Authentication method for the mobile terminal and a system thereof

US 8,571,522 B2
Filed: 11/27/2008
Issued: 10/29/2013
Est. Priority Date: 11/27/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a mobile terminal, the method comprising:

the mobile terminal using a pre-set password P to decrypt a key A stored in a subscriber information file to obtain a key Ki which is used in authentication;

in a process of authentication, the mobile terminal using the key Ki and a random number sent by a network side to generate encrypted authentication response data, and sending the encrypted authentication response data to the network side; and

the network side verifying the encrypted authentication response data sent by the mobile terminal, and returning an authentication success acknowledgement to the mobile terminal after the verification succeeds;

before the process of authentication begins, the mobile terminal sending an International Mobile Subscriber Identity (IMSI) stored in said subscriber information file to the network side; and

after verifying the encrypted authentication response data sent by the mobile terminal successfully, the network side judging whether there is another mobile terminal using the same IMSI to access the network and carrying out the following operations if yes;

breaking a connection with an accessed mobile terminal, and/or sending a notification message that there is another mobile terminal using the same IMSI to access the network to the mobile terminal by which the encrypted authentication response data is sent;

wherein said subscriber information file is stored in a local memory of the mobile terminal, or a mobile memory device connected with the mobile terminal, and said subscriber information file further includes an identification number which is used for uniquely identifying different subscriber information files belonging to the same IMSI;

and wherein the network side records a corresponding relationship between said identification number and the IMSI when the mobile terminal accesses the network; and

the mobile terminal sends said identification number together with said encrypted authentication response data to the network side, and the network side judges whether there is another mobile terminal using the same IMSI to access the network according to the identification number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for authenticating a mobile terminal, and the method comprises: the mobile terminal using a pre-set password P to decrypt a key A stored in a subscriber information file to obtain a key Ki which is used in authentication; in a process of authentication, the mobile terminal using the key Ki and a random number sent by a network side to generate encrypted authentication response data, and sending the encrypted authentication response data to the network side; and the network side verifying the encrypted authentication response data sent by the mobile terminal, and returning an authentication success acknowledgement to the mobile terminal after the verification succeeds; wherein the subscriber information file is stored in a local memory of the mobile terminal, or a mobile memory device connected with the mobile terminal.

21 Citations

View as Search Results

6 Claims

1. A method for authenticating a mobile terminal, the method comprising:
- the mobile terminal using a pre-set password P to decrypt a key A stored in a subscriber information file to obtain a key Ki which is used in authentication;
  
  in a process of authentication, the mobile terminal using the key Ki and a random number sent by a network side to generate encrypted authentication response data, and sending the encrypted authentication response data to the network side; and
  
  the network side verifying the encrypted authentication response data sent by the mobile terminal, and returning an authentication success acknowledgement to the mobile terminal after the verification succeeds;
  
  before the process of authentication begins, the mobile terminal sending an International Mobile Subscriber Identity (IMSI) stored in said subscriber information file to the network side; and
  
  after verifying the encrypted authentication response data sent by the mobile terminal successfully, the network side judging whether there is another mobile terminal using the same IMSI to access the network and carrying out the following operations if yes;
  
  breaking a connection with an accessed mobile terminal, and/or sending a notification message that there is another mobile terminal using the same IMSI to access the network to the mobile terminal by which the encrypted authentication response data is sent;
  
  wherein said subscriber information file is stored in a local memory of the mobile terminal, or a mobile memory device connected with the mobile terminal, and said subscriber information file further includes an identification number which is used for uniquely identifying different subscriber information files belonging to the same IMSI;
  
  and wherein the network side records a corresponding relationship between said identification number and the IMSI when the mobile terminal accesses the network; and
  
  the mobile terminal sends said identification number together with said encrypted authentication response data to the network side, and the network side judges whether there is another mobile terminal using the same IMSI to access the network according to the identification number.
- View Dependent Claims (2, 3)
- - 2. The method as claimed in claim 1, further comprising:
    - if the network side verifies the encrypted authentication response data sent by the mobile terminal in failure, the network side sending an authentication failure acknowledgement to the mobile terminal; and
      
      after receiving the authentication failure acknowledgement, the mobile terminal judging whether authentication failure times exceed a pre-set value, and making said subscriber information file unavailable if yes.
  - 3. The method as claimed in claim 1, wherein:
    - said subscriber information file further includes one or more of the following;
      
      a subscriber identification number, an unlocking code, a call record, a subscriber card folder, and a short message record.

4. A system for authenticating a mobile terminal, the system comprising:
- an authentication device at a network side and a mobile terminal, wherein said mobile terminal includes;
  
  a subscriber information management unit and a subscriber identification information storage unit;
  
  wherein said subscriber information management unit is usable for obtaining a subscriber information file from said subscriber identification information storage unit, and for using a pre-set password P to decrypt a key A stored in the subscriber information file to obtain a key Ki which is used in authentication; and
  
  in a process of authentication, said subscriber information management unit is further usable for using said key Ki and a random number sent by said authentication device at the network side to generate encrypted authentication response data, and for sending the encrypted authentication response data to the authentication device at the network side;
  
  said authentication device at the network side is usable for verifying the encrypted authentication response data sent by said subscriber information management unit, and for sending an authentication success acknowledgement to said subscriber information management unit after the verification succeeds;
  
  wherein said subscriber identification information storage unit is equipped in a local memory of said mobile terminal, or a mobile memory device connected with said mobile terminal;
  
  said subscriber information management unit is also useable for sending an International Mobile Subscriber Identity (IMSI) stored in the subscriber information file to said authentication device at the network side;
  
  after verifying the encrypted authentication response data sent by said subscriber information management unit successfully, said authentication device at the network side is configured to judge whether there is another mobile terminal using the same IMSI to access the network, if yes, the system is configured to break a connection with an accessed mobile terminal; and
  
  /or to send a notification message that there is another mobile terminal using the same IMSI to access the network to said subscriber information management unit;
  
  wherein said subscriber information file further includes an identification number which is usable for uniquely identifying different subscriber information files belonging to the same IMSI;
  
  said authentication device at the network side is configured to record a corresponding relationship between said identification number and the IMSI when the mobile terminal accesses the network;
  
  said subscriber information management unit is configured to send said identification number together with said encrypted authentication response data to said authentication device at the network side, and said authentication device at the network side is configured to judge whether there is another mobile terminal using the same IMSI to access the network according to the identification number.
- View Dependent Claims (5, 6)
- - 5. The system as claimed in claim 4, wherein:
    - if said authentication device at the network side verifies the encrypted authentication response data in failure, said authentication device at the network side is configured to send an authentication failure acknowledgement to the mobile terminal;
      
      after receiving the authentication failure acknowledgement, said subscriber information management unit is configured to judge whether authentication failure times exceed a pre-set value, and to make said subscriber information file unavailable if yes.
  - 6. The system as claimed in claim 4, wherein:
    - said subscriber information file further includes one or more of the following;
      
      a subscriber identification number, a unlocking code, a call record, subscriber card folder, and short message record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZTE Corporation
Original Assignee
ZTE Corporation
Inventors
Hu, Yimu
Primary Examiner(s)
Brandt, Christopher M

Application Number

US13/130,873
Publication Number

US 20110230166A1
Time in Patent Office

1,797 Days
Field of Search

455/410, 455/411, 455/557, 455/558, 455/559, 713/159, 713/186
US Class Current

455/411
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/083   using passwords cryptograph...

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

H04W 88/02   Terminal devices

Authentication method for the mobile terminal and a system thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

6 Claims

Specification

Use Cases

Quick Links

Others

Authentication method for the mobile terminal and a system thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

6 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others