, and set up PPP and LCP negotiation between the AN.
Step 302, AN is mutual by the PPP that carries out with UE, obtains access authentication parameters such as UE user's AN-AAA NAI, CHAP Password and CHAP-Challenge.
Step 303, AN sends A12 to AN-AAA and inserts request message, and A12 inserts and carries AN-AAA NAI (for [IMSI form] @ domain name), CHAP Password, CHAP-Challenge in the request message, and parameters for authentication such as AN-IP, ESN.
Step 304, AN-AAA carries out the authentication verification according to the parameters for authentication that A12 inserts in the request message, if check successfully, then returns success and authorizes relevant information to AN, otherwise return admission reject, and flow process stops.
Step 305, AN-AAA determines whether user's NAI or password have reached update condition, and these update condition are:
1) dynamically AN-AAA NAI is empty;
2) the dynamic original AN-AAA NAI of AN-AAA NAI=;
3) dynamically AN-AAA NAI has reached access times;
4) dynamically AN-AAA NAI has reached the prescribed time-limit of using;
5) reach update mode, but do not upgraded success last time, be in parameters for authentication state to be updated.
AN-AAA produces new dynamic AN-AAANAI (dynamically inserting identifier) by rule:
1) identity information: from dynamic IMSI pond, select one untapped, upgrade user's identity information;
2) domain name remains unchanged.
NAI just becomes [new IMSI form] @ domain name like this.
AN-AAA sends dynamic AN-AAA NAI update request (UpAuthParaReq message) to OTAF, and parameter comprises IMSI, MDN, new AN-AAA NAI, old PWD, old AN-AAA NAI, old PWD is changed to parameters for authentication state to be updated with this UE user's updating mark simultaneously.
Step 306, OTAF receives AN-AAA parameters for authentication update request, initiates the OTAPA flow process, this UE loCal number parameter is set to new IMSI form, carries out over-the-air updating.
Step 307, OTAF will upgrade the result and return to AN-AAA (realizing by UpAuthParaAck message), and AN-AAA is according to upgrading the result, if this upgrades successfully, then new AN-AAA NAI comes into force, and this user's updating mark is changed to parameters for authentication, and this finishes renewal.
Fig. 5 is the composition structural representation of the updating device of subscriber equipment dynamic authentication parameter of the present invention, as shown in Figure 5, the updating device of subscriber equipment dynamic authentication parameter of the present invention comprises receiving element 50, authentication ' unit 51, determining unit 52 and updating block 53, wherein
Receiving element 50 is used to receive the parameters for authentication of the UE that packet network sends;
Authentication ' unit 51 is used for the parameters for authentication of described UE is authenticated;
Determining unit 52 is used for determining by the back whether the dynamic authentication parameter of described UE satisfies update condition in authentication, triggers updating block 53 when satisfying;
Updating block 53 is used for the dynamic authentication parameter of described UE is upgraded, and the dynamic authentication parameter update that will trigger after OTAF will upgrade arrives described UE.
Above-mentioned parameters for authentication comprises at least a of following parameter:
NAI, CHAP password, CHAP challenge and packet network insert IP;
Described dynamic authentication parameter comprises at least a of following parameter:
Dynamic AAANAI and dynamic password.
The dynamic authentication parameter of UE satisfies update condition, for:
The dynamic N AI of described UE or dynamic password are empty;
Perhaps, the dynamic AAA NAI of described UE is original AAA NAI, or the dynamic password of described UE is an original password;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the access times of setting;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the setting time limit of using;
Perhaps, described UE is in the update mode of dynamic authentication parameter, but does not upgrade successfully.
Above-mentioned dynamic AAA NAI comprises user identification code form and domain-name information; Updating block 53 is further used for, user identification code form and/or the domain name of the dynamic N AI of described UE upgraded, and/or, the dynamic password of described UE is upgraded.
The function that it will be appreciated by those skilled in the art that the above-mentioned processing unit in the updating device of subscriber equipment dynamic authentication parameter of the present invention can be passed through the relevant hardware circuit, or the mode of processor and corresponding executive software and realizing.The correlation function of above-mentioned each processing unit can be understood referring to the associated description of previous embodiment.
The present invention has also put down in writing a kind of checking, mandate and accounting server, comprises the updating device of subscriber equipment dynamic authentication parameter shown in Figure 5.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.

Claims (12)

1. the update method of a subscriber equipment dynamic authentication parameter is characterized in that, described method comprises:
Checking, mandate and accounting server AAA authenticate the parameters for authentication of the user equipment (UE) that the packet network that receives sends, authentication determines by the back whether the dynamic authentication parameter of described UE satisfies update condition, dynamic authentication parameter to described UE when satisfying is upgraded, and the dynamic authentication parameter update that will trigger after over the air, OTA entity OTAF will upgrade arrives described UE.
2. method according to claim 1 is characterized in that, described parameters for authentication comprises at least a of following parameter:
Network access Identifier NAI, inquiry Challenge-Handshake Authentication Protocol password CHAP password, CHAP challenge and packet network insert IP.
3. method according to claim 1 is characterized in that, described dynamic authentication parameter comprises at least a of following parameter:
Dynamic AAANAI and dynamic password.
4. method according to claim 3 is characterized in that, the dynamic authentication parameter of UE satisfies update condition, for:
The dynamic N AI of described UE or dynamic password are empty;
Perhaps, the dynamic AAA NAI of described UE is original AAA NAI, or the dynamic password of described UE is an original password;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the access times of setting;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the setting time limit of using;
Perhaps, described UE is in the update mode of dynamic authentication parameter, but does not upgrade successfully.
5. method according to claim 3 is characterized in that, described dynamic AAANAI comprises user identification code form and domain-name information;
Dynamic authentication parameter to described UE is upgraded, for:
User identification code form and/or domain name to the dynamic N AI of described UE are upgraded, and/or, the dynamic password of described UE is upgraded.
6. method according to claim 1 is characterized in that, the parameters for authentication of the UE that described AAA sends the packet network that receives, for:
Described UE inserts described packet network by packet switch domain service, and carries out point-to-point protocol PPP and LCP LCP negotiation with access network AN;
Described AN obtains the parameters for authentication of described UE, and inserts request message by A12 the parameters for authentication of described UE is sent to AN AAA.
7. method according to claim 1 is characterized in that, the parameters for authentication of the UE that described AAA sends the packet network that receives, for:
Described UE carries out LCP with packet data serving node PDSN and consults after authenticating by Access Network;
Described PDSN obtains described UE parameters for authentication, and inserts request message by remote dial authentification of user service RADIUS the parameters for authentication of described UE is sent to AAA.
8. the updating device of a subscriber equipment dynamic authentication parameter is characterized in that, described device comprises receiving element, authentication ' unit, determining unit and updating block, wherein,
Receiving element is used to receive the parameters for authentication of the UE that packet network sends;
Authentication ' unit is used for the parameters for authentication of described UE is authenticated;
Determining unit is used for determining by the back whether the dynamic authentication parameter of described UE satisfies update condition in authentication, triggers updating block when satisfying;
Updating block is used for the dynamic authentication parameter of described UE is upgraded, and the dynamic authentication parameter update that will trigger after OTAF will upgrade arrives described UE.
9. device according to claim 8 is characterized in that, described parameters for authentication comprises at least a of following parameter:
NAI, CHAP password, CHAP challenge and packet network insert IP;
Described dynamic authentication parameter comprises at least a of following parameter:
Dynamic AAANAI and dynamic password.
10. device according to claim 9 is characterized in that, the dynamic authentication parameter of UE satisfies update condition, for:
The dynamic N AI of described UE or dynamic password are empty;
Perhaps, the dynamic AAA NAI of described UE is original AAA NAI, or the dynamic password of described UE is an original password;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the access times of setting;
Perhaps, the dynamic AAANAI of described UE or dynamic PWD have reached the setting time limit of using;
Perhaps, described UE is in the update mode of dynamic authentication parameter, but does not upgrade successfully.
11. device according to claim 9 is characterized in that, described dynamic AAA NAI comprises user identification code form and domain-name information;
Described updating block is further used for, user identification code form and/or the domain name of the dynamic N AI of described UE upgraded, and/or, the dynamic password of described UE is upgraded.
12. a checking, mandate and accounting server is characterized in that, comprise each described device in the claim 8 to 11.
CN2011101440965A 2011-05-31 2011-05-31 Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server Pending CN102202305A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2011101440965A CN102202305A (en) 2011-05-31 2011-05-31 Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server
PCT/CN2012/074603 WO2012163203A1 (en) 2011-05-31 2012-04-24 Method and device for updating dynamic authentication parameters of user equipment and aaa

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011101440965A CN102202305A (en) 2011-05-31 2011-05-31 Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server

Publications (1)

Publication Number Publication Date
CN102202305A true CN102202305A (en) 2011-09-28

Family

ID=44662622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011101440965A Pending CN102202305A (en) 2011-05-31 2011-05-31 Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server

Country Status (2)

Country Link
CN (1) CN102202305A (en)
WO (1) WO2012163203A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012163203A1 (en) * 2011-05-31 2012-12-06 中兴通讯股份有限公司 Method and device for updating dynamic authentication parameters of user equipment and aaa
CN102904888A (en) * 2012-09-28 2013-01-30 华为技术有限公司 Authentication method and communication device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040043788A1 (en) * 2002-08-28 2004-03-04 Guarav Mittal Management of parameters in a removable user identity module
CN1885770A (en) * 2005-06-24 2006-12-27 华为技术有限公司 Authentication method
CN1984491A (en) * 2006-06-15 2007-06-20 华为技术有限公司 Method for eliminating same wireless terminal
CN101026548A (en) * 2006-02-23 2007-08-29 中兴通讯股份有限公司 Data business routing method
CN101222679A (en) * 2008-01-23 2008-07-16 中兴通讯股份有限公司 EV-DO system for updating terminal parameter through midair port and implementing method thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020094974A (en) * 2001-06-12 2002-12-20 엘지전자 주식회사 Method of transmitting packet data, and system for the same
CN101711022A (en) * 2009-11-18 2010-05-19 卓望数码技术(深圳)有限公司 Wireless local area network (WLAN) access terminal, WLAN authentication server and WLAN authentication method
CN102202305A (en) * 2011-05-31 2011-09-28 中兴通讯股份有限公司 Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040043788A1 (en) * 2002-08-28 2004-03-04 Guarav Mittal Management of parameters in a removable user identity module
CN1885770A (en) * 2005-06-24 2006-12-27 华为技术有限公司 Authentication method
CN101026548A (en) * 2006-02-23 2007-08-29 中兴通讯股份有限公司 Data business routing method
CN1984491A (en) * 2006-06-15 2007-06-20 华为技术有限公司 Method for eliminating same wireless terminal
CN101222679A (en) * 2008-01-23 2008-07-16 中兴通讯股份有限公司 EV-DO system for updating terminal parameter through midair port and implementing method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012163203A1 (en) * 2011-05-31 2012-12-06 中兴通讯股份有限公司 Method and device for updating dynamic authentication parameters of user equipment and aaa
CN102904888A (en) * 2012-09-28 2013-01-30 华为技术有限公司 Authentication method and communication device

Also Published As

Publication number Publication date
WO2012163203A1 (en) 2012-12-06

Similar Documents

Publication Publication Date Title
KR101075713B1 (en) Method and apparatus for access authentication in wireless mobile communication system
CN107431920B (en) Method and apparatus for receiving profile by terminal in mobile communication system
US8407769B2 (en) Methods and apparatus for wireless device registration
EP1758417B1 (en) Authentication method
KR101527550B1 (en) Personalizing a sim by means of a unique personalized master sim
US9332575B2 (en) Method and apparatus for enabling connectivity in a communication network
US9723481B2 (en) Access data provisioning apparatus and methods
JP5629788B2 (en) Facilitating authentication of access terminal identification information
FI114953B (en) The method of identifying the user on the terminal, the identification system, the terminal and the authentication device
US20080108321A1 (en) Over-the-air (OTA) device provisioning in broadband wireless networks
US20030166398A1 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
KR101574041B1 (en) Smart card initial personnalization
EP2817987B1 (en) Mobile communication using reconfigurable user identification module
AU2011248610A1 (en) Wireless network authentication apparatus and methods
WO2006128364A1 (en) Method and system for updating a secret key
JP2014504080A (en) Management method of contents on maintenance element connected to apparatus
WO2014048130A1 (en) Method for keeping subscriber identity module cards on standby and terminal equipment
CN103354640A (en) Authenticating a wireless device in a visited network
EP2873266B1 (en) Method of accessing a wlan access point
WO2006079953A1 (en) Authentication method and device for use in wireless communication system
CN102202305A (en) Method and device for updating dynamic authentication parameters of user equipment, and AAA (Authentication, Authorization and Accounting) server
EP3523999A1 (en) Method, device and system for securing an access to at least one service
KR20030087691A (en) Method of authenticating user on the basis of peculiar information of user and cdma system using the same in cdma network using user identity module
CN102202290A (en) Method and system for updating authentication key of user equipment and user equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110928