CN101355763B - Terminal authentification system, terminal authentification method - Google Patents
Terminal authentification system, terminal authentification method Download PDFInfo
- Publication number
- CN101355763B CN101355763B CN2008101443143A CN200810144314A CN101355763B CN 101355763 B CN101355763 B CN 101355763B CN 2008101443143 A CN2008101443143 A CN 2008101443143A CN 200810144314 A CN200810144314 A CN 200810144314A CN 101355763 B CN101355763 B CN 101355763B
- Authority
- CN
- China
- Prior art keywords
- terminal
- data
- encrypted data
- wireless communication
- generate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提供一种认证方法、认证系统、用于其中的终端及服务器。该认证系统,是经由基站从终端对服务器进行访问的无线通信系统中使用的终端的认证系统,所述终端包括:第一加密单元,其以通用密钥对从该终端发送的数据的一部分进行加密,生成第一加密数据;第二加密单元,其对所述第一加密数据的代码列顺序进行变更,生成第二加密数据;和发送数据生成单元,其在所述数据上附加所述第二加密数据,生成发送数据,所述服务器包括:解密单元,其将从所述终端发送来的附加在所述发送数据上的所述第二加密数据的代码列顺序恢复原状,用所述通用密钥执行解密;和数据废弃单元,其在所述解密后的数据不适当的情况下,废弃从终端接收到的数据。
The invention provides an authentication method, an authentication system, a terminal and a server used therein. This authentication system is an authentication system for a terminal used in a wireless communication system that accesses a server from a terminal via a base station, and the terminal includes: a first encryption unit that encrypts part of data transmitted from the terminal with a common key Encryption to generate first encrypted data; a second encryption unit to change the code sequence order of the first encrypted data to generate second encrypted data; and a transmission data generation unit to add the first encrypted data to the data Two encrypted data to generate sent data, the server includes: a decryption unit, which restores the code sequence of the second encrypted data sent from the terminal and attached to the sent data to the original state, and uses the general a key to perform decryption; and a data discarding unit that discards data received from the terminal if the decrypted data is inappropriate.
Description
Technical field
The illegal use that the present invention relates to the terminal prevents method, especially only allows to send data to the terminal that allows from the wireless communication system that the terminal conducts interviews to server via the base station to use.
Background technology
As this technology; Give two kinds of ID numberings that are called as MIN (Mobile Identification Number) and ESN (Electronic SerialNumber) to the mobile telephone terminal (portable telephone terminal, automobile telephone terminal) of AMPS (the Advanced MobilePhone System) mode of uses such as North America or Australia, and the ID numbering is stored in the built-in EEPROM nonvolatile memories such as (ElectricErasable Programmable Read Only Memory).
MIN is equivalent to telephone number, and ESN is equivalent to make numbering.Under situation about calling; Send these two ID codes by mobile telephone terminal to network; Whether register the group of these two ID codes in the network terminal inspection; Only have and establish the talk path of dialling between hitter and the those who answer under the situation of these two codes, become according to air time, speech range to dialling the structure that the hitter collects the charges in registration.
But, also have following situation: illegally obtain the MIN and the ESN of in esse validated user, these MIN and ESN are write the EEPROM of other mobile telephone terminals and illegally communicate.In the communication process of the illegal use of this mobile telephone terminal, almost can't handle at the switch end, produce the problem of original user being collected the circuit usage charges.
Solution countermeasure as the problems referred to above; Known: the illegal use of the mobile telephone terminal in a kind of GSM prevents method; The 2nd ID codes such as an ID code that installs identification usefulness and telephone number are stored in the nonvolatile memory of mobile telephone terminal in advance; During communication these ID codes are sent to network, judge whether to register the group of first, second code, have in registration under the situation of these code-group to allow communication in network terminal; It is characterized in that; When first code is write the nonvolatile memory of mobile telephone terminal, in the writing station side mobile telephone terminal is encrypted and be input to first code, the nonvolatile memory that writes direct of first code after mobile telephone terminal will be encrypted; During communication first code after this encryption is deciphered, first code that obtains is sent to network (with reference to patent documentation 1) with second code.
No. 2902249 specification of [patent documentation 1] Japan Patent
The illegal use at prior mobile phone terminal prevents method, owing to be to prevent the illegal mode of using through specific cipher mode, so can be general in the wireless communication system that adopts the cipher mode identical with the cipher mode of this mobile telephone terminal.
Therefore; In a state (or region); Will with the same wireless communication system of the wireless communication system that has adopted (first wireless communication system) under the situation that other countries (or region) expand; Terminal as in second wireless communication system of new expansion, allowing to use can't be limited in the use at used terminal in first wireless communication system.
Summary of the invention
Problem of the present invention (purpose) is; A kind of authentication method, Verification System are provided, are used for wherein terminal and server; Promptly as the terminal that can use in second wireless communication system of first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and the identical cipher mode of employing, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use.
In order to solve above-mentioned problem, Verification System of the present invention is the Verification System at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that,
Said terminal comprises:
First ciphering unit, it is encrypted the part of the data of sending from this terminal with universal key, generates first enciphered data;
Second ciphering unit, its code column to said first enciphered data changes in proper order, to generate second enciphered data; With
Send data generating unit, they are additional said second enciphered data on said data, sends data to generate,
Said server comprises:
Decryption unit, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that it will send from said terminal is carried out deciphering with said universal key; With
Data are discarded the unit, and it discards the data that receive from the terminal under the unsuitable situation of the data after the said deciphering.(technical scheme 1)
Have, be characterised in that, said wireless communication system refusal is from the visit that only possesses with the terminal of general first ciphering unit of existing wireless communication system.(technical scheme 2)
And then, be characterised in that said second ciphering unit begins to be attached on the said data according to first enciphered data of opposite order after with said encryption from last bit.(technical scheme 3)
Also have, authentication method of the present invention is the authentication method at the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that this authentication method comprises:
In said terminal, with universal key the part of the data of sending from this terminal is encrypted, generate the step of first enciphered data;
Code column to said first enciphered data changes in proper order, to generate the generation step of second enciphered data;
Additional said second enciphered data on said data, with the step of generation transmission data,
In said server, the code column order recovery original state that is attached to said second enciphered data on the said transmission data that will receive from said terminal is carried out the step of deciphering with said universal key; With
Under the unsuitable situation of the data after the said deciphering, the step of the discarded data that receive from the terminal.(technical scheme 4)
Have, terminal of the present invention is the terminal of from the wireless communication system that the terminal conducts interviews to server, using via the base station, it is characterized in that, comprising again:
First ciphering unit, it is encrypted the part of the data of sending from this terminal with universal key, generates first enciphered data;
Second ciphering unit, its code column to said first enciphered data changes in proper order, to generate second enciphered data; With
Send data generating unit, they are additional said second enciphered data that has been changed said code column order on said data.(technical scheme 5)
Also have, server of the present invention is the server that from the wireless communication system that the terminal conducts interviews to server, uses via the base station, it is characterized in that this server comprises:
Decryption unit, the code column order recovery original state that is attached to the enciphered data on the transmission data that it will send from said terminal is carried out deciphering with universal key; With
Data are discarded the unit, and it discards the data that receive from the terminal under the unsuitable situation of the data after the said deciphering.
According to authentication method of the present invention, Verification System, be used for wherein terminal and server; As the terminal that in first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and second wireless communication system that adopts identical cipher mode, can use, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use.
Description of drawings
Fig. 1 is used to explain the function constitution map that has adopted the wireless communication system of new particular encryption mode for the illegal use (not permitting the use at terminal) that prevents terminal of the present invention.
Fig. 2 is the sequence chart that the handling process between terminal, base station and the server in the wireless communication system of Verification System (authentication method) at terminal of the present invention has been used in expression.
Among the figure: 1-universal key, 2-data (send data, receive data), 3-ciphering unit (encrypt, decipher), 4-code column order conversion (listed sequence change, listed sequence restore), 5-encrypting messages.
Embodiment
Before the Verification System (authentication method) to terminal of the present invention describes, the existing wireless communication system that has adopted the particular encryption mode for the illegal use (not permitting the use at terminal) that prevents the terminal is divided into end side handles that processing describes with server side.
At first,, utilize the known ciphering unit of a part (for example 16 bytes) of sending data being encrypted with one's own universal key to generate encrypting messages, and send to server after this encrypting messages being attached to the end of above-mentioned transmission data in end side.
At server side; With one's own universal key the additional encrypting messages in reception data end that receives from the terminal is deciphered; Whether judgement comes the data of self terminal correct; At (terminal be regular and the situation at the terminal that is allowed under) under the situation correct, allow later data communication from terminal data.
Have again, in (terminal be not regular and the situation at the terminal that is allowed under) under the incorrect situation of data, discarded received data.
Then, utilize Fig. 1 that the Verification System (authentication method) at terminal of the present invention is described.
Fig. 1 is used to explain the function constitution map that has adopted the wireless communication system of new particular encryption mode for the illegal use (not permitting the terminal to use) that prevents the terminal of the present invention.
In Fig. 1, be divided into and constitute that the terminal of wireless communication system side is handled and server side is handled and put down in writing.
At first; In end side; 1 pair of part (for example 16 bytes) of sending data 2 of universal key so that known ciphering unit 3-1 is had is encrypted; Generate encrypting messages (first enciphered data) 5, the code column of this encrypting messages is attached to the end of data in proper order after changing and sends to server with listed sequence change unit 4-1.
At server side; After the code column that will be added from the data end that the terminal receives with listed sequence restoration unit 4-2 changes the code column order recovery original state of data 5 in proper order; Universal key 1 with decryption unit 3-2 is had is deciphered; Whether judgement is correct from terminal data, at (terminal be regular and the situation at the terminal that is allowed under) under the correct situation of the data of coming self terminal, allows later data communication.
Have again, in (terminal be not regular and the situation at the terminal that is allowed under) under the incorrect situation of data, discarded received data.
In the present invention; As stated; Through carrying out as the known encryption method of first encryption and as the change of the code column order of second encryption; Thereby, can limit the use at the terminal that only allows in above-mentioned first wireless communication system, to use as the terminal that in first wireless communication system that has adopted the particular encryption mode in order to prevent illegal use (not permitting the use at terminal) and second wireless communication system that adopts identical cipher mode, can use.
In addition, second encryption is because only change the code column order of the encrypting messages that first encryption obtains, so can realize with simple structure.
Have, the change of the code column order of encrypting messages is not just upset for example again, can carry out the various changes that begin from the code column assigned position in proper order of encrypting messages.
Then, the sequence chart of utilizing Fig. 2 describes the handling process between terminal, base station and server in the wireless communication system of the Verification System (authentication method) of having used terminal of the present invention.
Between terminal and base station, carry out the link connecting moves.(step S1)
If link is connected, then send connection to the base station and begin request (BIND) from the terminal.(step S2)
In the base station, begin request (BIND), link connecting moves between base station and server according to connection.(step S3)
If link is connected, then send connection to server and begin request (BIND) from the base station.(step S4)
Begin request (BIND) according to connection from the base station, via the base station from server to the terminal send to connect begin to confirm (" success ") (+RSP).(step S5, S6)
Then, as shown in Figure 1, send the data at the place, end that changes encrypting messages code column order and be attached to data to server via the base station.(step S7)
In server, the code column that is additional to the data end is changed in proper order the code column order recovery original state of data after, decipher with one's own universal key, judge the data of self terminal whether correct.(step S8)
In (terminal be not regular and the situation at the terminal that is allowed under) under the situation that is judged as ERROR of step S8, the discarded data that receive.(step S9)
At (terminal be regular and the situation at the terminal that is allowed under) under the situation that is judged as OK of step S8, allow later data communication.(step S10)
In above-mentioned explanation; Explained: the Verification System at terminal of the present invention (authentication method) is in a state (or region); Will with the same wireless communication system of the wireless communication system that has adopted (first wireless communication system) under the situation that other countries (or region) expand; As the terminal that in second wireless communication system of new expansion, allows to use; Be limited in the use at used terminal in first wireless communication system, but first wireless communication system and second wireless communication system also can be the systems that is applicable to same region, also can be made as the wireless communication system and the hard-core wireless communication system that on the function at terminal, limit.
Have again; As the terminal of in wireless communication system of the present invention, using; Also can manufacture the terminal that possesses first ciphering unit and the second ciphering unit both sides function; First ciphering unit wherein, it is encrypted the part of the data of sending from this terminal with universal key, to generate encrypting messages; Second ciphering unit, the code column of its message after to said encryption changes in proper order, stops the second ciphering unit function when dispatching from the factory etc. and only possesses first ciphering unit.
Claims (4)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2007-193390 | 2007-07-25 | ||
| JP2007193390A JP2009033320A (en) | 2007-07-25 | 2007-07-25 | Terminal authentication system, terminal authentication method, terminal, and server |
| JP2007193390 | 2007-07-25 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101355763A CN101355763A (en) | 2009-01-28 |
| CN101355763B true CN101355763B (en) | 2012-03-07 |
Family
ID=40308293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101443143A Expired - Fee Related CN101355763B (en) | 2007-07-25 | 2008-07-25 | Terminal authentification system, terminal authentification method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2009033320A (en) |
| CN (1) | CN101355763B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790984A (en) * | 2004-12-14 | 2006-06-21 | 中兴通讯股份有限公司 | User identity secret-keeping method in communication system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS6026387A (en) * | 1983-07-22 | 1985-02-09 | 日本電信電話株式会社 | Digital signature system |
| JPH0227389A (en) * | 1988-07-15 | 1990-01-30 | Sony Corp | Enciphering method and enciphering device/decoding device using enciphering method concerned |
| JPH10190650A (en) * | 1996-12-27 | 1998-07-21 | Canon Inc | Cipher method and communication system using the method |
| JP2000004223A (en) * | 1998-06-16 | 2000-01-07 | Toyo Commun Equip Co Ltd | Encryption/authentication system |
| CA2406737C (en) * | 2000-04-20 | 2005-05-10 | Yutaka Yasukura | Electronic information inquiring method |
| JP2006303782A (en) * | 2005-04-19 | 2006-11-02 | Kyocera Corp | Communication authentication system, communication system authentication method, and communication terminal device |
-
2007
- 2007-07-25 JP JP2007193390A patent/JP2009033320A/en active Pending
-
2008
- 2008-07-25 CN CN2008101443143A patent/CN101355763B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790984A (en) * | 2004-12-14 | 2006-06-21 | 中兴通讯股份有限公司 | User identity secret-keeping method in communication system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101355763A (en) | 2009-01-28 |
| JP2009033320A (en) | 2009-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101662765B (en) | Encryption system and method of short message of mobile telephone | |
| ES2263811T3 (en) | PROCEDURE FOR USER NOTIFICATION IN A TERMINAL, AUTHENTICATION SYSTEM, TERMINAL AND AUTHORIZATION DEVICE. | |
| JP2010532107A (en) | Secure transfer of soft SIM credentials | |
| JP4536934B2 (en) | Authentication method for cellular communication system | |
| CN108762791A (en) | Firmware upgrade method and device | |
| JP2003018148A (en) | Radio data communication device and data communication method therefor | |
| JP2000269959A (en) | Authentication method by updated key | |
| CN101641976A (en) | An authentication method | |
| JP4887362B2 (en) | Method for implementing SIM functionality in a maintenance module at a later date | |
| CN109391468A (en) | A kind of authentication method and system | |
| US20230171100A1 (en) | Personalization of a secure element | |
| CN104660567B (en) | D2D terminal access authentication method, D2D terminal and server | |
| CN104521213A (en) | Manipulation and restoration of authentication challenge parameters in network authentication procedures | |
| US20100037053A1 (en) | Mobile station authentication in tetra networks | |
| CN108352982B (en) | Communication device, communication method, and recording medium | |
| CN109639644A (en) | Authority checking method, apparatus, storage medium and electronic equipment | |
| CN106161224A (en) | Method for interchanging data, device and equipment | |
| JP6408536B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, SERVER DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM | |
| CN103259711A (en) | Method and system for communication information transmission | |
| CN110166410B (en) | Method and terminal for safely transmitting data and multimode communication terminal | |
| CN101188869A (en) | Encryption protection method of wireless communication system and related device thereof | |
| US7933597B2 (en) | Method of registering a network, and mobile station and communication system using the same | |
| CN102833243B (en) | A kind of communication means utilizing finger print information | |
| CN111585939B (en) | End-to-end identity authentication and communication encryption method and system between Internet of things devices | |
| CN101355763B (en) | Terminal authentification system, terminal authentification method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120307 Termination date: 20130725 |