CN101938563B - Protection method, system and mobile terminal of SIM card information - Google Patents
Protection method, system and mobile terminal of SIM card information Download PDFInfo
- Publication number
- CN101938563B CN101938563B CN201010279056.7A CN201010279056A CN101938563B CN 101938563 B CN101938563 B CN 101938563B CN 201010279056 A CN201010279056 A CN 201010279056A CN 101938563 B CN101938563 B CN 101938563B
- Authority
- CN
- China
- Prior art keywords
- sim card
- software
- electronic signature
- read
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a protection method of SIM card information, comprising the following steps: read-write judgement: when the software of a mobile terminal operates, judging whether the software requests to write and read an SIM card; if yes, performing the following electronic signature step; electronic signature: adopting a first secret key to carry out electronic signature on the software permitted to write and read the SIM card; authentication: judging whether the software required to write and read the SIM card has the electronic signature; if yes, adopting a second secret key corresponding to the first secret key to decrypt and authenticate the electronic signature; and reading and writing the SIM card after the electronic signature is authenticated. The invention also provides a protection system and a mobile terminal of SIM card information. The invention adopts the electronic signature protection scheme for the SIM card reading and writing of the mobile terminal so as to restrict an unauthorized party to read, revise and control the SIM card information, thus effectively protecting the safety of user information.
Description
Technical field
The present invention relates to communication technical field, relate in particular to guard method, system and the portable terminal of a kind of SIM (Subscriber Identity Module, Subscriber Identity Module) card information.
Background technology
In the prior art, start shooting for the first time or portable terminal when starting shooting for the first time in new roaming place for the portable terminal of newly buying, need to obtain IMSI (the International Mobile Subscriber Identity in the SIM card in the portable terminal change process at the beginning, international mobile subscriber identity) and network interaction distribution T MSI (Temporary Mobile Subscriber Identity, temporary user identifier).After this in portable terminal uses, run in the portable terminal software SIM card read do not conflict under under the situation, no matter be first wife's software of portable terminal or from the software of the Internet download, information such as IMSI, contact person and short message in the reading SIM card at any time.Yet in the mobile Internet epoch, rogue programs such as portable terminal virus and eavesdropping software can constitute a threat to individual privacy, financial information even enterprise's trade secret.
The operating system Android of existing portable terminal and Windows Mobile etc. do not have read-write protection to SIM card, and all can read and write SIM card at the software of mobile terminal operating system operation, thereby have serious safety problem.If exploitation mobile terminal softwares such as the employing operating system Android of portable terminal manufacturer and Windows Mobile are not protected the SIM card read-write interface or are controlled or revise; the SIM card read-write interface is in a kind of open state exactly so; the third party can develop software to IMSI in the SIM card; contact person and short message etc. read arbitrarily; if the user has downloaded the above-mentioned third party software that can read arbitrarily SIM card information like this; cause is without any restriction and safety precautions; in case leakage of information will bring massive losses concerning mobile phone users.
In summary, the resist technology of existing SIM card information obviously exists inconvenience and defective, so be necessary to be improved on reality is used.
Summary of the invention
At above-mentioned defective, the object of the present invention is to provide a kind of guard method, system and portable terminal of SIM card information, it is by the read-write of restriction to SIM card information, with effective protection user's information security.
To achieve these goals, the invention provides a kind of guard method of SIM card information, described method comprises that step is as follows:
The read-write determining step, when the running software of portable terminal, judge whether this software asks to read and write SIM card, if the request would carry out following electronic signature step;
The electronic signature step adopts first key that the software that is allowed to read and write SIM card is signed electronically;
Authenticating step, whether the software of judging described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding with described first key that described electronic signature is decrypted and authenticates, the electronic signature of described software is certified pass through after read-write SIM card.
According to the guard method of SIM card information of the present invention, described authenticating step further comprises:
Whether the software of judging described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and sent the information that described software does not have electronic signature;
If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM, and the electronic signature of sending described software can not authenticate the information of passing through.
According to the guard method of SIM card information of the present invention, described first key is private key, and described second key is PKI.
According to the guard method of SIM card information of the present invention, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, private key and the PKI of the electronic signature of software under including in this digital certificate.
According to the guard method of SIM card information of the present invention, the described software that is allowed to read and write SIM card comprises first wife's software or the down loading updating software of described portable terminal.
The present invention also provides a kind of protection system of SIM card information, and described system comprises:
The read-write judge module is used for judging whether this software asks to read and write SIM card when the running software of portable terminal, and module signs electronically if request is then notice signs electronically;
The electronic signature module be used for to adopt first key that the software that is allowed to read and write SIM card is signed electronically;
Authentication module, be used for judging whether the software of described request read-write SIM card has electronic signature, if have electronic signature, then adopt second key corresponding with described first key that described electronic signature is decrypted and authenticates, the electronic signature of described software is certified pass through after read-write SIM card.
Protection system according to SIM card information of the present invention, described authentication module judges whether the software of described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and is sent the information that described software does not have electronic signature; If have electronic signature, then adopt described second key that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM card, and the electronic signature of sending described software can not authenticate the information of passing through.
According to the protection system of SIM card information of the present invention, described first key is private key, and described second key is PKI.
According to the protection system of SIM card information of the present invention, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, private key and the PKI of the electronic signature of software under including in this digital certificate.
The present invention also provides a kind of portable terminal that comprises the protection system of described SIM card information.
The present invention adopts the electronic signature protection scheme to the SIM card read-write of portable terminal; namely all softwares that need read and write SIM card all must possess electronic signature; and this electronic signature is authenticated could read and write SIM card after passing through; with restriction unauthorized parties reading, revising and controlling SIM card information; especially prevent that third party's rogue program from stealing the SIM card core information, thereby effectively protect the safety of user profile.
Description of drawings
Fig. 1 is the structural representation of the protection system of SIM card information provided by the invention;
Fig. 2 is the flow chart of the guard method of SIM card information provided by the invention; And
Fig. 3 is the preferred flow charts of the guard method of SIM card information provided by the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explaining the present invention, and be not used in restriction the present invention.
Fig. 1 shows the structure of the protection system of SIM card information of the present invention; this protection system 10 can be the software unit that is applied in the portable terminal 100; hardware cell or software and hardware combining unit; and portable terminal 100 can be mobile phone, PDA (Personal Digital Assistant, personal digital assistant) etc.Described protection system 10 mainly comprises read-write judge module 11, electronic signature module 12 and authentication module 13, wherein:
Read-write judge module 11 is used for judging whether this software asks to read and write SIM card when the running software of portable terminal, and module 12 signs electronically if request is then notice signs electronically.
Electronic signature module 12 be used for to adopt first key that the software that is allowed to read and write SIM card is signed electronically.Preferably, this first key is private key.Portable terminal 100 can be preserved the digital certificate of the software that is allowed to read and write SIM card in advance, and this digital certificate is signed and issued by CA (Certification Authority, certificate verification center), private key and the PKI of the electronic signature of software under it includes.Generally speaking, first wife's software of portable terminal 100 just is allowed to read and write SIM card, in the future the software from the Internet download or renewal belongs to application software more and does not allow to read and write SIM card, but the present invention does not get rid of yet and in particular cases the software read-write SIM card of downloading or upgrading signed electronically and authenticate.Preserved the digital certificate of first wife's software when usually portable terminal 100 dispatches from the factory, electronic signature module 12 is just carried out digital signature to the data of the software that will read and write SIM card information during first wife's running software, sends to authentication module 13 then and is decrypted and authenticates.
Authentication module 13 is used for judging whether the software of request read-write SIM card has electronic signature, if having electronic signature, then adopts second key corresponding with private key that electronic signature is decrypted and authenticates.Preferably this second key is the PKI corresponding with private key, because have only corresponding PKI to decipher with the data of encrypted private key, the electronic signature of software is certified by the read-write SIM card of.Preferably, authentication module 13 judges whether the software of request read-write SIM card has electronic signature, if software read-write SIM card is then forbidden in not electronic signature, and sends the information that software does not have electronic signature to the user; If have electronic signature, then the PKI of authentication module 13 employing correspondences is decrypted and authenticates the electronic signature of the software of request read-write SIM card, and the read-write SIM card of ability is passed through in authentication, and this software can call the information in the SIM card read-write interface visit SIM card; Otherwise forbid reading and writing SIM card, and can not authenticate the information of passing through to the electronic signature that the user sends software.
Above-mentioned electronic signature module 12 and authentication module 13 need be read and write in the SIM card information process (reading SIM card is all wanted in 100 starts at every turn as portable terminal) at every turn at the software of portable terminal 100, all need by the flow startup operation transmitting data and sign electronically and authenticating.
10 pairs of SIM card read-writes of the protection system of SIM card information of the present invention adopt electronic signature to control the design of malice SIM card interface routine; the software of all reading SIM card all must have electronic signature, make other softwares particularly third party's Malware can't have access to the SIM card information of portable terminal 100.
Fig. 2 shows the flow process of the guard method of SIM card information of the present invention, and it realizes that by protection system shown in Figure 1 10 described method comprises at least:
Step S201 is the read-write determining step, when the running software of portable terminal, judges whether this software asks to read and write SIM card, if ask then execution in step S202.Otherwise do not sign electronically.
Step S202 is the electronic signature step, adopts private key that the software that is allowed to read and write SIM card is signed electronically.Portable terminal 100 can be preserved the digital certificate of the software that is allowed to read and write SIM card in advance, private key and the PKI of the electronic signature of software under including in this digital certificate.And this software that is allowed to read and write SIM card is limited to first wife's software of portable terminal 100.Preferred electronic signature process is: at first be to generate signed e-file, then e-file done digital digest with hash algorithm, again digital digest is done asymmetric encryption with signature private key, namely do digital signature; Be that above signature and e-file original text are encapsulated afterwards, form the signature result and send to authentication module 13 authentications.
Step S203 is authenticating step, whether the software of judging request read-write SIM card has electronic signature, if have electronic signature, then adopt the PKI corresponding with private key that electronic signature is decrypted and authenticates, the electronic signature of software is certified by the read-write SIM card of.Preferred electron underwriting authentication process is: authentication module 13 is received the result of digital signature, comprising digital signature, electronics original text and originating party PKI, i.e. and data to be certified.Authentication module 13 is at first used originating party PKI decrypted digital signature, derives digital digest, and the e-file original text is done same hash algorithm draws a new digital digest, and the cryptographic Hash of two summaries is carried out the result relatively, and same signature obtains authentication, otherwise invalid.
Fig. 3 shows the preferred flow of the guard method of SIM card information of the present invention, and it also realizes by protection system shown in Figure 1 10 that described method comprises that step is as follows:
Step S301, the software of portable terminal 100 brings into operation.
Step S302 judges whether the software of this operation asks to read and write SIM card, if ask then execution in step S304, otherwise execution in step S303.
Step S303, protection system 10 does not authenticate the electronic signature of this software.
Step S304 adopts private key that the software that is allowed to read and write SIM card is signed electronically, and this private key is preferably provided by the digital certificate that portable terminal 100 preliminary elections are preserved.
Step S305 judges whether the software of request read-write SIM card has electronic signature, signs electronically then execution in step S307 if having, otherwise execution in step S306.
Step S306 forbids this software read-write SIM, and sends the information that software does not have electronic signature to the user, and the user can according to circumstances handle.This information can adopt literal, image, audio frequency and/or video format.
Step S307 adopts PKI that the electronic signature of the software of request read-write SIM card is decrypted and authenticates, and this PKI is preferably provided by digital certificate.
Step S308 judges this electronic signature whether by authentication, if execution in step S310 then, otherwise execution in step S309.
Step S309 forbids this software read-write SIM card, and the electronic signature of sending software can not authenticate the information of passing through, and the user can according to circumstances handle.This information can adopt literal, image, audio frequency and/or video format.
Step S310 allows this software read-write SIM card.
In sum; the present invention adopts the electronic signature protection scheme to the SIM card read-write of portable terminal; namely all softwares that need read and write SIM card all must possess electronic signature; and this electronic signature is authenticated could read and write SIM card after passing through; with restriction unauthorized parties reading, revising and controlling SIM card information; especially prevent that third party's rogue program from stealing the SIM card core information, thereby effectively protect the safety of user profile.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (6)
1. the guard method of a SIM card information is characterized in that, described method comprises that step is as follows:
The read-write determining step, when the running software of portable terminal, judge whether this software asks to read and write SIM card, if the request would carry out following electronic signature step;
The electronic signature step, adopt private key that the software that is allowed to read and write SIM card is signed electronically, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, described private key and the PKI of the electronic signature of software under including in this digital certificate;
Authenticating step, whether the software of judging described request read-write SIM card has electronic signature, if have electronic signature, then adopt the described PKI corresponding with described private key that described electronic signature is decrypted and authenticates, the electronic signature of described software is certified pass through after read-write SIM card.
2. method according to claim 1 is characterized in that, described authenticating step further comprises:
Whether the software of judging described request read-write SIM card has electronic signature, if not electronic signature is then forbidden described software read-write SIM card, and sent the information that described software does not have electronic signature;
If have electronic signature, then adopt described PKI that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM, and the electronic signature of sending described software can not authenticate the information of passing through.
3. method according to claim 1 is characterized in that, the described software that is allowed to read and write SIM card comprises first wife's software or the down loading updating software of described portable terminal.
4. the protection system of a SIM card information is characterized in that, described system comprises:
The read-write judge module is used for judging whether this software asks to read and write SIM card when the running software of portable terminal, and module signs electronically if request is then notice signs electronically;
The electronic signature module, be used for to adopt private key that the software that is allowed to read and write SIM card is signed electronically, described portable terminal is preserved the digital certificate of the software that is allowed to read and write SIM card in advance, described private key and the PKI of the electronic signature of software under including in this digital certificate;
Authentication module, be used for judging whether the software of described request read-write SIM card has electronic signature, if have electronic signature, then adopt the described PKI corresponding with described private key that described electronic signature is decrypted and authenticates, the electronic signature of described software is certified pass through after read-write SIM card.
5. system according to claim 4, it is characterized in that described authentication module judges whether the software of described request read-write SIM card has electronic signature, if not electronic signature, then forbid described software read-write SIM card, and send the information that described software does not have electronic signature; If have electronic signature, then adopt described PKI that the electronic signature of the software of described request read-write SIM card is decrypted and authenticates, authentication is by the read-write SIM card of; Otherwise forbid reading and writing SIM card, and the electronic signature of sending described software can not authenticate the information of passing through.
6. one kind comprises the portable terminal as the protection system of claim 4 or 5 described SIM card information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010279056.7A CN101938563B (en) | 2010-09-09 | 2010-09-09 | Protection method, system and mobile terminal of SIM card information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010279056.7A CN101938563B (en) | 2010-09-09 | 2010-09-09 | Protection method, system and mobile terminal of SIM card information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101938563A CN101938563A (en) | 2011-01-05 |
| CN101938563B true CN101938563B (en) | 2013-08-14 |
Family
ID=43391683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010279056.7A Active CN101938563B (en) | 2010-09-09 | 2010-09-09 | Protection method, system and mobile terminal of SIM card information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101938563B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102324005A (en) * | 2011-08-31 | 2012-01-18 | 李智虎 | Security authentication method, system and device for terminal without computing capability |
| WO2012151884A1 (en) * | 2011-09-09 | 2012-11-15 | 中兴通讯股份有限公司 | Nfc implementation method and mobile terminal |
| CN103812649B (en) * | 2012-11-07 | 2017-05-17 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
| CN105282117A (en) * | 2014-07-21 | 2016-01-27 | 中兴通讯股份有限公司 | Access control method and device |
| CN109714754A (en) * | 2018-10-29 | 2019-05-03 | 努比亚技术有限公司 | A kind of data guard method, terminal and computer readable storage medium |
| CN111147428B (en) * | 2018-11-06 | 2022-04-26 | 中国电信股份有限公司 | Access control method, system, security element SE access plug-in device and terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604525A (en) * | 2003-09-05 | 2005-04-06 | 国际商业机器公司 | Granting access to a system based on the use of a card having stored user data thereon |
| CN101018125A (en) * | 2007-03-02 | 2007-08-15 | 中兴通讯股份有限公司 | Radio terminal security network and card locking method based on the ellipse curve public key cipher |
| CN101203000A (en) * | 2007-05-24 | 2008-06-18 | 深圳市德诺通讯技术有限公司 | Method and system for downloading mobile terminal applied software |
| EP2071898A1 (en) * | 2007-12-10 | 2009-06-17 | Telefonaktiebolaget LM Ericsson (publ) | Method for alteration of integrity protected data in a device, computer program product and device implementing the method |
| CN101540669A (en) * | 2008-03-20 | 2009-09-23 | 深圳市奥联科技有限公司 | Method for distributing keys and protecting information for wireless mobile communication network |
-
2010
- 2010-09-09 CN CN201010279056.7A patent/CN101938563B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604525A (en) * | 2003-09-05 | 2005-04-06 | 国际商业机器公司 | Granting access to a system based on the use of a card having stored user data thereon |
| CN101018125A (en) * | 2007-03-02 | 2007-08-15 | 中兴通讯股份有限公司 | Radio terminal security network and card locking method based on the ellipse curve public key cipher |
| CN101203000A (en) * | 2007-05-24 | 2008-06-18 | 深圳市德诺通讯技术有限公司 | Method and system for downloading mobile terminal applied software |
| EP2071898A1 (en) * | 2007-12-10 | 2009-06-17 | Telefonaktiebolaget LM Ericsson (publ) | Method for alteration of integrity protected data in a device, computer program product and device implementing the method |
| CN101540669A (en) * | 2008-03-20 | 2009-09-23 | 深圳市奥联科技有限公司 | Method for distributing keys and protecting information for wireless mobile communication network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101938563A (en) | 2011-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7886355B2 (en) | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof | |
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| EP1801721B1 (en) | Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device | |
| KR101047641B1 (en) | Enhance security and privacy for security devices | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| US8171527B2 (en) | Method and apparatus for securing unlock password generation and distribution | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
| US10594479B2 (en) | Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device | |
| KR20060116822A (en) | Method for the authentication of applications | |
| EP3522580A1 (en) | Credential provisioning | |
| CN101938563B (en) | Protection method, system and mobile terminal of SIM card information | |
| JP2004326796A (en) | Method for securing terminal and application, communication terminal and identification module in method of executing application requiring high degree of security protection function | |
| CN101841525A (en) | Secure access method, system and client | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN102056077B (en) | Method and device for applying smart card by key | |
| KR20140098872A (en) | security system and method using trusted service manager and biometric for web service of mobile nfc device | |
| CN111080858A (en) | Bluetooth key logout method and device | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN103108323A (en) | Safety operation execution system and execution method | |
| KR101281099B1 (en) | An Authentication method for preventing damages from lost and stolen smart phones | |
| CN105282117A (en) | Access control method and device | |
| JP2000011101A (en) | Ic card and record medium | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| KR101680536B1 (en) | Method for Service Security of Mobile Business Data for Enterprise and System thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |