CN101572889A - SIM card authentication method and device thereof - Google Patents
SIM card authentication method and device thereof Download PDFInfo
- Publication number
- CN101572889A CN101572889A CNA2009100869603A CN200910086960A CN101572889A CN 101572889 A CN101572889 A CN 101572889A CN A2009100869603 A CNA2009100869603 A CN A2009100869603A CN 200910086960 A CN200910086960 A CN 200910086960A CN 101572889 A CN101572889 A CN 101572889A
- Authority
- CN
- China
- Prior art keywords
- authentication
- random number
- authentication random
- subelement
- sim card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a SIM card authentication method, aiming at solving the problem that an SIM card is cloned since feature values of the SIM card is attacked when in the process of SIM card authentication in the prior art. The method comprises: A. the received authentication random number is compared with each stored authenticated random number; when the set condition is met, the authentication random number is determined to be invalid number; otherwise, the step B is executed; B. according to the authentication random number, authentication operation is carried out, and the authentication random number is stored into a storage unit. The invention also discloses an SIM card authentication device.
Description
Technical field
The present invention relates to the communications field, refer to a kind of method and device of SIM card authentication especially.
Background technology
At present, subscriber identification module (SIM, Subscriber Identity Module) be to utilize security certificate algorithm A3/A8 (COMP128) to carry out network authentication, specifically comprise: the KI KI that stores in random number that SIM card issues according to network side and the SIM card, go out authentication sign indicating number (SRES) by the A3/A8 algorithm computation, this SRES is sent to network side.Like this, network side judges whether the SRES receive is consistent with the SRES that network side calculates, and when both unanimities, this SIM card is passed through network authentication, can access network, communicate.Therefore, the KI in the SIM card is to be used for participating in network authentication, confirms unique identification of SIM card user, therefore, as long as obtain the interior KI of SIM card, just can clone this SIM card.At present, had a lot of illegal SIM card clone instruments on the market, these instruments can clone the SIM card of operator's validated user, thereby cause disabled user's invasion, give validated user, and operator brings massive losses, serious threat Network Communicate Security system.
SIM card can be that the A3/A8 algorithm specifically is expressed as referring to formula (1) because self there is pregnable weakness in the A3/A8 algorithm why by the reason of cloning attack:
F
A3A8(Ki,Rand)=Resp (1)
F
A3A8Expression A3/A8 algorithm; Ki represents the 16 byte KIs stored in the SIM card; Rand represents 16 byte random numbers; Resp represents the response of 12 bytes, and wherein preceding nybble is authentication sign indicating number (SRES), and back 8 bytes are encryption key K
C
The A3/A8 algorithm is actually Hash (Hash) algorithm, and this algorithm characteristic is that algorithmic procedure is irreversible, i.e. input and output are not corresponding one by one.Therefore, for the A3/A8 algorithm, different inputs may produce same result, and this process is " collision ".
If according to two different random number R and, obtain identical Resp, then can calculate Ki by formula (2).
F
A3A8(Ki,Rand_1)=F
A3A8(Ki,Rand_2) (2)
Random number R and_1 and random number R and_2 are called as characteristic value.Ki is a unique determined value not in the equation, through calculating the value that just can draw Ki.Therefore, be implemented at present in a few hours and just can have extrapolated KI, cloned into the second identical SIM card.
By analyzing as can be known, it is the necessary condition that cracks SIM card that SIM card KI is attacked.Its process comprises: the authentication random number that sends some (generally between 20000~600000) is to SIM card, analyze its output result, and utilize the output " collision " that produces to obtain the value of Ki, thereby, realization cracks, wherein, the authentication random number of these attacks generally is continuous, and must be that clocklike random number could obtain effective attack result.
In the face of in the SIM authentication process, the problem that SIM is easily cloned, various anti-clone's schemes are suggested successively.More common scheme is the anti-cloning process of SIM card characteristic value shielding at present.The method comprises: the characteristic value that goes out to produce the KI Ki of collision based on the A3/A8 algorithm computation, the byte factor of described characteristic value is stored hereof, when SIM card is carried out the authentication instruction, whether the random number of at first judging input comprises the characteristic value factor, if comprise, then carry out masking operation, the response of output error; If do not comprise, then authentication success.
Also there is weak point in such scheme, all characteristic value factors all can not be stored hereof.Carry out authentication in case can obtain other characteristic value random numbers that do not have in the characteristic value file, can instead release Ki, thereby SIM card is cracked.Therefore, in the prior art SIM authentication process, characteristic value is attacked, the anti-cloning process of SIM card characteristic value shielding can be cracked, like this, in the SIM authentication process, the problem that SIM card is cloned does not have solution fully, also has clear regularity, authentication time difference for example, therefore, in the SIM card authentication process, still can come clone SIM card by the SIM card characteristic value is attacked.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method of SIM card authentication, in order to solve in the prior art SIM card authentication process SIM card characteristic value is attacked, thus the problem of clone SIM card.
The embodiment of the invention provides a kind of method of SIM card authentication, has stored at least one authentication random number in the memory cell of described SIM card, and this method comprises:
A, with the authentication random number that receives and storage each authentication random number compare, when satisfying when imposing a condition, determine that described authentication random number is an invalid data, otherwise, execution in step B;
B, carry out authentication operations, and described authentication random number is deposited in the described memory cell according to described authentication random number.
The embodiment of the invention provides a kind of device of SIM card authentication, comprising:
Memory cell is used to store at least one authentication random number;
Comparing unit, each that is used for the authentication random number that will receive and storage authentication random number compared;
Determining unit is used for determining that described authentication random number is an invalid data when satisfied imposing a condition;
Authenticating unit is used for carrying out authentication operations according to described authentication random number, and described authentication random number being deposited in the described memory cell when not satisfying when imposing a condition.
Stored at least one authentication random number in the embodiment of the invention in the memory cell of SIM card, like this with the authentication random number that receives and storage each authentication random number compare, when satisfied imposing a condition, determine that described authentication random number is an invalid data, otherwise, carry out authentication operations according to described authentication random number, and described authentication random number deposited in the described memory cell, like this, at the authentication process of SIM card, the authentication random number of storage is dynamic change, thereby, effectively avoid characteristic value and attack, prevent clone SIM card.
Description of drawings
Fig. 1 is the flow chart of embodiment of the invention SIM card authentication;
Fig. 2 is the flow chart of first embodiment of the invention SIM card authentication;
Fig. 3 is the structure drawing of device of first embodiment of the invention SIM card authentication.
Embodiment
The embodiment of the invention provides a kind of method of SIM card authentication, and this method is effectively avoided characteristic value and attacked, and prevents clone SIM card.
In the embodiment of the invention, SIM card has comprised memory cell, and the size of this memory cell is certain, for example can subelement of 16 bytes, and memory cell comprises 60 subelements altogether, number in order each unit; Perhaps subelement of 8 bytes, memory cell comprises 100 subelements altogether, number in order each unit.Like this, the one or more authentication random numbers of storage in memory cell.Authentication random number can be 16 bytes, when memory cell comprises 60 subelements altogether, can all store an authentication random number by each subelement, perhaps have only the parton unit to store an authentication random number, 10,22 or 55 authentication random numbers or the like for example, these authentication random number can deposit the subelement of memory cell in order in, for example, 20 authentication random numbers are arranged, can with these authentication random number deposit preceding 20 subelements in proper order in; Also authentication random number can be deposited randomly in the subelement of memory cell, for example: with 20 authentication random number deposit in 20 subelements, wherein, the numbering of the subelement that deposits in can be 1,3,6,7,8,15,22,23----; One of perhaps per two subelements storage is authentication random number, promptly is numbered 1,3,5, has deposited authentication random number in the subelement of 7----.Referring to Fig. 1, the SIM card authentication process is as follows:
Step 101: receive authentication random number.
SIM card receives the authentication random number Rand that network side issues by network interface.
Step 102: with the authentication random number that receives and storage each authentication random number compare, when satisfying when imposing a condition execution in step 105; Otherwise, execution in step 103.
SIM card can be searched the authentication random number of storing in each subelement in turn in memory cell, authentication random number that finds and the authentication random number that receives are compared by byte, when the data of some bytes are identical, for example the data more than or equal to 5 bytes are identical, then think the cloning attack pattern, execution in step 105, otherwise, be non-cloning attack pattern, execution in step 103.
Here, authentication random number that finds and the authentication random number step-by-step that receives can also be compared, when the data of some positions are identical, for example the data more than or equal to 40 are identical, then think the cloning attack pattern, execution in step 105, otherwise, be non-cloning attack pattern, execution in step 103.
Certainly,, can think that then the network side authentication random number retransmitted if all data are all identical, and nonaggressive model.
Step 103: described authentication random number is deposited in the described memory cell.
Here, can directly authentication random number be deposited in the described memory cell, whether the number of times that also can judge the non-attacking authentication of record earlier reaches current threshold value, when the number of times of this non-attacking authentication reaches current threshold value, described authentication random number is deposited in the described memory cell.
SIM card can have been set up the required step-length count sub-element of storage authentication random number, is used to write down the number of times of non-attacking authentication.The current threshold value of this step-length count sub-element can obtain according to the random number that the random function generating unit produces, and the scope of current threshold value can be set in 1~16.This current threshold value can be upgraded.The random number range that the random function generating unit produces is 0~255, can be by mathematical operation Data Control certain value between 1~16 with current threshold value.
Here, when being non-cloning attack pattern, obtain the number of times of the non-attacking authentication of step-length count sub-element record, and whether the number of times of judging this non-attacking authentication arrive current threshold value, if reached, and the random number that produces according to the random function generating unit, upgrade described current threshold value, with the number of times zero clearing of non-attacking authentication of record, and described authentication random number deposited in the described memory cell, change step 104 over to.Otherwise, the number of times of non-attacking authentication of record is added 1, execution in step 104.
Authentication random number is deposited in the described memory cell, and the number of times zero clearing of the non-attacking authentication of step-length count sub-element record at this moment, according to the random number that this moment, the random function generating unit produced, calculate and obtain a random number, upgrade current threshold value with this random number, be provided with the step-length threshold value for store authentication random number next time like this.
Step 104: the authentication random number according to receiving, carry out authentication operations.
SIM card is according to the authentication random number that receives, and the KI KI that preserves, and goes out the authentication sign indicating number by the A3/A8 algorithm computation, carries out network authentication according to the authentication sign indicating number.
Here, step 104 also can be carried out earlier, promptly satisfies the data impose a condition when identical when being judged as in the step 102, just carries out above-mentioned steps 106, back execution in step 103 earlier.
Step 105: carry out masking operation.
Here, SIM card can only be sent errored response after confirming that the authentication random number that receives is invalid data.In SIM card, be provided with cloning attack counting unit, be used for writing down the number of times of cloning attack, and, can be first threshold here, then for it is provided with threshold value, the number of times of the cloning attack that SIM card can also write down cloning attack counting unit adds 1, the number of times and the first threshold that will add the cloning attack after 1 compare, when the number of times of the cloning attack of this cloning attack counting unit record reaches first threshold, with described SIM card locking, otherwise, send errored response.Perhaps, the number of times and the first threshold of the cloning attack that SIM card can also write down cloning attack counting unit compare, when the number of times of this cloning attack reaches first threshold, with described SIM card locking, otherwise, the number of times of cloning attack is added 1, the concurrent response that makes mistake.
In the embodiment of the invention step 103, in the memory cell that authentication random number is deposited in SIM card, specifically comprise: in memory cell, search earlier and do not store first subelement of authentication random number, when finding described first subelement, deposit described authentication random number in described first subelement; Otherwise, the authentication random number that the initial subelement of described memory cell is preserved is wiped, and the start element after wiping deposits the authentication random number that receives in described first subelement as first subelement.Just authentication random number can be stored in order, also can be stored at random.For example: memory cell comprises 60 subelements, if wherein stored authentication random number in 1~20 work song unit, that deposits this authentication random number in the 21st work song unit in, perhaps deposits in the 21st~60 work song unit in the subelement at random; If storage in 1~60 work song unit at random 50 authentication random numbers, that can deposit this authentication random number in 10 remaining subelements arbitrary one.If whole 60 subelements have all been stored authentication random number, that just starts anew to deposit in the 1st work song unit with regard to this authentication random number again.
During the storage authentication random number, can work as first subelement that is about to store authentication random number be numbered set point the time, the authentication random number of setting number in the described memory cell is wiped,, can be wiped the authentication random number of storing in the subelement of setting number here by the rule of setting.For example: when first subelement that is about to store authentication random number be numbered 10 multiple the time, then the authentication random number of storing in follow-up 10 subelements is wiped.Perhaps when first subelement that is about to store authentication random number be numbered 15 multiple the time, then the authentication random number of storing in follow-up 15 subelements is wiped, perhaps when the tail number of the numbering of first subelement that is about to store authentication random number is 3, the authentication random number of storing in 10 subelements is subsequently wiped.Be that memory cell comprises 60 subelements, then when first module be numbered 10 the time, the authentication random number in 11~20 subelements is subsequently wiped, when first module be numbered 60 the time, the authentication random number in 1~10 subelement is wiped.Like this, when the authentication random number of storage reception in order, can both find and not store the subelement of authentication random number.
Memory cell in the embodiment of the invention in the SIM card can be EEPROM or FLASH, because EEPROM and the erasable number of times theoretical value of FLASH can not be above 10W times, therefore, a total authentication number of times counting unit can also be set in the SIM card, be used for writing down the authentication number of times, and second threshold value is set, when total authentication number of times reaches second threshold value, this SIM card is locked.Perhaps, for this total authentication number of times counting unit is provided with initial value, every authentication once subtracts 1, up to reducing to 0, this SIM card is locked.
Below in conjunction with Figure of description the embodiment of the invention is described in further detail.
Embodiment one: the memory cell of SIM card comprises 50 subelements, i.e. 1~50 work song unit, and each subelement comprises 16 bytes, according to sequencing, has stored a plurality of authentication random numbers successively.Each authentication random number also comprise 16 bytes.Here, memory cell can be in the 7F20/000B of SIM card file, and its concrete form is referring to table 1:
Table 1
In the embodiment of the invention, total authentication number of times counting unit is the AuthMax counter, and after the SIM card distribution, the initial value of SIM card AuthMax counter can be set point, as: 2000000, every authentication once subtracts 1, up to reducing to till 0.The AuthMax counter takies 10 bytes, and preceding 2 bytes are integer counter, and back 8 bytes are digit counter, and using method is as follows: integer counter initial value=0x7A11 (being decimal number 31249), digit counter=0xFFFFFFFFFFFFFFFF.Operation to digit counter is directly to write, and step-by-step changes, and after all positions became 0 by 1, integer counter subtracted 1, and Flash is once erasable.Because of digit counter totally 64 bit, total erasable number of times is 2000000/64=31250 time, i.e. the integer counter initial value.
In the embodiment of the invention, SIM card also comprises the step-length count sub-element, is specially effective authentication counter Count counter, and its function is consistent with the step-length count sub-element, is used to write down the number of times of non-attacking authentication, and initial value is 0.The processing method of Count counter is consistent with the AuthMax counter, and just 10 bytes of initial value all are set to full FF.
Also set up cloning attack counting unit Prelock counter in the SIM card, be used to write down the number of times of cloning attack, and be provided with threshold value M for it, and card lock devise a stratagem counting unit LockCount counter, initial value is 0, when the value of Prelock counter equals M, it is changed to 1, the locking card.
Wherein, the document definition of AuthMax, Count, Prelock, LockCount counter is referring to table 2:
Table 2
Referring to Fig. 2, in the present embodiment, the SIM card authentication process is as follows:
Step 201: receive authentication random number.
Step 202: whether the value of judging the AuthMax counter is 0, when it is 0, and execution in step 211, otherwise, the value of AuthMax counter is subtracted 1, execution in step 203.
Step 203: the value of AuthMax counter is subtracted 1, with the authentication random number that receives and storage each authentication random number compare by byte, when more than or equal to the data of 4 bytes when identical, execution in step 209; Otherwise, execution in step 204.
SIM card can be searched the authentication random number of storing in each subelement in turn in memory cell, whenever find an authentication random number, just with this authentication random number compare by byte with the authentication random number that receives, if both have 4 bytes or above byte data identical, and when not all byte data is identical, then think the cloning attack pattern, execution in step 207, otherwise continue to search in order, when the authentication random number of all storages and the authentication random number that receives, when not having 4 bytes or above byte data identical, then think to be non-cloning attack pattern, execution in step 204.
Step 204: whether the value of judging the Count counter equals current threshold value N, when equaling N, and execution in step 205, otherwise, execution in step 207.
Step 205: according to the random number that randomizer produces, upgrade described current threshold value N, 10 bytes of described Count counter all are changed to FF, change step 206 over to.
Step 206: deposit described authentication random number in described memory cell, change step 208. over to
In memory cell, search in order earlier and do not store the subelement of the serial number minimum of authentication random number, authentication random number is deposited in this subelement, just authentication random number has been deposited in 28 unit in the memory cell, then this authentication random number is deposited in the 29 work song unit; If can not find in memory cell and do not store the subelement of authentication random number, just 50 subelements of memory cell all have been filled with, and that deposits this authentication random number in and is numbered in 1 the subelement.
Here, can also judge that whether numbering that authentication random number is about to the unit of storage is 10 integral multiple, promptly whether numbering is 10,20,30,40 or 50, when being that these are when counting, authentication random number in ten unit of this subelement of next-door neighbour is wiped, promptly when the unit that is about to storage be numbered 20 the time, wipe the authentication random number of storage in 21~30, when the unit that is about to storage be numbered 50 the time, wipe the authentication random number of storage in 1~10.
In the present embodiment, step 205 and 206 can be exchanged, promptly can first execution in step 206, and execution in step 205 again.
Step 207: the value of Count counter is added 1, change step 208 over to.
Step 208:, carry out authentication operations according to authentication random number.
SIM card is according to the authentication random number that receives, and the KI KI that preserves, and goes out the authentication sign indicating number by the A3/A8 algorithm computation, carries out network authentication according to the authentication sign indicating number.
Step 209: whether the value of judging the Prelock counter equals M, when equaling M, and execution in step 211, otherwise, execution in step 210.
Step 210: the value of Prelock counter is added 1, and the output error response.
Step 211: the value of LockCount is changed to 1, the locking card.
In the above-described embodiments, authentication random number of the every storage of Count counter must reset its value, when 10 bytes of initial value of Count counter all are set to FF, when its upper limit was not done inspection, authentication random number of the every storage of Count counter will its value not reset, at this moment, the value of Count counter is I, like this, and according to the random number of randomizer generation, obtain step value J, the current threshold value N=I+J after upgrading so.
In the embodiment of the invention, the SIM card authentication process can be divided into following four kinds of situations: 1, non-cloning attack, in the cell stores random number, normally carry out authentication.2, non-cloning attack is not stored random number, normally carries out authentication.3, cloning attack has been exported wrong authenticating result.4, non-cloning attack, in the cell stores random number, and ten groups of random numbers of eraseable memory unit, normally carry out authentication.Under above four kinds of situations, the time that authentication is carried out is inconsistent, and the authentication time of implementation that has is longer, the authentication time of implementation that has is shorter, just have the authentication time difference, such phenomenon causes easily classifies to the situation of attacking, and is easy to analyze collision rule.For guaranteeing in four kinds of authentication situations, to realize the consistency of time of implementation, promptly allow various situations on program execution time, do compensation in the present embodiment, make each time of implementation, have an opportunity to take advantage of to avoid card clone behavior in the fluctuation among a small circle up and down of certain certain value.
Here, can obtain under every kind of authentication situation, the time that the SIM card authentication is carried out, wherein maximum duration as the time of setting, perhaps is a bit larger tham maximum duration with the time of setting by repeatedly test.For example, under above-mentioned the 4th kind of situation, the time that the SIM card authentication is carried out is the longest, probably is 100ms, and therefore, setting-up time can be 100ms, or 110ms.
Like this, after carrying out the SIM card authentication according to the described method of the foregoing description, obtain the time that the SIM card authentication is carried out, the time of acquisition and the time of setting are compared, when time that obtains during less than time of this setting, prolong the time that the SIM card authentication is carried out, approximate time of setting until the time that the SIM card authentication is carried out, whole like this SIM card authorizing procedure finishes.For example: the time of setting is 100ms, and the SIM card authentication process is above-mentioned the 2nd kind of situation, and promptly non-cloning attack is not stored random number, normally carry out authentication, then the time of carrying out by the SIM card authentication of testing tool acquisition is 80ms, and because of 80ms<100ms, then flow process is in wait state, and obtain the time that the SIM card authentication is carried out in real time, itself and 100ms are compared in real time, and when the time that obtains equaled 100ms, whole SIM card authorizing procedure finished.
Therefore, in the present embodiment, the authentication random number of storage is dynamic change, the step-length time of storage authentication random number also changes, and at every turn the authentication time of implementation all fix, like this can be at the authentication process of SIM card, effectively avoid characteristic value and attack, prevent clone SIM card.
According to the method for above-mentioned SIM card authentication, can construct a kind of device of SIM card authentication, can be the part in the SIM card, referring to Fig. 3, comprising: memory cell 100, comparing unit 200, determining unit 300 and authenticating unit 400.Wherein,
Memory cell 100 is used to store at least one authentication random number.
Comparing unit 200, each that is used for the authentication random number that will receive and storage authentication random number compared.
Determining unit 300 is used for determining that described authentication random number is an invalid data when satisfied imposing a condition.
Authenticating unit 400 is used for carrying out authentication operations according to described authentication random number, and described authentication random number being deposited in the described memory cell 100 when not satisfying when imposing a condition.
In the embodiment of the invention, comparing unit 200 is compared the data of each byte of the authentication random number that receives with the data of each byte that authentication random number is corresponding of storage, when the data of at least one byte that data and the authentication random number that receives of the setting quantum byte of authentication random number is corresponding were identical, determining unit 300 determined that described authentication random numbers are invalid data.Perhaps, comparing unit 200 with the bits per inch of the authentication random number that receives according to each bits per inch that authentication random number is corresponding of storage according to comparing, when the data of at least one figure place that data and the authentication random number that receives of the setting figure place of authentication random number is corresponding were identical, determining unit 300 determined that described authentication random numbers are invalid data.
The device of this SIM card authentication also comprises: cloning attack counting unit, the number of times of the cloning attack that is used to write down; Then, described determining unit 300 also is used for when the number of times of the cloning attack of described cloning attack counting unit record reaches first threshold, with described SIM card locking.
Wherein, authenticating unit comprises the step-length count sub-element, upgrades subelement, resetting sub unit, and memory cell.
The step-length count sub-element is used to write down the number of times of non-attacking authentication;
Upgrade subelement, be used for when the number of times of non-attacking authentication reaches current threshold value,, upgrade described current threshold value according to the random number that the random function generating unit produces.
The resetting sub unit is used for when the number of times of non-attacking authentication reaches current threshold value, with the number of times zero clearing of the non-attacking authentication of described step-length count sub-element record.
Storing sub-units is used for and deposits described authentication random number in described memory cell.
Like this, when the number of times of non-attacking authentication reaches current threshold value, determining unit can be according to the random number of random function generating unit generation, upgrade described current threshold value, with the number of times zero clearing of the non-attacking authentication of described step-length count sub-element record, and described authentication random number deposited in the described memory cell; Otherwise, the number of times of the non-attacking authentication of the record of described step-length count sub-element is added 1.
And storing sub-units wherein also is used for searching in described memory cell and do not store first subelement of authentication random number, when finding described first subelement, deposits described authentication random number in described first subelement; Otherwise, as first subelement, described authentication random number is deposited the initial subelement of described memory cell in described first subelement.
When described first subelement be numbered set point the time, this storing sub-units also is used for the authentication random number that described memory cell 100 is set numbers is wiped.
In the embodiment of the invention, the device of this SIM card authentication also comprises total authentication number of times counting unit, is used to write down the authentication number of times; Then, described determining unit 300 is when also being used for authentication number of times when described total authentication number of times counting unit record and reaching described second threshold value, with described SIM card locking.
In the embodiment of the invention, the device of this SIM card authentication can also obtain the time that authentication is carried out, and when time that obtains during less than time of setting, the time lengthening that described authentication is carried out arrives the time of described setting.
In sum, the embodiment of the invention provides a kind of method of SIM card authentication, stored at least one authentication random number in the memory cell of this SIM card, like this, authentication random number that SIM card just receives and each of storage authentication random number are compared, when the satisfied data that impose a condition are identical, carry out masking operation, otherwise, whether the number of times according to the non-attacking authentication that writes down reaches current threshold value, determine whether described authentication random number is deposited in the described memory cell, and carry out authentication operations, like this according to described authentication random number, authentication process in SIM card, the authentication random number of storage is dynamic change, and the step-length time of storage authentication random number also changes, and each authentication time of implementation is all fixed, thereby, eliminate the authentication time difference, effectively avoided characteristic value and attack, prevented clone SIM card.
Though described the present invention by embodiment, those of ordinary skills know, without departing from the spirit and substance in the present invention, just can make the present invention that many distortion and variation are arranged, and scope of the present invention is limited to the appended claims.
Claims (19)
1, a kind of method of subscriber identification module SIM card authentication is characterized in that, has stored at least one authentication random number in the memory cell of described SIM card, and this method comprises:
A, with the authentication random number that receives and storage each authentication random number compare, when satisfying when imposing a condition, determine that described authentication random number is an invalid data, otherwise, execution in step B;
B, carry out authentication operations, and described authentication random number is deposited in the described memory cell according to described authentication random number.
2, the method for claim 1 is characterized in that, described steps A comprises:
The data of each byte of the authentication random number that receives are compared with the data of each byte that authentication random number is corresponding of storage;
When the data of at least one byte that data and the authentication random number that receives of the setting quantum byte of authentication random number is corresponding are identical, determine that described authentication random number is an invalid data.
3, the method for claim 1 is characterized in that, described steps A comprises:
With the bits per inch of the authentication random number that receives according to each bits per inch that authentication random number is corresponding of storage according to comparing;
When the data of at least one figure place that data and the authentication random number that receives of the setting figure place of authentication random number is corresponding are identical, determine that described authentication random number is an invalid data.
4, the method for claim 1 is characterized in that, describedly determines that described authentication random number is after the invalid data, and this method also comprises:
The output error response is when the number of times of the cloning attack that writes down reaches first threshold, with described SIM card locking.
5, the method for claim 1 is characterized in that, described deposit in described authentication random number in the described memory cell before, described step B also comprises:
The number of times and the current threshold value of non-attacking authentication of record compared.
6, method as claimed in claim 5 is characterized in that, described step B also comprises:
When the number of times of non-attacking authentication of record reaches current threshold value, described authentication random number is deposited in the described memory cell, and, upgrade described current threshold value, the number of times zero clearing of the non-attacking authentication of record according to the random number that produces; Otherwise,
The number of times of non-attacking authentication of record is added 1.
As claim 1 or 6 described methods, it is characterized in that 7, described described authentication random number is deposited in the described memory cell comprises:
In described memory cell, search and do not store first subelement of authentication random number, when finding described first subelement, deposit described authentication random number in described first subelement; Otherwise,
As first subelement, described authentication random number is deposited the initial subelement of described memory cell in described first subelement.
8, method as claimed in claim 7 is characterized in that, described described authentication random number is deposited in the described memory cell also comprises:
When described first subelement be numbered set point the time, the authentication random number of setting number in the described memory cell is wiped.
9, the method for claim 1 is characterized in that, before the described steps A, this method also comprises:
Authentication number of times and second threshold value of total authentication number of times counting unit record are compared, when the authentication number of times of record reaches described second threshold value, described SIM card is locked.
10, as claim 1~6,9 described arbitrary methods, it is characterized in that this method also comprises:
Obtain the time that authentication is carried out, when time that obtains during less than time of setting, the time lengthening that described authentication is carried out is to the time of described setting.
11, a kind of device of SIM card authentication is characterized in that, comprising:
Memory cell is used to store at least one authentication random number;
Comparing unit, each that is used for the authentication random number that will receive and storage authentication random number compared;
Determining unit is used for determining that described authentication random number is an invalid data when satisfied imposing a condition;
Authenticating unit is used for carrying out authentication operations according to described authentication random number, and described authentication random number being deposited in the described memory cell when not satisfying when imposing a condition.
12, device as claimed in claim 11 is characterized in that, described comparing unit comprises:
First subelement relatively, the data that are used for each byte of the authentication random number that will receive are compared with the data of each byte that authentication random number is corresponding of storage; Then,
Described determining unit comprises:
First determines subelement, is used for data when at least one byte that data and the authentication random number that receives of the setting quantum byte of authentication random number is corresponding when identical, determines that described authentication random number is an invalid data.
13, device as claimed in claim 11 is characterized in that, described comparing unit comprises:
Second subelement relatively, the bits per inch that is used for the authentication random number that will receive according to each bits per inch that authentication random number is corresponding of storage according to comparing; Then,
Described determining unit comprises:
Second determines subelement, is used for data when at least one figure place that data and the authentication random number that receives of the setting figure place of authentication random number is corresponding when identical, determines that described authentication random number is an invalid data.
14, device as claimed in claim 11 is characterized in that, also comprises:
Cloning attack counting unit, the number of times of the cloning attack that is used to write down; Then,
Described determining unit also is used for when the number of times of the cloning attack of described cloning attack counting unit record reaches first threshold, with described SIM card locking.
15, device as claimed in claim 11 is characterized in that, described authenticating unit comprises:
The step-length count sub-element is used to write down the number of times of non-attacking authentication;
Upgrade subelement, be used for when the number of times of described non-attacking authentication reaches current threshold value,, upgrade described current threshold value according to the random number that the random function generating unit produces;
The resetting sub unit is used for when the number of times of non-attacking authentication reaches current threshold value, with the number of times zero clearing of the non-attacking authentication of described step-length count sub-element record;
Storing sub-units is used for when the number of times of non-attacking authentication reaches current threshold value described authentication random number being deposited in the described memory cell.
16, device as claimed in claim 15 is characterized in that,
Described storing sub-units also is used for searching in described memory cell and does not store first subelement of authentication random number, when finding described first subelement, deposits described authentication random number in described first subelement; Otherwise, as first subelement, described authentication random number is deposited the initial subelement of described memory cell in described first subelement.
17, device as claimed in claim 16 is characterized in that,
Described storing sub-units, also be used for when described first subelement be numbered set point the time, the authentication random number of setting number in the described memory cell is wiped.
18, device as claimed in claim 11 is characterized in that, also comprises:
Total authentication number of times counting unit is used to write down the authentication number of times; Then,
Described determining unit is when also being used for authentication number of times when described total authentication number of times counting unit record and reaching described second threshold value, with described SIM card locking.
19, as the described arbitrary device of claim 11~18, it is characterized in that, also comprise:
Obtain the unit, be used to obtain the time that authentication is carried out;
Delay unit was used for when time that obtains during less than time of setting, and the time lengthening that described authentication is carried out is to the time of described setting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100869603A CN101572889B (en) | 2009-06-11 | 2009-06-11 | SIM card authentication method and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100869603A CN101572889B (en) | 2009-06-11 | 2009-06-11 | SIM card authentication method and device thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101572889A true CN101572889A (en) | 2009-11-04 |
| CN101572889B CN101572889B (en) | 2011-11-30 |
Family
ID=41232093
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100869603A Expired - Fee Related CN101572889B (en) | 2009-06-11 | 2009-06-11 | SIM card authentication method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101572889B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860847A (en) * | 2010-06-09 | 2010-10-13 | 中兴通讯股份有限公司 | Cloned subscriber identity module card test method and system |
| CN102075935A (en) * | 2010-12-23 | 2011-05-25 | 北京握奇数据系统有限公司 | Method and device for processing authentication related data |
| CN104754574A (en) * | 2013-12-26 | 2015-07-01 | 中国移动通信集团公司 | SIM card, anti-cloning method thereof and device |
| CN109257630A (en) * | 2018-11-14 | 2019-01-22 | 苏州科达科技股份有限公司 | Data transmission system, method, apparatus and storage medium in video on demand |
| CN109714310A (en) * | 2018-11-07 | 2019-05-03 | 苏州蜗牛数字科技股份有限公司 | A kind of side channel attack resistance method of SIM card |
| CN111292089A (en) * | 2020-02-12 | 2020-06-16 | 北京智慧云测科技有限公司 | PSAM card protection management method and PSAM card |
| US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7370350B1 (en) * | 2002-06-27 | 2008-05-06 | Cisco Technology, Inc. | Method and apparatus for re-authenticating computing devices |
| CN1310568C (en) * | 2003-02-17 | 2007-04-11 | 中国移动通信集团公司 | Safety authentication method of mobile terminal user identity |
| CN100574529C (en) * | 2003-11-18 | 2009-12-23 | 中国移动通信集团公司 | A kind of SIM card end subscriber safety right appraisal method |
| CN1753361A (en) * | 2004-09-20 | 2006-03-29 | 华为技术有限公司 | Right identification method |
-
2009
- 2009-06-11 CN CN2009100869603A patent/CN101572889B/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860847A (en) * | 2010-06-09 | 2010-10-13 | 中兴通讯股份有限公司 | Cloned subscriber identity module card test method and system |
| CN101860847B (en) * | 2010-06-09 | 2014-03-19 | 中兴通讯股份有限公司 | Cloned subscriber identity module card test method and system |
| CN102075935A (en) * | 2010-12-23 | 2011-05-25 | 北京握奇数据系统有限公司 | Method and device for processing authentication related data |
| CN102075935B (en) * | 2010-12-23 | 2013-07-31 | 北京握奇数据系统有限公司 | Method and device for processing authentication related data |
| CN104754574A (en) * | 2013-12-26 | 2015-07-01 | 中国移动通信集团公司 | SIM card, anti-cloning method thereof and device |
| CN104754574B (en) * | 2013-12-26 | 2019-04-09 | 中国移动通信集团公司 | A kind of SIM card and its method and apparatus of anti-clone |
| CN109714310A (en) * | 2018-11-07 | 2019-05-03 | 苏州蜗牛数字科技股份有限公司 | A kind of side channel attack resistance method of SIM card |
| CN109257630A (en) * | 2018-11-14 | 2019-01-22 | 苏州科达科技股份有限公司 | Data transmission system, method, apparatus and storage medium in video on demand |
| CN109257630B (en) * | 2018-11-14 | 2020-12-11 | 苏州科达科技股份有限公司 | Data transmission system, method, device and storage medium in video-on-demand |
| US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
| CN111292089A (en) * | 2020-02-12 | 2020-06-16 | 北京智慧云测科技有限公司 | PSAM card protection management method and PSAM card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101572889B (en) | 2011-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101572889B (en) | SIM card authentication method and device thereof | |
| US20190036692A1 (en) | System and method for generating a recovery key and managing credentials using a smart blockchain contract | |
| CN109067737B (en) | Mimicry judgment device and method under output asynchronous order-preserving condition | |
| US9442833B1 (en) | Managing device identity | |
| US20150207790A1 (en) | Method and system for generating and authorizing dynamic password | |
| US20110246779A1 (en) | Zero-knowledge proof system, zero-knowledge proof device, zero-knowledge verification device, zero-knowledge proof method and program therefor | |
| CN111262701A (en) | Replay attack detection method, system, equipment and storage medium | |
| US8990578B2 (en) | Password authentication circuit and method | |
| CN111971931A (en) | Method for verifying transactions in a blockchain network and nodes forming the network | |
| EP3040901A1 (en) | System and method for aligning time-series data over a large range of time indices | |
| WO2002078248A1 (en) | Portable information storage medium and its authentification method | |
| CN112037058B (en) | Data verification method, device and storage medium | |
| CN111148099B (en) | Side channel key generation method, device and communication system | |
| CN109088902A (en) | Register method and device, authentication method and device | |
| KR101731645B1 (en) | Method of processing data protected against fault injection attacks and associated device | |
| JPWO2018061391A1 (en) | Secret calculation system, secret calculation device, secret calculation method and secret calculation program | |
| CN115314227B (en) | Charging pile access authentication method, system and equipment | |
| CN109376516A (en) | More fingerprint typings and authentication method, device, electronic equipment and storage medium | |
| CN106850505A (en) | A kind of verification method and device of cross-border business | |
| CN107247558A (en) | A kind of terminal control method, device, computer installation and readable storage medium storing program for executing | |
| US10514979B2 (en) | Method and device for processing data | |
| CN112464294A (en) | Fault injection attack method and device and electronic equipment | |
| CN101772045B (en) | Method and device for detecting anti-cloning telecommunication intelligent card | |
| CN117579249B (en) | Plaintext selection method, device, equipment and storage medium in energy analysis attack | |
| US20200396251A1 (en) | Apparatus and method for distinguishing between legitimate and malicious branches of a split blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Jia Zhenbo Inventor after: Lu Ruyi Inventor after: Huang Haidong Inventor after: Wang Youjun Inventor before: Jia Zhenbo Inventor before: Lu Ruyi Inventor before: Huang Haidong |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111130 |