CN101938563A - Protection method, system and mobile terminal of SIM card information - Google Patents

Protection method, system and mobile terminal of SIM card information Download PDF

Info

Publication number
CN101938563A
CN101938563A CN2010102790567A CN201010279056A CN101938563A CN 101938563 A CN101938563 A CN 101938563A CN 2010102790567 A CN2010102790567 A CN 2010102790567A CN 201010279056 A CN201010279056 A CN 201010279056A CN 101938563 A CN101938563 A CN 101938563A
Authority
CN
China
Prior art keywords
sim card
software
electronic signature
read
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102790567A
Other languages
Chinese (zh)
Other versions
CN101938563B (en
Inventor
曹希彬
翁建勇
马建勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201010279056.7A priority Critical patent/CN101938563B/en
Publication of CN101938563A publication Critical patent/CN101938563A/en
Application granted granted Critical
Publication of CN101938563B publication Critical patent/CN101938563B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a protection method of SIM card information, comprising the following steps: read-write judgement: when the software of a mobile terminal operates, judging whether the software requests to write and read an SIM card; if yes, performing the following electronic signature step; electronic signature: adopting a first secret key to carry out electronic signature on the software permitted to write and read the SIM card; authentication: judging whether the software required to write and read the SIM card has the electronic signature; if yes, adopting a second secret key corresponding to the first secret key to decrypt and authenticate the electronic signature; and reading and writing the SIM card after the electronic signature is authenticated. The invention also provides a protection system and a mobile terminal of SIM card information. The invention adopts the electronic signature protection scheme for the SIM card reading and writing of the mobile terminal so as to restrict an unauthorized party to read, revise and control the SIM card information, thus effectively protecting the safety of user information.

Description

A kind of guard method of SIM card information, system and portable terminal
Technical field
The present invention relates to communication technical field, relate in particular to guard method, system and the portable terminal of a kind of SIM (Subscriber Identity Module, Subscriber Identity Module) card information.
Background technology
In the prior art, start shooting for the first time or portable terminal when starting shooting for the first time for the portable terminal of newly buying in new roaming place, need to obtain IMSI (the International Mobile Subscriber Identity in the SIM card in the portable terminal change process at the beginning, international mobile subscriber identity) and network interaction distribution T MSI (Temporary Mobile Subscriber Identity, temporary user identifier).After this in portable terminal uses, run in the portable terminal software SIM card read do not conflict under under the situation, no matter be first wife's software of portable terminal or from the software of the Internet download, information such as IMSI, contact person and short message in the reading SIM card at any time.Yet in the mobile Internet epoch, rogue programs such as portable terminal virus and eavesdropping software can constitute a threat to individual privacy, financial information even enterprise's trade secret.
The operating system Android of existing portable terminal and Windows Mobile etc. do not have read-write protection to SIM card, and all can read and write SIM card at the software of mobile terminal operating system operation, thereby have serious safety problem.If exploitation mobile terminal softwares such as employing operating system Android of portable terminal manufacturer and Windows Mobile are not protected the SIM card read-write interface or are controlled or revise; the SIM card read-write interface is in a kind of open state exactly so; the third party can develop software to IMSI in the SIM card; contact person and short message etc. read arbitrarily; if like this user's download the above-mentioned third party software that can read arbitrarily SIM card information; cause is without any restriction and safety precautions; in case leakage of information will bring massive losses concerning mobile phone users.
In summary, the resist technology of existing SIM card information obviously exists inconvenience and defective, so be necessary to be improved on reality is used.
Summary of the invention
At above-mentioned defective, the object of the present invention is to provide a kind of guard method, system and portable terminal of SIM card information, it is by the read-write of restriction to SIM card information, with effective protection user's information security.
To achieve these goals, the invention provides a kind of guard method of SIM card information, described method comprises that step is as follows:
The read-write determining step, when the running software of portable terminal, judge whether this software asks to read and write SIM card, if the request would carry out following electronic signature step;
The electronic signature step adopts first key that the software that is allowed to read and write SIM card is signed electronically;
Authenticating step, whether the software of judging described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding that described electronic signature is decrypted and authenticates with described first key, the electronic signature of described software is certified pass through after just read-write SIM card.
According to the guard method of SIM card information of the present invention, described authenticating step further comprises:
Whether the software of judging described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and sent the information that described software does not have electronic signature;
If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM, and the electronic signature of sending described software can not authenticate the information of passing through.
According to the guard method of SIM card information of the present invention, described first key is a private key, and described second key is a PKI.
According to the guard method of SIM card information of the present invention, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, the private key and the PKI of the electronic signature of software under including in this digital certificate.
According to the guard method of SIM card information of the present invention, the described software that is allowed to read and write SIM card comprises the first wife's software or the down loading updating software of described portable terminal.
The present invention also provides a kind of protection system of SIM card information, and described system comprises:
The read-write judge module is used for when the running software of portable terminal, judges whether this software asks to read and write SIM card, and module signs electronically if request is then notice signs electronically;
The electronic signature module is used to adopt first key that the software that is allowed to read and write SIM card is signed electronically;
Authentication module, be used to judge whether the software of described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding that described electronic signature is decrypted and authenticates with described first key, the electronic signature of described software is certified pass through after just read-write SIM card.
Protection system according to SIM card information of the present invention, described authentication module judges whether the software of described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and is sent the information that described software does not have electronic signature; If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM card, and the electronic signature of sending described software can not authenticate the information of passing through.
According to the protection system of SIM card information of the present invention, described first key is a private key, and described second key is a PKI.
According to the protection system of SIM card information of the present invention, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, the private key and the PKI of the electronic signature of software under including in this digital certificate.
The present invention also provides a kind of portable terminal that comprises the protection system of described SIM card information.
The present invention adopts the electronic signature protection scheme to the SIM card read-write of portable terminal; promptly all softwares that need read and write SIM card all must possess electronic signature; and this electronic signature is authenticated could read and write SIM card after passing through; with restriction unauthorized parties reading, revising and controlling to SIM card information; especially prevent that third party's rogue program from stealing the SIM card core information, thereby effectively protect the safety of user profile.
Description of drawings
Fig. 1 is the structural representation of the protection system of SIM card information provided by the invention;
Fig. 2 is the flow chart of the guard method of SIM card information provided by the invention; And
Fig. 3 is the preferred flow charts of the guard method of SIM card information provided by the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Fig. 1 shows the structure of the protection system of SIM card information of the present invention; this protection system 10 can be the software unit that is applied in the portable terminal 100; hardware cell or software and hardware combining unit; and portable terminal 100 can be mobile phone, PDA (Personal Digital Assistant, personal digital assistant) etc.Described protection system 10 mainly comprises read-write judge module 11, electronic signature module 12 and authentication module 13, wherein:
Read-write judge module 11 is used for when the running software of portable terminal, judges whether this software asks to read and write SIM card, and module 12 signs electronically if request is then notice signs electronically.
Electronic signature module 12 is used to adopt first key that the software that is allowed to read and write SIM card is signed electronically.Preferably, this first key is a private key.Portable terminal 100 can be preserved the digital certificate of the software that is allowed to read and write SIM card in advance, and this digital certificate is signed and issued by CA (Certification Authority, certificate verification center), the private key and the PKI of the electronic signature of software under it includes.Generally speaking, first wife's software of portable terminal 100 just is allowed to read and write SIM card, in the future the software from the Internet download or renewal belongs to application software more and does not allow to read and write SIM card, but the present invention does not get rid of yet and in particular cases the software read-write SIM card of downloading or upgrading signed electronically and authenticate.Preserved the digital certificate of first wife's software when usually portable terminal 100 dispatches from the factory, electronic signature module 12 is just carried out digital signature to the data of the software that will read and write SIM card information during first wife's running software, sends to authentication module 13 then and is decrypted and authenticates.
Authentication module 13 is used to judge whether the software of request read-write SIM card has electronic signature, if having electronic signature, then adopts second key corresponding with private key that electronic signature is decrypted and authenticates.Preferably this second key is the PKI corresponding with private key, because have only corresponding PKI to decipher with the data of encrypted private key, the electronic signature of software is certified by the read-write SIM card of.Preferably, authentication module 13 judges whether the software of request read-write SIM card has electronic signature, if software read-write SIM card is then forbidden in not electronic signature, and sends the information that software does not have electronic signature to the user; If have electronic signature, then the PKI of authentication module 13 employing correspondences is decrypted and authenticates the electronic signature of the software of request read-write SIM card, and the read-write SIM card of ability is passed through in authentication, and this software can call the information in the SIM card read-write interface visit SIM card; Otherwise forbid reading and writing SIM card, and can not authenticate the information of passing through to the electronic signature that the user sends software.
Above-mentioned electronic signature module 12 and authentication module 13 need be read and write in the SIM card information process (reading SIM card is all wanted in 100 starts at every turn as portable terminal) at every turn at the software of portable terminal 100, all need by the flow startup operation transmitting data and sign electronically and authenticating.
10 pairs of SIM card read-writes of the protection system of SIM card information of the present invention adopt electronic signature to control the design of malice SIM card interface routine; the software of all reading SIM card all must have electronic signature, make other softwares particularly third party's Malware can't have access to the SIM card information of portable terminal 100.
Fig. 2 shows the flow process of the guard method of SIM card information of the present invention, and it realizes that by protection system shown in Figure 1 10 described method comprises at least:
Step S201 is the read-write determining step, when the running software of portable terminal, judges whether this software asks to read and write SIM card, if ask then execution in step S202.Otherwise do not sign electronically.
Step S202 is the electronic signature step, adopts private key that the software that is allowed to read and write SIM card is signed electronically.Portable terminal 100 can be preserved the digital certificate of the software that is allowed to read and write SIM card in advance, the private key and the PKI of the electronic signature of software under including in this digital certificate.And this software that is allowed to read and write SIM card is limited to first wife's software of portable terminal 100.Preferred electronic signature process is: at first be to generate the e-file of being signed, then e-file done digital digest with hash algorithm, again digital digest is done asymmetric encryption with signature private key, promptly do digital signature; Be that above signature and e-file original text are encapsulated afterwards, form the signature result and send to authentication module 13 authentications.
Step S203 is an authenticating step, whether the software of judging request read-write SIM card has electronic signature, if have electronic signature, then adopt the PKI corresponding that electronic signature is decrypted and authenticates with private key, the electronic signature of software is certified by the read-write SIM card of.Preferred electron underwriting authentication process is: authentication module 13 is received the result of digital signature, comprising digital signature, electronics original text and originating party PKI, data promptly to be certified.Authentication module 13 is at first used originating party PKI decrypted digital signature, derives digital digest, and the e-file original text is done same hash algorithm draws a new digital digest, and the cryptographic Hash of two summaries is carried out the result relatively, and same signature obtains authentication, otherwise invalid.
Fig. 3 shows the preferred flow of the guard method of SIM card information of the present invention, and it also realizes by protection system shown in Figure 1 10 that described method comprises that step is as follows:
Step S301, the software of portable terminal 100 brings into operation.
Step S302 judges whether the software of this operation asks to read and write SIM card, if ask then execution in step S304, otherwise execution in step S303.
Step S303, protection system 10 does not authenticate the electronic signature of this software.
Step S304 adopts private key that the software that is allowed to read and write SIM card is signed electronically, and this private key is preferably provided by the digital certificate that portable terminal 100 preliminary elections are preserved.
Step S305 judges whether the software of request read-write SIM card has electronic signature, signs electronically then execution in step S307 if having, otherwise execution in step S306.
Step S306 forbids this software read-write SIM, and sends the information that software does not have electronic signature to the user, and the user can according to circumstances handle.This information can adopt literal, image, audio frequency and/or video format.
Step S307 adopts PKI that the electronic signature of the software of request read-write SIM card is decrypted and authenticates, and this PKI is preferably provided by digital certificate.
Step S308 judges this electronic signature whether by authentication, if execution in step S310 then, otherwise execution in step S309.
Step S309 forbids this software read-write SIM card, and the electronic signature of sending software can not authenticate the information of passing through, and the user can according to circumstances handle.This information can adopt literal, image, audio frequency and/or video format.
Step S310 allows this software read-write SIM card.
In sum; the present invention adopts the electronic signature protection scheme to the SIM card read-write of portable terminal; promptly all softwares that need read and write SIM card all must possess electronic signature; and this electronic signature is authenticated could read and write SIM card after passing through; with restriction unauthorized parties reading, revising and controlling to SIM card information; especially prevent that third party's rogue program from stealing the SIM card core information, thereby effectively protect the safety of user profile.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.

Claims (10)

1. the guard method of a SIM card information is characterized in that, described method comprises that step is as follows:
The read-write determining step, when the running software of portable terminal, judge whether this software asks to read and write SIM card, if the request would carry out following electronic signature step;
The electronic signature step adopts first key that the software that is allowed to read and write SIM card is signed electronically;
Authenticating step, whether the software of judging described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding that described electronic signature is decrypted and authenticates with described first key, the electronic signature of described software is certified pass through after just read-write SIM card.
2. method according to claim 1 is characterized in that, described authenticating step further comprises:
Whether the software of judging described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and sent the information that described software does not have electronic signature;
If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM, and the electronic signature of sending described software can not authenticate the information of passing through.
3. method according to claim 1 is characterized in that, described first key is a private key, and described second key is a PKI.
4. method according to claim 3 is characterized in that, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, the private key and the PKI of the electronic signature of software under including in this digital certificate.
5. method according to claim 1 is characterized in that, the described software that is allowed to read and write SIM card comprises the first wife's software or the down loading updating software of described portable terminal.
6. the protection system of a SIM card information is characterized in that, described system comprises:
The read-write judge module is used for when the running software of portable terminal, judges whether this software asks to read and write SIM card, and module signs electronically if request is then notice signs electronically;
The electronic signature module is used to adopt first key that the software that is allowed to read and write SIM card is signed electronically;
Authentication module, be used to judge whether the software of described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding that described electronic signature is decrypted and authenticates with described first key, the electronic signature of described software is certified pass through after just read-write SIM card.
7. system according to claim 6, it is characterized in that described authentication module judges whether the software of described request read-write SIM card has electronic signature, if not electronic signature, then forbid described software read-write SIM card, and send the information that described software does not have electronic signature; If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM card, and the electronic signature of sending described software can not authenticate the information of passing through.
8. system according to claim 6 is characterized in that, described first key is a private key, and described second key is a PKI.
9. system according to claim 9 is characterized in that, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, the private key and the PKI of the electronic signature of software under including in this digital certificate.
10. one kind comprises the portable terminal as the protection system of each described SIM card information of claim 6~9.
CN201010279056.7A 2010-09-09 2010-09-09 Protection method, system and mobile terminal of SIM card information Active CN101938563B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010279056.7A CN101938563B (en) 2010-09-09 2010-09-09 Protection method, system and mobile terminal of SIM card information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010279056.7A CN101938563B (en) 2010-09-09 2010-09-09 Protection method, system and mobile terminal of SIM card information

Publications (2)

Publication Number Publication Date
CN101938563A true CN101938563A (en) 2011-01-05
CN101938563B CN101938563B (en) 2013-08-14

Family

ID=43391683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010279056.7A Active CN101938563B (en) 2010-09-09 2010-09-09 Protection method, system and mobile terminal of SIM card information

Country Status (1)

Country Link
CN (1) CN101938563B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102324005A (en) * 2011-08-31 2012-01-18 李智虎 Security authentication method, system and device for terminal without computing capability
WO2012151884A1 (en) * 2011-09-09 2012-11-15 中兴通讯股份有限公司 Nfc implementation method and mobile terminal
CN103812649A (en) * 2012-11-07 2014-05-21 中国电信股份有限公司 Method and system for safety access control of machine-card interface, and handset terminal
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device
CN109714754A (en) * 2018-10-29 2019-05-03 努比亚技术有限公司 A kind of data guard method, terminal and computer readable storage medium
CN111147428A (en) * 2018-11-06 2020-05-12 中国电信股份有限公司 Access control method, system, security element SE access plug-in device and terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1604525A (en) * 2003-09-05 2005-04-06 国际商业机器公司 Granting access to a system based on the use of a card having stored user data thereon
CN101018125A (en) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 Radio terminal security network and card locking method based on the ellipse curve public key cipher
CN101203000A (en) * 2007-05-24 2008-06-18 深圳市德诺通讯技术有限公司 Method and system for downloading mobile terminal applied software
EP2071898A1 (en) * 2007-12-10 2009-06-17 Telefonaktiebolaget LM Ericsson (publ) Method for alteration of integrity protected data in a device, computer program product and device implementing the method
CN101540669A (en) * 2008-03-20 2009-09-23 深圳市奥联科技有限公司 Method for distributing keys and protecting information for wireless mobile communication network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1604525A (en) * 2003-09-05 2005-04-06 国际商业机器公司 Granting access to a system based on the use of a card having stored user data thereon
CN101018125A (en) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 Radio terminal security network and card locking method based on the ellipse curve public key cipher
CN101203000A (en) * 2007-05-24 2008-06-18 深圳市德诺通讯技术有限公司 Method and system for downloading mobile terminal applied software
EP2071898A1 (en) * 2007-12-10 2009-06-17 Telefonaktiebolaget LM Ericsson (publ) Method for alteration of integrity protected data in a device, computer program product and device implementing the method
CN101540669A (en) * 2008-03-20 2009-09-23 深圳市奥联科技有限公司 Method for distributing keys and protecting information for wireless mobile communication network

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102324005A (en) * 2011-08-31 2012-01-18 李智虎 Security authentication method, system and device for terminal without computing capability
WO2012151884A1 (en) * 2011-09-09 2012-11-15 中兴通讯股份有限公司 Nfc implementation method and mobile terminal
CN103812649A (en) * 2012-11-07 2014-05-21 中国电信股份有限公司 Method and system for safety access control of machine-card interface, and handset terminal
CN103812649B (en) * 2012-11-07 2017-05-17 中国电信股份有限公司 Method and system for safety access control of machine-card interface, and handset terminal
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device
CN109714754A (en) * 2018-10-29 2019-05-03 努比亚技术有限公司 A kind of data guard method, terminal and computer readable storage medium
CN111147428A (en) * 2018-11-06 2020-05-12 中国电信股份有限公司 Access control method, system, security element SE access plug-in device and terminal
CN111147428B (en) * 2018-11-06 2022-04-26 中国电信股份有限公司 Access control method, system, security element SE access plug-in device and terminal

Also Published As

Publication number Publication date
CN101938563B (en) 2013-08-14

Similar Documents

Publication Publication Date Title
CN103812871B (en) Development method and system based on mobile terminal application program security application
US7886355B2 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
KR101047641B1 (en) Enhance security and privacy for security devices
CN101350723B (en) USB Key equipment and method for implementing verification thereof
US8171527B2 (en) Method and apparatus for securing unlock password generation and distribution
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
EP1801721A1 (en) Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device
EP3522580A1 (en) Credential provisioning
KR20060116822A (en) Method for the authentication of applications
CN101938563B (en) Protection method, system and mobile terminal of SIM card information
JP2004326796A (en) Method for securing terminal and application, communication terminal and identification module in method of executing application requiring high degree of security protection function
CN101841525A (en) Secure access method, system and client
CN107733636B (en) Authentication method and authentication system
CN102056077B (en) Method and device for applying smart card by key
CN111080858A (en) Bluetooth key logout method and device
KR20140098872A (en) security system and method using trusted service manager and biometric for web service of mobile nfc device
US20070271458A1 (en) Authenticating a tamper-resistant module in a base station router
CN112232814A (en) Encryption and decryption method of payment key, payment authentication method and terminal equipment
CN107277017A (en) Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN103108323A (en) Safety operation execution system and execution method
CN105282117A (en) Access control method and device
CN107204985A (en) Purview certification method based on encryption key, apparatus and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant