CN101355763B - Terminal authentification system, terminal authentification method - Google Patents
Terminal authentification system, terminal authentification method Download PDFInfo
- Publication number
- CN101355763B CN101355763B CN2008101443143A CN200810144314A CN101355763B CN 101355763 B CN101355763 B CN 101355763B CN 2008101443143 A CN2008101443143 A CN 2008101443143A CN 200810144314 A CN200810144314 A CN 200810144314A CN 101355763 B CN101355763 B CN 101355763B
- Authority
- CN
- China
- Prior art keywords
- data
- terminal
- wireless communication
- communication system
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an authentication method, an authentication system, a terminal and a server therein. The authentication system is the one of the terminal used in a wireless communication system that accesses the server from the terminal by a base station. The terminal comprises a first encryption unit that encrypts part of data sent from the terminal by universal key to generate a first encryption data; a second encryption unit that changes code row sequence of the first encryption data to generator a second encryption data; and a sending data generation unit that adds the second encryption data on the data to generator the sending data; the server comprises a decryption unit that restores the code row sequence of the second encryption data added on the sending data sent from the terminal and decrypts with the universal key; a data abandoning unit that abandons data received from the terminal under a condition that decrypted data is not proper.
Description
Technical field
The illegal use that the present invention relates to the terminal prevents method, especially only allows to send data to the terminal that allows from the wireless communication system that the terminal conducts interviews to server via the base station to use.
Background technology
As this technology; Give two kinds of ID numberings that are called as MIN (Mobile Identification Number) and ESN (Electronic SerialNumber) to the mobile telephone terminal (portable telephone terminal, automobile telephone terminal) of AMPS (the Advanced MobilePhone System) mode of uses such as North America or Australia, and the ID numbering is stored in the built-in EEPROM nonvolatile memories such as (ElectricErasable Programmable Read Only Memory).
MIN is equivalent to telephone number, and ESN is equivalent to make numbering.Under situation about calling; Send these two ID codes by mobile telephone terminal to network; Whether register the group of these two ID codes in the network terminal inspection; Only have and establish the talk path of dialling between hitter and the those who answer under the situation of these two codes, become according to air time, speech range to dialling the structure that the hitter collects the charges in registration.
But, also have following situation: illegally obtain the MIN and the ESN of in esse validated user, these MIN and ESN are write the EEPROM of other mobile telephone terminals and illegally communicate.In the communication process of the illegal use of this mobile telephone terminal, almost can't handle at the switch end, produce the problem of original user being collected the circuit usage charges.
Solution countermeasure as the problems referred to above; Known: the illegal use of the mobile telephone terminal in a kind of GSM prevents method; The 2nd ID codes such as an ID code that installs identification usefulness and telephone number are stored in the nonvolatile memory of mobile telephone terminal in advance; During communication these ID codes are sent to network, judge whether to register the group of first, second code, have in registration under the situation of these code-group to allow communication in network terminal; It is characterized in that; When first code is write the nonvolatile memory of mobile telephone terminal, in the writing station side mobile telephone terminal is encrypted and be input to first code, the nonvolatile memory that writes direct of first code after mobile telephone terminal will be encrypted; During communication first code after this encryption is deciphered, first code that obtains is sent to network (with reference to patent documentation 1) with second code.
No. 2902249 specification of [patent documentation 1] Japan Patent
The illegal use at prior mobile phone terminal prevents method, owing to be to prevent the illegal mode of using through specific cipher mode, so can be general in the wireless communication system that adopts the cipher mode identical with the cipher mode of this mobile telephone terminal.
Therefore; In a state (or region); Will with the same wireless communication system of the wireless communication system that has adopted (first wireless communication system) under the situation that other countries (or region) expand; Terminal as in second wireless communication system of new expansion, allowing to use can't be limited in the use at used terminal in first wireless communication system.
Summary of the invention
Problem of the present invention (purpose) is; A kind of authentication method, Verification System are provided, are used for wherein terminal and server; Promptly as the terminal that can use in second wireless communication system of first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and the identical cipher mode of employing, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use.
In order to solve above-mentioned problem, Verification System of the present invention is the Verification System at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that,
Said terminal comprises:
First ciphering unit, it is encrypted the part of the data of sending from this terminal with universal key, generates first enciphered data;
Second ciphering unit, its code column to said first enciphered data changes in proper order, to generate second enciphered data; With
Send data generating unit, they are additional said second enciphered data on said data, sends data to generate,
Said server comprises:
Decryption unit, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that it will send from said terminal is carried out deciphering with said universal key; With
Data are discarded the unit, and it discards the data that receive from the terminal under the unsuitable situation of the data after the said deciphering.(technical scheme 1)
Have, be characterised in that, said wireless communication system refusal is from the visit that only possesses with the terminal of general first ciphering unit of existing wireless communication system.(technical scheme 2)
And then, be characterised in that said second ciphering unit begins to be attached on the said data according to first enciphered data of opposite order after with said encryption from last bit.(technical scheme 3)
Also have, authentication method of the present invention is the authentication method at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that this authentication method comprises:
In said terminal, with universal key the part of the data of sending from this terminal is encrypted, generate the step of first enciphered data;
Code column to said first enciphered data changes in proper order, to generate the generation step of second enciphered data;
Additional said second enciphered data on said data, with the step of generation transmission data,
In said server, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that will receive from said terminal is carried out the step of deciphering with said universal key; With
Under the unsuitable situation of the data after the said deciphering, the step of the discarded data that receive from the terminal.(technical scheme 4)
Have, terminal of the present invention is the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that, comprising again:
First ciphering unit, it is encrypted the part of the data of sending from this terminal with universal key, generates first enciphered data;
Second ciphering unit, its code column to said first enciphered data changes in proper order, to generate second enciphered data; With
Send data generating unit, they are additional said second enciphered data that has been changed said code column order on said data.(technical scheme 5)
Also have, server of the present invention is the server that from the wireless communication system that the terminal conducts interviews to server, uses via the base station, it is characterized in that this server comprises:
Decryption unit, the code column order recovery original state that is attached to the enciphered data on the transmission data that it will send from said terminal is carried out deciphering with universal key; With
Data are discarded the unit, and it discards the data that receive from the terminal under the unsuitable situation of the data after the said deciphering.
According to authentication method of the present invention, Verification System, be used for wherein terminal and server; As the terminal that in first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and second wireless communication system that adopts identical cipher mode, can use, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use.
Description of drawings
Fig. 1 is used to explain the function constitution map that has adopted the wireless communication system of new particular encryption mode for the illegal use (not permitting the use at terminal) that prevents terminal of the present invention.
Fig. 2 is the sequence chart that the handling process between terminal, base station and the server in the wireless communication system of Verification System (authentication method) at terminal of the present invention has been used in expression.
Among the figure: 1-universal key, 2-data (send data, receive data), 3-ciphering unit (encrypt, decipher), 4-code column order conversion (listed sequence change, listed sequence restore), 5-encrypting messages.
Embodiment
Before the Verification System (authentication method) to terminal of the present invention describes, the existing wireless communication system that has adopted the particular encryption mode for the illegal use (not permitting the use at terminal) that prevents the terminal is divided into end side handles that processing describes with server side.
At first,, utilize the known ciphering unit of a part (for example 16 bytes) of sending data being encrypted with one's own universal key to generate encrypting messages, and send to server after this encrypting messages being attached to the end of above-mentioned transmission data in end side.
At server side; With one's own universal key the additional encrypting messages in reception data end that receives from the terminal is deciphered; Whether judgement comes the data of self terminal correct; At (terminal be regular and the situation at the terminal that is allowed under) under the situation correct, allow later data communication from terminal data.
Have again, in (terminal be not regular and the situation at the terminal that is allowed under) under the incorrect situation of data, discarded received data.
Then, utilize Fig. 1 that the Verification System (authentication method) at terminal of the present invention is described.
Fig. 1 is used to explain the function constitution map that has adopted the wireless communication system of new particular encryption mode for the illegal use (not permitting the terminal to use) that prevents the terminal of the present invention.
In Fig. 1, be divided into and constitute that the terminal of wireless communication system side is handled and server side is handled and put down in writing.
At first; In end side; 1 pair of part (for example 16 bytes) of sending data 2 of universal key so that known ciphering unit 3-1 is had is encrypted; Generate encrypting messages (first enciphered data) 5, the code column of this encrypting messages is attached to the end of data in proper order after changing and sends to server with listed sequence change unit 4-1.
At server side; After the code column that will be added from the data end that the terminal receives with listed sequence restoration unit 4-2 changes the code column order recovery original state of data 5 in proper order; Universal key 1 with decryption unit 3-2 is had is deciphered; Whether judgement is correct from terminal data, at (terminal be regular and the situation at the terminal that is allowed under) under the correct situation of the data of coming self terminal, allows later data communication.
Have again, in (terminal be not regular and the situation at the terminal that is allowed under) under the incorrect situation of data, discarded received data.
In the present invention; As stated; Through carrying out as the known encryption method of first encryption and as the change of the code column order of second encryption; Thereby, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use as the terminal that in first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and second wireless communication system that adopts identical cipher mode, can use.
In addition, second encryption is because only change the code column order of the encrypting messages that first encryption obtains, so can realize with simple structure.
Have, the change of the code column order of encrypting messages is not just upset for example again, can carry out the various changes that begin from the code column assigned position in proper order of encrypting messages.
Then, the sequence chart of utilizing Fig. 2 describes the handling process between terminal, base station and server in the wireless communication system of the Verification System (authentication method) of having used terminal of the present invention.
Between terminal and base station, carry out the link connecting moves.(step S1)
If link is connected, then send connection to the base station and begin request (BIND) from the terminal.(step S2)
In the base station, begin request (BIND), link connecting moves between base station and server according to connection.(step S3)
If link is connected, then send connection to server and begin request (BIND) from the base station.(step S4)
Begin request (BIND) according to connection from the base station, via the base station from server to the terminal send to connect begin to confirm (" success ") (+RSP).(step S5, S6)
Then, as shown in Figure 1, send the data at the place, end that changes encrypting messages code column order and be attached to data to server via the base station.(step S7)
In server, the code column that is additional to the data end is changed in proper order the code column order recovery original state of data after, decipher with one's own universal key, judge the data of self terminal whether correct.(step S8)
In (terminal be not regular and the situation at the terminal that is allowed under) under the situation that is judged as ERROR of step S8, the discarded data that receive.(step S9)
At (terminal be regular and the situation at the terminal that is allowed under) under the situation that is judged as OK of step S8, allow later data communication.(step S10)
In above-mentioned explanation; Explained: the Verification System at terminal of the present invention (authentication method) is in a state (or region); Will with the same wireless communication system of the wireless communication system that has adopted (first wireless communication system) under the situation that other countries (or region) expand; As the terminal that in second wireless communication system of new expansion, allows to use; Be limited in the use at used terminal in first wireless communication system, but first wireless communication system and second wireless communication system also can be the systems that is applicable to same region, also can be made as the wireless communication system and the hard-core wireless communication system that on the function at terminal, limit.
Have again; As the terminal of in wireless communication system of the present invention, using; Also can manufacture the terminal that possesses first ciphering unit and the second ciphering unit both sides function; First ciphering unit wherein, it is encrypted the part of the data of sending from this terminal with universal key, to generate encrypting messages; Second ciphering unit, the code column of its message after to said encryption changes in proper order, stops the second ciphering unit function when dispatching from the factory etc. and only possesses first ciphering unit.
Claims (4)
1. the Verification System at a terminal, it is the Verification System at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station,
Said terminal comprises:
First ciphering unit, it is encrypted the part of the data of sending from this terminal with universal key, to generate first enciphered data;
Second ciphering unit, its code column to said first enciphered data changes in proper order, generates second enciphered data; With
Send data generating unit, they are additional said second enciphered data on said data, and generate and send data,
Said server comprises:
Decryption unit, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that it will send from said terminal is carried out deciphering with said universal key; With
Data are discarded the unit, and it discards the data that receive from the terminal under the unsuitable situation of the data after the said deciphering.
2. the Verification System at terminal according to claim 1 is characterized in that,
Said wireless communication system refusal is from the visit that only possesses with the terminal of general first ciphering unit of existing wireless communication system.
3. the Verification System at terminal according to claim 1 and 2 is characterized in that,
Said second ciphering unit begins to be attached on the said data according to first enciphered data of opposite order after with said encryption from last bit.
4. the authentication method at a terminal, it is the authentication method at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, this authentication method comprises:
In said terminal, with universal key the part of the data of sending from this terminal is encrypted, generate the step of first enciphered data;
Code column to said first enciphered data changes in proper order, generates the generation step of second enciphered data;
Additional said second enciphered data generates the step of sending data on said data,
In said server, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that will receive from said terminal is carried out the step of deciphering with said universal key; With
Under the unsuitable situation of the data after the said deciphering, the step of the discarded data that receive from the terminal.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2007193390A JP2009033320A (en) | 2007-07-25 | 2007-07-25 | Authentication system for terminal, authentication method for terminal, terminal, and server |
| JP2007193390 | 2007-07-25 | ||
| JP2007-193390 | 2007-07-25 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101355763A CN101355763A (en) | 2009-01-28 |
| CN101355763B true CN101355763B (en) | 2012-03-07 |
Family
ID=40308293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101443143A Expired - Fee Related CN101355763B (en) | 2007-07-25 | 2008-07-25 | Terminal authentification system, terminal authentification method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2009033320A (en) |
| CN (1) | CN101355763B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790984A (en) * | 2004-12-14 | 2006-06-21 | 中兴通讯股份有限公司 | User identity secret-keeping method in communication system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS6026387A (en) * | 1983-07-22 | 1985-02-09 | 日本電信電話株式会社 | Digital signature system |
| JPH0227389A (en) * | 1988-07-15 | 1990-01-30 | Sony Corp | Enciphering method and enciphering device/decoding device using enciphering method concerned |
| JPH10190650A (en) * | 1996-12-27 | 1998-07-21 | Canon Inc | Cipher method and communication system using the method |
| JP2000004223A (en) * | 1998-06-16 | 2000-01-07 | Toyo Commun Equip Co Ltd | Encryption/authentication system |
| CN1460238A (en) * | 2000-04-20 | 2003-12-03 | 保仓丰 | electronic information inquiry method |
| JP2006303782A (en) * | 2005-04-19 | 2006-11-02 | Kyocera Corp | Communication authentication system, communication system authentication method, and communication terminal unit |
-
2007
- 2007-07-25 JP JP2007193390A patent/JP2009033320A/en active Pending
-
2008
- 2008-07-25 CN CN2008101443143A patent/CN101355763B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790984A (en) * | 2004-12-14 | 2006-06-21 | 中兴通讯股份有限公司 | User identity secret-keeping method in communication system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101355763A (en) | 2009-01-28 |
| JP2009033320A (en) | 2009-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101662765B (en) | Encryption system and method of short message of mobile telephone | |
| CN102934470B (en) | For in a communications system by the method and apparatus of subscriber identification with device authentication binding | |
| CN101917711B (en) | A kind of method of mobile communication system and voice call encryption thereof | |
| CN108762791A (en) | Firmware upgrade method and device | |
| JP4536934B2 (en) | Authentication method for cellular communication system | |
| JP2000269959A (en) | Authentication method by updated key | |
| US20230171100A1 (en) | Personalization of a secure element | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN104521213A (en) | Manipulation and restoration of authentication challenge parameters in network authentication procedures | |
| JP4887362B2 (en) | Method for implementing SIM functionality in a maintenance module at a later date | |
| CN108352982B (en) | Communication device, communication method, and recording medium | |
| CN109639644A (en) | Authority checking method, apparatus, storage medium and electronic equipment | |
| CN104796891A (en) | Security certification system by means of service provider's network and corresponding method | |
| CN105554759A (en) | Authentication method and authentication system | |
| US7353211B2 (en) | Method for encrypting data and a telecommunications terminal and access authorization card | |
| US7933597B2 (en) | Method of registering a network, and mobile station and communication system using the same | |
| CN101355763B (en) | Terminal authentification system, terminal authentification method | |
| CN106961330A (en) | Quantum key service station | |
| CN100461915C (en) | Method for conducting secrete handling for PC broadside-on mobile terminal information | |
| CN111585939B (en) | End-to-end identity authentication and communication encryption method and system between Internet of things devices | |
| US20040252838A1 (en) | Mechanism for secure transmission of signals in wireless communication devices | |
| KR20080094349A (en) | Method for checking status of sim card for connecting a network, and terminal thereof | |
| JPH09331578A (en) | Authentication method and system | |
| CN101176296A (en) | Network assisted terminal to SIMM/UICC key establishment | |
| KR101603476B1 (en) | Method for Dual Certification by using Dual Channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120307 Termination date: 20130725 |