[summary of the invention]
Object of the present invention, is the method and system providing a kind of SIM card authenticating computer terminal server ISP identity, with the application of the identity of the computer and Internet service supplying unit that realize certification accessing Internet.
The method and system of SIM card authenticating computer terminal server ISP identity of the present invention, by arranging one on computer terminals for the SIM card of authenticating identity, this SIM card can adopt the SIM card identical with current mobile phone, when terminal accesses, the method adopting similar mobile telephone network certification to access mobile phone goes authentication computer terminal, due to SIM card extremely difficulty copy, each SIM card all can be regarded as unique, just can confirm that these identity by the terminal of SIM card certification can not be emitted by puppet, Internet service supplying unit just can allow the terminal of all other Internet service supplying unit clients by SIM card certification access, thus realize the roaming function of terminal accessing Internet.
The object of the present invention is achieved like this, adopt a kind of like this system of SIM card authenticating computer terminal server ISP identity, for the identity of the computer terminal of certification connecting Internet, server, Internet service supplying unit, described system comprises authenticated exchange center (1), Internet service supplying unit (2), the network terminal (3), it is characterized in that:
Described each Internet service supplying unit (2) is provided with SIM card, during Internet service supplying unit (2) access authentication switching center (1), carry out identification authentication certification by authenticated exchange center (1) SIM card to the Internet service supplying unit (2) of this access, after authentication success, authenticated exchange center (1) just allows this Internet service supplying unit (2) to access;
And/or
Described each network terminal (3) is provided with SIM card, time the network terminal (3) accessing Internet service provision unit (2), carry out identification authentication certification by authenticated exchange center (1) SIM card to this network terminal (3), after authentication success, Internet service supplying unit (2) just allows this network terminal (3) to access.
And the described network terminal (3) comprises the computer of accessing Internet service provision unit (2), server, the Network Interface Unit of other Internet service supplying units that is connected with this Internet service supplying unit (2).
For realizing object of the present invention, also adopt a kind of like this method of SIM card authenticating computer terminal server ISP identity, adopt the system using SIM card authenticating computer terminal server ISP identity as elucidated before, for the identity of the computer terminal of certification connecting Internet, server, Internet service supplying unit, it is characterized in that, described method comprises:
The SIM card of authenticating identity is used for the setting of each Internet service supplying unit (2), and when Internet service supplying unit (2) access authentication switching center (1), carry out identification authentication certification by authenticated exchange center (1) SIM card to the Internet service supplying unit (2) of this access, after authentication success, authenticated exchange center (1) just allows this Internet service supplying unit (2) to access;
And/or
The SIM card being used for authenticating identity is set at each network terminal (3), and when the network terminal (3) accessing Internet service provision unit (2), carry out identification authentication certification by authenticated exchange center (1) SIM card to this network terminal (3), after authentication success, Internet service supplying unit (2) just allows this network terminal (3) to access.
So just achieve object of the present invention.
When advantage of the present invention is the network terminal (3) accessing Internet service provision unit (2), without the need to using logon name and password, also on keyboard, the step of logon name and password is just inputted without the need to user, as long as insert SIM card at the network terminal (3), the process of access just can be completed by the network terminal (3) and Internet service supplying unit (2) automatically.In addition, the network terminal (3) more can be linked into other Internet service supplying unit (2) by roaming mode.
[embodiment]
Below in conjunction with accompanying drawing, method of the present invention is described in further detail.
Consult Fig. 1, Fig. 1 is the system configuration schematic illustration of the first embodiment of the present invention, system shown in Fig. 1 comprises authenticated exchange center (1), Internet service supplying unit (2), the network terminal (3), it is characterized in that: described each Internet service supplying unit (2) is provided with SIM card, during Internet service supplying unit (2) access authentication switching center (1), identification authentication certification is carried out by authenticated exchange center (1) SIM card to the Internet service supplying unit (2) of this access, after authentication success, authenticated exchange center (1) just allows this Internet service supplying unit (2) to access, and/or described each network terminal (3) is provided with SIM card, time the network terminal (3) accessing Internet service provision unit (2), carry out identification authentication certification by authenticated exchange center (1) SIM card to this network terminal (3), after authentication success, Internet service supplying unit (2) just allows this network terminal (3) to access.
Continue to consult Fig. 1, the network terminal (3) shown in Fig. 1 comprises the computer of accessing Internet service provision unit (2), server, the Network Interface Unit of other Internet service supplying units that is connected with this Internet service supplying unit (2).
In arranging, authenticated exchange center (1) will be used for the SIM card of authenticating identity to each Internet service supplying unit (2) and each user distribution, this SIM card can be the SIM card that mobile telephone network adopts, be provided with in SIM card and comprise card number, key K i, A3 algorithm, A8 algorithm, the data such as card number, key K i, A3 algorithm, A8 algorithm of all these SIM card is preserved at authenticated exchange center (1) simultaneously, and arranges the program software of certification SIM card.In Internet service supplying unit (2), the network equipment for being connected with authenticated exchange center (1) phase network is provided with in Internet service supplying unit (2), the network equipment is provided with the program software of SIM card and the certification SIM card of being issued by authenticated exchange center (1), during Internet service supplying unit (2) access authentication switching center (1), this Internet service supplying unit (2) is just allowed to access by after the identity success of the SIM card of authenticated exchange center (1) this network equipment of certification.At customer-side, the network card for being connected with Internet service supplying unit (2) phase network is provided with in the computer of user and the network terminal (3), the network terminal also will arrange SIM card card reader in (3), SIM card card reader is the most desirable is be arranged on the network card in the network terminal (3), so just SIM card can be arranged on the network card of the network terminal (3).The network terminal (3) also will be provided with the program software of certification SIM card, when user uses the network terminal (3) accessing Internet service provision unit (2), in advance SIM card to be put into SIM card card reader, then could accessing Internet service provision unit (2).
In this manual, time described the network terminal (3) accessing Internet service provision unit (2), can be accessed by wired or wireless mode, wherein, use dialing is comprised by wired mode access, special line, ADSL broadband, cable TV network, the accessing Internet service provision units (2) such as optical fiber, and wirelessly access comprise use WiFi, WiMax, bluetooth, GPRS, mobile phone etc. various wireless communication mode accessing Internet service provision unit (2), no matter the network terminal (3) adopts wired or wireless mode accessing Internet service provision unit (2), all can realize object of the present invention well, all belong to protection scope of the present invention.
Continue to consult Fig. 1, system shown in Fig. 1 adopt the computer terminal of certification connecting Internet, server, the method of the identity of Internet service supplying unit comprises: the SIM card being used for authenticating identity the setting of each Internet service supplying unit (2), and when Internet service supplying unit (2) access authentication switching center (1), identification authentication certification is carried out by authenticated exchange center (1) SIM card to the Internet service supplying unit (2) of this access, after authentication success, authenticated exchange center (1) just allows this Internet service supplying unit (2) to access, and/or the SIM card being used for authenticating identity is set at each network terminal (3), and when the network terminal (3) accessing Internet service provision unit (2), carry out identification authentication certification by authenticated exchange center (1) SIM card to this network terminal (3), after authentication success, Internet service supplying unit (2) just allows this network terminal (3) to access.
Continue to consult Fig. 1, in the authenticating identity method that the system shown in Fig. 1 adopts, also comprise following A group step:
A1. Internet service supplying unit (2) sends SIM card card number to authenticated exchange center (1), and identification authentication certification is carried out in request;
A2. authenticated exchange center (1) finds out key K i from this SIM card card number, then authenticated exchange center (1) generation random number R NAD sends the SIM card in Internet service supplying unit (2) to, and this random number R NAD and key K i is generated number of responses SRES by the computing of A3 algorithm by authenticated exchange center (1);
After A3.SIM card receives this random number R NAD, key K i in this random number R NAD and SIM card is generated number of responses SERS ' by the computing of A3 algorithm, and then this number of responses SRES ' is sent back authenticated exchange center (1) by Internet service supplying unit (2) and checks by SIM card;
A4. the number of responses SRES ' received and the number of responses SRES phase in steps A 2 check by authenticated exchange center (1), both identical then authentication successes, otherwise authentication failure.
Continue to consult Fig. 1, in the authenticating identity method that the system shown in Fig. 1 adopts, also comprise following B group step:
B1. when the network terminal (3) wants accessing Internet service provision unit (2), the SIM card card number of the network terminal (3) is sent to Internet service supplying unit (2), request access; This SIM card card number is transmitted authenticated exchange center (1) by Internet service supplying unit (2), and identification authentication certification is carried out in request;
B2. authenticated exchange center (1) finds out key K i from this SIM card card number, then authenticated exchange center (1) produces a random number R NAD and sends Internet service supplying unit (2) to, by Internet service supplying unit (2) this random number R NAD sent to the SIM card in the network terminal (3) again, and this random number R NAD and key K i is generated number of responses SRES by the computing of A3 algorithm by authenticated exchange center (1);
B3. after the SIM card in the network terminal (3) receives this random number R NAD, key K i in this random number R NAD and SIM card is generated number of responses SERS ' by the computing of A3 algorithm, then SIM card sends this number of responses SRES ' to Internet service supplying unit (2) by the network terminal (3), then by Internet service supplying unit (2), this number of responses SRES ' is sent back authenticated exchange center (1) and check;
B4. the number of responses SRES ' received and the number of responses SRES phase in step B2 check by authenticated exchange center (1), both identical then authentication successes, otherwise authentication failure, then authenticated exchange center (1) sends authentication result to Internet service supplying unit (2).
System of the present invention is except providing identity authentication function, encryption function can also be provided to the information transmitted between authenticated exchange center (1) and Internet service supplying unit (2), recognize in step at described identification authentication, also comprise the step that authenticated exchange center (1) and Internet service supplying unit (2) produce key K c respectively, generate key K c from the key K i in this random number R NAD and SIM card by the computing of A8 algorithm, key K c is for after Internet service supplying unit (2) access authentication switching center (1), the encrypting and decrypting purposes of the information exchanged between Internet service supplying unit (2) and authenticated exchange center (1).Comprising Internet service supplying unit (2) uses this key K c will to be just sent to authenticated exchange center (1) after the information encryption of transmission, use key K c by decrypts information after this encryption by authenticated exchange center (1), then just by message transport to destination, and authenticated exchange center (1) uses this key K c to be just sent to Internet service supplying unit (2) by after the information encryption sending Internet service supplying unit (2) to, use key K c that decrypts information after this encryption is drawn original information by Internet service supplying unit (2).The information between Internet service supplying unit (2) and authenticated exchange center (1) can be protected like this to be stolen.
In addition, system of the present invention can also provide encryption function to the information transmitted between Internet service supplying unit (2) and the network terminal (3), recognize in step at described identification authentication, also comprise authenticated exchange center (1) and generate key K c from the key K i in this random number R NAD and SIM card by the computing of A8 algorithm, then this key K c is sent to Internet service supplying unit (2), and, the network terminal (3) generates key K c from the key K i in this random number R NAD and SIM card by the computing of A8 algorithm, and, described key K c is for after the network terminal (3) accessing Internet service provision unit (2), the encrypting and decrypting purposes of the information exchanged between the network terminal (3) and Internet service supplying unit (2).Comprising the network terminal (3) uses this key K c will to be just sent to Internet service supplying unit (2) after the information encryption of transmission, use key K c by decrypts information after this encryption by Internet service supplying unit (2), then just by message transport to destination, and Internet service supplying unit (2) uses this key K c to be just sent to the network terminal (3) by after the information encryption sending the network terminal (3) to, use key K c that decrypts information after this encryption is drawn original information by the network terminal (3).Information between protecting network terminal (3) and Internet service supplying unit (2) can not be stolen like this, be particularly suitable for the application of some security requirement rhythms, as online banking service etc.
Consult Fig. 2, Fig. 2 is the system configuration schematic illustration of the second embodiment of the present invention, in second embodiment, show the annexation between several different authenticated exchange center (1) and multiple different Internet service supplying unit (2).As shown in Figure 2, Internet service supplying unit (2) can only be connected with one of them authenticated exchange center (1), also can be connected with more than one authenticated exchange center (1) simultaneously, Internet service supplying unit (2) as long as arrange the SIM card of being issued by the authenticated exchange center (1) be connected in each network equipment be connected with authenticated exchange center (1), just can connect more than one authenticated exchange center (1) simultaneously, exchange message just can be carried out by this Internet service supplying unit (2) in authenticated exchange centers (1) different like this.In second embodiment, first coupled to each the Internet service supplying unit (2) in authenticated exchange center (1) carries out identification authentication certification, and allow the Internet service supplying unit (2) of success identity access, then each network terminal (3) is just by the Internet service supplying unit (2) of these access authentication switching centers (1), certified switching center (1) carries out identification authentication certification, the network terminal (3) just accessible Internet service supplying unit (2) online of authentication success.Because the work of certification is undertaken by authenticated exchange center (1), so each network terminal (3) can access the Internet service supplying unit (2) of any one access authentication switching center (1), namely the network terminal (3) arbitrarily can roam into the Internet service supplying unit (2) of any one access authentication switching center (1).
Continue to consult Fig. 2, in the second embodiment shown in Fig. 2, the charging method of the line online of the network terminal (3) accessing Internet service provision unit (2), can by authenticated exchange center (1) when this network terminal of certification (3) successful accessing Internet service provision unit (2), start to record time or the volume of transmitted data of this network terminal (3) and Internet service supplying unit (2) phase line, then collected in the account of Internet service supplying unit (2) by this network terminal (3) by authenticated exchange center (1), by authenticated exchange center (1), expenses of surfing Internet is divided into the Internet service supplying unit (2) accessed to this network terminal (3) again.Also can be recorded time or the volume of transmitted data of the phase line of the network terminal (3) of each access by Internet service supplying unit (2), the account then offering the Internet service supplying unit (2) of service on net to this network terminal (3) collects the charges.
Below system and method for the present invention has been described in detail, although the present invention is illustrated with the above embodiments, but the present invention is not limited to this, when not leaving the scope of spirit of the present invention and appended claims, multiple change and change can be done.Each Internet service supplying unit is with each
By the method and system of SIM card authenticating computer terminal server ISP identity of the present invention, the network terminal (3) such as computer, Website server of user's online and the identity of each Internet service supplying unit (2) can be confirmed by its SIM card, Internet service supplying unit (2) just can confirm the identity of the network terminal (3) with the SIM card of the network terminal (3), even the client of other Internet service supplying units (2), also it can be allowed to access, then collect roaming service expense to this network terminal (3).Enforcement of the present invention, solve the problem of each terminal authentication of connecting Internet, make the client of different Internet service supplying units can access other Internet service supplying units with roaming mode, to Internet service supplying unit and client's all very benifit thereof.