CN102404711B - Locking net device of mobile terminal and identifying method between modules - Google Patents
Locking net device of mobile terminal and identifying method between modules Download PDFInfo
- Publication number
- CN102404711B CN102404711B CN201010277142.4A CN201010277142A CN102404711B CN 102404711 B CN102404711 B CN 102404711B CN 201010277142 A CN201010277142 A CN 201010277142A CN 102404711 B CN102404711 B CN 102404711B
- Authority
- CN
- China
- Prior art keywords
- module
- mobile terminal
- information
- lock network
- terminal module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a locking net device of a mobile terminal, which comprises a mobile terminal module used for receiving user identification information and a locking module used for controlling whether the mobile terminal module works according to whether the user identification information has network access authority. The mobile terminal module and the locking net module respectively comprise first secret key information and second secret key information to conduct mutual identification. The locking net device utilizes two way symmetrical encryption algorithm to conduct mutual identification between the mobile terminal module and the locking net module and achieve the aim that the mobile terminal locking net device is not easy to break, for example, the locking net device can effectively prevent the locking net module from being dismantled physically.
Description
Technical field
The present invention relates to a kind of field of mobile communication, particularly a kind of be not easy to be cracked mobile terminal network-locking device and method.
Background technology
Along with the development of mobile Internet, increasing mobile Internet terminal use by people, for example mobile phone, panel computer and e-book etc.
The different operators of present mobile Internet is in order to ownership, the demand retained in the business perspective such as user or competition, often carry out various such as price subsidies, mobile phone is sent in charge filling and bull's machine send the activity of telephone expenses and so on, such user can obtain mobile Internet terminal by the mode even free lower than market price.If the mobile Internet terminal of the type is resell at a profit by user or mobile terminal distributors, will be that mobile operator suffers a loss.So the demand of " the lock network process " that have the mobile Internet terminal provided it to be commonly called as mobile operator.Namely its mobile Internet terminal provided and supporting client identification card or Global Subscriber identification card are bound.Described client identification card is also known as SIM card (Subscriber Identity Module, SIM), and described Global Subscriber identification card is also known as usim card (Universal Subscriber Identity Module, USIM).
More common net locking method is divided into two classes substantially at present: software simulating class and hardware implementing class.Net locking method based on software simulating adopts Software-only method to distinguish the customer identification information in SIM card or usim card, but this method is very easy to crack, only need by the software version in mobile Internet terminal again " brush machine ", to replace with the version not comprising lock network software.And customer identification information is distinguished in the mode of the built-in lock network chip of mobile Internet terminal based on hard-wired net locking method employing.Although this method improves the shortcoming of the net locking method of software simulating, but there is now a kind of crack method of fairly simple violence, namely direct lock network chip on described mobile Internet terminal is carried out physics dismounting, allow described mobile Internet terminal directly with SIM usim card be connected, just can break through the restriction of lock network chip.More ins and outs about hard-wired mobile terminal network-locking device can take charge of with reference to me " a kind of mobile terminal network-locking device based on encryption chip " that Chinese Patent Application No. is CN200610036091.X.
Therefore, that urgently propose a kind of advanced person, that above-mentioned shortcoming can be overcome technical scheme.
Summary of the invention
The object of this part is to summarize some aspects of technical scheme of the present invention and briefly introduces some better embodiments.May do in the specification digest and denomination of invention of this part and the application a little simplify or omit with avoid making this part, specification digest and denomination of invention fuzzy, and this simplification or omit and can not be used for limiting the scope of the invention.
One object of the present invention is to provide a kind of intermodule authentication method, and the method may be used for carrying out authentication mutually between matching module.
Another object of the present invention is to provide a kind of new mobile terminal network-locking device simultaneously, the shortcoming that existing mobile terminal network-locking device is easily cracked can be improved.
In order to reach object of the present invention, according to an aspect of the present invention, the invention provides a kind of intermodule authentication method, described method comprises: preset first key information of difference and the second key information in authentication module and object module; Described authentication module sends a predefine information to object module; Described object module utilizes the first key information to send after described predefine information encryption; More described authentication module is identical with initial predefine information after utilizing the second cipher key module to decipher described predefine information; If the same authentication success, if not identical, certification is unsuccessful.
Further, described predefine information intercepts and captures from the information that described object module sends or from the information that described object module receives.
Further, when described predefine information be intercept and capture from the information that described object module receives time, described object module sends to information source side to after described predefine information encryption, and described authentication module continues the predefine information after intercepting and capturing this encryption with deciphering.
According to a further aspect in the invention, the invention provides a kind of mobile terminal network-locking device, described device comprises: mobile terminal module, accepts customer identification information; Whether whether lock network module, have networking authority according to described customer identification information and control described mobile terminal module and work; With also comprise the first key information and the second key information in described mobile terminal module and described lock network module respectively to carry out mutual certification.
Further, described mobile terminal module and described lock network module are carried out mutual certification and are referred to:
Described lock network module sends a predefine information to described mobile terminal module;
Described mobile terminal module utilizes the first key information again to beam back after described predefine information encryption;
Described lock network module is intercepted and captured described predefine information and is utilized the second key information deciphering; With
Described lock network module judges that whether the predefine information after deciphering is identical with initial predefine information.
Further, described mobile terminal network-locking device also comprises subscriber identification module, and this subscriber identification module sends described customer identification information to described mobile terminal control module.
Further, described subscriber identification module is client identification card or Global Subscriber identification card, and described encrypt and decrypt adopts the heavy DES algorithm of Data Encryption Standard 3.
Further, described mobile terminal module sends one and obtains random number instruction to described subscriber identification module;
Described subscriber identification module feeds back the information comprising random number to described mobile terminal module, and
Comprise the information of random number described in described lock network module intercepting and capturing and extract random number as described predefine information.
Further, when the first key information is identical with the second key information, described mobile terminal module and the success of described lock network module authentication also work simultaneously; With
When the first key information is different from the second key information, described mobile terminal module and described lock network module authentication unsuccessful, described mobile terminal module does not work.
Further, describedly whether have networking authority according to described customer identification information and refer to: described lock network module memory contains the customer identification information having networking authority preset, when described mobile terminal module receives customer identification information, the customer identification information of networking authority that has preset that described lock network module intercepts and captures described customer identification information and its storage inside is compared.
Compared with prior art, mobile terminal network-locking device provided by the invention utilizes bi-directional symmetrical cryptographic algorithm to the technical scheme of carrying out mutual certification between mobile terminal module and lock network module, reach the object that described mobile terminal network-locking device is not easy to crack, such as can effectively take precautions against directly by the crack method of described lock network module physical dismounting.The present invention simultaneously also proposes a kind of intermodule authentication method, is applicable to carry out authentication mutually between matching module.
Accompanying drawing explanation
In conjunction with reference accompanying drawing and ensuing detailed description, the present invention will be easier to understand, the structure member that wherein same Reference numeral is corresponding same, wherein:
Fig. 1 is the block diagram of the mobile terminal network-locking device in one embodiment of the present of invention;
Fig. 2 is mobile terminal module in one embodiment of the present of invention and the method flow diagram carrying out certification between lock network module; With
Fig. 3 is the method flow diagram of the intermodule authentication method in one embodiment of the present of invention.
Embodiment
Detailed description of the present invention describes the running of technical solution of the present invention directly or indirectly mainly through program, step, logical block, process or other recapitulative descriptions.For thorough understanding the present invention, in ensuing description, set forth a lot of specific detail.And when not having these specific detail, the present invention then may still can realize.Affiliated those of skill in the art use these descriptions herein and statement mainly to effectively introduce the work essence of technical solution of the present invention to the others skilled in the art in affiliated field.In other words, be object of the present invention of avoiding confusion, because method, program, composition and the circuit known is readily appreciated that, therefore they are not described in detail.
Alleged herein " embodiment " or " embodiment " refers to special characteristic, structure or the characteristic that can be contained at least one implementation of the present invention.Different local in this manual " in one embodiment " occurred not all refers to same embodiment, neither be independent or optionally mutually exclusive with other embodiments embodiment.In addition, represent sequence of modules in the method for one or more embodiment, flow chart or functional block diagram and revocablely refer to any particular order, not also being construed as limiting the invention.
The enforcement of mobile terminal network-locking device of the present invention and intermodule authentication method can be undertaken by different forms, such as described mobile terminal network-locking device can realize becoming a kind of product by software, hardware or both combinations, also the part, a part for such as mobile phone or the part for panel computer that become a system can be realized.Same, described intermodule authentication method also can realize becoming a kind of method or product by software, hardware or both combinations.Hereafter specifically describe the present invention by conjunction with different embodiments.
Please refer to Fig. 1, it illustrates the block diagram of the mobile terminal network-locking device 100 in one embodiment of the present of invention.Described mobile terminal network-locking device 100 comprises mobile terminal module 120 and lock network module 140.
Described mobile terminal module 120 can be SIM card in mobile phone, panel computer or other handheld devices utilizing mobile Internet to surf the Net or usim card controller.Generally, described mobile terminal module 120 all needs the inner subscriber identification module 000 inserting such as a SIM card or usim card and so on.Described mobile terminal module 120 receives the customer identification information of described subscriber identification module 000 to access mobile Internet.Described customer identification information can be international mobile subscriber identity (international mobile subscriber identity, IMSI), described IMSI inside includes the identifying information about country, region and user's uniqueness, the content that concrete ins and outs are well known to those skilled in the art, is not repeated.
Described lock network module 140 can be chip piece, and also can be a SOC (system on a chip), its inside generally includes the device such as processor, memory.Especially, its inside further comprises the customer identification information 144 having networking authority preset.Described lock network module 140 can be integrated in described mobile terminal module 120.Described lock network module 140, between described mobile terminal module 120 and subscriber identification module 000, is responsible for monitoring and intercepting and capturing information mutual between described mobile terminal module 120 and subscriber identification module 000.If include customer identification information and IMSI in information mutual between described mobile terminal module 120 and subscriber identification module 000, then described lock network module 140 can be intercepted and captured this customer identification information and compares to judge whether this subscriber identification module 102 has networking authority with the customer identification information 144 of networking authority that has preset with its inside, if had, described mobile terminal module 120 normally works, if do not had, information mutual between described mobile terminal module 120 and subscriber identification module 000 is blocked by described lock network module 140 and can not work.
As one of bright spot of the present invention and emphasis, described mobile terminal module 120 and lock network module 140 all also comprise the first key information 122 and the second key information 142 respectively to carry out mutual certification.Only when authentication success, described mobile terminal module 120 and lock network module 140 just can normally work.When certification is unsuccessful, such as described lock network module 140 is by physical removal or after changing, described mobile terminal module 120 cannot normally work.
Utilize bilateral symmetry cryptographic algorithm to complete certification between wherein said mobile terminal module 120 and lock network module 140, in a specific embodiment, described bilateral symmetry cryptographic algorithm adopts the heavy DES algorithm of Data Encryption Standard 3.For the content that the ins and outs of 3 heavy des encryption algorithms are well known to those skilled in the art, be not repeated.
In order to more easily describe the present invention, hereafter employing embodiment is explained the method completing certification between described mobile terminal module 120 and lock network module 140 in detail.
Please refer to Fig. 2, it illustrates the method flow diagram carrying out certification between mobile terminal module 120 in one embodiment of the present of invention and lock network module 140.Described mobile terminal module 120 can be a mobile phone in this example, and described lock network module 140 is integrated in described mobile terminal module 120, and described subscriber identification module 000 can be SIM card or usim card.Described authentication method comprises:
Step 202, preset the first identical key information 122 and the second key information 142 in mobile terminal module 120 with lock network module 140.In one embodiment, described first key information 122 and the second key information 142 are the key information of 16 bytes.
Step 204, after mobile terminal module 120 starting up, described mobile terminal module 120 is to subscriber identification module 000 electrifying startup of its inside, described subscriber identification module 000 can be fed back ATR signal and connect to described mobile terminal module 120, described mobile terminal module 120 and SIM card set up initial communication to be needed to exchange some protocol datas, and the ATR agreement that this exchange can be specified by ISO7816 consensus standard has been come.
Step 206, after mobile terminal module 120 and described subscriber identification module 000 connect, described mobile terminal module 120 sends one for obtaining the order of random number to described subscriber identification module 000, and in one embodiment, described random number is the random number of 8 bytes.
Step 208, described subscriber identification module 000 can feed back the information comprising random number to described mobile terminal module 120 after receiving described order.
Step 210, described lock network module 140 intercept and capture described in comprise the information of random number and extract random number as predefine information, described lock network module 140 sends to described mobile terminal module 120 after this predefine information being preserved.
Step 212, described mobile terminal module 120 is after receiving described predefine information, the first key information 122 is utilized again to send back to described subscriber identification module 000 to after described predefine information encryption, the heavy DES algorithm of Data Encryption Standard 3 now can be adopted to be encrypted, GET CHALLENGE instruction when resending, can be adopted.
Step 214, described lock network module 140 utilizes the first key information 142 to be decrypted after intercepting and capturing described predefine information, the heavy DES algorithm of Data Encryption Standard 3 now also can be adopted to be decrypted.
Step 216, described lock network module 140 judges whether the predefine information after deciphering is identical with the predefine information that step 210 is preserved (or being referred to as initial predefine information), if identical, then enters step 218, if unsuccessful, enter step 220.
Step 218, authentication success, namely when the first key information is identical with the second key information, described mobile terminal module 120 also works with described lock network module 140 authentication success simultaneously.
Step 220, certification is unsuccessful, when the first key information is different from the second key information, described mobile terminal module 120 is unsuccessful with described lock network module authentication 140, described mobile terminal module does not work, and described lock network module 140 specifically can be adopted to block the mode of information mutual between mobile terminal module 120 and subscriber identification module 000.
In sum, the scheme that then just can normally use by utilizing bilateral symmetry cryptographic algorithm authentication success between described mobile terminal module 120 and lock network module 140, reaches the object that described mobile terminal network-locking device is not easy to crack.Being modified at either party firmware information of described mobile terminal module 120 and lock network module 140, replacing or extracing all to cause described mobile terminal module 120 normally to use.But will be appreciated that, in this embodiment, described lock network module 140 random number information intercepted and captured between mobile terminal module 120 and subscriber identification module 000 is used as predefine information, and described predefine information also can be that described lock network module 140 self sends or intercepts and captures the information between the mobile terminal module 120 of other kinds and subscriber identification module 000 in other embodiments.
About other technologies details, such as mobile terminal device specifically mobile phone, panel computer ..., or bi-directional symmetrical cryptographic algorithm adopts the equivalents of which kind of algorithm and so on, tiredly one by one herein states, these be all the easy full of beard of those skilled in the art and.
The present invention also provides a kind of intermodule authentication method simultaneously, is applicable to carry out authentication mutually between matching module, such as described mobile terminal module and described lock network module.Please refer to Fig. 3, it illustrates the method flow diagram of the intermodule authentication method 300 in one embodiment of the present of invention.Described intermodule authentication method 300 comprises:
Step 302, preset first key information of difference and the second key information in authentication module and object module;
Step 304, described authentication module sends a predefine information to object module;
Step 306, described object module utilizes the first key information to send after described predefine information encryption;
Step 308, described authentication module utilizes the second cipher key module to decipher described predefine information;
Step 310, described authentication module says that more whether the predefine information after deciphering is identical with initial predefine information.If the same enter step 310, authentication module and object module authentication success, if not identical, it is unsuccessful to enter step 312 certification.
The encryption and decryption mode wherein adopted in step 306 and step 308 should be same symmetrical expression or amphitropic cryptographic algorithm.If the first key information preset in authentication module with object module is identical with the second key information, then can authentication success; If the first key information preset in authentication module with object module is not identical with the second key information, then can authenticate unsuccessful.Which kind of module described authentication module and object module are specially depending on specific embodiment, and it can be in same device, system, also can belong in different devices or system.
Above-mentioned explanation fully discloses the specific embodiment of the present invention.It is pointed out that the scope be familiar with person skilled in art and any change that the specific embodiment of the present invention is done all do not departed to claims of the present invention.Correspondingly, the scope of claim of the present invention is also not limited only to described embodiment.
Claims (4)
1. a mobile terminal network-locking device, is characterized in that, it comprises:
Subscriber identification module, this subscriber identification module sends customer identification information to described mobile terminal control module;
Mobile terminal module, accepts customer identification information;
Whether whether lock network module, have networking authority according to described customer identification information and control described mobile terminal module and work; With
The first key information and the second key information is also comprised respectively to carry out mutual certification in described mobile terminal module and described lock network module;
Bilateral symmetry cryptographic algorithm is utilized to complete certification between described mobile terminal module and lock network module;
Described mobile terminal module sends one and obtains random number instruction to described subscriber identification module;
Described subscriber identification module feeds back the information comprising random number to described mobile terminal module, and
Comprise the information of random number described in described lock network module intercepting and capturing and extract random number as predefine information;
Described lock network module sends described predefine information to described mobile terminal module;
Described mobile terminal module utilizes the first key information again to beam back after described predefine information encryption;
Described lock network module is intercepted and captured described predefine information and is utilized the second key information deciphering; With
Described lock network module judges that whether the predefine information after deciphering is identical with initial predefine information.
2. device according to claim 1, is characterized in that, described subscriber identification module is client identification card or Global Subscriber identification card, and described encrypt and decrypt adopts the heavy DES algorithm of Data Encryption Standard 3.
3. device according to claim 1, is characterized in that,
When the first key information is identical with the second key information, described mobile terminal module and the success of described lock network module authentication also work simultaneously; With
When the first key information is different from the second key information, described mobile terminal module and described lock network module authentication unsuccessful, described mobile terminal module does not work.
4. device according to claim 1, it is characterized in that, describedly whether have networking authority according to described customer identification information and refer to: described lock network module memory contains the customer identification information having networking authority preset, when described mobile terminal module receives customer identification information, the customer identification information of networking authority that has preset that described lock network module intercepts and captures described customer identification information and its storage inside is compared.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010277142.4A CN102404711B (en) | 2010-09-09 | 2010-09-09 | Locking net device of mobile terminal and identifying method between modules |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010277142.4A CN102404711B (en) | 2010-09-09 | 2010-09-09 | Locking net device of mobile terminal and identifying method between modules |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102404711A CN102404711A (en) | 2012-04-04 |
| CN102404711B true CN102404711B (en) | 2015-04-08 |
Family
ID=45886399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010277142.4A Active CN102404711B (en) | 2010-09-09 | 2010-09-09 | Locking net device of mobile terminal and identifying method between modules |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404711B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104135458B (en) | 2013-05-03 | 2018-01-02 | 中国银联股份有限公司 | The foundation communicated to connect between mobile device and safety barrier |
| CN104735647A (en) * | 2013-12-20 | 2015-06-24 | 中兴通讯股份有限公司 | Network locking method and system of wireless terminal |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1398100A (en) * | 2001-07-19 | 2003-02-19 | 宏碁股份有限公司 | Transaction system and method for automatically identifying identity |
| CN101098540A (en) * | 2006-06-27 | 2008-01-02 | 深圳市中兴集成电路设计有限责任公司 | Encrypting chip based mobile terminal network-locking device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100428820C (en) * | 2006-03-28 | 2008-10-22 | 江苏移动通信有限责任公司 | User recognition module and method capable of realizing mobile terminal area locking |
| CN101583124B (en) * | 2009-06-10 | 2011-06-15 | 大唐微电子技术有限公司 | Authentication method and system of subscriber identity module and terminal |
-
2010
- 2010-09-09 CN CN201010277142.4A patent/CN102404711B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1398100A (en) * | 2001-07-19 | 2003-02-19 | 宏碁股份有限公司 | Transaction system and method for automatically identifying identity |
| CN101098540A (en) * | 2006-06-27 | 2008-01-02 | 深圳市中兴集成电路设计有限责任公司 | Encrypting chip based mobile terminal network-locking device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102404711A (en) | 2012-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210184872A1 (en) | Authentication apparatus and method | |
| CN103201998B (en) | For the protection of the data processing of the local resource in mobile device | |
| US9722775B2 (en) | Network services via trusted execution environment | |
| CN106789841B (en) | Service processing method, terminal, server and system | |
| EP3099090B1 (en) | Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media | |
| CN106850209A (en) | A kind of identity identifying method and device | |
| CN101577906B (en) | Smart card and terminal capable of realizing machine card security authentication | |
| CN101437067B (en) | Mobile terminal and method for implementing network and card locking | |
| EP2937806A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| KR20090041352A (en) | How to personalize your secure NFC chipset | |
| CN111131300B (en) | Communication method, terminal and server | |
| CN101511083B (en) | Authentication method and terminal for telecom smart card | |
| CN101521886A (en) | Method and device for authenticating terminal and telecommunication smart card | |
| CN102647279B (en) | Encryption method, encrypted card, terminal equipment and interlocking of phone and card device | |
| US20090044007A1 (en) | Secure Communication Between a Data Processing Device and a Security Module | |
| RU2015114703A (en) | TELECOMMUNICATION CHIP CARD | |
| CN102821112A (en) | Mobile equipment, server and mobile equipment data verification method | |
| CN104901967A (en) | Registration method for trusted device | |
| CN102118737A (en) | Method for remotely acquiring network locking information and terminal | |
| CN102404711B (en) | Locking net device of mobile terminal and identifying method between modules | |
| CN107104968A (en) | Safety certifying method, system, terminal and the storage medium of portable finance device | |
| CN101415185A (en) | Mobile terminal, method and system for keeping secret of platform-striding information | |
| CN108322907B (en) | Card opening method and terminal | |
| CN103108316A (en) | Authentication method, device and system for aerial card writing | |
| CN106372557B (en) | Certificate card information acquisition method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |