Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The embodiment of the invention one provides the authentication method of the telecom intelligent card in a kind of cdma network, and as shown in Figure 1, described method comprises:
Step 11: the user authentication information index information that obtains described telecom intelligent card.
In order to get access to the user authentication information of storing with the key form in the telecom intelligent card in the cdma network, must at first get access to the user authentication information index information.This user authentication information index information is corresponding to described user authentication information, comprises necessary information required when reading described user authentication information, also can comprise necessary information required when writing, wipe, upgrading described user authentication information.
The embodiment of the invention does not limit the concrete mode of obtaining above-mentioned user authentication information index information, as above-mentioned user authentication information index information being preset in the telecom intelligent card with suitable manner, or can predetermined algorithm be set in telecom intelligent card, utilize this algorithm computation to obtain corresponding user authentication information index information.
Step 12: the user authentication information of described telecom intelligent card is changed to false information, and preserves the true information of this user authentication information.
Before carrying out network authentication, the telecom intelligent card in the cdma network is carried out the authentication of machine card, need execution in step 12.User authentication information in the telecom intelligent card is changed to false information, and preserves the true information of this user authentication information, described telecom intelligent card is supported code division multiple access (CDMA) business.
Above-mentioned telecom intelligent card can be that UIM card or other support the telecom intelligent card of cdma services, presets the identical cryptographic algorithm authenticate key identical with assurance in telecom intelligent card and authorization terminal.In embodiments of the present invention, be that the UIM card is that example describes with above-mentioned telecom intelligent card.
Exemplary, above-mentioned cryptographic algorithm can be DEA (Data Encryption Standard, DES), triple DEA (Triple DES, 3DES), RSA Algorithm and error checking and correction (Error Checking and Correcting, ECC) algorithm scheduling algorithm.
Initial user authentication information can be kept in the normative document in the UIM card, and the initial user authentication information in this normative document is can be by the true information of network authentication.To the UIM card, above-mentioned user authentication information mainly refers to SSD, and at this moment, step 12 is changed to false information with the SSD in the UIM card, and preserves the true information of this SSD before can being specially and carrying out network authentication.At this moment, above-mentioned user authentication information index information is the SSD index information.
But be not limited thereto, this user authentication information can also comprise international mobile subscriber identity (IMSI), telecom intelligent card sign, required information when the sign (UIMID) that the UIM card is the UIM card waits other identifying user identities.At this moment, above-mentioned user authentication information index information is the index information of described IMSI, UIMID and SSD.
For guaranteeing to use the terminal of terminal for authorizing of telecom intelligent card, before carrying out network authentication, need carry out machine card verification process, at this moment, at first user authentication information is revised as false information, as user authentication information being changed to false information by directly wiping this initial user authentication information; Perhaps, the data by write error are changed to false information with user authentication information.
In embodiments of the present invention, when user authentication information is changed to false information, initial user authentication information is preserved, as be kept in the backup file, thereby ensured, can get access to the true information of user authentication information if during machine card authentication success.
Step 13: when between telecom intelligent card and the terminal during authentication success, utilize described user authentication information index information, read the true information of described user authentication information and recover described user authentication information according to this true information;
Utilize above-mentioned cryptographic algorithm and authenticate key, between telecom intelligent card and terminal, authenticate, when this terminal is authorization terminal, can authenticate by the machine card.
At this moment, utilize the user authentication information index information that gets access to, from backup file, read the true information of the user authentication information of being preserved, utilize this true information that the user authentication information in the normative document is reverted to true information.
Step 14:, carry out network authentication according to the user authentication information after the described recovery.
Because the user authentication information after recovering is true information, so this UIM card can pass through network authentication, successfully lands network.
The technical scheme that the embodiment of the invention provides, to the telecom intelligent card of cdma service can be provided, can obtain the user authentication information index information of described telecom intelligent card, and when machine card authentication success, utilize this user authentication information index information to read the true information of the user authentication information of being preserved, user authentication information in the telecom intelligent card is reverted to true information, thereby after having guaranteed that the authentication of machine card is passed through, telecom intelligent card can successfully land network.The technical scheme of the embodiment of the invention can be avoided stealing the telephone expenses that card and cassette tape come and run off, and guarantees that the terminal of authorizing successfully lands network, enjoys service normally.
Referring to Fig. 2, the authentication method of the telecom intelligent card that the embodiment of the invention two is provided is described below.
In the embodiment of the invention two, at first, in telecom intelligent card and authorization terminal, preset identical cryptographic algorithm and guarantee identical authenticate key, this telecom intelligent card is that UIM card or other are supported the telecom intelligent card of cdma services.Above-mentioned cryptographic algorithm can be DES, 3DES, ECC scheduling algorithm.Carry out concrete description with the application scenarios that uses the UIM card as example below, those of ordinary skills can know the processing method of knowing other application scenarios by following description.
Use for guaranteeing that UIM is stuck on the terminal of mandate, before carrying out network authentication, carry out machine card verification process earlier, comprise following processing:
Step 21: after the UIM card resets, carry out network authentication and cross the Cheng Qian, the UIM card is changed to false information with the user authentication information of storage, and the UIM card is preserved the true information of user authentication information;
Above-mentioned user authentication information comprises SSD, and at this moment, step 21 can be specially after the UIM card resets, and carries out network authentication and crosses the Cheng Qian, the SSD in the UIM card is changed to false information, and preserves the true information of this SSD. Required information when perhaps, this user authentication information can also comprise other identifying user identities such as SSD, IMSI and UIMID.
The UIM card can be kept at initial user authentication information in the normative document, and this initial user authentication information is can be by the true information of network authentication, and the user authentication information in this normative document is used to carry out network authentication.In step 21, the UIM card is changed to false information with the user authentication information in the normative document, and initial user authentication information is stored in the backup file, exemplary, this backup file is that identifier is in the file of 6F22, and the UIM cartoon is crossed to wipe the 6F22 file or rewrite the 6F22 file with error code user authentication information is revised as false information.
In the embodiment of the invention two, when user authentication information is changed to false information, initial user authentication information is preserved, as be kept in the file that identifier is 6FD2, thereby when having ensured, can get access to the true information of user authentication information as if machine card authentication success.
The embodiment of the invention two provides a kind of concrete form of the 6FD2 file as backup file, user authentication information is stored in the second record of 6FD2 file, and is as shown in the table:
Table 1
Step 22: machine card verification process.
The UIM card sends verify data to terminal, and terminal utilizes the cryptographic algorithm and the authenticate key that preset on it that verify data is calculated, and obtains feedback result and this feedback result is sent to the UIM card; When terminal was calculated feedback result, the UIM card also utilized the cryptographic algorithm and the authenticate key that preset in the card that verify data is calculated, and draws result of calculation.Then, the UIM Cali authenticates the feedback result of coming self terminal with result of calculation.
Step 23: judge that whether the authentication of machine card is passed through, and when machine card authentification failure, does not allow to use this UIM card, end operation; When machine card authentication success, execution in step 24;
Step 24:,, recover the information that comes true as SSD, IMSI and UIMID with user authentication information.
At first obtain the user authentication information index information, can obtain this user authentication information index information before step 24 or among step 24, the concrete execution sequence of each step can be adjusted as required in the embodiment of the invention.
Above-mentioned user authentication information index information can be preset in the telecom intelligent card with suitable manner, or can predetermined algorithm be set in telecom intelligent card, utilize this algorithm computation to obtain corresponding user authentication information index information.
The user authentication information index information that utilization gets access to reads the true information of the user authentication information of above-mentioned preservation, as utilize the user authentication information index information, from second record, read the true information of this user authentication information as the 6FD2 file of backup file; Then, utilize the true information of the user authentication information that gets access to that the user authentication information in the telecom intelligent card normative document is reverted to true information, as IMSI and UIMID being reverted to initial value by recovering (Refresh) instruction.
Step 25: carry out network authentication.
Owing to the user authentication information in the UIM card normative document is reverted to true information, therefore can pass through network authentication, successfully land network.
After step 26:UIM card lands network, judge whether the geographical position of this UIM card crosses the border.
In order to guarantee that further telecom intelligent card is not used on the undelegated terminal, in the embodiment of the invention two, utilize the positional information of UIM card to judge whether the geographical position of this UIM card crosses the border, when cross the border in the geographical position of judging the UIM card, carry out the lock base station functions, be that the UIM card locks voluntarily, can't continue to use.The latitude and longitude information of the access network element (as the base station) when optionally, this positional information is chosen for the UIM card and lands network in the network.
Pass through in the machine card authentication first of UIM card, and when logging on network, the UIM card reads the initial position message of this initial access network element, as before the latitude and longitude information at primordium station, and with this information stores hereof, as shown in table 1 as article one record in the 6FD2 file of backup file.The UIM card is noted the latitude and longitude information of initial base station.
Cross the authentication of machine card in each UIM cartoon after this, when landing network, the UIM card reads the current location information of current access network element, as the latitude and longitude information of current base station.
The UIM card compares the initial position message of current location information and record, judge whether both are consistent, when inconsistent, the longitude and latitude scope (crossing the border) that exceeds initial base station as the longitude and latitude of current base station, illustrating that the UIM card moves on the network that other base station covers uses, can judge that this UIM card is used by illegal being placed on the portable terminal, then the UIM card locks voluntarily, can't continue to use; When unanimity, in the longitude and latitude scope of initial base station, allow the UIM card normally to use as the longitude and latitude of current base station.
After step 27:UIM card landed network, when the user authentication information of network side upgraded, the UIM card obtained the user authentication information after the renewal, and the true information of the user authentication information of described preservation is changed to user authentication information after this renewal.
After the UIM card successfully lands network, can normally use cdma service.When network side is initiated the renewal of user authentication information, as the webserver SSD is upgraded, the UIM card can obtain the SSD after network side upgrades, SSD after will upgrading as the webserver writes in the normative document of UIM card, the UIM card is changed to user authentication information after this renewal with the true information of the user authentication information preserved in the backup file, will be the new SSD after network side upgrades and preserve as second record modification in the 6FD2 file of backup file as the UIM card.
Handle by above-mentioned renewal to SSD, guaranteed that UIM is stuck in next time by after the authentication of machine card, can use up-to-date SSD to carry out network authentication, successfully land network.
Be appreciated that above-mentioned normative document and backup file can be realized by two memory blocks in the same storage file, also can be two storage files independently.
The technical scheme that the embodiment of the invention provides, to supporting the UIM card of cdma service, can be on the terminal of authorizing by the many-sided UIM of assurance card uses the such as whether authentication of machine card, network side renewal SSD and latitude and longitude of base station cross the border, and the terminal that guarantees mandate can successfully be landed network, is served accordingly.
The embodiment of the invention three also provides the telecom intelligent card in a kind of Code Division Multiple Access (CDMA) network, and as shown in Figure 3, this device comprises:
Index information acquiring unit 31 is used to obtain the user authentication information index information of described telecom intelligent card;
Information hiding unit 32 is used for the user authentication information of described telecom intelligent card is changed to false information, and preserves the true information of this user authentication information;
Information recovery unit 33, be used for when described telecom intelligent card and terminal authentication success, the user authentication information index information that utilizes described index information acquiring unit 31 to get access to reads the true information of the user authentication information of being preserved described Information hiding unit 32 and recovers described user authentication information according to this true information;
Network authentication unit 34 is used for carrying out network authentication according to the user authentication information after described information recovery unit 33 recoveries.
Wherein, according to the different modes that obtains the user authentication information index information, above-mentioned index information acquiring unit 31 can comprise read module, is used to read the described user authentication information index information that presets; Perhaps, computing module is used to utilize pre-defined algorithm to calculate described user authentication information index information.
Wherein, the true information of above-mentioned user authentication information can be preserved in Information hiding unit 32 in backup file, preserve the user authentication information that is used to carry out network authentication in normative document, initial user authentication information is kept in the normative document, and initial authentication information is true information.
Normative document can comprise that a logic interfacing or other can realize the module of identical function (following is that example describes with the interface), the user authentication information index information that Information hiding unit 32 utilizes index information acquiring unit 31 to get access to, interface by normative document is changed to false information with the user authentication information in the normative document, as wipe this user authentication information, and Information hiding unit 32 writes backup file with the true information of the user authentication information interface by backup file and preserves.This backup file also comprises a logic interfacing, is used to carry out the associative operations such as reading, wipe and write of data.
When described telecom intelligent card and terminal authentication success, the user authentication information index information that information recovery unit 33 utilizes described index information acquiring unit 31 to get access to reads the true information of the user authentication information of being preserved described Information hiding unit 32 and recovers described user authentication information according to this true information.
Further, after network side upgrades user authentication information, the user authentication information that above-mentioned telecom intelligent card can get access to after the renewal writes in the normative document, and the true information of the user authentication information preserved in the backup file upgraded, at this moment, as shown in Figure 4, described telecom intelligent card also comprises:
Information updating unit 35, be used for when network side upgrades the user authentication information of described telecom intelligent card, the user authentication information index information that utilizes described index information acquiring unit 31 to get access to, the true information and the preservation of reading the user authentication information after upgrading in the telecom intelligent card.
For example, when the webserver upgrades user authentication information, information updating unit 35 obtains the user authentication information after upgrading in the webserver, and the user authentication information of the interface by normative document after will upgrading writes in the normative document.Then, the user authentication information index information that information updating unit 35 utilizes index information acquiring unit 31 to get access to, read the user authentication information after the renewal in the current normative document, the true information of the user authentication information preserved in the backup file is changed to the user authentication information after this renewal and preserves.
In order to guarantee that further telecom intelligent card is used on the terminal of mandate, as shown in Figure 4, said apparatus also comprises evaluation unit 36, position, be used for realizing the lock base station functions, when cross the border in the geographical position of judging telecom intelligent card, telecom intelligent card locks voluntarily, can't continue to use.Described position identifies that unit 36 comprises:
The initial module of identifying is used for obtaining the initial position message of initial access network element after telecom intelligent card lands network first;
Current evaluation module is used for obtaining the current location information of current access network element when telecom intelligent card lands network at every turn, when this telecom intelligent card judgement current location information and initial position message are inconsistent, carries out locking voluntarily.
Wherein, describedly identify that initially the initial position message of the initial access network element that module gets access to is the latitude and longitude information of initial base station, describedly currently identify that the current location information of the current access network element that module gets access to is the latitude and longitude information of current base station.
Above-mentioned telecom intelligent card can be the UIM card, and above-mentioned user authentication information can comprise SSD, and at this moment, described user authentication information index information is the SSD index information; Perhaps, required information when this user authentication information can comprise other identifying user identities such as SSD, IMSI and UIMID, required information index information when at this moment described user authentication information index information is other identifying user identities such as SSD, IMSI and UIMID.
Be appreciated that above-mentioned normative document and backup file can be achieved by independent module respectively, or be integrated on above-mentioned one or more functional modules.
The concrete working method of each functional module is referring to the inventive method embodiment in the embodiment of the invention three.
From the above mentioned, the technical scheme that the embodiment of the invention provides, to the telecom intelligent card of cdma service can be provided, can obtain the user authentication information index information of described telecom intelligent card, and when machine card authentication success, utilize this user authentication information index information to read the true information of the user authentication information of being preserved, the user authentication information in the telecom intelligent card is reverted to true information, thereby after having guaranteed that the authentication of machine card is passed through, telecom intelligent card can successfully land network.The technical scheme of the embodiment of the invention can be avoided stealing the telephone expenses that card and cassette tape come and run off, and guarantees that the terminal of authorizing successfully lands network, enjoys service normally.
Those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can software product form embody, this computer software product can be stored in the storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.