CN112469042B - System for locking bound equipment, module and subscriber identity module - Google Patents

System for locking bound equipment, module and subscriber identity module Download PDF

Info

Publication number
CN112469042B
CN112469042B CN202110117561.XA CN202110117561A CN112469042B CN 112469042 B CN112469042 B CN 112469042B CN 202110117561 A CN202110117561 A CN 202110117561A CN 112469042 B CN112469042 B CN 112469042B
Authority
CN
China
Prior art keywords
module
identification data
internet
equipment
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110117561.XA
Other languages
Chinese (zh)
Other versions
CN112469042A (en
Inventor
陈海龙
傅宇晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shumi Technology Co ltd
Original Assignee
Beijing Showmac Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Showmac Network Technology Co ltd filed Critical Beijing Showmac Network Technology Co ltd
Priority to CN202110117561.XA priority Critical patent/CN112469042B/en
Publication of CN112469042A publication Critical patent/CN112469042A/en
Application granted granted Critical
Publication of CN112469042B publication Critical patent/CN112469042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention relates to a system for locking bound equipment, modules and user identification modules, which comprises: the system comprises a first Internet of things device, a first communication module, a first user identification module and a first remote server; different authentication processes are respectively established at three ends of the Internet of things equipment, the communication module and the user identification module based on the binding information, the three use respective authentication processes to authenticate the legal identities of each other, and self-locking is carried out on the three once authentication fails; in addition, a remote authentication flow is established between the user identification module and the remote server, and the user identification module is locked once authentication fails; therefore, the problem that the Internet of things equipment is stolen and stolen can be solved, the complete machine anti-theft performance of the Internet of things equipment can be improved, the operation risk of an Internet of things operator is reduced, and the economic loss of the Internet of things operator is reduced.

Description

System for locking bound equipment, module and subscriber identity module
Technical Field
The invention relates to the technical field of data processing, in particular to a system for locking bound equipment, modules and user identification modules.
Background
The internet of things equipment is internally provided with a communication module and a user identification module, signal communication with a mobile operator network is completed by calling the communication module, and login authentication operation with the mobile operator network is completed by calling the user identification module. The product forms of the Internet of things equipment are common in two types, namely a complete machine type in which a communication module and a user identification module are completely embedded in a mainboard, and an assembly type in which a pluggable communication module and a user identification module are adopted. The distribution area of most thing networking equipment all is open region, often can face to steal the risk of tearing open, especially the thing networking equipment of equipment type, and its equipment host computer, communication module and subscriber identity module can be dismantled and assembled, embezzled respectively, and this has caused direct economic loss for thing networking operator.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a system for locking bound equipment, a module and a user identification module, wherein different authentication processes are respectively established at three ends of the equipment, the module and the user identification module based on binding information, the three authentication processes use respective authentication processes to authenticate the legal identities of each other, and self-locking is carried out on the three authentication processes once the authentication fails; in addition, a remote authentication flow is established between the user identification module and the remote server, and the user identification module is locked once authentication fails; therefore, the problem that the Internet of things equipment is stolen and stolen can be solved, the complete machine anti-theft performance of the Internet of things equipment can be improved, the operation risk of an Internet of things operator is reduced, and the economic loss of the Internet of things operator is reduced.
In order to achieve the above object, an embodiment of the present invention provides a system for locking a bound device, a bound module, and a bound subscriber identity module, where the system includes: the system comprises a first Internet of things device, a first communication module and a first user identification module;
the first Internet of things equipment is respectively connected with the first communication module and the first user identification module; the first Internet of things equipment is used for reading first local equipment identification data from the local and taking the first local equipment identification data as first equipment identification data; sending first acquisition module identification instruction data including the first equipment identification data to the first communication module; receiving first module identification data sent back from the first communication module; sending first acquisition module identification instruction data including the first equipment identification data to the first user identification module; and receiving first module identification data sent back from the first subscriber identity module; then, locking the first equipment according to the first module identification data and the first module identification data;
the first communication module is connected with the first user identification module; the first communication module is used for receiving the first acquisition module identification instruction data sent by the first internet of things equipment and extracting the first equipment identification data from the first acquisition module identification instruction data; reading first local module identification data from local as the first module identification data; sending the first module identification data to the first Internet of things equipment; then sending second acquisition module identification instruction data including the first module identification data to the first user identification module; and receiving second module identification data sent back from the first subscriber identity module; then, according to the first equipment identification data and the second module identification data, locking a first module;
the first user identification module is used for receiving the first acquisition module identification instruction data sent by the first internet of things equipment and extracting the first equipment identification data from the first acquisition module identification instruction data; reading first local module identification data from local as the first module identification data; sending the first module identification data to the first Internet of things equipment; receiving the second acquisition module identification instruction data sent by the first communication module, and extracting the first module identification data from the second acquisition module identification instruction data; then using the first local module identification data as the second module identification data; sending the second module identification data to the first communication module; and then, according to the first equipment identification data and the first module identification data, carrying out first module locking processing.
Preferably, the system further comprises a first remote server;
the first user identification module is connected with the first remote server through the first communication module; the first user identification module is further used for acquiring second equipment identification data from the first internet of things equipment; acquiring second module identification data from the first communication module; sending the second equipment identification data, the second module identification data and the first local module identification data to the first remote server through the first communication module; and receiving first verification status data sent back from the first remote server within a defined first time; when the first verification state data cannot be received in the first time or the first verification state data is failed to be verified, performing first subscriber identity module on-hook processing;
the first remote server is configured to receive the second device identification data, the second module identification data, and the first local module identification data sent from the first subscriber identity module; taking the three data as query key words of logic, and performing first corresponding record query processing in an identification data database; if the query processing of the first corresponding record fails, setting the first verification state data as verification failure; sending the first verification state data to the first user identification module;
the first remote server is also connected with an operator server through an operator service interface; and the first remote server is also used for searching a first telecommunication number corresponding to the first local module identification data from a telecommunication number database when the first corresponding record inquiry processing fails, calling the operator service interface and performing first service stopping processing on the first telecommunication number.
Preferably, the first and second liquid crystal materials are,
the first internet of things device is specifically used for performing on-hook processing on the first internet of things device if a first device receiving error occurs when the first module identification data sent back from the first communication module is received; wherein the first device reception error comprises a first device reception timeout error or a first device instruction error.
Preferably, the first and second liquid crystal materials are,
the first internet of things device is specifically configured to, when the first module identification data sent back from the first subscriber identity module is received, perform on-hook processing on the second internet of things device if a second device reception error occurs; wherein the second device reception error comprises a second device reception timeout error or a second device instruction error.
Preferably, the first and second liquid crystal materials are,
the first internet of things equipment is specifically used for acquiring preset first binding module identification data and first binding module identification data from the local when the first equipment is locked; and when the first binding module identification data is not matched with the received first module identification data or the first binding module identification data is not matched with the received first module identification data, performing third Internet of things equipment on-hook processing.
Preferably, the first and second liquid crystal materials are,
the first communication module is specifically used for performing hang-up processing on the first communication module if a first module receiving error occurs when receiving the second module identification data sent back from the first subscriber identification module; wherein, the first module receiving error comprises a first module receiving overtime error or a first module instruction error.
Preferably, the first and second liquid crystal materials are,
the first communication module is specifically used for locally acquiring preset first binding equipment identification data and second binding module identification data when the first module is locked; and when the first binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received second module identification data, performing on-hook processing on a second communication module.
Preferably, the first and second liquid crystal materials are,
the first subscriber identity module is specifically used for locally acquiring preset second binding equipment identification data and second binding module identification data when the first module is locked; and when the second binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received first module identification data, performing second user identification module on-hook processing.
The embodiment of the invention provides a system for locking bound equipment, a module and a user identification module, wherein different authentication processes are respectively established at three ends of the equipment, the module and the user identification module based on binding information, the three authentication processes use respective authentication processes to authenticate the legal identities of the equipment, the module and the user identification module, and self-locking is carried out on the equipment, the module and the user identification module once the authentication fails; in addition, a remote authentication flow is established between the user identification module and the remote server, and the user identification module is locked once authentication fails; therefore, the problems that the Internet of things equipment is stolen and stolen are solved, the overall anti-theft performance of the Internet of things equipment is improved, the operation risk of an Internet of things operator is reduced, and the economic loss of the Internet of things operator is reduced.
Drawings
Fig. 1 is a schematic structural diagram of a system for locking a bound device, a bound module, and a bound subscriber identity module according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a system for locking a bound device, a bound module, and a subscriber identity module, as shown in fig. 1, which is a schematic structural diagram of a system for locking a bound device, a bound module, and a subscriber identity module according to an embodiment of the present invention, the system includes: the system comprises a first internet of things device 101, a first communication module 102, a first subscriber identity module 103 and a first remote server 104.
Here, the first internet of things device 101 is a terminal device host deployed at the front end of the internet of things; the first communication Module 102 is a communication device or equipment that can access the internet or the internet of things via a mobile communication network, a local area network (wired or wireless access mode) or a wide area network (wired or wireless access mode), and the first Subscriber Identity Module 103 is a Subscriber Identity Module (SIM), a Universal Integrated Circuit Card (UICC), a USIM, an eSIM, an embedded SIM (embedded Subscriber Identity Module) or a virtual SIM (vSIM); the first remote server 104 is a terminal device, a stand-alone server, a virtual server, or a server based on a cloud architecture, which can access the internet through a mobile communication network, or a local area network (wired or wireless access manner) or a wide area network (wired or wireless access manner).
Here, the local areas of the three objects, i.e., the first internet of things device 101, the first communication module 102 and the first subscriber identity module 103, pre-store the identification data of the other two objects bound to the local areas; on the first remote server 104, the identification data of the first internet of things device 101, the first communication module 102 and the first subscriber identity module 103 which are already bound are also stored through the identification database; regarding the identification data, the identification data of the first internet of things device 101 may be a Serial Number (SN) of a device, a Media Access Control (MAC) address, or the like; the identification data of the first communication module 102 may be a module product serial number SN, or an International Mobile Equipment Identity (IMEI) of Mobile communication, or a module chip unique identification number, etc.; the identification data of the first Subscriber Identity module 103 may be an Integrated Circuit Card Identity (ICCID) of Mobile communication, an International Mobile Subscriber Identity (IMSI) of Mobile communication, a telephone number (MSISDN) of Mobile communication, an Electronic Identity (eID), or the like.
The first internet of things device 101 is respectively connected with the first communication module 102 and the first subscriber identity module 103; the first internet of things device 101 is configured to read first local device identification data from the local as first device identification data; and sends first acquisition module identification instruction data including the first device identification data to the first communication module 102; and receives the first module identification data sent back from the first communication module 102; and sends first acquisition module identification instruction data including the first device identification data to the first subscriber identity module 103; and receives the first module identification data sent back from the first subscriber identity module 103; and locking the first equipment according to the first module identification data and the first module identification data.
Here, if the first internet of things device 101, the first communication module 102 and the first subscriber identity module 103 are all integrated on one device motherboard, the connection mode among the three devices is an internal data bus connection mode; if the first communication module 102 and the first subscriber identity module 103 are pluggable devices, apparatuses, or modules, the connection mode between the first internet of things apparatus 101 and the first internet of things apparatus may be a Serial communication port connection mode, a Universal Serial Bus (USB) connection mode, or the like.
Here, the command head of the first obtaining module identification command data is the obtaining module identification command, the command body has the first device identification data for transmitting the internet of things device identity information of the sending command to the first communication module 102, and the corresponding first module identification data transmitted back by the first communication module 102 is for feeding back the communication module identity information to the first internet of things device 101; similarly, the instruction head of the first obtaining module identification instruction data is the obtaining module identification instruction, the instruction body has the first device identification data for transmitting the internet of things device identity information of the sending instruction to the first user identification module 103, and the corresponding first module identification data transmitted back by the first user identification module 103 is for feeding back the user identification module identity information to the first internet of things device 101.
In a specific implementation manner provided in the embodiment of the present invention, the first internet of things device 101 is specifically configured to perform hang-up processing on the first internet of things device if a first device reception error occurs when receiving the first module identification data sent back from the first communication module 102; wherein the first device reception error comprises a first device reception timeout error or a first device instruction error.
In another specific implementation manner provided in the embodiment of the present invention, the first internet of things device 101 is specifically configured to, when receiving the first module identification data sent back from the first user identification module 103, perform on-hook processing on the second internet of things device if a second device reception error occurs; wherein the second device reception error comprises a second device reception timeout error or a second device instruction error.
Here, when the first internet of things device 101 sends a command to the first communication module 102 and the first subscriber identity module 103, if any one of the first communication module 102 and the first subscriber identity module 103 cannot recognize the corresponding acquisition module identification command and acquisition module identification command, it indicates that it is not necessarily the communication module or the subscriber identity module bound to the internet of things device; for the case where the instruction cannot be recognized, there are conventionally two types: one is that the underlying communication protocol of the first internet of things device 101 is not supported, so that a communication timeout error occurs in the first internet of things device 101, that is, the first device reception timeout error and the second device reception timeout error are described above; one is that although supporting the bottom layer communication protocol of the first internet of things device 101, the acquisition module identification instruction and the acquisition module identification instruction cannot be correctly identified, and the phenomenon is that only the communication status word but no substantial return data is found on the communication port, so that the first internet of things device 101 has an instruction error, that is, the first device instruction error and the second device instruction error in the foregoing; when the error occurs, the first internet of things device 101 discriminates that the first communication module 102 or the first subscriber identity module 103 is not a communication module or a subscriber identity module bound to itself, and then, from the safety perspective, an on-hook process, that is, the on-hook processing process of the first and second internet of things devices, is immediately executed; the first and second internet-of-things device on-hook processing flows may be the same or different, and in a conventional case, the corresponding communication port is closed, and the processing flow related to the internet-of-things service running on the first internet-of-things device 101 is stopped, or in some cases, the shutdown processing flow is directly executed. Thus, the thief cannot use the first internet of things device 101.
For example, after the first internet of things device 101 sends the first acquisition module identification instruction data to the first communication module 102, according to the communication protocol specification, the first communication module 102 should respond within 30 milliseconds, but the first internet of things device 101 does not receive any return information after waiting for 30 milliseconds at the communication port, the first internet of things device 101 considers that the first communication module 102 is a non-binding module, and the first internet of things device 101 is immediately powered off from the safety perspective; for another example, after the first internet of things device 101 sends the first obtaining module identifier instruction data to the first subscriber identity module 103, the first subscriber identity module 103 returns the communication status word within 20 milliseconds required by the communication protocol specification, but does not return the data, the first internet of things device 101 considers that the first subscriber identity module 103 is an unbound subscriber identity module, and the first internet of things device 101 is immediately powered off from the security perspective.
In another specific implementation manner provided in the embodiment of the present invention, the first internet of things device 101 is specifically configured to locally acquire preset first binding module identification data and first binding module identification data when the first device is locked; and when the first binding module identification data is not matched with the received first module identification data or the first binding module identification data is not matched with the received first module identification data, performing on-hook processing on the third Internet of things equipment.
Here, when the first internet of things device 101 sends an instruction to the first communication module 102 and the first subscriber identity module 103, the first communication module 102 and the first subscriber identity module 103 may not only recognize the instruction, but also return identification data stored locally, that is, the first module identification data and the first module identification data; this means that the first communication module 102 and the first subscriber identity module 103 are most likely to be in the same application system as the first internet of things device 101, but in order to determine whether a combination error occurs, the first internet of things device 101 needs to identify the first module identification data and the first module identification data after obtaining the first module identification data and the first module identification data; the identification method comprises the steps of firstly, obtaining pre-stored communication module identification data which are in binding relationship with the communication module from the local, namely first binding module identification data, and user identification module identification data which are also first binding module identification data; comparing the first module identification data and the received first module identification data with the first module identification data, if the first module identification data and the first module identification data are the same, indicating that the first module identification data and the first module identification data are in a binding relationship, and if the first module identification data and the first module identification data are different, indicating that the first module identification data and the first module identification data are not in a binding; if the recognized result indicates that there is no binding relationship between the first internet of things device 101 and the second internet of things device, the first internet of things device 101 immediately executes an on-hook process, that is, the third internet of things device on-hook process flow; the third on-hook processing flow of the internet of things device is similar to the first and second on-hook processing flows described above, and in a conventional case, the corresponding communication port is closed, and the processing flow related to the internet of things service running on the first internet of things device 101 is stopped, or in some cases, the shutdown processing flow is directly executed.
For example, the first internet of things device 101 locally stores three pieces of identification data that are in a binding relationship with each other: the first local device identification data is a device SN of 10000010101010, the first binding module identification data is a module SN of 2024125436498784, and the first binding module identification data is a mobile phone number of 13900000001; and the first module identification data returned from the first communication module 102 is "2024125436498700", the first module identification data returned from the first subscriber identity module 103 is "13800000001", and both are different from the locally stored data, then the first internet of things device 101 considers that the first communication module 102 and the first subscriber identity module 103 are both non-binding modules and modules, and from the security viewpoint, the first internet of things device 101 is immediately powered off.
The first communication module 102 is connected with the first subscriber identity module 103; the first communication module 102 is configured to receive first acquisition module identification instruction data sent from the first internet of things device 101, and extract first device identification data from the first acquisition module identification instruction data; reading the first local module identification data from the local as the first module identification data; sending first module identification data to the first internet of things device 101; then, sending second acquisition module identification instruction data including the first module identification data to the first subscriber identity module 103; and receives the second module identification data sent back from the first subscriber identity module 103; and then, locking the first module according to the first equipment identification data and the second module identification data.
Here, if the first communication module 102 and the first subscriber identity module 103 are integrated on a single communication module board, the connection mode between the two is an internal data bus connection mode; if the first subscriber identity module 103 is a pluggable module, the connection mode between the first communication module 102 and the first subscriber identity module 103 may be a Serial communication port connection mode, a Universal Serial Bus (USB) connection mode, or the like.
Here, after receiving and recognizing the module identification acquiring instruction sent by the first internet of things device 101, the first communication module 102 extracts the first device identification data in the instruction body, so as to perform binding relationship recognition on the internet of things device subsequently, and sends back the first module identification data representing the first local module identification data, so as to transmit the communication module identity information of the received instruction to the first internet of things device 101; the second obtaining module identification instruction data command head is a obtaining module identification instruction, the command body is provided with first module identification data for transmitting communication module identity information of a sending instruction to the first subscriber identification module 103, and the second module identification data returned by the corresponding first subscriber identification module 103 is for feeding back the subscriber identification module identity information to the first communication module 102.
In another specific implementation manner provided in the embodiment of the present invention, the first communication module 102 is specifically configured to perform a first communication module hang-up process if a first module receiving error occurs when receiving the second module identification data sent back from the first subscriber identity module 103; wherein, the first module receiving error comprises a first module receiving overtime error or a first module instruction error.
Here, when the first communication module 102 sends an instruction to the first subscriber identity module 103, if the first subscriber identity module 103 cannot recognize the module identifier acquiring instruction, it indicates that it is not necessarily a subscriber identity module bound with the communication module; for the case where the instruction cannot be recognized, there are conventionally two types: one is that the underlying communication protocol of the first communication module 102 is not supported, so that the first communication module 102 has a communication timeout error, i.e. the first module reception timeout error mentioned above; one is that although supporting the bottom layer communication protocol of the first communication module 102, the module identification instruction cannot be correctly identified and obtained, and the phenomenon is that only the communication status word but no substantial return data exists on the communication port, thereby causing the first communication module 102 to generate an instruction error, i.e. the above first module instruction error; when the error occurs, the first communication module 102 discriminates that the first subscriber identity module 103 is not a subscriber identity module bound to itself, and then, from the safety perspective, an on-hook process, that is, the first communication module on-hook processing process, is immediately executed; the first communication module on-hook processing flow, under a normal condition, closes the corresponding communication port and stops the communication signal processing flow running on the first communication module 102, and under some conditions, directly executes the active power-down processing flow. Thus, the thief cannot use the first communication module 102.
For example, after the first communication module 102 sends the second module identification instruction data to the first subscriber identity module 103, according to the communication protocol specification, the first subscriber identity module 103 should respond within 20 ms, but the first communication module 102 does not receive any return information after waiting for 20 ms at the communication port, the first communication module 102 regards the first subscriber identity module 103 as an unbound subscriber identity module, and from the security perspective, the first communication module 102 immediately and actively loses power; for another example, after the first communication module 102 sends the second module identification instruction data to the first subscriber identity module 103, the first subscriber identity module 103 returns the communication status word within 20 milliseconds required by the communication protocol specification, but does not return data, the first communication module 102 considers that the first subscriber identity module 103 is an unbound subscriber identity module, and the first communication module 102 is immediately powered off actively from the safety perspective.
In another specific implementation manner provided in the embodiment of the present invention, the first communication module 102 is specifically configured to locally acquire preset first binding device identification data and second binding module identification data when the first module is locked; and when the first binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received second module identification data, performing on-hook processing on the second communication module.
Here, the first communication module 102 can normally respond to the instruction of the first internet of things device 101, and when sending the instruction to the first subscriber identity module 103, the first subscriber identity module 103 can not only identify the instruction, but also return the locally stored identification data, that is, the second module identification data; this means that the first internet of things device 101 and the first subscriber identity module 103 are most likely to be in the same application system as the first communication module 102, but in order to determine whether a combination error occurs, the first communication module 102 needs to identify the first device identification data and the second module identification data after obtaining the first device identification data and the second module identification data; the identification method comprises the steps of firstly, obtaining pre-stored Internet of things equipment identification data which is in binding relationship with the equipment from the local, namely first binding equipment identification data, and user identification module identification data which is also second binding module identification data; comparing the first device identification data and the second module identification data with the received first device identification data and second module identification data, if the first device identification data and the second module identification data are the same, indicating that the first device identification data and the second module identification data are in binding relationship, and if the first device identification data and the second module identification data are different, indicating that the first device identification data and the second module identification data are; if the recognized results are that there is no binding relationship, the first communication module 102 will immediately execute the hang-up procedure, i.e. the second communication module hang-up process above; the second communication module on-hook process is similar to the first communication module on-hook process described above, and in a conventional case, the corresponding communication port is closed, and the communication signal processing flow running on the first communication module 102 is stopped, or in some cases, the active power-down processing flow is directly executed. Thus, the thief cannot use the first communication module 102.
For example, the first communication module 102 locally stores three identification data related to each other: the first binding equipment identification data is a device SN of 10000010101010, the first local module identification data is a module SN of 2024125436498784, and the second binding module identification data is a mobile phone number of 13900000001; the first device identification data sent from the first internet of things device 101 is "10000010101010", which is the same as the locally stored data, but the second module identification data returned from the first subscriber identification module 103 is "13800000001", which is different from the locally stored data, so that the first communication module 102 considers that the first subscriber identification module 103 is an unbound module, and the first communication module 102 immediately and actively loses power from a security perspective.
The first user identification module 103 is configured to receive first obtaining module identification instruction data sent from the first internet of things device 101, and extract first device identification data from the first obtaining module identification instruction data; reading the first local module identification data from the local as first module identification data; sending first module identification data to the first internet of things device 101; receiving second acquisition module identification instruction data sent from the first communication module 102, and extracting first module identification data from the second acquisition module identification instruction data; then using the first local module identification data as second module identification data; and sends the second module identification data to the first communication module 102; and then, according to the first equipment identification data and the first module identification data, locking the first module.
In another specific implementation manner provided in the embodiment of the present invention, the first subscriber identity module 103 is specifically configured to locally obtain preset second binding device identification data and second binding module identification data when the first module is locked; and when the second binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received first module identification data, performing hang-up processing on the first subscriber identification module.
Here, the first subscriber identity module 103 can normally respond to the instructions of the first internet of things device 101 and the first communication module 102, which means that the first internet of things device 101 and the first communication module 102 are most likely to be in the same application system as the first subscriber identity module 103, but in order to determine whether a combination error occurs, the first subscriber identity module 103 needs to identify the first device identification data and the first module identification data after obtaining the first device identification data and the first module identification data; the identification method comprises the steps of firstly, obtaining pre-stored Internet of things equipment identification data which are in binding relationship with the equipment from the local, namely second binding equipment identification data, and communication module identification data which are also second binding module identification data; comparing the first equipment identification data and the first module identification data with the received first equipment identification data and the received first module identification data, if the first equipment identification data and the first module identification data are the same, indicating that the first equipment identification data and the first module identification data are in binding relationship, and if the first equipment identification data and the first module identification data are different, indicating that the first equipment identification data and the first module identification; if the identification results are that the first subscriber identification module 103 does not have a binding relationship with each other, the first subscriber identification module 103 immediately executes an on-hook process, that is, the first subscriber identification module on-hook process in the above description, normally, the operation related to the internet of things application running on the first subscriber identification module 103 is stopped, and then either the corresponding communication port is closed, or all the instructions sent by the first internet of things device 101 and the first communication module 102 connected thereto are replied in a uniform format, and if the first subscriber identification module 103 has an automatic power-down function, the active power-down process flow can also be directly executed. Thus, the thief cannot use the first subscriber identity module 103.
For example, the first subscriber identity module 103 locally stores three identification data that are in a binding relationship with each other: the second binding equipment identification data is a device SN of 10000010101010, the second binding module identification data is a module SN of 2024125436498784, and the first local module identification data is a mobile phone number of 13900000001; the first device identification data sent from the first internet of things device 101 is "10000010101012", and the first module identification data sent from the first communication module 102 is "2024125436498700", which are both different from the locally stored data, indicating that the first internet of things device 101 is an unbound device of the first subscriber identity module 103, and the first communication module 102 is an unbound module of the first subscriber identity module 103, and from the security perspective, the first subscriber identity module 103 immediately stops the operation related to the internet of things application running on the first subscriber identity module 103, and sets an instruction error status word in response to all the instructions sent from the first internet of things device 101 and the first communication module 102.
In summary, in the system for locking the bound device, module, and subscriber identity module provided in the embodiment of the present invention, the first internet of things device 101, the first communication module 102, and the first subscriber identity module 103 can perform self-checking and self-locking, and for the first internet of things device 101, the first communication module 102, and the first subscriber identity module 103 in the system, through this mechanism, the anti-theft performance of the system itself can be greatly improved; for the operator of the whole system, the equipment theft prevention performance is enhanced, the probability of damage to natural equipment is reduced, and the corresponding operation risk and economic loss are also reduced.
In addition, in order to further improve the anti-theft performance of the first subscriber identity module 103, the embodiment of the present invention further provides a processing flow of locking authentication between the first remote server 104 that performs resource management on the internet of things device, the communication module, and the subscriber identity module at a remote end and the first subscriber identity module 103, which is described in detail as follows.
The first subscriber identity module 103 is connected with the first remote server 104 through the first communication module 102; the first subscriber identity module 103 is further configured to obtain second device identification data from the first internet of things device 101; acquiring second module identification data from the first communication module 102; the second equipment identification data, the second module identification data and the first local module identification data are sent to the first remote server 104 through the first communication module 102; and receiving first verification status data sent back from the first remote server 104 within a defined first time; and when the first verification state data cannot be received within the first time or the first verification state data is failed to be verified, performing on-hook processing on the second subscriber identification module.
Here, the second device identification data is identification data of the first internet of things device 101, the second module identification data is identification data of the first communication module 102, the first local module identification data is identification data of the first user identification module 103 locally stored, and the first user identification module 103 can not only perform self-locking by locally comparing the three data, but also perform self-locking according to a verification result of the first remote server 104 on the three data; if the verification result from the first remote server 104 is not received within the limited time, that is, the first time, in order to prevent the communication module from being stolen, the first subscriber identity module 103 may also perform self-locking; the second user identification module on-hook processing during self-locking is similar to the first user identification module on-hook processing in the foregoing, and under a conventional condition, the operation related to the internet of things application running on the first user identification module 103 is stopped, and then either the corresponding communication port is closed, or all instructions sent by the first internet of things device 101 and the first communication module 102 connected with the communication port are replied according to a uniform format, and if the first user identification module 103 has an automatic power-down function, an active power-down processing flow can be directly executed. Thus, the thief cannot use the first subscriber identity module 103.
The first remote server 104 is configured to receive the second device identification data, the second module identification data, and the first local module identification data sent from the first subscriber identity module 103; taking the three data as query key words of logic, and performing first corresponding record query processing in an identification data database; if the first corresponding record is failed to inquire, setting the first verification state data as verification failure; and sends the first verification status data to the first subscriber identity module 103.
Here, the first remote server 104 stores all the bound identification data sets by using an identification data database, wherein the identification data sets at least comprise physical network equipment identification data, communication module identification data and user identification module identification data which are bound with each other; after the first remote server 104 receives the second device identification data, the second module identification data and the first local module identification data sent by the first user identification module 103, the three data are used as query conditions to perform first corresponding record query processing, when the first corresponding record query processing is executed, if an identification data group completely matched with the three data can be obtained in an identification data database, the first corresponding record query processing is successful, otherwise, the first corresponding record query processing is failed; if the first corresponding record query processing fails, it indicates that the three identification data uploaded by the first subscriber identity module 103 are not in a mutual binding relationship, and in order to activate the locking process on the first subscriber identity module 103, the first remote server 104 issues the first verification status data = verification failure to the first subscriber identity module 103.
In addition, in order to prevent the first subscriber identity module 103 from being unable to receive the issued verification result in time for self-locking due to communication failure or artificial interception, modification of the issued data, and the like, the first remote server 104 of the embodiment of the present invention further provides a processing flow for forcibly shutting down the first subscriber identity module 103.
The first remote server 104 is also connected with an operator server through an operator service interface; the first remote server 104 is further configured to, when the first corresponding record query processing fails, find out a first electrical signal code corresponding to the first local module identification data from the electrical signal code database, and call the operator service interface to perform first service stop processing on the first electrical signal code.
Here, the first remote server 104 for performing resource management on the first internet of things device 101, the first communication module 102 and the first user identification module 103 may be connected to an operator server, and a channel connecting the first internet of things device 101, the first communication module 102 and the first user identification module is generally an operator service interface provided by an operator; after the first remote server 104 performs the first corresponding record query processing on the second device identification data, the second module identification data and the first local module identification data sent by the first user identification module 103, if the first corresponding record query processing fails, the first remote server may establish a connection with the operator server through an operator service interface, and perform a first service stop processing on the first electric signal code searched from the local electric signal code database, that is, the electric signal code corresponding to the first local module identification data of the first user identification module 103; the first out-of-service process is handled in two specific ways, one is direct shutdown and the other is data traffic service of shutting down the number. In this way, the thief cannot use the first subscriber identity module 103.
The embodiment of the invention provides a system for locking bound equipment, a module and a user identification module, wherein different authentication processes are respectively established at three ends of the equipment, the module and the user identification module based on binding information, the three authentication processes use respective authentication processes to authenticate the legal identities of the equipment, the module and the user identification module, and self-locking is carried out on the equipment, the module and the user identification module once the authentication fails; in addition, a remote authentication flow is established between the user identification module and the remote server, and the user identification module is locked once authentication fails; therefore, the problems that the Internet of things equipment is stolen and stolen are solved, the overall anti-theft performance of the Internet of things equipment is improved, the operation risk of an Internet of things operator is reduced, and the economic loss of the Internet of things operator is reduced.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (7)

1. A system for locking bound devices, modules, and subscriber identity modules, the system comprising: the system comprises a first Internet of things device, a first communication module and a first user identification module;
the first Internet of things equipment is respectively connected with the first communication module and the first user identification module; the first Internet of things equipment is used for reading first local equipment identification data from the local and taking the first local equipment identification data as first equipment identification data; sending first acquisition module identification instruction data including the first equipment identification data to the first communication module; receiving first module identification data sent back from the first communication module; sending first acquisition module identification instruction data including the first equipment identification data to the first user identification module; and receiving first module identification data sent back from the first subscriber identity module; then, locking the first equipment according to the first module identification data and the first module identification data;
the first communication module is connected with the first user identification module; the first communication module is used for receiving the first acquisition module identification instruction data sent by the first internet of things equipment and extracting the first equipment identification data from the first acquisition module identification instruction data; reading first local module identification data from local as the first module identification data; sending the first module identification data to the first Internet of things equipment; then sending second acquisition module identification instruction data including the first module identification data to the first user identification module; and receiving second module identification data sent back from the first subscriber identity module; then, according to the first equipment identification data and the second module identification data, locking a first module;
the first user identification module is used for receiving the first acquisition module identification instruction data sent by the first internet of things equipment and extracting the first equipment identification data from the first acquisition module identification instruction data; reading first local module identification data from local as the first module identification data; sending the first module identification data to the first Internet of things equipment; receiving the second acquisition module identification instruction data sent by the first communication module, and extracting the first module identification data from the second acquisition module identification instruction data; then using the first local module identification data as the second module identification data; sending the second module identification data to the first communication module; then, according to the first equipment identification data and the first module identification data, first module locking processing is carried out;
the system also includes a first remote server;
the first user identification module is connected with the first remote server through the first communication module; the first user identification module is further used for acquiring second equipment identification data from the first internet of things equipment; acquiring second module identification data from the first communication module; sending the second equipment identification data, the second module identification data and the first local module identification data to the first remote server through the first communication module; and receiving first verification status data sent back from the first remote server within a defined first time; when the first verification state data cannot be received in the first time or the first verification state data is failed to be verified, performing first subscriber identity module on-hook processing;
the first remote server is configured to receive the second device identification data, the second module identification data, and the first local module identification data sent from the first subscriber identity module; taking the three data as query key words of logic, and performing first corresponding record query processing in an identification data database; if the query processing of the first corresponding record fails, setting the first verification state data as verification failure; sending the first verification state data to the first user identification module;
the first remote server is also connected with an operator server through an operator service interface; and the first remote server is also used for searching a first telecommunication number corresponding to the first local module identification data from a telecommunication number database when the first corresponding record query processing fails, calling the operator service interface, and performing first service stopping processing on the first telecommunication number.
2. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first internet of things device is specifically used for performing on-hook processing on the first internet of things device if a first device receiving error occurs when the first module identification data sent back from the first communication module is received; wherein the first device reception error comprises a first device reception timeout error or a first device instruction error.
3. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first internet of things device is specifically configured to, when the first module identification data sent back from the first subscriber identity module is received, perform on-hook processing on the second internet of things device if a second device reception error occurs; wherein the second device reception error comprises a second device reception timeout error or a second device instruction error.
4. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first internet of things equipment is specifically used for acquiring preset first binding module identification data and first binding module identification data from the local when the first equipment is locked; and when the first binding module identification data is not matched with the received first module identification data or the first binding module identification data is not matched with the received first module identification data, performing third Internet of things equipment on-hook processing.
5. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first communication module is specifically used for performing hang-up processing on the first communication module if a first module receiving error occurs when receiving the second module identification data sent back from the first subscriber identification module; wherein, the first module receiving error comprises a first module receiving overtime error or a first module instruction error.
6. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first communication module is specifically used for locally acquiring preset first binding equipment identification data and second binding module identification data when the first module is locked; and when the first binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received second module identification data, performing on-hook processing on a second communication module.
7. The system for locking bound devices, modules, subscriber identity modules according to claim 1,
the first subscriber identity module is specifically used for locally acquiring preset second binding equipment identification data and second binding module identification data when the first module is locked; and when the second binding equipment identification data is not matched with the received first equipment identification data or the second binding module identification data is not matched with the received first module identification data, performing second user identification module on-hook processing.
CN202110117561.XA 2021-01-28 2021-01-28 System for locking bound equipment, module and subscriber identity module Active CN112469042B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110117561.XA CN112469042B (en) 2021-01-28 2021-01-28 System for locking bound equipment, module and subscriber identity module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110117561.XA CN112469042B (en) 2021-01-28 2021-01-28 System for locking bound equipment, module and subscriber identity module

Publications (2)

Publication Number Publication Date
CN112469042A CN112469042A (en) 2021-03-09
CN112469042B true CN112469042B (en) 2021-05-25

Family

ID=74802798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110117561.XA Active CN112469042B (en) 2021-01-28 2021-01-28 System for locking bound equipment, module and subscriber identity module

Country Status (1)

Country Link
CN (1) CN112469042B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114599024B (en) * 2022-03-10 2023-12-19 北京中广瑞波科技股份有限公司 Device for processing multiple user identity modules

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100268A (en) * 2015-08-26 2015-11-25 中国联合网络通信集团有限公司 Security control method and system of Internet-of-things device as well as application server
CN108040335A (en) * 2017-12-07 2018-05-15 深圳市优友互联有限公司 A kind of Internet of Things communication number management method and system based on smart card
CN111669448A (en) * 2020-06-30 2020-09-15 苏州三六零智能安全科技有限公司 Information interaction method and device for Internet of things equipment, storage medium and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244227A (en) * 2013-06-09 2014-12-24 中国移动通信集团公司 Terminal access authentication method and device in internet of things system
US10382919B2 (en) * 2017-02-10 2019-08-13 T-Mobile Usa, Inc. Provisioning device and/or line sharing capabilities to internet of things (IoT) devices
WO2018194971A1 (en) * 2017-04-17 2018-10-25 Intel Corporation Group based context and security for massive internet of things devices
CN108737381B (en) * 2018-04-23 2021-11-16 厦门盛华电子科技有限公司 Extension authentication method of Internet of things system
US10743171B2 (en) * 2018-09-14 2020-08-11 Aferno, Inc. Apparatus and method for registering and associating internet of things (IoT) devices with anonymous IoT device accounts
CN109672683B (en) * 2018-12-25 2021-07-20 深圳市安信认证系统有限公司 Binding method and binding device of Internet of things equipment and terminal equipment
CN111327416A (en) * 2019-12-13 2020-06-23 刘高峰 Internet of things equipment access method and device and Internet of things platform

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100268A (en) * 2015-08-26 2015-11-25 中国联合网络通信集团有限公司 Security control method and system of Internet-of-things device as well as application server
CN108040335A (en) * 2017-12-07 2018-05-15 深圳市优友互联有限公司 A kind of Internet of Things communication number management method and system based on smart card
CN111669448A (en) * 2020-06-30 2020-09-15 苏州三六零智能安全科技有限公司 Information interaction method and device for Internet of things equipment, storage medium and device

Also Published As

Publication number Publication date
CN112469042A (en) 2021-03-09

Similar Documents

Publication Publication Date Title
US8649766B2 (en) Authentication apparatus
EP2196045B1 (en) System and method for protecting data in wireless devices
US9143922B2 (en) Method and system for controlling communication between an UICC and an external application
EP2260653B1 (en) Method and apparatus for managing subscription credentials in a wireless communication device
US8639290B2 (en) UICC control over devices used to obtain service
US20080090548A1 (en) Method for tracking mobile communication terminal
CN105682093A (en) Wireless network access method and access device, and client
EP3675541B1 (en) Authentication method and device
US11051158B2 (en) Subscriber identity module activation for NB-IoT devices
CN109792601B (en) Method and equipment for deleting eUICC configuration file
CN113271299B (en) Login method and server
WO2012129851A1 (en) Mobile terminal and network locking method therefor
CN112469042B (en) System for locking bound equipment, module and subscriber identity module
US8805278B2 (en) Main board, and method of implementing network/card locking and mobile terminal in which network/card locking is implemented
CN101232677A (en) Method and apparatus for start-up logging of mobile terminal
US8583081B2 (en) Method for calculating a first identifier of a secure element of a mobile terminal according to a second identifier of said secure element
CN112165458A (en) Real-name authentication method, device and terminal
CN106341374B (en) Method and device for limiting access of unlicensed user equipment to home gateway
CN103281693A (en) Wireless communication authentication method, network translation equipment and terminal
CN112637849B (en) Terminal equipment access control method and device and multimedia broadcasting equipment
CN110191464B (en) Method and system for preventing SIM card from being stolen
GB2609054A (en) Methods and systems for allowing device to send and receive data
EP2355028B1 (en) Authentication apparatus
CN105792205A (en) Method for client to initiate verification of access point validity
CN100415032C (en) Interaction method for mobile terminal and network side in mobile communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 437, Building 18, No. 1889 Huandao East Road, Hengqin New District, Zhuhai City, Guangdong Province, 519031

Patentee after: Guangdong Shumi Technology Co.,Ltd.

Address before: 100020 2902 Shangdu south tower, SOHO, Chaoyang District, Beijing

Patentee before: BEIJING SHOWMAC NETWORK TECHNOLOGY CO.,LTD.