CN101242269B - Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service - Google Patents

Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service Download PDF

Info

Publication number
CN101242269B
CN101242269B CN2007100637626A CN200710063762A CN101242269B CN 101242269 B CN101242269 B CN 101242269B CN 2007100637626 A CN2007100637626 A CN 2007100637626A CN 200710063762 A CN200710063762 A CN 200710063762A CN 101242269 B CN101242269 B CN 101242269B
Authority
CN
China
Prior art keywords
service provider
user
pki
terminal
mobile communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2007100637626A
Other languages
Chinese (zh)
Other versions
CN101242269A (en
Inventor
隋爱芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhigu Tech Co Ltd
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Priority to CN2007100637626A priority Critical patent/CN101242269B/en
Publication of CN101242269A publication Critical patent/CN101242269A/en
Application granted granted Critical
Publication of CN101242269B publication Critical patent/CN101242269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a network security field, specifically to a mobile communication terminal, an ISP internet terminal, a system and a method for destining a telecom service. The invention comprises the following steps: a step 1, using a subscriber private key to sign an information of reservation service at the mobile communication terminal, and sending the signature to the ISP internet; astep 2, the ISP internet validates whether the subscriber's signature is available in the reservation service information using a common key, if the signature is available, entering a step 3, and otherwise, turning to a step 4; a step 3, storing the reservation service information, providing the service to the subscriber, and sending the reservation service information to a charging terminal for charging; and a step 4, returning an error information to the subscriber. The invention can prevent a cheat between SP and subscriber in telecom value added service value added service reservation service, and increase the security of network service.

Description

Subscribe mobile communication terminal, service provider terminal, the system and method for telecommunications service
Technical field
The present invention relates to communication network field, particularly network safety filed is a kind of mobile communication terminal, service provider terminal, system and method for subscribing telecommunications service concretely.
Background technology
Now, China Telecom's value-added service is in continuous growth, meanwhile, the service trap has also brought some bad influences to people's life, rubbish short message (SMS) for example, by defrauding of money of short message, the user is carried out price cheating (for example allowing user's transmission more than once serve confirmation, to obtain the more information expense).These present situations have suffered that people more and more complain.More than in the negative product that brings by telecommunications industry development price cheating much cause by service provider (SP) malice, this situation is more and more serious.
The service provider may customized certain service of force users, and for example, the service provider can send some information on services to the user by telecom operators' management and the active of technology leak, and collects the charges from user's account automatically.Some service providers may be provided with trap on the Internet or WAP site, when the user clicks the button on certain webpage accidentally or registers, this user will certain service of compulsory reservation, and any service has been subscribed in the many times also unclear operation just now of user at this moment, thereby suffers loss economically.Along with the development of mobile internet, people's internet usage is also more frequent, and the service provider of some malice is easy to make the user of view Internet to subscribe some service by the design webpage, and these services are not that the user wishes to obtain.Perhaps SP forges the short message of user's booking service, adds subscriber directory number therein, provides this subscription information to operator, allows operator that this user is chargeed.
Another deception is called as the answer trap, some service providers utilize short message or instant chat software to send the information that some have temptation to the user, for example, congratulate the user and suffered Grand Prix in so-and-so sweepstake, perhaps thereby the identity spoofing user with friend allows user's answer short message cease, and has just subscribed a certain service behind user's answer short message breath.Some service provider's propaganda certain service on probation that the user can be free in several days, after the user has tried out this service a period of time not or forget the cancellation free trial, then rate are still automatically deducted by system from user's account, and this moment, the user did not also know.
The user transmits the customized information of short message or other value-added telecom services by telecom operators to the service provider, and the service provider transmits rates ground to telecom operators, and telecom operators carry out generation to this user and charge.Sometimes the service provider can obtain irrational interests to means such as the user cheat, and the user sometimes also can to its some customized service deny, cause some troubles of telecom operators and service provider.Present telecom operators use a lot of methods to go to overcome the above problems, if but there is not non-repudiation mechanism, operator is difficult to judge whether the reservation of service is the expression of the true wish of user, or service provider's deception.Operator has no idea also to confirm whether the operation of withholing has obtained user's mandate, and it all is very big so causing user's loss and loss on telecom operators' fame economically.
Non-repudiation mechanism is applied in mobile electron consumption (e-commerce) and Email, makes network service safer.
Can partly address the above problem by the mode of unified service provider's access code at present, development along with telecommunications service and market structure, it is very fast that service provider's quantity increases, a service provider can provide multiple service for a plurality of telecom operators, in China, service provider's short message (SMS) access code is by telecom operators' appointment, so the access code for the different same service providers of telecom operators may be different, it is very inconvenient that this makes that the user remembers these access codes, and these service providers of supervision and oversight are also very not convenient, for example, a service provider is owing to cheated the user, suffered to forbid that this service provider telecom operators that can also use other carry out fraudulent activity so at some telecom operators place.Provisions of the Ministry of Information Industry service provider must unify at the access code of different telecom operators, the work of unified access code will be implemented on October 31st, 2007, will solve the behavior of service provider's user cheating so to a certain extent, do not charge and the means of payment but this mode still changes, telecom operators can't confirm still whether the charging that the user is obtained to serve is proper.
Another kind can the part solution to the problems described above be the management platform of unified telecom operators.Telecom operators in the past just provide services on the Internet to the service provider, information such as user's data, charging, payment are all under each different service provider's management, China moved and set up a management platform in August, 2004, name is called Mobile Information Service Center, other telecom operators also set up similar platform one after another with unified certification, managed service provider, for the service provider to the user for charging, follow the trail of information on services, user's registration and payment information, even can also the monitor service content.The so effective overall process of leading subscriber subscribed services, prevent service provider's user cheating, but the method for monitoring of this unified platform can not overcome the above problems fully, because the user only need reply simple short message (SMS), sometimes the information of Hui Fuing even be empty just can to serve by customized certain, so telecom operators can't determine still whether this service is that the user wishes to obtain.
Cryptographic system (ID-based cryptosystem) based on identity is a kind of common key cryptosystem, certificate does not use public-key, client public key can derive out according to disclosed subscriber identity information, and this common key cryptosystem is mainly used in the e-mail system.Traditional common key cryptosystem PKI based on certificate, the work load of certificate management is heavy, and PKI requires all users to register in advance, and this hinders this method of application and solves the problem that above-mentioned telecommunication user runs into.And eliminated the deficiency of key management in the PKI cryptographic system based on the cryptographic system of identity, and can make the light more and safety of user authority management, for example Alice sends an envelope mail to Bob, the address is bobcompany.com, encryption system based on identity uses bobcompany.com to encrypt as PKI, does not need to learn the public key certificate of Bob.Can also have some information relevant with subscriber identity information in cryptographic system, for example, temporal information can limit Bob according to the identity of Bob and temporal information and when could be decrypted this envelope letter.Reduced former PKI system key administration overhead by cryptographic system, and strengthened management means based on identity.
Summary of the invention
In order to overcome the above problems, the object of the present invention is to provide the mobile communication terminal of subscribing telecommunications service, can realize user's signature, be that subscriber authorisation sends with the information of guaranteeing reservation service.
The present invention also provides a kind of service provider terminal, is used to receive the information of above-mentioned booking service, and whether the checking user's signature is effective, to guarantee the legitimacy of user's subscribed services.
The present invention also provides a kind of system of subscribing telecommunications service, realizes the fail safe of predetermined telecommunications service.
The present invention also provides a kind of method of subscribing telecommunications service, prevents service provider's user cheating and telecom operators.Because the number of user's mobile communication terminal and service provider terminal is unique, the present invention utilizes the public key cryptography mechanism of this characteristics use based on identity, improves a lot in the fail safe to existing mobile communications network booking service management.
A kind of method of subscribing telecommunications service may further comprise the steps:
Step 1 is used user's private key that particular data is signed at mobile communication terminal, and is sent it to the service provider;
Step 2, whether described service provider utilizes the user's signature in the described particular data of described user's public key verifications effective, and wherein, described client public key generates according to this user's telephone number at least; If effectively then enter step 3, otherwise enter step 4;
Step 3 is stored described particular data, provides information to described user, and described particular data is transmitted to for billing terminal to carry out the generation charging;
Step 4 returns to described mobile communication terminal error message.
Wherein said particular data comprises the short message of booking service, perhaps the wap data of booking service, the perhaps service subscription information of transmitting based on internet.Described private key for user is to be produced by the master key at key authentication center, key algorithm parameter and described user's PKI join operation.Described service provider derives client public key according to the identity information of user in the short message that receives, all do not go KAC to take the PKI at family when so just not needing to verify user's signature at every turn, this derivation algorithm can use existing based on the algorithm in the identity public key cryptographic system, and additional this user's PKI is so that described service provider obtains this PKI in the short message of general described booking service.
According to further aspect of the inventive method, in described step 3, also comprise, step 5, described generation billing terminal utilize described user's the user's signature of the described reservation service information of public key verifications whether effective, if effectively then enter step 6, otherwise enter step 7; Step 6 is carried out generation to described user and is chargeed; Step 7 is returned error message to described service provider.
According to another further aspect of the inventive method, in described step 6, send announcement information to the user for billing terminal, inform described user should for billing terminal will carry out for billing operation.
According to the inventive method further aspect again, in described step 1, use this user's private key to sign after, also use described service provider's PKI that the information of described booking service is encrypted; In described step 2, the private key that described service provider utilizes oneself is decrypted the information of described booking service, verifies described signature again.Described service provider's PKI is according to this service provider's access code (can also comprise parameters such as time) generation at least; Described service provider's private key is to be produced by the master key at described key authentication center, key algorithm parameter and described service provider's PKI join operation.
According to another further aspect of the inventive method, described user's PKI and private key are by user's request renewal or regular update, and described service provider's PKI and private key upgrade or regular update by described service provider's demand; Described user can obtain the PKI after described service provider upgrades from the disclosed data in key authentication center, perhaps the PKI that generates described service provider according to described service provider's access code (can also comprise other parameters such as time) and the algorithm on the mobile communication terminal.
A kind of mobile communication terminal of subscribing telecommunications service, comprise memory cell, communication unit, processing unit, described memory cell is connected with described processing unit, be used to store user's PKI and private key data, described communication unit is connected with described processing unit, is used for the interface of this mobile communication terminal and extraneous network devices communicating; Also comprise signature blocks, be connected, utilize the private key for user that is stored in the described memory cell that the particular data that described mobile communication terminal sends is signed with described processing unit; Wherein, described client public key generates according to this user's telephone number at least.
Wherein particular data comprises the short message of booking service, perhaps the wap data of booking service, the perhaps service subscription information of transmitting based on internet.
The further aspect of mobile communication terminal also comprises an encrypting module according to the present invention, is connected with described processing unit, utilizes service provider's PKI that particular data that described user sends is encrypted.Can protect privacy of user like this, user's reservation service information can not known by other SP or individual.
The further again aspect of mobile communication terminal according to the present invention, also comprise a update module, be connected with described processing unit,, upgrade client public key and private key data in the described memory cell according to the data of described key authentication center about this client public key and private key.
A kind of service provider terminal comprises communication unit, memory cell, and processing unit, described communication unit is connected with described processing unit, is used for the interface of this service provider terminal and extraneous network devices communicating; Described memory cell is connected with described processing unit, is used to store this service provider's PKI and private key data; Also comprise authentication module, be connected, the particular data that utilizes user's public key verifications to receive with described user's signature by described communication unit with described processing unit; Wherein, described client public key generates according to this user's telephone number at least.
Wherein said particular data comprises the short message of booking service, perhaps the wap data of booking service.
The further aspect of service provider terminal also comprises a deciphering module according to the present invention, is connected with described processing unit, utilizes the private key of described service provider terminal that described particular data is decrypted.
The further again aspect of service provider terminal according to the present invention, also comprise a update module, be connected with described processing unit,, upgrade this service provider's PKI in the described memory cell and the data of private key according to the data of key authentication center about this service provider's PKI and private key.
A kind of system of subscribing telecommunications service comprises,
The key authentication center, at least the identity information according to the mobile communication terminal respective user generates its PKI, described identity information comprises this user's telephone number (can also comprise parameters such as time), PKI join operation according to master key, key algorithm parameter and the described user at described key authentication center generates its private key, and described private key is distributed to the corresponding mobile communication terminal;
Described mobile communication terminal, the memory cell that comprises mobile communication terminal, the communication unit of mobile communication terminal, the processing unit of mobile communication terminal, the memory cell of described mobile communication terminal is connected with the processing unit of described mobile communication terminal, be used to store user's PKI and private key data, the communication unit of described mobile communication terminal is connected with the processing unit of described mobile communication terminal, and is connected with the communication unit of service provider terminal by network; Also comprise signature blocks, be connected, utilize the private key for user that is stored in the described mobile communication terminal memory cell that the particular data that is about to send is signed with the processing unit of described mobile communication terminal;
Service provider terminal comprises the communication unit of service provider terminal, the memory cell of service provider terminal, the processing unit of service provider terminal; The communication unit of described service provider terminal is connected with the processing unit of described service provider terminal, and is connected with the communication unit of described mobile communication terminal by network; The memory cell of described service provider terminal is connected with the processing unit of described service provider terminal, is used to store this service provider's PKI and private key data; Also comprise authentication module, be connected, utilize the above-mentioned particular data of described client public key checking through signature with the processing unit of described service provider terminal;
For billing terminal, receive the described particular data of transmitting by service provider terminal, and this user is carried out generation charge.Wherein, described particular data comprises the short message of booking service, perhaps the wap data of booking service, the perhaps service subscription information of transmitting based on internet.
The further aspect of system according to the invention, described generation billing terminal comprise an authentication module, utilize user's the described particular data of public key verifications through signature.
The further again aspect of system according to the invention, described key authentication center generates its PKI and private key according to the identity information of service provider terminal at least, described identity information comprises this service provider's access code (can also comprise parameters such as time), and described private key is distributed to the corresponding service provider terminal; Described mobile communication terminal also comprises an encrypting module, is connected with the processing unit of described mobile communication terminal, utilizes the PKI of described service provider's end that described particular data through signature is encrypted; Described service provider terminal also comprises a deciphering module, is connected with the processing unit of described service provider terminal, utilizes the private key of described service provider terminal that above-mentioned particular data is decrypted.
Subscribe further aspect of telecom service system according to the present invention, described mobile communication terminal also comprises a update module, be connected with the processing unit of described mobile communication terminal, according to the data of described key authentication center, upgrade this client public key and private key data in the described memory cell about this client public key and private key; Described service provider terminal also comprises a update module, be connected with the processing unit of described service provider terminal, according to the data of key authentication center, upgrade this service provider's PKI in the described memory cell and the data of private key about this service provider's PKI and private key.
Beneficial effect of the present invention is, can prevent that the deception that occurs during booking service prevents that insecure service provider from forging the information of user's booking service in existing mobile communication system, carries out the deception of generation charging by telecom operators; The credit grade that prevents the user is also subscribed some service to the service provider inadequately, causes service provider's loss; And can prevent that situation about after user's booking service its reservation behavior being denied from taking place.Strengthen the fail safe of booking service in the mobile communication by the present invention, and helped the orderly development in market.
Description of drawings
Fig. 1 obtains the flow chart of private key process from KAC for service provider of the present invention;
Fig. 2 is that the present invention is at booking service and charging stage signal flow graph;
Fig. 3 is a flow chart of the present invention;
Fig. 4 is the structure chart of mobile communication terminal of the present invention;
Fig. 5 is a service provider terminal structure chart of the present invention;
Fig. 6 is the system construction drawing of short message booking service of the present invention.
Embodiment
Below, carry out following detailed description for the present invention in conjunction with the accompanying drawings.
The present invention is in mobile communications network, when solving in the background technology relevant issues, with user's the phone number unique identifier as the user, service provider's access code is as this service provider's unique identifier, based on the cryptographic system of identity sign, work such as authentication.
In the present invention, have a key authentication center (KAC) and be in charge of key.KAC produces system parameters and master key, system parameters is open parameter, master key is the key of KAC, and KAC utilizes the ID parameters such as (access codes) of master key, system parameters, user ID (telephone number) or SP to generate the private key of each user and SP, to guarantee the reliability of this private key.In the cryptographic system in the present invention, user's PKI is a user's telephone number, service provider's (SP) PKI is this service provider's a access code, the PKI of user or SP also comprises information such as time, role, for example, user's PKI comprises temporal information, has stipulated the effective time that this user can use public-key; The PKI of SP has comprised temporal information, has stipulated this SP can provide service as reliable service provider to the user in which section period.Each user's private key is generated by system parameters, master key and the client public key join operation of KAC, and the private key of SP is generated by the PKI join operation of system parameters, master key and the SP of KAC.When the user when SP sends short message and subscribes certain service, this user uses its oneself private key that the booking service short message is signed.Because this short message has user's oneself signature, so this user can't deny; And with the PKI of SP the short message of booking service is encrypted, this is for the right of privacy of protection user booking service in communication process, has only the corresponding SP of PKI could the short message of this booking service be decrypted.After SP receives the short message of this booking service, use the private key of oneself to be decrypted, use the signature of transmit leg user's PKI (the transmit leg user's telephone number can also comprise parameters such as time, role) checking transmit leg again.
As further embodiment, booking service can be short message, also can be by WAP mode or the reservation service information on internet, sent.
As further embodiment, the PKI of user and SP and private key all will upgrade as required, perhaps Ding Shi renewal.If user's PKI has upgraded, user's private key also will upgrade accordingly according to the variation of PKI, because the telephone number of general PKI can not change, just other parameters of PKI that change, for example effective time, role etc., so though telephone number does not have to change because the parameter change of PKI whole PKI also just changed, at KAC dispatch user private key is to generate according to master key, system parameters and user's PKI, so PKI and its corresponding private key all together change when upgrading at every turn.The public and private key of SP is to the also right renewal of similar above-mentioned user's public and private key.Renewal work with online carry out or line under carry out, for example, the user downloads the mode of (OTA) in the air and upgrades, that is, the wave point of user mobile phone in the mobile network transmits private key, and is stored among the user mobile phone; SP PKI and private key also can upgrade by OTA or the Internet.KAC can be by open user and SP the mode of PKI realize upgrading PKI, after the user uses new private key to sign, SP will obtain client public key after the renewal from KAC, so that the checking of signing.Perhaps when the user sends the reservation short message, in short message, add this user's PKI automatically, so that SP calls this user's PKI when certifying signature.Perhaps SP optionally also has time parameter, role's parameter etc. according to this user's ID, derives user's PKI.
When the user subscribes a service, be not to send short message all to sign at every turn, have only when the user sends the short message of booking service and just sign, SP checking user's signature is no problem, confirm that this user is a validated user, to guarantee that can there be deception in this user aspect first-class in credit line, and the reservation short message transmitting that will have user's signature is given for billing terminal (be generally telecom operators for billing terminal), by verifying once more for billing terminal whether this user's signature is effective, just in generation, carried out in this booking service when having only user's signature effective and charge, can avoid replying the deception of trap and SP forgery user booking service short message like this.
As further embodiment, the user is when serving by the Internet subscription, generally all be earlier mobile phone to be connected with computer, the user is view Internet on this computer, click the button of certain booking service on the net as this user, when needing the signature of invoke user, import this subscription information into mobile phone, use this user's private key to sign.At this moment, the computing of only under user's permission, just signing.Signing messages with this booking service after signature finishes returns to terminal again, sends service provider terminal to by the Internet.Under the best situation, should protect the execution stream of signature algorithm, this protected mode has much in the prior art.
In cryptographic system based on identity, key updating can realize by regulation key service time (a for example season), for example, service provider's PKI: the SP1 first quarter, here SP1 is an access code, the first quarter is a time parameter, because credit grade that may this each season of SP is different, that is to say that each season of this SP can provide the project of service to be restricted to the user.After the user used the private key of oneself that the reservation short message is signed, the PKI that re-uses SP1 was encrypted, and sends to service provider SP 1.SP1 can only use its private key to be decrypted in the first quarter, and when after the time, the time parameter in the PKI of this SP1 will upgrade, and SP1 need regain private key from KAC.Therefore by controlling public and private key to the term of validity, KAC can effectively control the service provider provides time limit from service to the user, and KAC can also control, have only legal users by using the effective private key can booking service, the behavior of the booking service of amount so also can leading subscriber can not occur surpassing.
As shown in Figure 1, obtain the flow chart of private key process from KAC for service provider of the present invention.
Step S101, service provider SP in the time, for example in the season, is submitted the access code (can also comprise other information, for example Role Information: provide which kind of telecommunication value-added COS etc.) of this SP in validity to KAC.
Step S102, KAC verify whether this SP is the SP of telecom operators' approval.If the SP of telecom operators' approval then enters step S103, otherwise enter step S104.
Step S103 generates the private key of this SP, stores this private key, and is distributed to corresponding SP.When SP obtains private key, also can obtain algorithm (enciphering and deciphering algorithm, signature and certifying signature algorithm) and algorithm parameter.
Step S104 returns error message to SP.
Step S105, SP verify the validity of this private key when receiving above-mentioned SP private key, if this private key is effective, enter step S106, otherwise enter step S107.
Step S106 stores this private key.
Step S107 abandons this private key.
When the user wanted to subscribe certain service, the user obtained private key, algorithm and system parameters from KAC.Private key and algorithm can be stored in the user and indicate in module (SIM) card, use this private key when signing, as illustrated embodiments, SIM card is preferably replaced by the STK card, the STK jig has bigger memory space, and this just makes it can store the private key and the algorithm of more complicated.
Figure 2 shows that the present invention in booking service with for charging stage signal flow graph, the network by telecom operators after the short message 1 of booking service is signed by private key for user sends to service provider (SP1).The checking that utilizes the PKI of user A to sign by SP1 effectively then provide service to the user, is transmitted this information on services by telecom operators if confirm this signature.SP1 is transmitted to telecom operators with user's reservation short message 1, by telecom operators the signature of short message 1 is done checking (this step is optional) again, if verify that the signature of this short message is effective, then the account of this user A is carried out generation and charge, otherwise return to the SP1 miscue at the telecom operators place.As preferred embodiment, when user side sends the short message 1 of booking service, the short message 1 of this signature PKI of serviced provider is again encrypted, can comprise parameters (importing this time parameter by the user) such as time during the input PKI, for example be a season effective time of the PKI of this SP1.
Be illustrated in figure 3 as flow chart of the present invention.
Step S201, when user A subscribes certain service, import the short message of booking service by his mobile phone, use his private key that short message is signed, this subscription information comprises the public key information of user A, the service content of reservation, the time span that user A subscribes this service etc., the process of signature is transparent to the user, whether user decision signs to the short message of booking service, so just can prevent the deceptive practices that the short message of this SP1 forgery user booking service is chargeed to this user.The short message of this booking service is sent to SP1 by the network of telecom operators.
Step S202, SP1 utilize the PKI of user A that the signature of short message is verified.Whether the signature of verifying this short message is effective.If signature effectively then enters step S203,, then enter step S204 if it is invalid to sign
Step S203, SP1 store subscription information and provide respective service to this user, and SP1 to telecom operators provide user A the information of booking service for billing terminal so that carry out generation charging.Have only legal users to obtain private key, so just guaranteed the uniqueness of private key from KAC, obtain user's signature as SP1 after, confirmed to subscribe a certain service with regard to representative of consumer.
Step S204 returns miscue information to the user.
Step S205, telecom operators whether check the signature of user A for billing terminal effective.If signature is effectively, then enters step S206, otherwise enter step S207.
Step S206, telecom operators for billing terminal then to this user for charging.For the safety of managing, A can point out the user once more in telecom operators, reminds the information of user A booking service.
Step S207, this billing error of notice SP1.
Wherein step S205 telecom operation row verifies it is omissible to user's signature, and directly by behind the SP1 checking user's signature, the booking service short message transmitting that will have this user's signature is given telecom operators, and notice operator is for charging.Can alleviate the work load of telecom operators like this.In order to improve the fail safe of booking service, prevent the deception of SP, can carry out signature verification to this reservation short message once more at the telecom operators place.
Be illustrated in figure 4 as mobile communication terminal structural representation of the present invention.This mobile communication terminal comprises memory cell, communication unit, and processing unit, described memory cell is connected with described processing unit, and described communication unit is connected with described processing unit; Described communication unit is the interface of devices communicating in this mobile communication terminal and the extraneous network.Also comprise signature blocks, be connected, utilize the private key that is stored in the described memory cell that the short message that described mobile communication terminal sends is signed with described processing unit.
Also comprise an encrypting module, be connected, utilize PKI that the short message that described user sent is encrypted with service provider's information with described processing unit.
Also comprise a update module, be connected, according to the configuration information in the described memory cell of configuration information update at described key authentication center with described processing unit.
Fig. 5 is a service provider terminal device structure schematic diagram of the present invention.This service provider terminal comprises communication unit, memory cell, and processing unit, described communication unit is connected with described processing unit; Described memory cell is connected with described processing unit; Described communication unit is the interface of devices communicating in this service provider terminal and the extraneous network.Also comprise authentication module, be connected, utilize client public key to verify the short message of the booking service that receives by described communication unit with described user's signature with subscriber identity information with described processing unit.
Also comprise a deciphering module, be connected, utilize the private key of described service provider terminal that the reservation service information with this service provider terminal PKI that is received by described communication unit is decrypted with described processing unit.
Also comprise a update module, be connected, according to the configuration information in the described memory cell of the configuration information update at key authentication center with described processing unit.
Be illustrated in figure 6 as system configuration schematic diagram of the present invention.Mobile communication terminal among the figure is the mobile communication terminal among Fig. 4 of the present invention, and service provider terminal is the service provider terminal among Fig. 5 of the present invention.User's mobile communication terminal and SP terminal link by the network of telecom operators, comprise telecom operation Shang dynasty billing terminal, the mobile communication terminal booking service short message that reception is transmitted by service provider terminal, and the relative users of this mobile communication terminal is carried out generation charge; Also comprise,
The key authentication center generates its PKI and private key according to the subscriber identity information of each mobile communication terminal correspondence, and described private key is distributed to the corresponding mobile communication terminal;
Described mobile communication terminal, the memory cell that comprises mobile communication terminal, the communication unit of mobile communication terminal, the processing unit of mobile communication terminal, the memory cell of described mobile communication terminal is connected with the processing unit of described mobile communication terminal, and the communication unit of described mobile communication terminal is connected with the processing unit of described mobile communication terminal; Also comprise signature blocks, be connected, utilize the private key that is stored in the described mobile communication terminal memory cell that the short message that described mobile communication terminal sends is signed with the processing unit of described mobile communication terminal;
Service provider terminal, the communication unit that comprises service provider terminal, the memory cell of service provider terminal, the processing unit of service provider terminal, the communication unit of described service provider terminal is connected with the processing unit of described service provider terminal; The memory cell of described service provider terminal is connected with the processing unit of described service provider terminal; Authentication module is connected with the processing unit of described service provider terminal; The communication unit of described service provider terminal receives the short message that above-mentioned mobile communication terminal sends, and described authentication module utilization has the public key verifications said short message breath of subscriber identity information.
Described telecom operators comprise an authentication module for billing terminal, utilize to have the described short message of public key verifications of subscriber identity information.
Described key authentication center generates its PKI and private key according to the identity information of each service provider terminal, and described private key is distributed to the corresponding service provider terminal;
Described mobile communication terminal also comprises an encrypting module, is connected with the processing unit of described mobile communication terminal, utilizes the PKI with service provider's client information that the short message that described user sent is encrypted;
Described service provider terminal also comprises a deciphering module, is connected with the processing unit of described service provider terminal, utilizes the private key of described service provider terminal that the said short message breath is decrypted.
Described mobile communication terminal also comprises a update module, is connected with the processing unit of described mobile communication terminal, according to the configuration information in the memory cell of the described mobile communication terminal of configuration information update at described key authentication center;
Described service provider terminal also comprises a update module, is connected with the processing unit of described service provider terminal, according to the configuration information in the memory cell of the described service provider terminal of configuration information update at key authentication center.
Beneficial effect of the present invention is; user's phone number and the access code of SP all are unique; utilize signature mechanism that user's interests are protected; and form a kind of service subscription pattern of non-repudiation; promoted the safety of mobile service; the user uses the PKI of telephone number as the user; SP uses the PKI of access code as SP; do not need a large amount of digital certificate that does not have practical significance of KAC management; saved the memory space of KAC; in the degree of safety of in improving mobile communication system, concluding the business, improved the efficient of cryptographic system again.
Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.

Claims (20)

1. method of subscribing telecommunications service may further comprise the steps:
Step 1 uses user's private key that particular data is signed at mobile communication terminal, and uses service provider's PKI that described particular data is encrypted, and sends to described service provider;
Step 2, described service provider utilizes the private key of oneself that described particular data is decrypted, and whether described service provider utilizes the user's signature in the described particular data of described user's public key verifications effective, and wherein, described client public key is the PKI based on user identity; If effectively then enter step 3, otherwise enter step 4;
Step 3 is stored described particular data, provides information to described user, and described particular data is transmitted to for billing terminal to carry out the generation charging;
Step 4 returns to described mobile communication terminal error message.
2. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that in the described step 2 that additional this user's PKI is so that described service provider obtains this PKI in the described particular data; Perhaps described service provider goes out described user's PKI according to having this user's uniquely identified information inference in the described particular data.
3. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that described user's PKI and private key are by user's request renewal or regular update.
4. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that, in described step 3, also comprise,
Step 5, described generation billing terminal utilize described user's the user's signature of the described particular data of public key verifications whether effective, if effectively then enter step 6, otherwise enter step 7;
Step 6 is carried out generation to described mobile communication terminal and is chargeed;
Step 7 is returned error message to described service provider.
5. according to the method for the described reservation telecommunications service of claim 4, it is characterized in that, in described step 6, send announcement information to described mobile communication terminal for billing terminal, inform described mobile communication terminal should for billing terminal will carry out for billing operation.
6. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that described private key for user is generated by master key, key algorithm parameter and the described user's at key authentication center PKI join operation at least.
7. the method for predetermined telecommunications service according to claim 1 is characterized in that, described client public key is the PKI based on user identity, comprising:
Described client public key is the PKI that generates according to described user's telephone number at least.
8. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that described service provider's PKI and private key upgrade or regular update by described service provider's demand.
9. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that,
Described service provider's PKI generates according to this service provider's access code at least;
Described service provider's private key is produced by master key, key algorithm parameter and the described service provider's at key authentication center PKI join operation at least.
10. according to the method for the described reservation telecommunications service of claim 1, it is characterized in that described particular data comprises the short message of booking service, the information based on WAP (wireless application protocol) of booking service, based on the service subscription information of internet transmission.
11. mobile communication terminal of subscribing telecommunications service, comprise memory cell, communication unit, processing unit, described memory cell is connected with described processing unit, be used to store user's PKI and private key data, described communication unit is connected with described processing unit, is used for the interface of this mobile communication terminal and extraneous network devices communicating; It is characterized in that, also comprise signature blocks and encrypting module, described signature blocks is connected with described processing unit, utilizes the private key for user that is stored in the described memory cell that the particular data that described mobile communication terminal sends is signed; Described encrypting module is connected with described processing unit, utilizes service provider's PKI that the described particular data that described user sent is encrypted; Wherein, described client public key is the PKI based on user identity.
12. according to the mobile communication terminal of the described reservation telecommunications service of claim 11, described client public key generates according to this user's telephone number at least.
13. mobile communication terminal according to the described reservation telecommunications service of claim 11, it is characterized in that also comprising a update module, be connected with described processing unit, according to the data about this client public key and private key at described key authentication center, upgrade client public key and private key data in the described memory cell.
14. a service provider terminal comprises communication unit, memory cell, and processing unit, described communication unit is connected with described processing unit, is used for the interface of this service provider terminal and extraneous network devices communicating; Described memory cell is connected with described processing unit, is used to store this service provider's PKI and private key data; It is characterized in that, also comprise authentication module and deciphering module, described authentication module is connected with described processing unit, the particular data with described user's signature that utilizes user's public key verifications to be received by described communication unit; Described deciphering module is connected with described processing unit, utilizes the private key of described service provider terminal that described particular data is decrypted; Wherein, described client public key is the PKI based on user identity.
15. service provider terminal according to claim 14 is characterized in that, described client public key generates according to this user's telephone number at least.
16. service provider terminal according to claim 14, it is characterized in that, also comprise a update module, be connected with described processing unit, according to the data about this service provider's PKI and private key at key authentication center, upgrade this service provider's PKI in the described memory cell and the data of private key.
17. a system of subscribing telecommunications service is characterized in that comprising,
The key authentication center, at least the telephone number according to the mobile communication terminal respective user generates its PKI, PKI join operation according to master key, key algorithm parameter and the described user at described key authentication center generates its private key, and described private key is distributed to the corresponding mobile communication terminal;
Described mobile communication terminal, the memory cell that comprises mobile communication terminal, the communication unit of mobile communication terminal, the processing unit of mobile communication terminal, the memory cell of described mobile communication terminal is connected with the processing unit of described mobile communication terminal, be used to store user's PKI and private key data, the communication unit of described mobile communication terminal is connected with the processing unit of described mobile communication terminal, and is connected with the communication unit of service provider terminal by network; Also comprise signature blocks and encrypting module, described signature blocks is connected with the processing unit of described mobile communication terminal, utilizes the private key for user that is stored in the described mobile communication terminal memory cell that the particular data that is about to send is signed; Described encrypting module is connected with the processing unit of described mobile communication terminal, utilizes the PKI of described service provider terminal that described particular data through signature is encrypted,
Service provider terminal comprises the communication unit of service provider terminal, the memory cell of service provider terminal, the processing unit of service provider terminal; The communication unit of described service provider terminal is connected with the processing unit of described service provider terminal, and is connected with the communication unit of described mobile communication terminal by network; The memory cell of described service provider terminal is connected with the processing unit of described service provider terminal, is used to store this service provider's PKI and private key data; Also comprise authentication module and deciphering module, described authentication module is connected with the processing unit of described service provider terminal, utilizes the above-mentioned particular data through signature of described client public key checking; Described deciphering module is connected with the processing unit of described service provider terminal, utilizes the private key of described service provider terminal that above-mentioned particular data is decrypted;
For billing terminal, receive the described particular data of transmitting by service provider terminal, and this user is carried out generation charge.
18. the system according to the described reservation telecommunications service of claim 17 is characterized in that, described generation billing terminal comprise an authentication module, utilize user's the described particular data of public key verifications through signature.
19. the system according to the described reservation telecommunications service of claim 17 is characterized in that,
Described key authentication center generates its PKI according to the access code of service provider terminal at least, PKI join operation by master key, key algorithm parameter and the described service provider at described key authentication center generates its private key, and described private key is distributed to the corresponding service provider terminal.
20. the system according to the described reservation telecommunications service of claim 17 is characterized in that,
Described mobile communication terminal also comprises a update module, is connected with the processing unit of described mobile communication terminal, according to the data about this client public key and private key at described key authentication center, upgrades this client public key and private key data in the described memory cell;
Described service provider terminal also comprises a update module, be connected with the processing unit of described service provider terminal, according to the data about this service provider's PKI and private key at key authentication center, upgrade this service provider's PKI in the described memory cell and the data of private key.
CN2007100637626A 2007-02-09 2007-02-09 Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service Active CN101242269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007100637626A CN101242269B (en) 2007-02-09 2007-02-09 Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007100637626A CN101242269B (en) 2007-02-09 2007-02-09 Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service

Publications (2)

Publication Number Publication Date
CN101242269A CN101242269A (en) 2008-08-13
CN101242269B true CN101242269B (en) 2011-12-07

Family

ID=39933499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007100637626A Active CN101242269B (en) 2007-02-09 2007-02-09 Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service

Country Status (1)

Country Link
CN (1) CN101242269B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11877218B1 (en) 2021-07-13 2024-01-16 T-Mobile Usa, Inc. Multi-factor authentication using biometric and subscriber data systems and methods

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101765101B (en) * 2009-12-15 2013-08-21 大唐微电子技术有限公司 Method and system for aerially writing personalized card
CN102571634A (en) * 2012-01-18 2012-07-11 孙明昭 System for realizing information interaction of network platform by utilizing identifier
CN105282725A (en) * 2015-09-02 2016-01-27 世纪龙信息网络有限责任公司 Business charging method and system
CN106878964B (en) * 2015-12-14 2020-07-28 中国电信股份有限公司江苏客户运营服务中心 Authentication system and method based on short message channel
US9699655B1 (en) * 2016-02-23 2017-07-04 T-Mobile Usa, Inc. Cellular device authentication
CN106549753B (en) * 2016-10-18 2019-07-09 电子科技大学 A kind of encryption method that the support ciphertext of identity-based compares
CN109547205A (en) * 2017-09-22 2019-03-29 中国电信股份有限公司 Authentication method and device, internet-of-things terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564626A (en) * 2004-03-22 2005-01-12 西安电子科技大学 Radio LAN security access method based on roaming key exchange authentication protocal
CN1636378A (en) * 2001-10-26 2005-07-06 艾利森电话股份有限公司 Addressing mechanisms in mobile ip
CN1694564A (en) * 2005-05-19 2005-11-09 中国科学院计算技术研究所 Authentication, authority and accounting method of voice communication in radio block network
CN1790984A (en) * 2004-12-14 2006-06-21 中兴通讯股份有限公司 User identity secret-keeping method in communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1636378A (en) * 2001-10-26 2005-07-06 艾利森电话股份有限公司 Addressing mechanisms in mobile ip
CN1564626A (en) * 2004-03-22 2005-01-12 西安电子科技大学 Radio LAN security access method based on roaming key exchange authentication protocal
CN1790984A (en) * 2004-12-14 2006-06-21 中兴通讯股份有限公司 User identity secret-keeping method in communication system
CN1694564A (en) * 2005-05-19 2005-11-09 中国科学院计算技术研究所 Authentication, authority and accounting method of voice communication in radio block network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11877218B1 (en) 2021-07-13 2024-01-16 T-Mobile Usa, Inc. Multi-factor authentication using biometric and subscriber data systems and methods

Also Published As

Publication number Publication date
CN101242269A (en) 2008-08-13

Similar Documents

Publication Publication Date Title
CN101242269B (en) Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service
CN101207482B (en) System and method for implementation of single login
ES2245482T3 (en) PROCEDURE FOR THE CONTROL OF MEMORIZED APPLICATIONS IN A SUBSCRIBER IDENTITY MODULE.
US8549301B2 (en) Method and computer system for ensuring authenticity of an electronic transaction
CN101010903B (en) Method for generating and verifying an electronic signature
CN101167388B (en) Limited supply access to mobile terminal features
CN102378170B (en) Method, device and system of authentication and service calling
CN1697379B (en) Method for authenticating user's ID in safety communication service of public network based on cryptotechnique of identification
US8359273B2 (en) Secured authentication method for providing services on a data transmisson Network
US20090228966A1 (en) Authentication Method for Wireless Transactions
US20110072496A1 (en) Method and system for user access to at least one service offered by at least one other user
CN101183932A (en) Security identification system of wireless application service and login and entry method thereof
CN101582886A (en) Method and system for identity authentication based on dynamic password
CN103117987A (en) Digital certificate updating method
CN102497367B (en) Method and system for delivering electronic document in certifiable delivery process
CN105142139A (en) Method and device for obtaining verification information
CN106921639A (en) Mobile digital certificate application method and device
CN1885768B (en) Worldwide web authentication method
JP2003069560A (en) Authentication system, information terminal, subscriber identifier issuing device, public key registering device, authentication method, program, and storage medium
CN109815722B (en) Private data transaction method and device
EP1437024A1 (en) Method and arrangement in a communications network
Dass et al. Security framework for addressing the issues of trust on mobile financial services
JP4754359B2 (en) Service distribution system
CN1996831B (en) Certificate application method
KR20110013905A (en) Method for intercepting a spam message

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: BEIJING Z-GOOD TECHNOLOGY SERVICE CO., LTD.

Free format text: FORMER OWNER: SIMENS CO LTD (CHINA)

Effective date: 20141009

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100102 CHAOYANG, BEIJING TO: 100085 HAIDIAN, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20141009

Address after: 100085 Beijing city Haidian District No. 33 Xiaoying Road 1 1F06 room

Patentee after: BEIJING ZHIGU TECHNOLOGY SERVICES CO., LTD.

Address before: 100102 Beijing, Wangjing, Central South Road, No. 7, No.

Patentee before: Simens Co., Ltd. (China)