Embodiment
The embodiment of the invention provides a kind of method of SIM card authentication, and this method is effectively avoided characteristic value and attacked, and prevents clone SIM card.
In the embodiment of the invention, SIM card has comprised memory cell, and the size of this memory cell is certain, for example can subelement of 16 bytes, and memory cell comprises 60 subelements altogether, number in order each unit; Perhaps subelement of 8 bytes, memory cell comprises 100 subelements altogether, number in order each unit.Like this, the one or more authentication random numbers of storage in memory cell.Authentication random number can be 16 bytes, when memory cell comprises 60 subelements altogether, can all store an authentication random number by each subelement, perhaps have only the parton unit to store an authentication random number, 10,22 or 55 authentication random numbers or the like for example, these authentication random number can deposit the subelement of memory cell in order in, for example, 20 authentication random numbers are arranged, can with these authentication random number deposit preceding 20 subelements in proper order in; Also authentication random number can be deposited randomly in the subelement of memory cell, for example: with 20 authentication random number deposit in 20 subelements, wherein, the numbering of the subelement that deposits in can be 1,3,6,7,8,15,22,23----; One of perhaps per two subelements storage is authentication random number, promptly is numbered 1,3,5, has deposited authentication random number in the subelement of 7----.Referring to Fig. 1, the SIM card authentication process is as follows:
Step 101: receive authentication random number.
SIM card receives the authentication random number Rand that network side issues by network interface.
Step 102: with the authentication random number that receives and storage each authentication random number compare, when satisfying when imposing a condition execution in step 105; Otherwise, execution in step 103.
SIM card can be searched the authentication random number of storing in each subelement in turn in memory cell, authentication random number that finds and the authentication random number that receives are compared by byte, when the data of some bytes are identical, for example the data more than or equal to 5 bytes are identical, then think the cloning attack pattern, execution in step 105, otherwise, be non-cloning attack pattern, execution in step 103.
Here, authentication random number that finds and the authentication random number step-by-step that receives can also be compared, when the data of some positions are identical, for example the data more than or equal to 40 are identical, then think the cloning attack pattern, execution in step 105, otherwise, be non-cloning attack pattern, execution in step 103.
Certainly,, can think that then the network side authentication random number retransmitted if all data are all identical, and nonaggressive model.
Step 103: described authentication random number is deposited in the described memory cell.
Here, can directly authentication random number be deposited in the described memory cell, whether the number of times that also can judge the non-attacking authentication of record earlier reaches current threshold value, when the number of times of this non-attacking authentication reaches current threshold value, described authentication random number is deposited in the described memory cell.
SIM card can have been set up the required step-length count sub-element of storage authentication random number, is used to write down the number of times of non-attacking authentication.The current threshold value of this step-length count sub-element can obtain according to the random number that the random function generating unit produces, and the scope of current threshold value can be set in 1~16.This current threshold value can be upgraded.The random number range that the random function generating unit produces is 0~255, can be by mathematical operation Data Control certain value between 1~16 with current threshold value.
Here, when being non-cloning attack pattern, obtain the number of times of the non-attacking authentication of step-length count sub-element record, and whether the number of times of judging this non-attacking authentication arrive current threshold value, if reached, and the random number that produces according to the random function generating unit, upgrade described current threshold value, with the number of times zero clearing of non-attacking authentication of record, and described authentication random number deposited in the described memory cell, change step 104 over to.Otherwise, the number of times of non-attacking authentication of record is added 1, execution in step 104.
Authentication random number is deposited in the described memory cell, and the number of times zero clearing of the non-attacking authentication of step-length count sub-element record at this moment, according to the random number that this moment, the random function generating unit produced, calculate and obtain a random number, upgrade current threshold value with this random number, be provided with the step-length threshold value for store authentication random number next time like this.
Step 104: the authentication random number according to receiving, carry out authentication operations.
SIM card is according to the authentication random number that receives, and the KI KI that preserves, and goes out the authentication sign indicating number by the A3/A8 algorithm computation, carries out network authentication according to the authentication sign indicating number.
Here, step 104 also can be carried out earlier, promptly satisfies the data impose a condition when identical when being judged as in the step 102, just carries out above-mentioned steps 106, back execution in step 103 earlier.
Step 105: carry out masking operation.
Here, SIM card can only be sent errored response after confirming that the authentication random number that receives is invalid data.In SIM card, be provided with cloning attack counting unit, be used for writing down the number of times of cloning attack, and, can be first threshold here, then for it is provided with threshold value, the number of times of the cloning attack that SIM card can also write down cloning attack counting unit adds 1, the number of times and the first threshold that will add the cloning attack after 1 compare, when the number of times of the cloning attack of this cloning attack counting unit record reaches first threshold, with described SIM card locking, otherwise, send errored response.Perhaps, the number of times and the first threshold of the cloning attack that SIM card can also write down cloning attack counting unit compare, when the number of times of this cloning attack reaches first threshold, with described SIM card locking, otherwise, the number of times of cloning attack is added 1, the concurrent response that makes mistake.
In the embodiment of the invention step 103, in the memory cell that authentication random number is deposited in SIM card, specifically comprise: in memory cell, search earlier and do not store first subelement of authentication random number, when finding described first subelement, deposit described authentication random number in described first subelement; Otherwise, the authentication random number that the initial subelement of described memory cell is preserved is wiped, and the start element after wiping deposits the authentication random number that receives in described first subelement as first subelement.Just authentication random number can be stored in order, also can be stored at random.For example: memory cell comprises 60 subelements, if wherein stored authentication random number in 1~20 work song unit, that deposits this authentication random number in the 21st work song unit in, perhaps deposits in the 21st~60 work song unit in the subelement at random; If storage in 1~60 work song unit at random 50 authentication random numbers, that can deposit this authentication random number in 10 remaining subelements arbitrary one.If whole 60 subelements have all been stored authentication random number, that just starts anew to deposit in the 1st work song unit with regard to this authentication random number again.
During the storage authentication random number, can work as first subelement that is about to store authentication random number be numbered set point the time, the authentication random number of setting number in the described memory cell is wiped,, can be wiped the authentication random number of storing in the subelement of setting number here by the rule of setting.For example: when first subelement that is about to store authentication random number be numbered 10 multiple the time, then the authentication random number of storing in follow-up 10 subelements is wiped.Perhaps when first subelement that is about to store authentication random number be numbered 15 multiple the time, then the authentication random number of storing in follow-up 15 subelements is wiped, perhaps when the tail number of the numbering of first subelement that is about to store authentication random number is 3, the authentication random number of storing in 10 subelements is subsequently wiped.Be that memory cell comprises 60 subelements, then when first module be numbered 10 the time, the authentication random number in 11~20 subelements is subsequently wiped, when first module be numbered 60 the time, the authentication random number in 1~10 subelement is wiped.Like this, when the authentication random number of storage reception in order, can both find and not store the subelement of authentication random number.
Memory cell in the embodiment of the invention in the SIM card can be EEPROM or FLASH, because EEPROM and the erasable number of times theoretical value of FLASH can not be above 10W times, therefore, a total authentication number of times counting unit can also be set in the SIM card, be used for writing down the authentication number of times, and second threshold value is set, when total authentication number of times reaches second threshold value, this SIM card is locked.Perhaps, for this total authentication number of times counting unit is provided with initial value, every authentication once subtracts 1, up to reducing to 0, this SIM card is locked.
Below in conjunction with Figure of description the embodiment of the invention is described in further detail.
Embodiment one: the memory cell of SIM card comprises 50 subelements, i.e. 1~50 work song unit, and each subelement comprises 16 bytes, according to sequencing, has stored a plurality of authentication random numbers successively.Each authentication random number also comprise 16 bytes.Here, memory cell can be in the 7F20/000B of SIM card file, and its concrete form is referring to table 1:
Table 1
In the embodiment of the invention, total authentication number of times counting unit is the AuthMax counter, and after the SIM card distribution, the initial value of SIM card AuthMax counter can be set point, as: 2000000, every authentication once subtracts 1, up to reducing to till 0.The AuthMax counter takies 10 bytes, and preceding 2 bytes are integer counter, and back 8 bytes are digit counter, and using method is as follows: integer counter initial value=0x7A11 (being decimal number 31249), digit counter=0xFFFFFFFFFFFFFFFF.Operation to digit counter is directly to write, and step-by-step changes, and after all positions became 0 by 1, integer counter subtracted 1, and Flash is once erasable.Because of digit counter totally 64 bit, total erasable number of times is 2000000/64=31250 time, i.e. the integer counter initial value.
In the embodiment of the invention, SIM card also comprises the step-length count sub-element, is specially effective authentication counter Count counter, and its function is consistent with the step-length count sub-element, is used to write down the number of times of non-attacking authentication, and initial value is 0.The processing method of Count counter is consistent with the AuthMax counter, and just 10 bytes of initial value all are set to full FF.
Also set up cloning attack counting unit Prelock counter in the SIM card, be used to write down the number of times of cloning attack, and be provided with threshold value M for it, and card lock devise a stratagem counting unit LockCount counter, initial value is 0, when the value of Prelock counter equals M, it is changed to 1, the locking card.
Wherein, the document definition of AuthMax, Count, Prelock, LockCount counter is referring to table 2:
Table 2
Referring to Fig. 2, in the present embodiment, the SIM card authentication process is as follows:
Step 201: receive authentication random number.
Step 202: whether the value of judging the AuthMax counter is 0, when it is 0, and execution in step 211, otherwise, the value of AuthMax counter is subtracted 1, execution in step 203.
Step 203: the value of AuthMax counter is subtracted 1, with the authentication random number that receives and storage each authentication random number compare by byte, when more than or equal to the data of 4 bytes when identical, execution in step 209; Otherwise, execution in step 204.
SIM card can be searched the authentication random number of storing in each subelement in turn in memory cell, whenever find an authentication random number, just with this authentication random number compare by byte with the authentication random number that receives, if both have 4 bytes or above byte data identical, and when not all byte data is identical, then think the cloning attack pattern, execution in step 207, otherwise continue to search in order, when the authentication random number of all storages and the authentication random number that receives, when not having 4 bytes or above byte data identical, then think to be non-cloning attack pattern, execution in step 204.
Step 204: whether the value of judging the Count counter equals current threshold value N, when equaling N, and execution in step 205, otherwise, execution in step 207.
Step 205: according to the random number that randomizer produces, upgrade described current threshold value N, 10 bytes of described Count counter all are changed to FF, change step 206 over to.
Step 206: deposit described authentication random number in described memory cell, change step 208. over to
In memory cell, search in order earlier and do not store the subelement of the serial number minimum of authentication random number, authentication random number is deposited in this subelement, just authentication random number has been deposited in 28 unit in the memory cell, then this authentication random number is deposited in the 29 work song unit; If can not find in memory cell and do not store the subelement of authentication random number, just 50 subelements of memory cell all have been filled with, and that deposits this authentication random number in and is numbered in 1 the subelement.
Here, can also judge that whether numbering that authentication random number is about to the unit of storage is 10 integral multiple, promptly whether numbering is 10,20,30,40 or 50, when being that these are when counting, authentication random number in ten unit of this subelement of next-door neighbour is wiped, promptly when the unit that is about to storage be numbered 20 the time, wipe the authentication random number of storage in 21~30, when the unit that is about to storage be numbered 50 the time, wipe the authentication random number of storage in 1~10.
In the present embodiment, step 205 and 206 can be exchanged, promptly can first execution in step 206, and execution in step 205 again.
Step 207: the value of Count counter is added 1, change step 208 over to.
Step 208:, carry out authentication operations according to authentication random number.
SIM card is according to the authentication random number that receives, and the KI KI that preserves, and goes out the authentication sign indicating number by the A3/A8 algorithm computation, carries out network authentication according to the authentication sign indicating number.
Step 209: whether the value of judging the Prelock counter equals M, when equaling M, and execution in step 211, otherwise, execution in step 210.
Step 210: the value of Prelock counter is added 1, and the output error response.
Step 211: the value of LockCount is changed to 1, the locking card.
In the above-described embodiments, authentication random number of the every storage of Count counter must reset its value, when 10 bytes of initial value of Count counter all are set to FF, when its upper limit was not done inspection, authentication random number of the every storage of Count counter will its value not reset, at this moment, the value of Count counter is I, like this, and according to the random number of randomizer generation, obtain step value J, the current threshold value N=I+J after upgrading so.
In the embodiment of the invention, the SIM card authentication process can be divided into following four kinds of situations: 1, non-cloning attack, in the cell stores random number, normally carry out authentication.2, non-cloning attack is not stored random number, normally carries out authentication.3, cloning attack has been exported wrong authenticating result.4, non-cloning attack, in the cell stores random number, and ten groups of random numbers of eraseable memory unit, normally carry out authentication.Under above four kinds of situations, the time that authentication is carried out is inconsistent, and the authentication time of implementation that has is longer, the authentication time of implementation that has is shorter, just have the authentication time difference, such phenomenon causes easily classifies to the situation of attacking, and is easy to analyze collision rule.For guaranteeing in four kinds of authentication situations, to realize the consistency of time of implementation, promptly allow various situations on program execution time, do compensation in the present embodiment, make each time of implementation, have an opportunity to take advantage of to avoid card clone behavior in the fluctuation among a small circle up and down of certain certain value.
Here, can obtain under every kind of authentication situation, the time that the SIM card authentication is carried out, wherein maximum duration as the time of setting, perhaps is a bit larger tham maximum duration with the time of setting by repeatedly test.For example, under above-mentioned the 4th kind of situation, the time that the SIM card authentication is carried out is the longest, probably is 100ms, and therefore, setting-up time can be 100ms, or 110ms.
Like this, after carrying out the SIM card authentication according to the described method of the foregoing description, obtain the time that the SIM card authentication is carried out, the time of acquisition and the time of setting are compared, when time that obtains during less than time of this setting, prolong the time that the SIM card authentication is carried out, approximate time of setting until the time that the SIM card authentication is carried out, whole like this SIM card authorizing procedure finishes.For example: the time of setting is 100ms, and the SIM card authentication process is above-mentioned the 2nd kind of situation, and promptly non-cloning attack is not stored random number, normally carry out authentication, then the time of carrying out by the SIM card authentication of testing tool acquisition is 80ms, and because of 80ms<100ms, then flow process is in wait state, and obtain the time that the SIM card authentication is carried out in real time, itself and 100ms are compared in real time, and when the time that obtains equaled 100ms, whole SIM card authorizing procedure finished.
Therefore, in the present embodiment, the authentication random number of storage is dynamic change, the step-length time of storage authentication random number also changes, and at every turn the authentication time of implementation all fix, like this can be at the authentication process of SIM card, effectively avoid characteristic value and attack, prevent clone SIM card.
According to the method for above-mentioned SIM card authentication, can construct a kind of device of SIM card authentication, can be the part in the SIM card, referring to Fig. 3, comprising: memory cell 100, comparing unit 200, determining unit 300 and authenticating unit 400.Wherein,
Memory cell 100 is used to store at least one authentication random number.
Comparing unit 200, each that is used for the authentication random number that will receive and storage authentication random number compared.
Determining unit 300 is used for determining that described authentication random number is an invalid data when satisfied imposing a condition.
Authenticating unit 400 is used for carrying out authentication operations according to described authentication random number, and described authentication random number being deposited in the described memory cell 100 when not satisfying when imposing a condition.
In the embodiment of the invention, comparing unit 200 is compared the data of each byte of the authentication random number that receives with the data of each byte that authentication random number is corresponding of storage, when the data of at least one byte that data and the authentication random number that receives of the setting quantum byte of authentication random number is corresponding were identical, determining unit 300 determined that described authentication random numbers are invalid data.Perhaps, comparing unit 200 with the bits per inch of the authentication random number that receives according to each bits per inch that authentication random number is corresponding of storage according to comparing, when the data of at least one figure place that data and the authentication random number that receives of the setting figure place of authentication random number is corresponding were identical, determining unit 300 determined that described authentication random numbers are invalid data.
The device of this SIM card authentication also comprises: cloning attack counting unit, the number of times of the cloning attack that is used to write down; Then, described determining unit 300 also is used for when the number of times of the cloning attack of described cloning attack counting unit record reaches first threshold, with described SIM card locking.
Wherein, authenticating unit comprises the step-length count sub-element, upgrades subelement, resetting sub unit, and memory cell.
The step-length count sub-element is used to write down the number of times of non-attacking authentication;
Upgrade subelement, be used for when the number of times of non-attacking authentication reaches current threshold value,, upgrade described current threshold value according to the random number that the random function generating unit produces.
The resetting sub unit is used for when the number of times of non-attacking authentication reaches current threshold value, with the number of times zero clearing of the non-attacking authentication of described step-length count sub-element record.
Storing sub-units is used for and deposits described authentication random number in described memory cell.
Like this, when the number of times of non-attacking authentication reaches current threshold value, determining unit can be according to the random number of random function generating unit generation, upgrade described current threshold value, with the number of times zero clearing of the non-attacking authentication of described step-length count sub-element record, and described authentication random number deposited in the described memory cell; Otherwise, the number of times of the non-attacking authentication of the record of described step-length count sub-element is added 1.
And storing sub-units wherein also is used for searching in described memory cell and do not store first subelement of authentication random number, when finding described first subelement, deposits described authentication random number in described first subelement; Otherwise, as first subelement, described authentication random number is deposited the initial subelement of described memory cell in described first subelement.
When described first subelement be numbered set point the time, this storing sub-units also is used for the authentication random number that described memory cell 100 is set numbers is wiped.
In the embodiment of the invention, the device of this SIM card authentication also comprises total authentication number of times counting unit, is used to write down the authentication number of times; Then, described determining unit 300 is when also being used for authentication number of times when described total authentication number of times counting unit record and reaching described second threshold value, with described SIM card locking.
In the embodiment of the invention, the device of this SIM card authentication can also obtain the time that authentication is carried out, and when time that obtains during less than time of setting, the time lengthening that described authentication is carried out arrives the time of described setting.
In sum, the embodiment of the invention provides a kind of method of SIM card authentication, stored at least one authentication random number in the memory cell of this SIM card, like this, authentication random number that SIM card just receives and each of storage authentication random number are compared, when the satisfied data that impose a condition are identical, carry out masking operation, otherwise, whether the number of times according to the non-attacking authentication that writes down reaches current threshold value, determine whether described authentication random number is deposited in the described memory cell, and carry out authentication operations, like this according to described authentication random number, authentication process in SIM card, the authentication random number of storage is dynamic change, and the step-length time of storage authentication random number also changes, and each authentication time of implementation is all fixed, thereby, eliminate the authentication time difference, effectively avoided characteristic value and attack, prevented clone SIM card.
Though described the present invention by embodiment, those of ordinary skills know, without departing from the spirit and substance in the present invention, just can make the present invention that many distortion and variation are arranged, and scope of the present invention is limited to the appended claims.