CN103167491B - A kind of mobile terminal uniqueness authentication method based on software digital certificate - Google Patents
A kind of mobile terminal uniqueness authentication method based on software digital certificate Download PDFInfo
- Publication number
- CN103167491B CN103167491B CN201110421163.3A CN201110421163A CN103167491B CN 103167491 B CN103167491 B CN 103167491B CN 201110421163 A CN201110421163 A CN 201110421163A CN 103167491 B CN103167491 B CN 103167491B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- certificate
- information
- digital certificate
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of mobile terminal uniqueness authentication method based on software digital certificate, belong to computer and field of information security technology, specific as follows: (1) mobile terminal installs security client, generate the certificate request associated with facility information and register to service end.Service end provides digital certificate to mobile terminal, realizes associating of digital certificate and equipment.(2) when using, service end sends random information to mobile terminal, and security client receives information, uses the digital certificate private key of the machine to sign to random information, signed data is sent to service end.Application server uses digital certificate public key verifications signature, confirms communication opposite end identity.The present invention can verify mobile terminal very well, is not increasing intensity hardware identification Equipment Foundations enhancing certification.
Description
Technical field
The invention belongs to computer and field of information security technology, be specifically related to the method to the certification of mobile terminal in mobile Internet.
Background technology
Rapidly, safety problem faces the challenge in mobile Internet development, and how to carry out effective certification to mobile terminal is the focus paid close attention to, and current have several authentication method:
(1) note, identifying code mode is used.Although this mode is simple, fail safe is weak, and the note, identifying code etc. of transmission are easily stolen, and more have copying and personation technology of SIM, information and communication can be sayed without secret.
(2) use special hardware equipment, as being with the SD card of calculation function, SIM card etc., this mode fail safe is high, but user cost increases, and limits to some extent the compatibility of mobile terminal.
Summary of the invention
The present invention is in order to solve the convenience problem to the uniqueness certification of mobile terminal device in mobile wireless application, and provide a kind of mobile terminal uniqueness authentication method based on software digital certificate, the method can, when not increasing hardware device to mobile terminal, use software approach to make application server certification mobile terminal.
In order to achieve the above object, the present invention adopts following technical scheme:
Based on a mobile terminal uniqueness authentication method for software digital certificate, described authentication method comprises mobile terminal registration part and mobile terminal authentication part;
Described mobile terminal registration comprises the steps:
(11) generate public and private key pair in the terminal, and with mobile terminal device information (as Wireless Number, equipment Serial Number) as claims, the request of Generating Certificate, then sends to application server to register certificate request;
(12) application server receives certificate request and verifies, after being verified, using the private key of application server to sign and issue mobile terminal software digital certificate, and sends to mobile terminal;
(13) mobile terminal receives software digital certificate, preserves after software digital certification authentication, completes the registration of mobile terminal device;
Described mobile terminal authentication comprises the steps:
(21) running of mobile terminal, after being verified, sends connection request to application service to environment;
(22) application server sends random information to mobile terminal;
(23) mobile terminal uses private key to sign to random information, and sends to application server;
(24) application server certifying signature information and certificate information, is verified rear acquisition mobile terminal device information.
In the optimum embodiment of mobile terminal registration scenarios of the present invention, the public and private key generated in described step (11) includes but not limited to RSA key, ECC key.
Further, in described step (11), facility information includes but not limited to wireless access number, equipment Serial Number, user's identity information.
Further, in described step (11), certificate request form includes but not limited to the certificate request of pkcs10 form.
Further, in described step (12), certificate request checking includes but not limited to following checking means:
Whether the PKI in checking request mates with the private key of signing in request;
Whether the claims content in checking request is tampered;
Whether the facility information in checking request content mates with information transmitting apparatus, and whether user's identity is correct.
Further, in described step (12), software digital certificate includes but not limited to the certificate meeting X509 form.
Further, in described step (13), digital certificate authentication includes but not limited to following checking means:
Whether the PKI in authentication certificate mates with the private key of this locality;
Whether authentication certificate subject information mates with this mobile terminal device information;
Whether the issuer of authentication certificate is the application server of trusting.
In the optimum embodiment of mobile terminal authentication scheme of the present invention, in described step (21), environment checking includes but not limited to following checking means:
User needs input authentication information to start client;
Whether the PKI in client certificate mates with private key;
Whether client validation certificate subject information mates with this mobile terminal device information;
Whether the issuer of client validation certificate is the application server of trusting.
Further, in described step (22), random information includes but not limited to numeral, character string, picture content information, temporal information.
Further, in described step (24), signing messages and certificate information checking include but not limited to following checking means:
Use mobile terminal CertPubKey certifying signature whether correct;
Whether checking mobile terminal certificate whether sign and issue by this application service, abolished;
Whether the facility information in authentication certificate subject content mates with information transmitting apparatus, and whether user's identity is correct.
Can verify mobile terminal very well according to the present invention that technique scheme obtains; when mobile terminal is without the need to additional hardware equipment; adopt digital certificate system certification intensity high; be not afraid of network data to be stolen; and digital certificate content associates with mobile terminal device information and adds the design protection of security client when registering; security client and digital certificate are copied in other mobile device cannot use, ensure that fail safe.
Accompanying drawing explanation
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
The schematic diagram of mobile terminal when Fig. 1 is the invention process.
Fig. 2 is that mobile terminal registers schematic process to service end.
Fig. 3 is the certification schematic process of server to mobile terminal.
Embodiment
The technological means realized to make the present invention, creation characteristic, reaching object and effect is easy to understand, below in conjunction with concrete diagram, setting forth the present invention further.
Mobile terminal uniqueness authentication method based on software digital certificate provided by the invention, it is mainly divided into mobile terminal registration part and mobile terminal authentication part.
Wherein mobile terminal registration comprises the steps:
(11) generate public and private key pair in the terminal, and using mobile terminal device information as claims, the request of Generating Certificate, then sends to application server to register certificate request.
See Fig. 1, the enforcement of this step can show installs customization security client in the terminal, and this security client generates public and private key pair.Wherein public and private key is RSA key, ECC key, but is not limited to this; Facility information includes but not limited to wireless access number, equipment Serial Number, user's identity information; Certificate request form includes but not limited to the certificate request of pkcs10 form.
(12) application server receives certificate request and verifies, after being verified, using the private key of application server to sign and issue mobile terminal software digital certificate, and sends to mobile terminal.
In this step, certificate request checking includes but not limited to following checking means:
Whether the PKI in a, checking request mates with the private key of signing in request;
Whether the claims content in b, checking request is tampered;
Whether the facility information in c, checking request content mates with information transmitting apparatus, and whether user's identity is correct.
The software digital certificate simultaneously signed and issued in this step is the certificate of X509 form, but is not limited to this.
(13) mobile terminal receives software digital certificate, preserves after software digital certification authentication, completes the registration of mobile terminal device;
In this step, digital certificate authentication includes but not limited to following checking means:
Whether the PKI in a, authentication certificate mates with the private key of this locality;
Whether b, authentication certificate subject information mate with this mobile terminal device information;
Whether the issuer of c, authentication certificate is the application server of trusting.
Mobile terminal authentication in the present invention comprises the steps:
(21) running of mobile terminal, after being verified, sends connection request to application service to environment.
In this step, environment checking includes but not limited to following checking means:
User needs input authentication information to start client;
Whether the PKI in client certificate mates with private key;
Whether client validation certificate subject information mates with this mobile terminal device information;
Whether the issuer of client validation certificate is the application server of trusting.
(22) application server sends random information to mobile terminal.
The random information related in this step comprises numeral, character string, picture content information, temporal information, but is not limited to this.
(23) mobile terminal uses private key to sign to random information, and sends to application server.
(24) application server certifying signature information and certificate information, is verified rear acquisition mobile terminal device information.
Signing messages in this step and certificate information checking include but not limited to following checking means:
Use mobile terminal CertPubKey certifying signature whether correct;
Whether checking mobile terminal certificate whether sign and issue by this application service, abolished;
Whether the facility information in authentication certificate subject content mates with information transmitting apparatus, and whether user's identity is correct.
Based on such scheme, specific embodiment of the invention process is as follows:
Security client in mobile terminal must be registered to application service, concrete steps following (see Fig. 2):
(1) security client starts registering functional, and content comprises:
A) obtain mobile terminal Wireless Number as 13XXXXXXXXX, obtain mobile terminal device sequence number as 523846734.
B) 1024 RSA keys are generated to (PKI Pubkey, private key Privkey), protection that private key accesses to your password (as 12345678).
C) using Wireless Number 13XXXXXXXXX as theme CN item, using mobile terminal device sequence number 523846734 as theme L item, using Pubkey as PKI, use Privkey to carry out above data signature, Generate Certificate request Req
(2) security client sends Req to application server.
(3) application receives request msg Req, verifies data, and grant a certificate Cert, content comprises:
A) use Pubkey certifying signature information whether correct.
B) checking send the Wireless Number of mobile device and sequence number whether with the Wireless Number 13XXXXXXXXX in request, mobile terminal device sequence number 523846734 mates.
C) using application server private key SPrivkey to sign and issue theme CN item is 13XXXXXXXXX, and theme L item is 523846734, and PKI is the digital certificate Cert of Pubkey.
(4) the digital certificate Cert signed and issued for mobile terminal is sent to mobile terminal by application server.
(5) after security client receives Cert, verify, content comprises:
A) use the SPubkey authentication certificate signature of application server, whether checking is that the application server of trusting is signed and issued.
B) verify whether the Pubkey in Cert mates with the Privkey of this locality.
C) Wireless Number in Cert is checked whether to mate with this mobile device with equipment Serial Number.
(6) Cert and Prikey combines, as the digital certificate of mobile terminal by security client.
In the process implementing the inventive method, application server is to the authenticating step of mobile terminal following (see Fig. 3):
(1) security client starts, and verify running environment, particular content comprises:
A) user inputs password (as 12345678), and security client opens digital certificate.
Whether Pubkey and Privkey b) in check digit certificate mates.
Whether the Wireless Number c) in check digit certificate mates with this mobile device with equipment Serial Number.
D) whether check digit certificate is that the application server of trusting is signed and issued.
(2) security client sends connection request to application server.
(3) application server receives request backward security client and returns random information, as saf24354gh.
(4) security client receives random information, uses private key PrivKey to sign to random information, signed data is sent to application server.
(5) after application server receives signed data, verify, particular content comprises:
Whether the PKI Pubkey checking a) using the digital certificate of mobile terminal is the signature of PrivKey to random information saf24354gh.
B) verify transmitting apparatus without information matches in the digital certificate of wire size and equipment Serial Number whether therewith mobile device.
C) use SPubkey verifies the signature in the digital certificate of this mobile device, and judge whether this certificate is signed and issued by present application server, before the deadline whether whether this digital certificate of simultaneous verification, abolished.
(6) after application server is verified, to mobile terminal return authentication successful information.
From this example, the present invention can verify mobile terminal very well, is not increasing intensity hardware identification Equipment Foundations enhancing certification.
More than show and describe general principle of the present invention, principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; what describe in above-described embodiment and specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.Application claims protection range is defined by appending claims and equivalent thereof.
Claims (9)
1. based on a mobile terminal uniqueness authentication method for software digital certificate, it is characterized in that, described authentication method comprises mobile terminal registration part and mobile terminal authentication part;
Described mobile terminal registration comprises the steps:
(11) generate public and private key pair in the terminal, and using mobile terminal device information as claims, the request of Generating Certificate, then sends to application server to register certificate request;
(12) application server receives certificate request and verifies, after being verified, using the private key of application server to sign and issue mobile terminal software digital certificate, and sends to mobile terminal; Described certificate request checking comprises following checking means:
Whether the PKI in checking request mates with the private key of signing in request;
Whether the claims content in checking request is tampered;
Whether the facility information in checking request content mates with information transmitting apparatus, and whether user's identity is correct;
(13) mobile terminal receives software digital certificate, preserves after software digital certification authentication, completes the registration of mobile terminal device;
Described mobile terminal authentication comprises the steps:
(21) running of mobile terminal, after being verified, sends connection request to application service to environment;
(22) application server sends random information to mobile terminal;
(23) mobile terminal uses private key to sign to random information, and sends to application server;
(24) application server certifying signature information and certificate information, is verified rear acquisition mobile terminal device information.
2. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, the public and private key generated in described step (11) comprises RSA key or ECC key.
3. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (11), facility information comprises wireless access number, equipment Serial Number or user's identity information.
4. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (11), certificate request form comprises the certificate request of pkcs10 form.
5. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (12), software digital certificate comprises the certificate meeting X509 form.
6. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (13), digital certificate authentication comprises following checking means:
Whether the PKI in authentication certificate mates with the private key of this locality;
Whether authentication certificate subject information mates with this mobile terminal device information;
Whether the issuer of authentication certificate is the application server of trusting.
7. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (21), environment checking comprises following checking means:
User needs input authentication information to start client;
Whether the PKI in client certificate mates with private key;
Whether client validation certificate subject information mates with this mobile terminal device information;
Whether the issuer of client validation certificate is the application server of trusting.
8. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (22), random information comprises numeral, character string, picture content information, temporal information.
9. a kind of mobile terminal uniqueness authentication method based on software digital certificate according to claim 1, is characterized in that, in described step (24), signing messages and certificate information checking comprise following checking means:
Use mobile terminal CertPubKey certifying signature whether correct;
Whether checking mobile terminal certificate whether sign and issue by this application service, abolished;
Whether the facility information in authentication certificate subject content mates with information transmitting apparatus, and whether user's identity is correct.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110421163.3A CN103167491B (en) | 2011-12-15 | 2011-12-15 | A kind of mobile terminal uniqueness authentication method based on software digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110421163.3A CN103167491B (en) | 2011-12-15 | 2011-12-15 | A kind of mobile terminal uniqueness authentication method based on software digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103167491A CN103167491A (en) | 2013-06-19 |
| CN103167491B true CN103167491B (en) | 2016-03-02 |
Family
ID=48590149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110421163.3A Active CN103167491B (en) | 2011-12-15 | 2011-12-15 | A kind of mobile terminal uniqueness authentication method based on software digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103167491B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945374A (en) * | 2013-01-18 | 2014-07-23 | 深圳市华营数字商业有限公司 | Method of mobile terminal equipment and user authentication based on PKI technology |
| CN104717063B (en) * | 2013-12-16 | 2018-07-06 | 杭州百航信息技术有限公司 | The software security means of defence of mobile terminal |
| CN104717649A (en) * | 2013-12-16 | 2015-06-17 | 毛秀允 | Method for remote control over wiping of software data of mobile terminal |
| CN104918245B (en) * | 2014-03-11 | 2018-12-07 | 中国移动通信集团广东有限公司 | A kind of identity identifying method, device, server and client |
| CN104506534B (en) * | 2014-12-25 | 2017-11-21 | 青岛微智慧信息有限公司 | Secure communication key agreement interaction schemes |
| CN104767589B (en) * | 2015-03-12 | 2018-08-14 | 新浪网技术(中国)有限公司 | A kind of method for sending information and device |
| CN106034134B (en) * | 2015-03-19 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Method, auxiliary method and device for carrying out identity authentication request in webpage application program |
| CN105704715A (en) * | 2015-04-10 | 2016-06-22 | 浙江公共安全技术研究院有限公司 | Secure communication authentication method of mobile terminal |
| EP3104320B1 (en) * | 2015-06-12 | 2018-08-15 | EM Microelectronic-Marin SA | Method for programming bank data in an integrated circuit of a watch |
| CN105025016A (en) * | 2015-06-30 | 2015-11-04 | 公安部第一研究所 | Internal-network terminal admission control method |
| CN105592051A (en) * | 2015-09-08 | 2016-05-18 | 杭州华三通信技术有限公司 | Secure socket layer SSL session establishment method and device |
| EP3451723A4 (en) * | 2016-05-18 | 2019-05-01 | Huawei Technologies Co., Ltd. | Communication method, network equipment, and user equipment |
| CN105873043B (en) * | 2016-06-14 | 2020-02-07 | 周波 | Method and system for generating and applying network private key for mobile terminal |
| CN107645471A (en) * | 2016-07-20 | 2018-01-30 | 航天信息股份有限公司 | A kind of method and system for mobile terminal user identity certification |
| CN107645726A (en) * | 2016-07-20 | 2018-01-30 | 航天信息股份有限公司 | A kind of method and system for mobile terminal user identity certification |
| CN108964883B (en) * | 2017-05-27 | 2021-05-07 | 北京安软天地科技有限公司 | Digital certificate storage and signature method taking smart phone as medium |
| CN107277020A (en) * | 2017-06-23 | 2017-10-20 | 国民认证科技(北京)有限公司 | The system and method for remote validation mobile device legitimacy based on public private key system |
| CN107666420B (en) * | 2017-08-30 | 2020-12-15 | 宁波梦居智能科技有限公司 | Method for production control and identity authentication of intelligent home gateway |
| CN107612697B (en) * | 2017-10-20 | 2020-04-14 | 阿里巴巴集团控股有限公司 | Digital certificate application method and device |
| CN107832589B (en) * | 2017-11-29 | 2020-05-12 | 苏州科达科技股份有限公司 | Software copyright protection method and system |
| CN108494557B (en) * | 2018-02-07 | 2020-03-20 | 平安科技(深圳)有限公司 | Social security digital certificate management method, computer readable storage medium and terminal device |
| CN109508531A (en) * | 2018-10-17 | 2019-03-22 | 航天信息股份有限公司 | Sign and issue the method, apparatus and storage medium of soft certificate |
| CN114710289B (en) * | 2022-06-02 | 2022-09-02 | 确信信息股份有限公司 | Internet of things terminal security registration and access method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1444386A (en) * | 2001-12-31 | 2003-09-24 | 西安西电捷通无线网络通信有限公司 | Safe inserting method of wide-band wireless IP system mobile terminal |
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101414909A (en) * | 2008-11-28 | 2009-04-22 | 中国移动通信集团公司 | System, method and mobile communication terminal for verifying network application user identification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070150723A1 (en) * | 2005-12-23 | 2007-06-28 | Estable Luis P | Methods and apparatus for increasing security and control of voice communication sessions using digital certificates |
-
2011
- 2011-12-15 CN CN201110421163.3A patent/CN103167491B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1444386A (en) * | 2001-12-31 | 2003-09-24 | 西安西电捷通无线网络通信有限公司 | Safe inserting method of wide-band wireless IP system mobile terminal |
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101414909A (en) * | 2008-11-28 | 2009-04-22 | 中国移动通信集团公司 | System, method and mobile communication terminal for verifying network application user identification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103167491A (en) | 2013-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
| CN102271042B (en) | Certificate authorization method, system, universal serial bus (USB) Key equipment and server | |
| WO2017197974A1 (en) | Biometric characteristic-based security authentication method, device and electronic equipment | |
| CN103067402B (en) | The generation method and system of digital certificate | |
| CN103107996B (en) | Digital certificate download online method and system, digital certificate are provided platform | |
| CN104753881B (en) | A kind of WebService safety certification access control method based on software digital certificate and timestamp | |
| CN101005361B (en) | Server and software protection method and system | |
| CN107493273A (en) | Identity identifying method, system and computer-readable recording medium | |
| CN103036894B (en) | Intelligent terminal application program installing file networking digital signature method | |
| CN103095456B (en) | The processing method of transaction message and system | |
| CN106327184A (en) | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| RU2012132318A (en) | METHODS INTENDED FOR GIVING THE OPPORTUNITY OF SAFE INDEPENDENT INITIALIZATION OF SUBSCRIBER DEVICES IN THE COMMUNICATION SYSTEM | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| CN108040044B (en) | A kind of management method and system for realizing eSIM card security authentication | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| CN103312691A (en) | Method and system for authenticating and accessing cloud platform | |
| CN104601593A (en) | Anti-tracking method in network electronic identity authentication process based on challenge modes | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| WO2014187206A1 (en) | Method and system for backing up private key in electronic signature token | |
| CN104468099A (en) | Dynamic password generating method and device based on CPK (Combined Public Key) and dynamic password authentication method and device based on CPK (Combined Public Key) | |
| CN111800377B (en) | Mobile terminal identity authentication system based on safe multi-party calculation | |
| CN103634328A (en) | Authentication method, device and system for network platform authentication server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Han Honghui Inventor after: Yang Wenshan Inventor after: Xu Jun Inventor after: Ren Wei Inventor after: Feng Bo Inventor before: Han Honghui Inventor before: Yang Wenshan Inventor before: Xu Jun Inventor before: Ren Wei |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Patentee after: Geer software Limited by Share Ltd Address before: 200070 50 Mau Ling Road, Zhabei District, Shanghai Patentee before: Geer Software Co., Ltd., Shanghai |