[go: up one dir, main page]

WO2012122752A1 - Method and device for locking or unlocking terminal and smart card - Google Patents

Method and device for locking or unlocking terminal and smart card Download PDF

Info

Publication number
WO2012122752A1
WO2012122752A1 PCT/CN2011/075991 CN2011075991W WO2012122752A1 WO 2012122752 A1 WO2012122752 A1 WO 2012122752A1 CN 2011075991 W CN2011075991 W CN 2011075991W WO 2012122752 A1 WO2012122752 A1 WO 2012122752A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
identifier
user identifier
smart card
device identifier
Prior art date
Application number
PCT/CN2011/075991
Other languages
French (fr)
Chinese (zh)
Inventor
王潇滨
刘杰杰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012122752A1 publication Critical patent/WO2012122752A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/48Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the present invention relates to terminal technologies, and more particularly to a method and apparatus for locking or unlocking a terminal and a smart card. Background technique
  • SIM Subscriber Identity Module
  • USIM Universal Subscriber Identity Module
  • Locking is a special requirement for a mobile terminal.
  • the mobile terminal completes the binding operation of locking to a specific card, the mobile terminal is required to use only the specific card, and other cards cannot be used normally on the mobile terminal.
  • the operator can effectively solve the problems of users transferring the network privately, carrying out the goods privately, and losing the customer group, so as to ensure that the users who purchase the mobile terminal during the promotion can satisfy the terms of the agreement and ensure that the mobile terminal and the service are purchased at a low price.
  • the user is able to use a particular reservation for a relatively long period of time.
  • a locking scheme needs to write the acquired locking/unlocking control information in the form of configuration information in the mobile terminal, such as saving in a certain flag of the mobile phone firmware Flash or a fixed memory, so that once the binding relationship is established, It is difficult to change, unless you change the phone firmware or rewrite the memory, you can not flexibly adapt to the operator's flexible operational needs. If the operator's locking requirements for the terminal and the (U)SIM card change, it must pass Trivial operations can be achieved.
  • Another object of the present invention is to provide a method and apparatus for locking a terminal and a smart card to facilitate locking. Another object of the present invention is to provide a method and apparatus for unlocking a terminal and a smart card, which is convenient and flexible to unlock.
  • a method for locking a terminal and a smart card comprising: acquiring, by the PC side software for performing the lock management, a device identifier of the terminal and a user identifier of the smart card, searching for the binding relationship data set by the operator based on the device identifier, determining the location Determining the allowed binding range of the device identifier, determining whether the user identifier is within the allowed binding range, and if yes, binding the device identifier and the user identifier; otherwise, not binding operating.
  • the binding operation between the device identifier and the user identifier includes: the PC side software writes the binding relationship between the device identifier of the terminal and the user identifier of the smart card to the configuration information stored by the terminal and the configuration information stored by the smart card. in.
  • the method further includes: the PC side software reading the configuration information stored by the terminal, determining whether the binding relationship exists, and if yes, ending the current process; if not, Searching for binding relationship data set by the operator based on the device identifier; or
  • the PC side software reads the configuration information stored by the terminal and the configuration information stored by the smart card, and determines the binding. Whether the relationship exists, if any exists, the current process is ended; if none exists, the binding relationship data set by the operator is searched based on the device identifier.
  • the method further includes: the PC side software acquiring the device identifier of the terminal and the user identifier of the smart card, and determining whether the device identifier and the user identifier meet the binding relationship, and if yes, The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
  • a method for unlocking a terminal and a smart card comprising: a PC side software for performing lock management, obtaining a device identifier of the terminal, and a user identifier of the smart card, determining whether the device identifier and the user identifier meet the binding relationship, and if The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
  • the binding relationship between the device identifier and the user identifier is specifically: the binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information stored in the terminal and the configuration information stored in the smart card; or
  • the binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information of the smart card.
  • Determining whether the device identifier and the user identifier meet the binding relationship specifically: reading the configuration information stored by the terminal, determining the user identifier that needs to be bound to the terminal, and determining whether the user identifier of the smart card can be tied to the requirement If the matching user IDs match, the configuration information of the smart card is read, and the device IDs to be bound to the smart card are determined, and the device identifiers of the terminal are consistent with the device identifiers to be bound. Compliance with the binding relationship; or,
  • the configuration information stored in the terminal determines the user identifier to be bound to the terminal, and determines whether the user identifier of the smart card can match the user identifier to be bound. If the matching can match, the binding relationship is met; or
  • the configuration information stored in the terminal is read, and the user identifier to be bound to the terminal is determined, and the user identifier of the smart card is matched with the user identifier to be bound, and if it can match, the binding relationship is met; or
  • Read the configuration information of the smart card determine the device ID to be bound to the smart card, and determine whether the device ID of the terminal is the same as the device ID to be bound. If they are consistent, the binding relationship is met.
  • the method further includes:
  • the PC side software checks the validity of the acquired device ID and user ID.
  • a device for locking a terminal and a smart card comprising:
  • a device identifier determining unit configured to acquire a device identifier of the terminal
  • a user identifier determining unit configured to acquire a user identifier of the smart card
  • a verification unit configured to determine, according to the binding relationship data set by the device identifier search operator, the allowed binding range corresponding to the device identifier, and determine whether the user identifier is within the allowed binding range, if Sending the device identifier and the user identifier to the locking unit;
  • a locking unit configured to perform a binding operation on the device identifier and the user identifier.
  • the device further includes an unlocking unit,
  • the verification unit is further configured to: determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit; the unlocking unit is configured to: The binding relationship between the device identifier and the user identifier is released.
  • a device for unlocking a terminal and a smart card comprising:
  • a device identifier determining unit configured to acquire a device identifier of the terminal
  • a user identifier determining unit configured to acquire a user identifier of the smart card
  • a verification unit configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit;
  • the unlocking unit is configured to release the binding relationship between the device identifier and the user identifier.
  • the verification unit is further configured to: perform an effective check on the acquired device identifier and the user identifier.
  • the device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if yes, triggering the device identification determining unit; and further determining whether the card reader is correctly connected to the PC, and if yes, triggering the user Identification determination unit.
  • the locking or unlocking operation of the terminal and the smart card is performed by performing the PC-side software of the lock management, and the binding relationship or the unbinding relationship can be flexibly configured according to the requirements of the operator, and the locking is conveniently and quickly performed. Or unlock the lock to meet the needs of the batch terminal and smart card lock or unlock.
  • FIG. 1 is a schematic flow chart of locking a terminal and a (U)SIM card in the present invention
  • FIG. 2 is a schematic flowchart of unlocking a terminal and a (U)SIM card in the present invention
  • FIG. 3 is a schematic structural diagram of an apparatus for locking a terminal and a smart card in the present invention
  • FIG. 4 is a schematic structural diagram of an apparatus for unlocking a terminal and a smart card in the present invention. detailed description
  • the PC side software for performing lock management is acquired.
  • the device identifier of the terminal and the user identifier of the smart card based on the binding relationship data set by the device identifier search operator, determining an allowable binding range corresponding to the device identifier, and determining whether the user identifier is in the allowed binding If yes, the binding between the device identifier and the user identifier is performed; otherwise, the binding operation is not performed.
  • the PC-side software for performing the lock management acquires the device identifier of the terminal and the user identifier of the smart card, and determines whether the device identifier and the user identifier meet the binding relationship. If yes, The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
  • the terminal described above may include a fixed station, a mobile phone, a netbook, and the like.
  • a smart card is a card that can be inserted into a terminal and used to identify a user. It can be a SIM card, a USIM card, or a UIM (User Identity Model) card.
  • the device identifier of the terminal may be an IMEI (International Mobile Equipment Identity), and the user identifier of the smart card may be an IMSI (International Mobile Subscriber Identification Number).
  • the device identifier and the user identifier of the device may be checked for validity, so that the device identifier and the user identifier of the subsequent locking or unlocking operation are in compliance with international standards and operators. standard.
  • the binding operation of the device identifier and the user identifier includes: binding the binding relationship between the device identifier of the terminal and the user identifier of the smart card to the configuration information stored by the terminal and the configuration information stored by the smart card.
  • the binding relationship between the device identifier and the user identifier is specifically: the binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information stored in the terminal and the configuration information stored in the smart card; or Deleting the binding relationship between the device identifier of the terminal and the user identifier of the smart card in the configuration information stored in the terminal; or deleting the device identifier of the terminal and the user identifier of the smart card in the configuration information stored by the smart card Binding off Department.
  • the device identification of the terminal as IMEI
  • the smart card as the (U)SIM card
  • the user identification of the smart card as IMSI.
  • FIG. 1 is a schematic flowchart of locking a terminal and a (U)SIM card according to the present invention. As shown in FIG. 1, the specific processing process includes:
  • Step 101 When the locking operation is required, the PC side software determines whether the terminal is correctly connected to the PC, and if yes, proceeds to step 102; otherwise, the locking operation fails, and the current process ends.
  • the PC-side software for lock management is installed on the PC managed by the operator, so that the operator can perform lock management, such as a lock operation or an unlock operation, on the terminal and the (U)SIM card through the PC side software.
  • the PC connects to the terminal through the data line, and determines whether the terminal is correctly connected to the PC by detecting the port. Specifically, after the terminal is connected to the PC through the data line, the voltage of the port of the PC is changed, and the PC side software detects After the voltage of the port of the PC is changed, the message is sent to the terminal. If the response is returned after receiving the message, the terminal is correctly connected to the PC, and the signal path with the terminal is established; if the terminal does not receive the return In response, the terminal is not properly connected to the PC.
  • Step 102 The PC side software determines whether the card reader is correctly connected to the PC, and if yes, proceeds to step 103; otherwise, the locking operation fails, and the current process ends.
  • the PC is connected to the card reader through the data line, and the port is detected to determine whether the card reader is properly connected to the PC. Specifically, after the card reader is connected to the PC through the data line, the voltage of the PC port is changed. After the PC side software detects that the voltage of the port of the PC has changed, it sends a message to the card reader. If the response returned by the card reader after receiving the message, the card reader is correctly connected to the PC, and the software is established. The signal path of the reader; if the response returned by the reader is not received, the reader is not properly connected to the PC. Steps 103 to 104: The PC side software reads the configuration information stored by the terminal, and determines whether the binding relationship exists. If yes, it indicates that the lock is not required, the lock operation fails, and the current process ends. If not, the process continues. 105.
  • the binding relationship is stored in the configuration information stored in the terminal and the configuration information stored in the (U)SIM card.
  • the configuration information can be used to determine the terminal and the (U)SIM card binding.
  • the PC side software can further read (U) the configuration information stored in the SIM card to determine whether the binding relationship exists. If it exists, it indicates that the lock is not needed at present, the locking operation fails, and the current process ends; If yes, proceed to step 105.
  • the configuration information stored in the (U)SIM card may be read first, whether the binding relationship exists, and when the binding relationship does not exist, the configuration information stored in the terminal is read.
  • Steps 105 to 106 The PC side software reads the IMEI of the terminal to determine whether the IMEI is correct. If it is correct, proceed to step 107; if not, the locking operation fails, and the current process ends.
  • the PC side software sends an AT command for reading the IMEI to the terminal, and after receiving the AT command, the terminal returns the IMEI of the terminal to the PC side software.
  • the PC side software determines whether the IMEI is correct, that is, checks the validity of the IMEI, that is, determines whether the IMEI complies with international standards and carrier standards, such as determining whether the number of digits of the IMEI and the number of the set digits are in compliance with international standards. Standard and carrier standards.
  • Steps 107 to 108 The card reader reads (IMS) the IMSI of the SIM card, and the PC side software obtains the IMSI read by the card reader to determine whether the IMSI is correct. If yes, proceed to step 109; if not, then The lock operation failed and the current process is ended.
  • IMS IMSI
  • the PC side software sends an AT command for reading the IMSI to the card reader.
  • the card reader After receiving the AT command, the card reader reads the IMEI of the (U) SIM card and returns it to the PC side software.
  • the PC side software determines whether the IMSI is correct, that is, validates the IMSI.
  • Sexual inspection that is, to determine whether the IMSI complies with international standards and operator standards, such as determining whether the number of digits of the IMSI and the number of the set digits meet international standards and operator standards.
  • Step 109 The PC side software is based on the binding relationship database set by the IMEI search operator, and obtains an IMSI section that meets the conditions, that is, an IMSI section corresponding to the IMEI, according to the content returned by the binding relation database.
  • the operator sets and stores the IMSI interval for each IMEI corresponding to the binding in the binding relationship database according to the operation requirements.
  • IMEI-1 allows the IMSI interval to be bound to IMSI-1 to IMSI.
  • IMEI-2 allows the IMSI interval of the binding to be IMSI-6 to IMSI-8
  • IMEI-3 allows the IMSI interval of the binding to be IMSI-9.
  • Step 110 The PC side software determines whether the IMSI of the (U)SIM card is within the IMSI interval, and if yes, proceeds to step 111; otherwise, the prompt cannot lock the terminal with the (U)SIM card, the locking operation fails, and the current end Process.
  • Step 111 The PC side software writes the binding relationship between the IMEI and the IMSI to the configuration information stored in the terminal, and writes the configuration information stored in the (U)SIM card to complete the locking of the IMEI and the IMSI.
  • the terminal After the locking operation is completed, when the terminal is powered on, the terminal reads the configuration information stored by itself, determines the IMSI to be bound to itself, and reads the IMSI of the inserted (U)SIM card, and determines whether the IMSI of the (U)SIM card can Matches the IMSI that needs to be bound. If it can match, it starts normally and allows the user to use normally. If it cannot match, it does not start normally, and the user is prompted to insert the (U)SIM card incorrectly.
  • the (U)SIM card when the terminal is powered on, the (U)SIM card reads the configuration information stored by itself, determines the IMEI to be bound to itself, and reads the IMEI of the terminal inserted by the (U)SIM card, and determines the IMEI of the terminal. Whether the IMEIs to be bound are consistent. If they are consistent, the information is exchanged with the terminal to enable the terminal to start normally and allow the user to use the device normally. If the information is inconsistent, the terminal does not interact with the terminal, so that the terminal cannot be started normally. U) The SIM card is incorrect.
  • the operator can hide the configuration information stored in the terminal and the configuration information stored in the (U)SIM card in the set storage space through the PC side software, so that the hidden storage space can be found only in the set storage space through the PC side software.
  • the configuration information, and the configuration information is modified to effectively prevent malicious tampering.
  • the terminal that needs to be locked may be further configured to read the configuration information stored by itself in the startup process, and if the configuration information is not read, the normal startup cannot be performed; and/or, the configuration needs to be locked.
  • the (U)SIM card must first read the configuration information stored in the terminal during the startup process of the terminal. If the configuration information is not read, the information is not exchanged with the terminal, and the terminal cannot be started normally.
  • FIG. 2 is a schematic flowchart of unlocking a terminal and a (U)SIM card according to the present invention. As shown in FIG. 2, the specific processing process includes:
  • Step 201 When the unlocking operation is required, the PC side software determines whether the terminal is correctly connected to the PC, and if yes, proceeds to step 202; otherwise, the unlocking operation fails, and the current process ends.
  • Step 202 The PC side software determines whether the card reader is correctly connected to the PC, and if yes, proceeds to step 203; otherwise, the unlocking operation fails, and the current process ends.
  • step 102 The specific implementation is the same as step 102 described above, and details are not described herein again.
  • Steps 203 to 204 The PC side software reads the configuration information stored by the terminal, and determines whether the binding relationship exists. If yes, the process proceeds to step 205. If not, the current unlocking operation is not required, and the unlocking operation fails. Process.
  • Step 205 to step 206 The PC side software reads the IMEI of the terminal to determine whether the IMEI is correct. If it is correct, the process proceeds to step 207; if not, the unlock operation fails, and the current process ends.
  • Step 207 to step 208 The card reader reads (IMS) the IMSI of the SIM card, and the PC side software obtains the IMSI read by the card reader to determine whether the IMSI is correct. If yes, proceed to step 209; if not, then The unlock operation failed and the current process is ended.
  • IMS IMSI
  • Step 209 The PC side software reads the configuration information stored by the terminal, and determines the binding with the terminal.
  • IMSI judging whether the IMSI of the (U)SIM card can match the bound IMSI, if it can match, proceed to step 210; if it cannot match, it prompts that the terminal cannot be unlocked with the (U)SIM card, and the unlock operation fails. , ends the current process.
  • Step 210 The PC side software reads (U) the configuration information stored in the SIM card, determines the IMEI bound to the (U)SIM card, and determines whether the IMEI of the terminal is consistent with the bound IMEI. If they are consistent, continue to perform the steps. 211 ; If they are inconsistent, the terminal cannot be unlocked with the (U)SIM card, the unlock operation fails, and the current process ends.
  • step 210 may be performed first, and then step 209 is performed.
  • Step 211 The PC side software deletes the binding relationship between the IMEI and the IMSI from the configuration information stored in the terminal and the configuration information stored in the (U)SIM card, and unlocks the IMEI and the IMSI.
  • the above unlocking operation is performed on both the terminal and the (U)SIM card.
  • the step 209 may be: the PC side software reads the configuration information stored by the terminal. Determining the IMSI bound to the terminal, determining whether the IMSI of the (U)SIM card can match the bound IMSI, and if yes, deleting the binding relationship between the IMEI and the IMSI from the configuration information stored in the terminal, and ending The current process; if it cannot match, the prompt cannot unlock the terminal and the (U)SIM card, the unlocking operation fails, and the current process ends.
  • step 210 may be: the PC side software reads (U) the configuration information stored by the SIM card, determines the IMEI bound to the (U)SIM card, and determines the terminal. Whether the IMEI is consistent with the bound IMEI. If they are consistent, the binding relationship between the IMEI and the IMSI is deleted from the configuration information stored in the (U)SIM card, and the current process is ended; if not, then The prompt cannot unlock the terminal and the (U)SIM card, the unlock operation fails, and the current process ends.
  • the apparatus includes: a device identification determining unit, a user identification determining unit, a verification unit, and a locking unit.
  • the device identifier determining unit is configured to obtain the device identifier of the terminal; the user identifier determining unit is configured to obtain the user identifier of the smart card; the verification unit is configured to determine the binding relationship data set by the operator based on the device identifier, and determine the device. Identifying the allowed binding range, determining whether the user identifier is within the allowed binding range, and if yes, sending the device identifier and the user identifier to the locking unit; the locking unit is configured to use the device The identity and the user identity are bound.
  • the verification unit is further configured to perform validity check on the acquired device identifier and the user identifier.
  • the device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if so, triggering the device identification determining unit; and further configured to determine whether the card reader is correctly connected to the PC, and if yes, triggering the user identification to be determined unit.
  • the locking unit is specifically configured to: write the binding relationship between the device identifier and the user identifier into the configuration information stored in the terminal, and write the configuration information into the configuration information stored by the smart card.
  • the device further includes an unlocking unit, and the verification unit is further configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit; The binding relationship between the device identifier and the user identifier is released.
  • the verification unit is further configured to: read configuration information stored by the terminal, determine a user identifier that needs to be bound to the terminal, determine whether the user identifier of the smart card can match the user identifier that needs to be bound, and if yes, read
  • the configuration information of the smart card is stored, and the device identifier that is bound to the smart card is determined, and the device identifier of the terminal is determined to be consistent with the device identifier to be bound. If the device identifier is consistent, the device identifier and the user identifier are sent to the unlocking unit.
  • the unlocking unit is specifically configured to: configure the binding relationship between the device identifier and the user identifier from the configuration information stored in the terminal, And delete the configuration information of the smart card storage.
  • the verification unit is further configured to: read the configuration information stored by the smart card, determine the device identifier that needs to be bound to the smart card, determine whether the device identifier of the terminal is consistent with the device identifier to be bound, and if they are consistent, read the terminal.
  • the stored configuration information is determined, and the user identifier that is bound to the terminal is determined, and the user identifier of the smart card is matched with the user identifier that needs to be bound. If the user identifier is matched, the device identifier and the user identifier are sent to the user identifier.
  • the unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the terminal and the configuration information stored by the smart card.
  • the verification unit is further configured to: read configuration information stored by the terminal, determine a user identifier that needs to be bound to the terminal, and determine whether the user identifier of the smart card can match the user identifier that needs to be bound, and if yes, The device identifier and the user identifier are sent to the unlocking unit.
  • the unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the terminal.
  • the verification unit is further configured to: read configuration information stored by the smart card, determine a device identifier that needs to be bound to the smart card, determine whether the device identifier of the terminal is consistent with the device identifier to be bound, and if yes, the The device identifier and the user identifier are sent to the unlocking unit.
  • the unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the smart card.
  • the apparatus includes: a device identifier determining unit, a user identifier determining unit, a verifying unit, and an unlocking unit.
  • the device identifier determining unit is configured to obtain the device identifier of the terminal;
  • the user identifier determining unit is configured to obtain the user identifier of the smart card;
  • the verification unit is configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, Sending the device identifier and the user identifier to the unlocking unit;
  • the unlocking unit is configured to release the binding relationship between the device identifier and the user identifier.
  • the detailed functions of the verification unit and the unlocking unit are described in detail in Figure 3, This will not be repeated here.
  • the verification unit is further configured to perform validity check on the acquired device identifier and the user identifier.
  • the device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if so, triggering the device identification determining unit; and further configured to determine whether the card reader is correctly connected to the PC, and if yes, triggering the user identification to be determined unit.
  • the specific implementations of the device identifier determining unit, the user identifier determining unit, the verifying unit, the locking unit, the unlocking unit, and the detecting unit in FIG. 3 and FIG. 4 are all involved in the process descriptions of FIG. 1 and FIG. Let me repeat.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

A method and device for locking or unlocking a terminal and a smart card are disclosed in the present invention. Wherein the locking method includes the following steps: Personal Computer (PC) side software for locking management obtains an equipment identifier of the terminal and a user identifier of the smart card, searches binding relationship data set by an operator based on said equipment identifier, determines an allowable binding range corresponding to said equipment identifier, judges whether said user identifier is within said allowable binding range or not, if yes binds said equipment identifier and said subscriber identifier, and otherwise, does not perform binding operation. According to the solution provided by the present invention, the terminal and the smart card are locked or unlocked through the PC side software for locking management so that the binding relationship can be flexibly configured or released according to the requirement on the operator, the locking or unlocking are performed conveniently and fast, thus the requirement for locking or unlocking batch terminals and smart cards is satisfied.

Description

一种将终端与智能卡锁定或解锁的方法及装置 技术领域  Method and device for locking or unlocking terminal and smart card
本发明涉及终端技术, 特别是指一种将终端与智能卡锁定或解锁的方 法及装置。 背景技术  The present invention relates to terminal technologies, and more particularly to a method and apparatus for locking or unlocking a terminal and a smart card. Background technique
近年来随着移动终端技术的迅猛发展和 3G网络在全球的普及、以及运 营商之间竟争的加剧, 移动终端设备较多地由运营商定制, 运营商对定制 服务也提出了更高的要求, 运营商在定制移动终端设备时, 出于运营商的 需求以及用户安全等考虑, 往往会提出要求某个移动终端锁定一张或者一 批 (U)SIM卡的需求。 其中, SIM ( Subscriber Identity Module )卡、 USIM ( Universal Subscriber Identity Module )卡统称为 (U)SIM卡。  In recent years, with the rapid development of mobile terminal technology, the global popularity of 3G networks, and the intensification of competition among operators, mobile terminal devices are more customized by operators, and operators have also proposed higher customized services. It is required that when the operator customizes the mobile terminal device, for the needs of the operator and the user security, the requirement for a mobile terminal to lock one or a batch of (U)SIM cards is often proposed. The SIM (Subscriber Identity Module) card and the USIM (Universal Subscriber Identity Module) card are collectively referred to as a (U)SIM card.
锁定是对移动终端的特殊要求, 是指当移动终端完成了锁定到某特定 卡的绑定操作后, 要求该移动终端只能使用此特定卡, 其他卡无法在该移 动终端上正常使用。 这样运营商就能够有效的解决用户私自转网、 私自进 行窜货、 以及客户群流失等问题, 从而确保在促销时购买移动终端的用户 能够满足其协议条款, 保证以低廉价格购买移动终端及服务的用户能够在 相对长的时间内使用特定的预定。  Locking is a special requirement for a mobile terminal. When the mobile terminal completes the binding operation of locking to a specific card, the mobile terminal is required to use only the specific card, and other cards cannot be used normally on the mobile terminal. In this way, the operator can effectively solve the problems of users transferring the network privately, carrying out the goods privately, and losing the customer group, so as to ensure that the users who purchase the mobile terminal during the promotion can satisfy the terms of the agreement and ensure that the mobile terminal and the service are purchased at a low price. The user is able to use a particular reservation for a relatively long period of time.
运营商对锁定的安全性提出了很高的要求, 通常在移动终端或者 (U)SIM卡侧保存一些锁定 /解锁控制信息。 例如, 一种锁定方案需要在移动 终端内, 以配置信息形式写入所获取的锁定 /解锁控制信息, 如保存在手机 固件 Flash某个标志位或者固定的存储器, 这样, 一旦绑定关系建立就难以 再更改, 除非更改手机固件或重新擦写存储器, 无法灵活地适应运营商灵 活的运营需求。 如果运营商对终端与 (U)SIM卡的锁定要求有变, 必须通过 繁瑣的操作才能实现。 Operators place high demands on the security of the lock, usually storing some lock/unlock control information on the mobile terminal or (U)SIM card side. For example, a locking scheme needs to write the acquired locking/unlocking control information in the form of configuration information in the mobile terminal, such as saving in a certain flag of the mobile phone firmware Flash or a fixed memory, so that once the binding relationship is established, It is difficult to change, unless you change the phone firmware or rewrite the memory, you can not flexibly adapt to the operator's flexible operational needs. If the operator's locking requirements for the terminal and the (U)SIM card change, it must pass Trivial operations can be achieved.
另外, 目前还没有能够有效保护锁定相关敏感数据、 以及防止黑客破 解锁定的有效安全机制。 由于上述控制信息保存在移动终端可以随意访问 的存储器上, 这样, 一旦移动终端被重新烧写版本, 或者该控制信息被破 解或改写, 卡的锁定就会自动失效。  In addition, there is currently no effective security mechanism that effectively protects lock-related sensitive data and prevents hackers from breaking the lock. Since the above control information is stored in a memory that the mobile terminal can access at random, such that once the mobile terminal is re-programmed, or the control information is broken or rewritten, the card lock is automatically disabled.
综上所述, 目前还没有一种方便灵活的移动终端与 (U)SIM卡锁定的方 案, 另外, 无法有效避免非法解锁。 发明内容  In summary, there is currently no convenient and flexible mobile terminal and (U)SIM card locking scheme. In addition, illegal unlocking cannot be effectively avoided. Summary of the invention
有鉴于此, 本发明的一个目的在于提供一种将终端与智能卡锁定的方 法及装置, 方便灵活地实现锁定。 本发明的另一目的在于提供一种将终端 与智能卡解锁的方法及装置, 方便灵活地解除锁定。  In view of the above, it is an object of the present invention to provide a method and apparatus for locking a terminal and a smart card to facilitate locking. Another object of the present invention is to provide a method and apparatus for unlocking a terminal and a smart card, which is convenient and flexible to unlock.
为解决上述技术问题, 本发明的技术方案是这样实现的:  In order to solve the above technical problem, the technical solution of the present invention is implemented as follows:
一种将终端与智能卡锁定的方法, 包括: 用于进行锁定管理的 PC侧软 件获取终端的设备标识及智能卡的用户标识, 基于所述设备标识搜索运营 商设定的绑定关系数据, 确定所述设备标识对应的允许绑定范围, 判断所 述用户标识是否在所述允许绑定范围内, 如果是, 则对所述设备标识和所 述用户标识进行绑定操作; 否则, 不进行绑定操作。  A method for locking a terminal and a smart card, comprising: acquiring, by the PC side software for performing the lock management, a device identifier of the terminal and a user identifier of the smart card, searching for the binding relationship data set by the operator based on the device identifier, determining the location Determining the allowed binding range of the device identifier, determining whether the user identifier is within the allowed binding range, and if yes, binding the device identifier and the user identifier; otherwise, not binding operating.
所述对设备标识和用户标识进行绑定操作, 具体包括: PC侧软件将终 端的所述设备标识与智能卡的所述用户标识的绑定关系写入终端存储的配 置信息和智能卡存储的配置信息中。  The binding operation between the device identifier and the user identifier includes: the PC side software writes the binding relationship between the device identifier of the terminal and the user identifier of the smart card to the configuration information stored by the terminal and the configuration information stored by the smart card. in.
所述基于设备标识搜索运营商设定的绑定关系数据之前, 进一步包括: PC侧软件读取终端存储的配置信息, 判断绑定关系是否存在, 如果存在, 则结束当前流程; 如果不存在, 则基于所述设备标识搜索运营商设定的绑 定关系数据; 或者,  Before the searching for the binding relationship data set by the operator based on the device identifier, the method further includes: the PC side software reading the configuration information stored by the terminal, determining whether the binding relationship exists, and if yes, ending the current process; if not, Searching for binding relationship data set by the operator based on the device identifier; or
PC侧软件读取终端存储的配置信息及智能卡存储的配置信息, 判断绑 定关系是否存在, 如果任一存在, 则结束当前流程; 如果均不存在, 则基 于所述设备标识搜索运营商设定的绑定关系数据。 The PC side software reads the configuration information stored by the terminal and the configuration information stored by the smart card, and determines the binding. Whether the relationship exists, if any exists, the current process is ended; if none exists, the binding relationship data set by the operator is searched based on the device identifier.
所述对设备标识和用户标识进行绑定操作之后, 进一步包括: PC侧软 件获取终端的设备标识及智能卡的用户标识, 判断所述设备标识和所述用 户标识是否符合绑定关系, 如果是, 则解除所述设备标识和所述用户标识 的绑定关系; 否则, 不进行解锁操作。  After the binding operation of the device identifier and the user identifier, the method further includes: the PC side software acquiring the device identifier of the terminal and the user identifier of the smart card, and determining whether the device identifier and the user identifier meet the binding relationship, and if yes, The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
一种将终端与智能卡解锁的方法, 包括: 用于进行锁定管理的 PC侧软 件获取终端的设备标识及智能卡的用户标识, 判断所述设备标识和所述用 户标识是否符合绑定关系, 如果是, 则解除所述设备标识和所述用户标识 的绑定关系; 否则, 不进行解锁操作。  A method for unlocking a terminal and a smart card, comprising: a PC side software for performing lock management, obtaining a device identifier of the terminal, and a user identifier of the smart card, determining whether the device identifier and the user identifier meet the binding relationship, and if The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
所述解除设备标识和用户标识的绑定关系, 具体包括: 在终端存储的 配置信息和智能卡存储的配置信息中删除终端的所述设备标识与智能卡的 所述用户标识的绑定关系; 或者,  The binding relationship between the device identifier and the user identifier is specifically: the binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information stored in the terminal and the configuration information stored in the smart card; or
在终端存储的配置信息中删除终端的所述设备标识与智能卡的所述用 户标识的绑定关系; 或者,  Deleting the binding relationship between the device identifier of the terminal and the user identifier of the smart card in the configuration information stored in the terminal; or
在智能卡存储的配置信息中删除终端的所述设备标识与智能卡的所述 用户标识的绑定关系。  The binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information of the smart card.
所述判断所述设备标识和所述用户标识是否符合绑定关系, 具体包括: 读取终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断智能 卡的用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则 读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判断 终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则符合绑定 关系; 或者,  Determining whether the device identifier and the user identifier meet the binding relationship, specifically: reading the configuration information stored by the terminal, determining the user identifier that needs to be bound to the terminal, and determining whether the user identifier of the smart card can be tied to the requirement If the matching user IDs match, the configuration information of the smart card is read, and the device IDs to be bound to the smart card are determined, and the device identifiers of the terminal are consistent with the device identifiers to be bound. Compliance with the binding relationship; or,
读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则读取 终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断智能卡的 用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则符合 绑定关系; 或者, Read the configuration information of the smart card, determine the device ID to be bound to the smart card, and determine whether the device ID of the terminal is the same as the device ID to be bound. The configuration information stored in the terminal determines the user identifier to be bound to the terminal, and determines whether the user identifier of the smart card can match the user identifier to be bound. If the matching can match, the binding relationship is met; or
读取终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断 智能卡的用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则符合绑定关系; 或者,  The configuration information stored in the terminal is read, and the user identifier to be bound to the terminal is determined, and the user identifier of the smart card is matched with the user identifier to be bound, and if it can match, the binding relationship is met; or
读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则符合 绑定关系。  Read the configuration information of the smart card, determine the device ID to be bound to the smart card, and determine whether the device ID of the terminal is the same as the device ID to be bound. If they are consistent, the binding relationship is met.
以上所述获取终端的设备标识及智能卡的用户标识之后, 进一步包括: After obtaining the device identifier of the terminal and the user identifier of the smart card, the method further includes:
PC侧软件对获取的设备标识和用户标识进行有效性检查。 The PC side software checks the validity of the acquired device ID and user ID.
一种将终端与智能卡锁定的装置, 包括:  A device for locking a terminal and a smart card, comprising:
设备标识确定单元, 用于获取终端的设备标识;  a device identifier determining unit, configured to acquire a device identifier of the terminal;
用户标识确定单元, 用于获取智能卡的用户标识;  a user identifier determining unit, configured to acquire a user identifier of the smart card;
验证单元, 用于基于所述设备标识搜索运营商设定的绑定关系数据, 确定所述设备标识对应的允许绑定范围, 判断所述用户标识是否在所述允 许绑定范围内, 如果是, 则将所述设备标识和所述用户标识发送给锁定单 元;  a verification unit, configured to determine, according to the binding relationship data set by the device identifier search operator, the allowed binding range corresponding to the device identifier, and determine whether the user identifier is within the allowed binding range, if Sending the device identifier and the user identifier to the locking unit;
锁定单元, 用于对所述设备标识和所述用户标识进行绑定操作。  a locking unit, configured to perform a binding operation on the device identifier and the user identifier.
所述装置进一步包括解锁单元,  The device further includes an unlocking unit,
所述验证单元还用于: 判断所述设备标识和所述用户标识是否符合绑 定关系, 如果是, 则将所述设备标识和所述用户标识发送给解锁单元; 所述解锁单元用于: 解除所述设备标识和所述用户标识的绑定关系。 一种将终端与智能卡解锁的装置, 包括:  The verification unit is further configured to: determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit; the unlocking unit is configured to: The binding relationship between the device identifier and the user identifier is released. A device for unlocking a terminal and a smart card, comprising:
设备标识确定单元, 用于获取终端的设备标识; 用户标识确定单元, 用于获取智能卡的用户标识; a device identifier determining unit, configured to acquire a device identifier of the terminal; a user identifier determining unit, configured to acquire a user identifier of the smart card;
验证单元, 用于判断所述设备标识和所述用户标识是否符合绑定关系 , 如果是, 则将所述设备标识和所述用户标识发送给解锁单元;  a verification unit, configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit;
解锁单元, 用于解除所述设备标识和所述用户标识的绑定关系。  The unlocking unit is configured to release the binding relationship between the device identifier and the user identifier.
以上所述验证单元进一步用于: 对获取的设备标识和用户标识进行有 效性检查。  The verification unit is further configured to: perform an effective check on the acquired device identifier and the user identifier.
以上所述装置进一步包括检测单元, 用于判断终端是否正确连接到 PC 上, 如果是, 则触发设备标识确定单元; 还用于判断读卡器是否正确连接 到 PC上, 如果是, 则触发用户标识确定单元。  The device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if yes, triggering the device identification determining unit; and further determining whether the card reader is correctly connected to the PC, and if yes, triggering the user Identification determination unit.
根据本发明提供的方案,通过进行锁定管理的 PC侧软件来进行终端与 智能卡的锁定或解锁操作, 能够根据运营商的需求, 灵活地配置绑定关系 或解除绑定关系, 方便快捷地进行锁定或解锁锁定, 满足了批量终端与智 能卡锁定或解锁的需求。  According to the solution provided by the present invention, the locking or unlocking operation of the terminal and the smart card is performed by performing the PC-side software of the lock management, and the binding relationship or the unbinding relationship can be flexibly configured according to the requirements of the operator, and the locking is conveniently and quickly performed. Or unlock the lock to meet the needs of the batch terminal and smart card lock or unlock.
另外, 由于进行锁定管理的 PC侧软件安装在运营商管理的 PC上, 有 效避免了现有技术中终端及智能卡存储的绑定关系容易被改写和擦除, 使 得锁定被轻易解除的问题, 能够有效避免非法解锁, 并通过安全途径解除 锁定。 附图说明  In addition, since the PC-side software for performing lock management is installed on the PC managed by the operator, the binding relationship between the terminal and the smart card storage in the prior art is easily avoided from being easily rewritten and erased, so that the lock is easily released. Effectively avoid illegal unlocking and unlock it through a secure route. DRAWINGS
图 1为本发明中将终端与 (U)SIM卡锁定的流程示意图;  1 is a schematic flow chart of locking a terminal and a (U)SIM card in the present invention;
图 2为本发明中将终端与 (U)SIM卡解锁的流程示意图;  2 is a schematic flowchart of unlocking a terminal and a (U)SIM card in the present invention;
图 3为本发明中将终端与智能卡锁定的装置的结构示意图;  3 is a schematic structural diagram of an apparatus for locking a terminal and a smart card in the present invention;
图 4为本发明中将终端与智能卡解锁的装置的结构示意图。 具体实施方式  FIG. 4 is a schematic structural diagram of an apparatus for unlocking a terminal and a smart card in the present invention. detailed description
本发明中, 需要进行锁定操作时, 用于进行锁定管理的 PC侧软件获取 终端的设备标识及智能卡的用户标识, 基于所述设备标识搜索运营商设定 的绑定关系数据, 确定所述设备标识对应的允许绑定范围, 判断所述用户 标识是否在所述允许绑定范围内, 如果是, 则对所述设备标识和所述用户 标识进行绑定操作; 否则, 不进行绑定操作。 In the present invention, when the lock operation is required, the PC side software for performing lock management is acquired. The device identifier of the terminal and the user identifier of the smart card, based on the binding relationship data set by the device identifier search operator, determining an allowable binding range corresponding to the device identifier, and determining whether the user identifier is in the allowed binding If yes, the binding between the device identifier and the user identifier is performed; otherwise, the binding operation is not performed.
本发明中, 需要进行解锁操作时, 用于进行锁定管理的 PC侧软件获取 终端的设备标识及智能卡的用户标识, 判断所述设备标识和所述用户标识 是否符合绑定关系, 如果是, 则解除所述设备标识和所述用户标识的绑定 关系; 否则, 不进行解锁操作。  In the present invention, when the unlocking operation is required, the PC-side software for performing the lock management acquires the device identifier of the terminal and the user identifier of the smart card, and determines whether the device identifier and the user identifier meet the binding relationship. If yes, The binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
以上所述终端可以包括固定台、 手机、 上网本等。 智能卡是指可以插 入终端、 用来标识用户身份的卡, 可以是 SIM卡, 也可以是 USIM卡, 还 可以是 UIM ( User Identity Model ) 卡。 终端的设备标识可以为 IMEI ( International Mobile Equipment Identity, 国际移动设备识别码)、 智能卡的 用户标识可以为 IMSI( International Mobile Subscriber Identification Number, 国际移动用户识别码)。  The terminal described above may include a fixed station, a mobile phone, a netbook, and the like. A smart card is a card that can be inserted into a terminal and used to identify a user. It can be a SIM card, a USIM card, or a UIM (User Identity Model) card. The device identifier of the terminal may be an IMEI (International Mobile Equipment Identity), and the user identifier of the smart card may be an IMSI (International Mobile Subscriber Identification Number).
所述获取终端的设备标识及智能卡的用户标识之后, 可以进一步对获 取的设备标识和用户标识进行有效性检查, 从而保证后续进行锁定或解锁 操作的设备标识和用户标识是符合国际标准及运营商标准的。  After obtaining the device identifier of the terminal and the user identifier of the smart card, the device identifier and the user identifier of the device may be checked for validity, so that the device identifier and the user identifier of the subsequent locking or unlocking operation are in compliance with international standards and operators. standard.
所述对设备标识和用户标识进行绑定操作, 具体包括: 将终端的所述 设备标识与智能卡的所述用户标识的绑定关系写入终端存储的配置信息和 智能卡存储的配置信息中。  The binding operation of the device identifier and the user identifier includes: binding the binding relationship between the device identifier of the terminal and the user identifier of the smart card to the configuration information stored by the terminal and the configuration information stored by the smart card.
所述解除设备标识和用户标识的绑定关系, 具体包括: 在终端存储的 配置信息和智能卡存储的配置信息中删除终端的所述设备标识与智能卡的 所述用户标识的绑定关系; 或者, 在终端存储的配置信息中删除终端的所 述设备标识与智能卡的所述用户标识的绑定关系; 或者, 在智能卡存储的 配置信息中删除终端的所述设备标识与智能卡的所述用户标识的绑定关 系。 The binding relationship between the device identifier and the user identifier is specifically: the binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information stored in the terminal and the configuration information stored in the smart card; or Deleting the binding relationship between the device identifier of the terminal and the user identifier of the smart card in the configuration information stored in the terminal; or deleting the device identifier of the terminal and the user identifier of the smart card in the configuration information stored by the smart card Binding off Department.
以下以终端的设备标识为 IMEI、智能卡为 (U)SIM卡、智能卡的用户标 识为 IMSI为例, 对本发明方案的具体实现进行更为详细的说明。  The specific implementation of the solution of the present invention is described in detail below by taking the device identification of the terminal as IMEI, the smart card as the (U)SIM card, and the user identification of the smart card as IMSI.
图 1为本发明中将终端与 (U)SIM卡锁定的流程示意图, 如图 1所示, 具体处理过程包括:  FIG. 1 is a schematic flowchart of locking a terminal and a (U)SIM card according to the present invention. As shown in FIG. 1, the specific processing process includes:
步骤 101 : 需要进行锁定操作时, PC侧软件判断终端是否正确连接到 PC上, 如果是, 则继续执行步骤 102; 否则, 锁定操作失败, 结束当前流 程。  Step 101: When the locking operation is required, the PC side software determines whether the terminal is correctly connected to the PC, and if yes, proceeds to step 102; otherwise, the locking operation fails, and the current process ends.
由运营商管理的 PC上安装有用于进行锁定管理的 PC侧软件, 从而使 运营商可以通过 PC侧软件对终端和 (U)SIM卡进行锁定管理, 如锁定操作 或解锁操作。  The PC-side software for lock management is installed on the PC managed by the operator, so that the operator can perform lock management, such as a lock operation or an unlock operation, on the terminal and the (U)SIM card through the PC side software.
PC通过数据线与终端连接, 通过检测端口的方式来判断终端是否已正 确连接到 PC上, 具体地, 终端通过数据线连接到 PC后, 使得 PC的端口 的电压发生改变, PC侧软件检测到 PC的端口的电压发生改变后, 向终端 发送消息, 如果收到终端收到消息后返回的响应, 则表明终端已正确连接 到 PC上, 建立与终端的信号通路; 如果未收到终端返回的响应, 则表明终 端未正确连接到 PC上。  The PC connects to the terminal through the data line, and determines whether the terminal is correctly connected to the PC by detecting the port. Specifically, after the terminal is connected to the PC through the data line, the voltage of the port of the PC is changed, and the PC side software detects After the voltage of the port of the PC is changed, the message is sent to the terminal. If the response is returned after receiving the message, the terminal is correctly connected to the PC, and the signal path with the terminal is established; if the terminal does not receive the return In response, the terminal is not properly connected to the PC.
步骤 102: PC侧软件判断读卡器是否正确连接到 PC上, 如果是, 则 继续执行步骤 103; 否则, 锁定操作失败, 结束当前流程。  Step 102: The PC side software determines whether the card reader is correctly connected to the PC, and if yes, proceeds to step 103; otherwise, the locking operation fails, and the current process ends.
PC通过数据线与读卡器连接, 通过检测端口的方式来判断读卡器是否 已正确连接到 PC上, 具体地, 读卡器通过数据线连接到 PC后, 使得 PC 的端口的电压发生改变, PC侧软件检测到 PC的端口的电压发生改变后, 向读卡器发送消息, 如果收到读卡器收到消息后返回的响应, 则表明读卡 器已正确连接到 PC上, 建立与读卡器的信号通路; 如果未收到读卡器返回 的响应, 则表明读卡器未正确连接到 PC上。 步骤 103〜步骤 104: PC侧软件读取终端存储的配置信息, 判断绑定关 系是否存在, 如果存在, 则表明当前不需要锁定, 锁定操作失败, 结束当 前流程; 如果不存在, 则继续执行步骤 105。 The PC is connected to the card reader through the data line, and the port is detected to determine whether the card reader is properly connected to the PC. Specifically, after the card reader is connected to the PC through the data line, the voltage of the PC port is changed. After the PC side software detects that the voltage of the port of the PC has changed, it sends a message to the card reader. If the response returned by the card reader after receiving the message, the card reader is correctly connected to the PC, and the software is established. The signal path of the reader; if the response returned by the reader is not received, the reader is not properly connected to the PC. Steps 103 to 104: The PC side software reads the configuration information stored by the terminal, and determines whether the binding relationship exists. If yes, it indicates that the lock is not required, the lock operation fails, and the current process ends. If not, the process continues. 105.
终端与(U)SIM 卡绑定后, 绑定关系存储在终端存储的配置信息及 (U)SIM卡存储的配置信息中,通过配置信息便可以确定终端与 (U)SIM卡绑 定。  After the terminal is bound to the (U)SIM card, the binding relationship is stored in the configuration information stored in the terminal and the configuration information stored in the (U)SIM card. The configuration information can be used to determine the terminal and the (U)SIM card binding.
在执行步骤 105之前, PC侧软件可以进一步读取 (U)SIM卡存储的配置 信息, 判断绑定关系是否存在, 如果存在, 则表明当前不需要锁定, 锁定 操作失败, 结束当前流程; 如果不存在, 则继续执行步骤 105。  Before performing step 105, the PC side software can further read (U) the configuration information stored in the SIM card to determine whether the binding relationship exists. If it exists, it indicates that the lock is not needed at present, the locking operation fails, and the current process ends; If yes, proceed to step 105.
另外, 具体实现中, 也可以先读取 (U)SIM卡存储的配置信息, 判断绑 定关系是否存在, 确定绑定关系不存在时, 再读取终端存储的配置信息。  In addition, in the specific implementation, the configuration information stored in the (U)SIM card may be read first, whether the binding relationship exists, and when the binding relationship does not exist, the configuration information stored in the terminal is read.
步骤 105〜步骤 106: PC侧软件读取终端的 IMEI,判断 IMEI是否正确, 如果正确, 则继续执行步骤 107; 如果不正确, 则锁定操作失败, 结束当前 流程。  Steps 105 to 106: The PC side software reads the IMEI of the terminal to determine whether the IMEI is correct. If it is correct, proceed to step 107; if not, the locking operation fails, and the current process ends.
PC侧软件向终端发送用于读取 IMEI的 AT命令,终端收到 AT命令后, 向 PC侧软件返回终端的 IMEI。  The PC side software sends an AT command for reading the IMEI to the terminal, and after receiving the AT command, the terminal returns the IMEI of the terminal to the PC side software.
读取到 IMEI后, PC侧软件判断 IMEI是否正确, 即对 IMEI进行有效 性检查 , 也就是判断 IMEI是否符合国际标准及运营商标准, 如判断 IMEI 的位数及设定位的数字是否符合国际标准及运营商标准。  After reading the IMEI, the PC side software determines whether the IMEI is correct, that is, checks the validity of the IMEI, that is, determines whether the IMEI complies with international standards and carrier standards, such as determining whether the number of digits of the IMEI and the number of the set digits are in compliance with international standards. Standard and carrier standards.
步骤 107〜步骤 108: 读卡器读取 (U)SIM卡的 IMSI, PC侧软件获取读 卡器读取的 IMSI, 判断 IMSI是否正确, 如果正确, 则继续执行步骤 109; 如果不正确, 则锁定操作失败, 结束当前流程。  Steps 107 to 108: The card reader reads (IMS) the IMSI of the SIM card, and the PC side software obtains the IMSI read by the card reader to determine whether the IMSI is correct. If yes, proceed to step 109; if not, then The lock operation failed and the current process is ended.
PC侧软件向读卡器发送用于读取 IMSI的 AT命令, 读卡器收到 AT命 令后 , 读取 (U)SIM卡的 IMEI并返回给 PC侧软件。  The PC side software sends an AT command for reading the IMSI to the card reader. After receiving the AT command, the card reader reads the IMEI of the (U) SIM card and returns it to the PC side software.
获取到 IMSI后, PC侧软件判断 IMSI是否正确, 即对 IMSI进行有效 性检查, 也就是判断 IMSI是否符合国际标准及运营商标准, 如判断 IMSI 的位数及设定位的数字是否符合国际标准及运营商标准。 After obtaining the IMSI, the PC side software determines whether the IMSI is correct, that is, validates the IMSI. Sexual inspection, that is, to determine whether the IMSI complies with international standards and operator standards, such as determining whether the number of digits of the IMSI and the number of the set digits meet international standards and operator standards.
步骤 109: PC侧软件基于 IMEI搜索运营商设定的绑定关系数据库,根 据绑定关系数据库返回的内容得到符合条件的 IMSI区间、 即 IMEI对应的 允许绑定的 IMSI区间。  Step 109: The PC side software is based on the binding relationship database set by the IMEI search operator, and obtains an IMSI section that meets the conditions, that is, an IMSI section corresponding to the IMEI, according to the content returned by the binding relation database.
运营商根据运营需要,在绑定关系数据库中设定并存储各 IMEI对应的 允许绑定的 IMSI区间,例如,绑定关系数据库中, IMEI-1允许绑定的 IMSI 区间为 IMSI-1至 IMSI-5 , IMEI-2允许绑定的 IMSI区间为 IMSI-6至 IMSI-8 , IMEI-3允许绑定的 IMSI区间为 IMSI-9。  The operator sets and stores the IMSI interval for each IMEI corresponding to the binding in the binding relationship database according to the operation requirements. For example, in the binding relation database, IMEI-1 allows the IMSI interval to be bound to IMSI-1 to IMSI. -5, IMEI-2 allows the IMSI interval of the binding to be IMSI-6 to IMSI-8, and IMEI-3 allows the IMSI interval of the binding to be IMSI-9.
步骤 110: PC侧软件判断 (U)SIM卡的 IMSI是否在 IMSI区间范围内, 如果是, 则继续执行步骤 111 ; 否则, 提示无法将终端与 (U)SIM卡锁定, 锁定操作失败, 结束当前流程。  Step 110: The PC side software determines whether the IMSI of the (U)SIM card is within the IMSI interval, and if yes, proceeds to step 111; otherwise, the prompt cannot lock the terminal with the (U)SIM card, the locking operation fails, and the current end Process.
步骤 111 : PC侧软件将 IMEI与 IMSI的绑定关系写入到终端存储的配 置信息中, 并写入到 (U)SIM卡存储的配置信息中, 完成将 IMEI 与 IMSI 的锁定。  Step 111: The PC side software writes the binding relationship between the IMEI and the IMSI to the configuration information stored in the terminal, and writes the configuration information stored in the (U)SIM card to complete the locking of the IMEI and the IMSI.
完成锁定操作后, 终端开机时, 终端读取自身存储的配置信息, 确定 需要与自身绑定的 IMSI, 并读取插入的 (U)SIM卡的 IMSI, 判断 (U)SIM卡 的 IMSI是否能够与需要绑定的 IMSI相匹配, 如果能够匹配, 则正常启动, 允许用户正常使用; 如果不能匹配, 则不进行正常启动, 提示用户插入的 (U)SIM卡不正确。 进一步地, 终端开机时, (U)SIM卡读取自身存储的配置 信息, 确定需要与自身绑定的 IMEI, 并读取该 (U)SIM 卡所插入的终端的 IMEI, 判断终端的 IMEI与需要绑定的 IMEI是否一致, 如果一致, 则与终 端进行信息交互, 使终端正常启动, 允许用户正常使用; 如果不一致, 则 不与终端进行信息交互, 使终端无法正常启动, 提示用户插入的 (U)SIM卡 不正确。 本发明方案中, 运营商可以通过 PC 侧软件将终端存储的配置信息和 (U)SIM卡存储的配置信息隐藏在设定存储空间, 这样, 只有通过 PC侧软 件才能在设定存储空间找到隐藏的配置信息, 并对配置信息进行修改, 有 效防止了恶意篡改。 After the locking operation is completed, when the terminal is powered on, the terminal reads the configuration information stored by itself, determines the IMSI to be bound to itself, and reads the IMSI of the inserted (U)SIM card, and determines whether the IMSI of the (U)SIM card can Matches the IMSI that needs to be bound. If it can match, it starts normally and allows the user to use normally. If it cannot match, it does not start normally, and the user is prompted to insert the (U)SIM card incorrectly. Further, when the terminal is powered on, the (U)SIM card reads the configuration information stored by itself, determines the IMEI to be bound to itself, and reads the IMEI of the terminal inserted by the (U)SIM card, and determines the IMEI of the terminal. Whether the IMEIs to be bound are consistent. If they are consistent, the information is exchanged with the terminal to enable the terminal to start normally and allow the user to use the device normally. If the information is inconsistent, the terminal does not interact with the terminal, so that the terminal cannot be started normally. U) The SIM card is incorrect. In the solution of the present invention, the operator can hide the configuration information stored in the terminal and the configuration information stored in the (U)SIM card in the set storage space through the PC side software, so that the hidden storage space can be found only in the set storage space through the PC side software. The configuration information, and the configuration information is modified to effectively prevent malicious tampering.
并且, 本发明方案中, 可以进一步将需要锁定的终端配置为启动过程 中必须首先读取自身存储的配置信息, 如果读取不到配置信息, 则无法进 行正常启动; 和 /或, 配置需要锁定的 (U)SIM卡在终端启动过程中必须首先 读取自身存储的配置信息, 如果读取不到配置信息, 则不与终端进行信息 交互, 使终端无法正常启动。  Moreover, in the solution of the present invention, the terminal that needs to be locked may be further configured to read the configuration information stored by itself in the startup process, and if the configuration information is not read, the normal startup cannot be performed; and/or, the configuration needs to be locked. The (U)SIM card must first read the configuration information stored in the terminal during the startup process of the terminal. If the configuration information is not read, the information is not exchanged with the terminal, and the terminal cannot be started normally.
图 2为本发明中将终端与 (U)SIM卡解锁的流程示意图, 如图 2所示, 具体处理过程包括:  2 is a schematic flowchart of unlocking a terminal and a (U)SIM card according to the present invention. As shown in FIG. 2, the specific processing process includes:
步骤 201 : 需要进行解锁操作时, PC侧软件判断终端是否正确连接到 PC上, 如果是, 则继续执行步骤 202; 否则, 解锁操作失败, 结束当前流 程。  Step 201: When the unlocking operation is required, the PC side software determines whether the terminal is correctly connected to the PC, and if yes, proceeds to step 202; otherwise, the unlocking operation fails, and the current process ends.
具体执行与前面描述的步骤 101相同, 在此不再赘述。  The specific implementation is the same as step 101 described above, and details are not described herein again.
步骤 202: PC侧软件判断读卡器是否正确连接到 PC上, 如果是, 则 继续执行步骤 203; 否则, 解锁操作失败, 结束当前流程。  Step 202: The PC side software determines whether the card reader is correctly connected to the PC, and if yes, proceeds to step 203; otherwise, the unlocking operation fails, and the current process ends.
具体执行与前面描述的步骤 102相同, 在此不再赘述。  The specific implementation is the same as step 102 described above, and details are not described herein again.
步骤 203〜步骤 204: PC侧软件读取终端存储的配置信息, 判断绑定关 系是否存在, 如果存在, 则继续执行步骤 205; 如果不存在, 则表明当前不 需要解锁, 解锁操作失败, 结束当前流程。  Steps 203 to 204: The PC side software reads the configuration information stored by the terminal, and determines whether the binding relationship exists. If yes, the process proceeds to step 205. If not, the current unlocking operation is not required, and the unlocking operation fails. Process.
步骤 205〜步骤 206: PC侧软件读取终端的 IMEI,判断 IMEI是否正确, 如果正确, 则继续执行步骤 207; 如果不正确, 则解锁操作失败, 结束当前 流程。  Step 205 to step 206: The PC side software reads the IMEI of the terminal to determine whether the IMEI is correct. If it is correct, the process proceeds to step 207; if not, the unlock operation fails, and the current process ends.
具体执行与前面描述的步骤 105〜步骤 106相同, 在此不再赘述。 步骤 207〜步骤 208: 读卡器读取 (U)SIM卡的 IMSI, PC侧软件获取读 卡器读取的 IMSI, 判断 IMSI是否正确, 如果正确, 则继续执行步骤 209; 如果不正确, 则解锁操作失败, 结束当前流程。 The specific implementation is the same as the steps 105 to 106 described above, and details are not described herein again. Step 207 to step 208: The card reader reads (IMS) the IMSI of the SIM card, and the PC side software obtains the IMSI read by the card reader to determine whether the IMSI is correct. If yes, proceed to step 209; if not, then The unlock operation failed and the current process is ended.
具体执行与前面描述的步骤 107〜步骤 108相同, 在此不再赘述。  The specific implementation is the same as the steps 107 to 108 described above, and details are not described herein again.
步骤 209: PC侧软件读取终端存储的配置信息, 确定与该终端绑定的 Step 209: The PC side software reads the configuration information stored by the terminal, and determines the binding with the terminal.
IMSI, 判断 (U)SIM卡的 IMSI是否能够与绑定的 IMSI相匹配, 如果能够匹 配, 则继续执行步骤 210; 如果不能匹配, 则提示无法将终端与 (U)SIM卡 解锁, 解锁操作失败, 结束当前流程。 IMSI, judging whether the IMSI of the (U)SIM card can match the bound IMSI, if it can match, proceed to step 210; if it cannot match, it prompts that the terminal cannot be unlocked with the (U)SIM card, and the unlock operation fails. , ends the current process.
步骤 210: PC侧软件读取 (U)SIM卡存储的配置信息,确定与该 (U)SIM 卡绑定的 IMEI, 判断终端的 IMEI与绑定的 IMEI是否一致, 如果一致, 则 继续执行步骤 211 ; 如果不一致, 则提示无法将终端与 (U)SIM卡解锁, 解 锁操作失败, 结束当前流程。  Step 210: The PC side software reads (U) the configuration information stored in the SIM card, determines the IMEI bound to the (U)SIM card, and determines whether the IMEI of the terminal is consistent with the bound IMEI. If they are consistent, continue to perform the steps. 211 ; If they are inconsistent, the terminal cannot be unlocked with the (U)SIM card, the unlock operation fails, and the current process ends.
另外, 具体实现中, 也可以先执行步骤 210, 再执行步骤 209。  In addition, in the specific implementation, step 210 may be performed first, and then step 209 is performed.
步骤 211 : PC侧软件将 IMEI与 IMSI的绑定关系从终端存储的配置信 息、 及 (U)SIM卡存储的配置信息中删除, 解除 IMEI与 IMSI的锁定。  Step 211: The PC side software deletes the binding relationship between the IMEI and the IMSI from the configuration information stored in the terminal and the configuration information stored in the (U)SIM card, and unlocks the IMEI and the IMSI.
另外, 以上解锁操作是在终端和 (U)SIM卡上都进行解锁操作, 如果实 际应用中, 只需要在终端上解除锁定, 则步骤 209可以为: PC侧软件读取 终端存储的配置信息, 确定与该终端绑定的 IMSI, 判断 (U)SIM卡的 IMSI 是否能够与绑定的 IMSI相匹配,如果能够匹配,则将 IMEI与 IMSI的绑定 关系从终端存储的配置信息中删除, 结束当前流程; 如果不能匹配, 则提 示无法将终端与 (U)SIM卡解锁, 解锁操作失败, 结束当前流程。  In addition, the above unlocking operation is performed on both the terminal and the (U)SIM card. If the user only needs to unlock the terminal, the step 209 may be: the PC side software reads the configuration information stored by the terminal. Determining the IMSI bound to the terminal, determining whether the IMSI of the (U)SIM card can match the bound IMSI, and if yes, deleting the binding relationship between the IMEI and the IMSI from the configuration information stored in the terminal, and ending The current process; if it cannot match, the prompt cannot unlock the terminal and the (U)SIM card, the unlocking operation fails, and the current process ends.
或者, 只需要在 (U)SIM卡上解除锁定, 则步骤 210可以为: PC侧软件 读取 (U)SIM卡存储的配置信息, 确定与该 (U)SIM卡绑定的 IMEI, 判断终 端的 IMEI与绑定的 IMEI是否一致, 如果一致, 则将 IMEI与 IMSI的绑定 关系从 (U)SIM卡存储的配置信息中删除, 结束当前流程; 如果不一致, 则 提示无法将终端与 (U)SIM卡解锁, 解锁操作失败, 结束当前流程。 Alternatively, only need to unlock on the (U)SIM card, step 210 may be: the PC side software reads (U) the configuration information stored by the SIM card, determines the IMEI bound to the (U)SIM card, and determines the terminal. Whether the IMEI is consistent with the bound IMEI. If they are consistent, the binding relationship between the IMEI and the IMSI is deleted from the configuration information stored in the (U)SIM card, and the current process is ended; if not, then The prompt cannot unlock the terminal and the (U)SIM card, the unlock operation fails, and the current process ends.
图 3为本发明中将终端与智能卡锁定的装置的结构示意图, 如图 3所 示, 该装置包括: 设备标识确定单元、 用户标识确定单元、 验证单元和锁 定单元。 其中, 设备标识确定单元用于获取终端的设备标识; 用户标识确 定单元用于获取智能卡的用户标识; 验证单元用于基于所述设备标识搜索 运营商设定的绑定关系数据, 确定所述设备标识对应的允许绑定范围, 判 断所述用户标识是否在所述允许绑定范围内, 如果是, 则将所述设备标识 和所述用户标识发送给锁定单元; 锁定单元用于对所述设备标识和所述用 户标识进行绑定操作。  3 is a schematic structural diagram of an apparatus for locking a terminal and a smart card in the present invention. As shown in FIG. 3, the apparatus includes: a device identification determining unit, a user identification determining unit, a verification unit, and a locking unit. The device identifier determining unit is configured to obtain the device identifier of the terminal; the user identifier determining unit is configured to obtain the user identifier of the smart card; the verification unit is configured to determine the binding relationship data set by the operator based on the device identifier, and determine the device. Identifying the allowed binding range, determining whether the user identifier is within the allowed binding range, and if yes, sending the device identifier and the user identifier to the locking unit; the locking unit is configured to use the device The identity and the user identity are bound.
验证单元进一步用于对获取的设备标识和用户标识进行有效性检查。 该装置进一步包括检测单元, 用于判断终端是否正确连接到 PC上, 如 果是,则触发设备标识确定单元;还用于判断读卡器是否正确连接到 PC上, 如果是, 则触发用户标识确定单元。  The verification unit is further configured to perform validity check on the acquired device identifier and the user identifier. The device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if so, triggering the device identification determining unit; and further configured to determine whether the card reader is correctly connected to the PC, and if yes, triggering the user identification to be determined unit.
所述锁定单元具体用于: 将设备标识与用户标识的绑定关系写入到终 端存储的配置信息中, 并写入到智能卡存储的配置信息中。  The locking unit is specifically configured to: write the binding relationship between the device identifier and the user identifier into the configuration information stored in the terminal, and write the configuration information into the configuration information stored by the smart card.
该装置进一步包括解锁单元, 验证单元还用于判断所述设备标识和所 述用户标识是否符合绑定关系, 如果是, 则将所述设备标识和所述用户标 识发送给解锁单元; 解锁单元用于解除所述设备标识和所述用户标识的绑 定关系。  The device further includes an unlocking unit, and the verification unit is further configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit; The binding relationship between the device identifier and the user identifier is released.
验证单元还具体用于: 读取终端存储的配置信息, 确定需要与该终端 绑定的用户标识, 判断智能卡的用户标识是否能够与需要绑定的用户标识 相匹配, 如果能够匹配, 则读取智能卡存储的配置信息, 确定需要与该智 能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识是否一 致, 如果一致, 则将所述设备标识和所述用户标识发送给解锁单元; 解锁 单元具体用于: 将设备标识与用户标识的绑定关系从终端存储的配置信息、 及智能卡存储的配置信息中删除。 The verification unit is further configured to: read configuration information stored by the terminal, determine a user identifier that needs to be bound to the terminal, determine whether the user identifier of the smart card can match the user identifier that needs to be bound, and if yes, read The configuration information of the smart card is stored, and the device identifier that is bound to the smart card is determined, and the device identifier of the terminal is determined to be consistent with the device identifier to be bound. If the device identifier is consistent, the device identifier and the user identifier are sent to the unlocking unit. The unlocking unit is specifically configured to: configure the binding relationship between the device identifier and the user identifier from the configuration information stored in the terminal, And delete the configuration information of the smart card storage.
或者, 验证单元还具体用于: 读取智能卡存储的配置信息, 确定需要 与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识 是否一致, 如果一致, 则读取终端存储的配置信息, 确定需要与该终端绑 定的用户标识, 判断智能卡的用户标识是否能够与需要绑定的用户标识相 匹配, 如果能够匹配, 则将所述设备标识和所述用户标识发送给解锁单元; 解锁单元具体用于: 将设备标识与用户标识的绑定关系从终端存储的配置 信息、 及智能卡存储的配置信息中删除。  Alternatively, the verification unit is further configured to: read the configuration information stored by the smart card, determine the device identifier that needs to be bound to the smart card, determine whether the device identifier of the terminal is consistent with the device identifier to be bound, and if they are consistent, read the terminal. The stored configuration information is determined, and the user identifier that is bound to the terminal is determined, and the user identifier of the smart card is matched with the user identifier that needs to be bound. If the user identifier is matched, the device identifier and the user identifier are sent to the user identifier. The unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the terminal and the configuration information stored by the smart card.
或者, 验证单元还具体用于: 读取终端存储的配置信息, 确定需要与 该终端绑定的用户标识, 判断智能卡的用户标识是否能够与需要绑定的用 户标识相匹配, 如果能够匹配, 则将所述设备标识和所述用户标识发送给 解锁单元; 解锁单元具体用于: 将设备标识与用户标识的绑定关系从终端 存储的配置信息中删除。  Alternatively, the verification unit is further configured to: read configuration information stored by the terminal, determine a user identifier that needs to be bound to the terminal, and determine whether the user identifier of the smart card can match the user identifier that needs to be bound, and if yes, The device identifier and the user identifier are sent to the unlocking unit. The unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the terminal.
或者, 验证单元还具体用于: 读取智能卡存储的配置信息, 确定需要 与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识 是否一致, 如果一致, 则将所述设备标识和所述用户标识发送给解锁单元; 解锁单元具体用于: 将设备标识与用户标识的绑定关系从智能卡存储的配 置信息中删除。  Or the verification unit is further configured to: read configuration information stored by the smart card, determine a device identifier that needs to be bound to the smart card, determine whether the device identifier of the terminal is consistent with the device identifier to be bound, and if yes, the The device identifier and the user identifier are sent to the unlocking unit. The unlocking unit is specifically configured to: delete the binding relationship between the device identifier and the user identifier from the configuration information stored by the smart card.
图 4为本发明中将终端与智能卡解锁的装置的结构示意图, 如图 4所 示, 该装置包括: 设备标识确定单元、 用户标识确定单元、 验证单元和解 锁单元。 其中, 设备标识确定单元用于获取终端的设备标识; 用户标识确 定单元用于获取智能卡的用户标识; 验证单元用于判断所述设备标识和所 述用户标识是否符合绑定关系, 如果是, 则将所述设备标识和所述用户标 识发送给解锁单元; 解锁单元用于解除所述设备标识和所述用户标识的绑 定关系。 有关验证单元和解锁单元的详细功能在图 3 中已有详细说明, 在 此不再赘述。 4 is a schematic structural diagram of an apparatus for unlocking a terminal and a smart card according to the present invention. As shown in FIG. 4, the apparatus includes: a device identifier determining unit, a user identifier determining unit, a verifying unit, and an unlocking unit. The device identifier determining unit is configured to obtain the device identifier of the terminal; the user identifier determining unit is configured to obtain the user identifier of the smart card; the verification unit is configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, Sending the device identifier and the user identifier to the unlocking unit; the unlocking unit is configured to release the binding relationship between the device identifier and the user identifier. The detailed functions of the verification unit and the unlocking unit are described in detail in Figure 3, This will not be repeated here.
验证单元进一步用于对获取的设备标识和用户标识进行有效性检查。 该装置进一步包括检测单元, 用于判断终端是否正确连接到 PC上, 如 果是,则触发设备标识确定单元;还用于判断读卡器是否正确连接到 PC上, 如果是, 则触发用户标识确定单元。  The verification unit is further configured to perform validity check on the acquired device identifier and the user identifier. The device further includes a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if so, triggering the device identification determining unit; and further configured to determine whether the card reader is correctly connected to the PC, and if yes, triggering the user identification to be determined unit.
另外, 图 3、 图 4中的设备标识确定单元、 用户标识确定单元、 验证单 元、 锁定单元、 解锁单元、 检测单元的具体实现在图 1、 图 2的流程描述中 均有涉及, 在此不再赘述。  In addition, the specific implementations of the device identifier determining unit, the user identifier determining unit, the verifying unit, the locking unit, the unlocking unit, and the detecting unit in FIG. 3 and FIG. 4 are all involved in the process descriptions of FIG. 1 and FIG. Let me repeat.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种将终端与智能卡锁定的方法, 其特征在于, 包括:  A method for locking a terminal and a smart card, comprising:
用于进行锁定管理的 PC 侧软件获取终端的设备标识及智能卡的用户 标识, 基于所述设备标识搜索运营商设定的绑定关系数据, 确定所述设备 标识对应的允许绑定范围, 判断所述用户标识是否在所述允许绑定范围内, 如果是, 则对所述设备标识和所述用户标识进行绑定操作; 否则, 不进行 绑定操作。  The PC-side software for performing the lock management acquires the device identifier of the terminal and the user identifier of the smart card, and based on the binding relationship data set by the device identifier search operator, determines the allowable binding range corresponding to the device identifier, and determines the location Whether the user identifier is within the allowed binding range, and if yes, binding the device identifier and the user identifier; otherwise, the binding operation is not performed.
2、 根据权利要求 1所述的方法, 其特征在于, 所述获取终端的设备标 识及智能卡的用户标识之后, 进一步包括: PC侧软件对获取的设备标识和 用户标识进行有效性检查。  The method according to claim 1, wherein the obtaining the device identifier of the terminal and the user identifier of the smart card further comprises: performing, by the PC side software, a validity check on the acquired device identifier and the user identifier.
3、 根据权利要求 1所述的方法, 其特征在于, 所述对设备标识和用户 标识进行绑定操作, 具体包括: PC侧软件将终端的所述设备标识与智能卡 的所述用户标识的绑定关系写入终端存储的配置信息和智能卡存储的配置 信息中。  The method according to claim 1, wherein the binding operation between the device identifier and the user identifier comprises: binding, by the PC side software, the device identifier of the terminal and the user identifier of the smart card. The relationship is written in the configuration information stored in the terminal and the configuration information stored in the smart card.
4、 根据权利要求 1所述的方法, 其特征在于, 所述基于设备标识搜索 运营商设定的绑定关系数据之前, 进一步包括:  The method according to claim 1, wherein before the searching for the binding relationship data set by the operator based on the device identifier, the method further includes:
PC侧软件读取终端存储的配置信息, 判断绑定关系是否存在, 如果存 在, 则结束当前流程; 如果不存在, 则基于所述设备标识搜索运营商设定 的绑定关系数据; 或者,  The PC side software reads the configuration information stored in the terminal, and determines whether the binding relationship exists. If yes, the current process ends; if not, the binding relationship data set by the operator is searched based on the device identifier; or
PC侧软件读取终端存储的配置信息及智能卡存储的配置信息, 判断绑 定关系是否存在, 如果任一存在, 则结束当前流程; 如果均不存在, 则基 于所述设备标识搜索运营商设定的绑定关系数据。  The PC side software reads the configuration information stored by the terminal and the configuration information stored by the smart card, and determines whether the binding relationship exists. If any exists, the current process ends. If none exists, the operator settings are searched based on the device identifier. Binding relational data.
5、 根据权利要求 1至 4任一所述的方法, 其特征在于, 所述对设备标 识和用户标识进行绑定操作之后, 进一步包括: PC侧软件获取终端的设备 标识及智能卡的用户标识, 判断所述设备标识和所述用户标识是否符合绑 定关系, 如果是, 则解除所述设备标识和所述用户标识的绑定关系; 否则, 不进行解锁操作。 The method according to any one of claims 1 to 4, wherein after the binding operation of the device identifier and the user identifier, the method further comprises: acquiring, by the PC side software, a device identifier of the terminal and a user identifier of the smart card, Determining whether the device identifier and the user identifier meet the binding If the relationship is yes, the binding relationship between the device identifier and the user identifier is released; otherwise, the unlocking operation is not performed.
6、 一种将终端与智能卡解锁的方法, 其特征在于, 包括:  6. A method for unlocking a terminal and a smart card, comprising:
用于进行锁定管理的 PC 侧软件获取终端的设备标识及智能卡的用户 标识, 判断所述设备标识和所述用户标识是否符合绑定关系, 如果是, 则 解除所述设备标识和所述用户标识的绑定关系; 否则, 不进行解锁操作。  The PC-side software for performing the lock management acquires the device identifier of the terminal and the user identifier of the smart card, and determines whether the device identifier and the user identifier meet the binding relationship. If yes, the device identifier and the user identifier are released. Binding relationship; otherwise, no unlocking operation is performed.
7、 根据权利要求 6所述的方法, 其特征在于, 所述获取终端的设备标 识及智能卡的用户标识之后, 进一步包括: PC侧软件对获取的设备标识和 用户标识进行有效性检查。  The method according to claim 6, wherein the acquiring the device identifier of the terminal and the user identifier of the smart card further comprises: performing, by the PC side software, a validity check on the acquired device identifier and the user identifier.
8、 根据权利要求 6所述的方法, 其特征在于, 所述解除设备标识和用 户标识的绑定关系, 具体包括:  The method according to claim 6, wherein the debinding relationship between the device identifier and the user identifier includes:
在终端存储的配置信息和智能卡存储的配置信息中删除终端的所述设 备标识与智能卡的所述用户标识的绑定关系; 或者,  Deleting the binding relationship between the device identifier of the terminal and the user identifier of the smart card in the configuration information stored in the terminal and the configuration information stored in the smart card; or
在终端存储的配置信息中删除终端的所述设备标识与智能卡的所述用 户标识的绑定关系; 或者,  Deleting the binding relationship between the device identifier of the terminal and the user identifier of the smart card in the configuration information stored in the terminal; or
在智能卡存储的配置信息中删除终端的所述设备标识与智能卡的所述 用户标识的绑定关系。  The binding relationship between the device identifier of the terminal and the user identifier of the smart card is deleted in the configuration information of the smart card.
9、 根据权利要求 6、 7或 8所述的方法, 其特征在于, 所述判断所述 设备标识和所述用户标识是否符合绑定关系, 具体包括:  The method according to claim 6, 7 or 8, wherein the determining whether the device identifier and the user identifier meet the binding relationship comprises:
读取终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断 智能卡的用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判 断终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则符合绑 定关系; 或者,  The configuration information stored in the terminal is read, and the user identifier that needs to be bound to the terminal is determined, and whether the user identifier of the smart card matches the user identifier that needs to be bound, and if the matching can be performed, the configuration information stored by the smart card is read, and the configuration information is determined. The device ID to be bound to the smart card is used to determine whether the device ID of the terminal is the same as the device ID to be bound. If they are consistent, the binding relationship is met.
读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则读取 终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断智能卡的 用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则符合 绑定关系; 或者, Read the configuration information stored in the smart card, and determine the device identifier that needs to be bound to the smart card. Determine whether the device ID of the terminal is the same as the device ID to be bound. If the device ID is consistent, read the configuration information stored in the terminal, determine the user ID to be bound to the terminal, and determine whether the user ID of the smart card can be bound. The user IDs match, and if they match, they match the binding relationship; or,
读取终端存储的配置信息, 确定需要与该终端绑定的用户标识, 判断 智能卡的用户标识是否能够与需要绑定的用户标识相匹配, 如果能够匹配, 则符合绑定关系; 或者,  The configuration information stored in the terminal is read, and the user identifier to be bound to the terminal is determined, and the user identifier of the smart card is matched with the user identifier to be bound, and if it can match, the binding relationship is met; or
读取智能卡存储的配置信息, 确定需要与该智能卡绑定的设备标识, 判断终端的设备标识与需要绑定的设备标识是否一致, 如果一致, 则符合 绑定关系。  Read the configuration information of the smart card, determine the device ID to be bound to the smart card, and determine whether the device ID of the terminal is the same as the device ID to be bound. If they are consistent, the binding relationship is met.
10、 一种将终端与智能卡锁定的装置, 其特征在于, 包括:  10. A device for locking a terminal and a smart card, comprising:
设备标识确定单元, 用于获取终端的设备标识;  a device identifier determining unit, configured to acquire a device identifier of the terminal;
用户标识确定单元, 用于获取智能卡的用户标识;  a user identifier determining unit, configured to acquire a user identifier of the smart card;
验证单元, 用于基于所述设备标识搜索运营商设定的绑定关系数据, 确定所述设备标识对应的允许绑定范围, 判断所述用户标识是否在所述允 许绑定范围内, 如果是, 则将所述设备标识和所述用户标识发送给锁定单 元;  a verification unit, configured to determine, according to the binding relationship data set by the device identifier search operator, the allowed binding range corresponding to the device identifier, and determine whether the user identifier is within the allowed binding range, if Sending the device identifier and the user identifier to the locking unit;
锁定单元, 用于对所述设备标识和所述用户标识进行绑定操作。  a locking unit, configured to perform a binding operation on the device identifier and the user identifier.
11、 根据权利要求 10所述的装置, 其特征在于, 所述验证单元进一步 用于: 对获取的设备标识和用户标识进行有效性检查。  The device according to claim 10, wherein the verification unit is further configured to: perform validity check on the acquired device identifier and the user identifier.
12、根据权利要求 10所述的装置,其特征在于, 所述装置进一步包括: 检测单元, 用于判断终端是否正确连接到 PC上, 如果是, 则触发设备标识 确定单元; 还用于判断读卡器是否正确连接到 PC上, 如果是, 则触发用户 标识确定单元。  The device according to claim 10, wherein the device further comprises: a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if yes, triggering the device identification determining unit; Whether the card is correctly connected to the PC, and if so, the user identification determining unit is triggered.
13、 根据权利要求 10、 11或 12所述的装置, 其特征在于, 所述装置 进一步包括解锁单元, 13. Apparatus according to claim 10, 11 or 12, wherein said apparatus Further including an unlocking unit,
所述验证单元还用于: 判断所述设备标识和所述用户标识是否符合绑 定关系, 如果是, 则将所述设备标识和所述用户标识发送给解锁单元; 所述解锁单元用于: 解除所述设备标识和所述用户标识的绑定关系。 The verification unit is further configured to: determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit; the unlocking unit is configured to: The binding relationship between the device identifier and the user identifier is released.
14、 一种将终端与智能卡解锁的装置, 其特征在于, 包括: 14. A device for unlocking a terminal and a smart card, comprising:
设备标识确定单元, 用于获取终端的设备标识;  a device identifier determining unit, configured to acquire a device identifier of the terminal;
用户标识确定单元, 用于获取智能卡的用户标识;  a user identifier determining unit, configured to acquire a user identifier of the smart card;
验证单元, 用于判断所述设备标识和所述用户标识是否符合绑定关系 , 如果是, 则将所述设备标识和所述用户标识发送给解锁单元;  a verification unit, configured to determine whether the device identifier and the user identifier meet the binding relationship, and if yes, send the device identifier and the user identifier to the unlocking unit;
解锁单元, 用于解除所述设备标识和所述用户标识的绑定关系。  The unlocking unit is configured to release the binding relationship between the device identifier and the user identifier.
15、 根据权利要求 14所述的装置, 其特征在于, 所述验证单元进一步 用于: 对获取的设备标识和用户标识进行有效性检查。  The device according to claim 14, wherein the verification unit is further configured to: perform validity check on the acquired device identifier and the user identifier.
16、 根据权利要求 14或 15所述的装置, 其特征在于, 所述装置进一 步包括检测单元, 用于判断终端是否正确连接到 PC上, 如果是, 则触发设 备标识确定单元; 还用于判断读卡器是否正确连接到 PC上, 如果是, 则触 发用户标识确定单元。  The device according to claim 14 or 15, wherein the device further comprises a detecting unit, configured to determine whether the terminal is correctly connected to the PC, and if yes, triggering the device identification determining unit; Whether the card reader is properly connected to the PC, and if so, the user identification determining unit is triggered.
PCT/CN2011/075991 2011-03-16 2011-06-20 Method and device for locking or unlocking terminal and smart card WO2012122752A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110063344.3A CN102149074B (en) 2011-03-16 2011-03-16 A kind of method that terminal and smart card are locked or unlock and device
CN201110063344.3 2011-03-16

Publications (1)

Publication Number Publication Date
WO2012122752A1 true WO2012122752A1 (en) 2012-09-20

Family

ID=44423014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/075991 WO2012122752A1 (en) 2011-03-16 2011-06-20 Method and device for locking or unlocking terminal and smart card

Country Status (2)

Country Link
CN (1) CN102149074B (en)
WO (1) WO2012122752A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112015003902B4 (en) * 2014-08-25 2023-08-24 Apple Inc. Enforce service policies in embedded UICC cards
CN105491554A (en) * 2015-12-10 2016-04-13 成都工百利自动化设备有限公司 Virtual SIM/USIM card security protection system
CN106937283B (en) * 2015-12-29 2020-03-10 阿里巴巴集团控股有限公司 Password-free authentication method and device for dual-card dual-standby terminal
CN107517456A (en) * 2016-06-16 2017-12-26 中国电信股份有限公司 Method, user terminal and the system of positioning application are realized based on WiFi
CN106412870B (en) * 2016-09-22 2019-09-20 捷开通讯(深圳)有限公司 According to SIM card into line-locked method and electronic equipment
CN107682309A (en) * 2017-08-18 2018-02-09 河北现代钢木制品有限公司 A kind of cancellation method of smart lock user
CN107889105B (en) * 2017-09-12 2021-02-02 深圳市优购时代科技有限公司 Verification card locking method and verification card locking system of mobile phone
CN108347731A (en) * 2018-01-11 2018-07-31 海尔优家智能科技(北京)有限公司 A kind of method, medium, equipment and terminal carrying out secure binding

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101287298A (en) * 2008-05-29 2008-10-15 德信无线通讯科技(北京)有限公司 Authentication method and system for mobile communication terminal
CN101616401A (en) * 2009-07-21 2009-12-30 中兴通讯股份有限公司 Realize method, unlock method and the device of locking of user number by wireless terminal device
CN101631310A (en) * 2009-07-27 2010-01-20 深圳华为通信技术有限公司 Locking method, unlocking method and device thereof, network equipment and communication terminal
CN101860850A (en) * 2010-05-07 2010-10-13 中兴通讯股份有限公司 Method for realizing mobile terminal to lock network or card by utilizing driver

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820465A (en) * 2010-01-28 2010-09-01 中兴通讯股份有限公司 Terminal and method for binding SIM card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101287298A (en) * 2008-05-29 2008-10-15 德信无线通讯科技(北京)有限公司 Authentication method and system for mobile communication terminal
CN101616401A (en) * 2009-07-21 2009-12-30 中兴通讯股份有限公司 Realize method, unlock method and the device of locking of user number by wireless terminal device
CN101631310A (en) * 2009-07-27 2010-01-20 深圳华为通信技术有限公司 Locking method, unlocking method and device thereof, network equipment and communication terminal
CN101860850A (en) * 2010-05-07 2010-10-13 中兴通讯股份有限公司 Method for realizing mobile terminal to lock network or card by utilizing driver

Also Published As

Publication number Publication date
CN102149074A (en) 2011-08-10
CN102149074B (en) 2015-10-28

Similar Documents

Publication Publication Date Title
WO2012122752A1 (en) Method and device for locking or unlocking terminal and smart card
WO2020253801A1 (en) Esim card replacement method and related device
WO2013123829A1 (en) Software installation method, device and system
US20120303954A1 (en) Managing method, device and terminal for application program
CN104601324A (en) A verification method, terminal and system for applications
CN101170823B (en) Authentication method between user recognition module and terminal
CN101984691A (en) Upgrading method of system built-in software and mobile terminal
WO2015024261A1 (en) Internet account number management method, manager, server and system
US20170286873A1 (en) Electronic ticket management
CN109492370B (en) Terminal startup method, terminal and signature device
CN101426049B (en) Data card and method, equipment, system for using equipment binding
WO2010060242A1 (en) An authentication method for the mobile terminal and a system thereof
WO2022179076A1 (en) Machine-card binding method, communication module, communication device, and storage medium
CN105100131A (en) Terminal device and terminal device theft prevention method and system
WO2013185689A1 (en) Authentication method, authentication apparatus and authentication device
WO2012129851A1 (en) Mobile terminal and network locking method therefor
US7885647B2 (en) Secure booting method and mobile terminal for the same
WO2015077947A1 (en) System for recovering lost device
CN106484796A (en) File management method, document management apparatus and mobile terminal
WO2016179866A1 (en) Method and system for updating smart card of mobile terminal
CN102387494A (en) Android-mobile-platform-based remote automatic information exchange and control solution
WO2012091647A1 (en) Tracking of missing communication devices
CN112165458B (en) Real-name authentication method, device and terminal
WO2012092727A1 (en) Method, device and system for locking card in the mobile terminal
CN114980071B (en) Terminal upgrade method, device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11860780

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11860780

Country of ref document: EP

Kind code of ref document: A1