CN102695170A - Mobile platform possessing identity authentication function and identity authentication method - Google Patents

Mobile platform possessing identity authentication function and identity authentication method Download PDF

Info

Publication number
CN102695170A
CN102695170A CN2011100737902A CN201110073790A CN102695170A CN 102695170 A CN102695170 A CN 102695170A CN 2011100737902 A CN2011100737902 A CN 2011100737902A CN 201110073790 A CN201110073790 A CN 201110073790A CN 102695170 A CN102695170 A CN 102695170A
Authority
CN
China
Prior art keywords
mobile platform
identity
sim
data integrity
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011100737902A
Other languages
Chinese (zh)
Inventor
艾俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nationz Technologies Inc
Original Assignee
Nationz Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationz Technologies Inc filed Critical Nationz Technologies Inc
Priority to CN2011100737902A priority Critical patent/CN102695170A/en
Publication of CN102695170A publication Critical patent/CN102695170A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

A mobile platform of the invention comprises a SIM card interface, a processing module, a direct memory access (DMA) controller, a trusted cryptography module (TCM) module, external input equipment, a biological information collection device, an alarm device and a safety ROM. A SIM card outside the platform is communicated with the platform through the SIM card interface. The SIM card receives data transmitted by the platform and detects data integrity of the platform. The TCM module receives the data transmitted by the SIM card and detects the data integrity of the SIM card. The TCM module also detects the data integrity of other parts in the platform and verifies operator identity information legitimacy. Besides, the invention also provides an identity authentication method. By using the mobile platform and the method of the invention, bilaterally data security detection of the mobile platform and the SIM card can be realized; simultaneously, self-detection aiming at data security of the each part in the platform can be realized; platform authentication reliability can be increased; the data can be prevented from stealing. According to the invention, from three aspects of the SIM card, a user password and the biological information, an identity authentication process can be completed and the identity authentication security can be increased.

Description

A kind of mobile platform and identity identifying method with identity authentication function
Technical field
The present invention relates to a kind of Trusted Computing field, relate in particular to the application of Trusted Computing in the mobile platform field of identity authentication.
Background technology
Credible calculating platform is based on credible password module (TCM, Trusted Cryptography Module), is that support, SOS are the computer hardware platforms of core with the cryptographic technique.The credibility of system is based upon on the basis of credible tolerance root, credible report root and trusted storage root.Begin from credible tolerance root, arrive hardware platform, arrive operating system, arrive application again, one-level authentication one-level, one-level is trusted one-level, thereby expands to whole system to this trust.
Along with the continuous fusion of wireless communication technology and computer technology, mobile platform just progressively replaces the capital equipment that PC becomes man-machine interface.But, be accompanied by enriching constantly of calculating and storage resources, and the appearance of Mobile operating system and various wireless applications, the authentication of mobile platform exposes increasing defective.
Traditional method for authenticating user identity based on PIN is because key length is short and comprise user's personal information usually; Suffer that easily dictionary attack (collected the character string that password possibly comprise; Then through the variety of way combination; Be equivalent to from dictionary, look into password, one by one checking) and poor search attack (having the np-hard problem).Also be subject to Replay Attack and (weigh and broadcast attack and will be merely be used for smart mobile phone and PDA mobile platforms such as (palmtop PCs) based on the identity identifying method of biological characteristic (like fingerprint); Be that the assailant sends the bag that a destination host had received; Reach the purpose of fraud system, be mainly used in the authentication process).
The existing solution that addresses the above problem mainly is the help by smart card; Dual factors based on password and fingerprint are carried out authenticating user identification; But these class methods also only are to compare fingerprint earlier; And then utilize the thought of dynamic password to insert far-end server; The unique contact of password and fingerprint only limits to utilize the living body finger print data to produce an incoherent random number, both are not combined closely, and the fail safe of this type of scheme depends on the realization safety of smart card firmware and corresponding software to a great extent.
Data integrity (Data Integrity) is meant the accuracy (Accuracy) and the reliability (Reliability) of data.It is should prevent to exist in the database not meet semantic predetermined data and prevent to cause invalid operation or error message to propose because of the input and output of error message.Data integrity is divided into four types: entity integrity, domain integrity, referential integrity, user-defined integrality.
DMA (Direct Memory Access; Direct memory access), a method of knowing of the real-time usefulness of Dram access (DMA) improvement system is, extra a logic module is provided; When incident takes place, produce response, and allow processor at more convenient time process information.Dma controller will be sent to the information reproduction of module usually to internal memory (RAM), and allow that information processed moves on to external peripheral devices from internal memory automatically.
Summary of the invention
Technical problem to be solved by this invention provides a kind ofly can carry out the mobile platform of authentication and the method for authentication.
One side as technical scheme of the present invention; A kind of mobile platform with identity authentication function is provided; Comprise SIM interface, processing module, dma controller, TCM module, external input device, biomedical information acquisition device, warning device, store the secure ROM of CRTM
Said processing module links to each other with said SIM interface, said dma controller, said secure ROM respectively; Said dma controller links to each other with said TCM module, said external input device, said biomedical information acquisition device, said warning device respectively;
The outside SIM of said mobile platform communicates through said SIM interface and said mobile platform;
Said SIM is used to receive the data that said mobile platform sends, and detects the data integrity of said mobile platform;
Said TCM module is used to receive the data that said SIM sends, and detects the data integrity of said SIM; Said TCM module also is used to detect the data integrity of inner other parts of said mobile platform, and the legitimacy of verification operation person identity information.
Further, said mobile platform also comprises the image processing accelerator, and said image processing accelerator links to each other with said processing module, is used to accelerate the speed of image processing.
Further; Said processing module comprises BBP and application processor; Said BBP links to each other with said SIM interface, said application processor respectively, and said application processor also links to each other with said dma controller, said secure ROM, said image processing accelerator.
Further; The particular content that said TCM module detects the data integrity of inner other parts of mobile platform comprises, detects the data integrity of said processing module and/or detects the data integrity of said dma controller and/or detect the data integrity of said secure ROM and/or detect the data integrity of said biomedical information acquisition device and/or detect the data integrity of said image processing accelerator.
Further; Said warning device comprises trusted mode manager module and trusted mode indicator module; Said trusted mode indicator module links to each other with said dma controller through said trusted mode manager module, controls said trusted mode indicator module and reports to the police.
Further, said mobile platform also comprises display module, and said display module links to each other with said dma controller; Said display module is used to show identity authentication result.
Further, said operator's identity information comprises user password and/or biometric information.
Further, preserve user identity certificate, User Identity, user biological identifying information, first reference value in the said SIM; Preserve the data integrity metric of legal mobile platform letter of identity, platform credential identity marks, mobile platform identify label, legal users password, second fiducial value, inner other parts of mobile platform in the said TCM module;
Said second fiducial value is carried out data encryption with the user password of importing through said external input device, and compares with said first reference value, judges the integrality of said SIM to the data of said mobile platform transmission;
The data integrity metric of inner other parts of said mobile platform is used to detect the data integrity of said mobile platform internal part.
As technical scheme of the present invention on the other hand, a kind of mobile platform identity identifying method is provided,, concrete steps comprise,
The first step, the outside SIM of mobile platform sends SIM checking request to said mobile platform, and said mobile platform is verified the legitimacy of said SIM;
In second step, said mobile platform detects the data integrity of its internal part;
In the 3rd step, said mobile platform sends the platform validation request to said SIM, and said SIM is verified the legitimacy of said mobile platform;
In the 4th step, said mobile platform obtains operator's identity information;
In the 5th step, said SIM is sent to said mobile platform with the validated user authentication information, the legitimacy of said mobile platform decision operation person identity information.
Further, in the said first step, mobile platform detects the legitimacy of SIM according to following steps,
Steps A 1, said SIM sends SIM checking request to said mobile platform, and said SIM checking request comprises first request signal, first random sequence, User Identity, first identifying code;
Steps A 2, said mobile platform carries out Hash operation to said first request signal, said first random sequence and said User Identity, makes up first check value;
Steps A 3, said mobile platform is judged the legitimacy of said SIM: if said first check value is identical with said first identifying code, then said SIM is legal through detecting; Otherwise said SIM is illegal.
Further; In said second step; Said mobile platform detects the data integrity of its internal part, comprises the data integrity and/or the data integrity that detects dma controller and/or data integrity and/or the data integrity of detected image processor accelerator and/or the data integrity of detection of biological information collecting device of the secure ROM that detection of stored has CRTM that detect processing module.
Further, said mobile platform is according to the data integrity of following steps detection of biological information collecting device,
TCM module in the step B1, said mobile platform is sent biomedical information acquisition device checking request to said biomedical information acquisition device, and said biomedical information acquisition device checking request comprises second request signal, second random sequence, mobile platform identify label;
Step B2; Said biomedical information acquisition device receives said biomedical information acquisition device checking request, and the configuration parameter of said biomedical information acquisition device, said second random sequence, said mobile platform identity data are sent to the TCM of institute module after encrypting;
Step B3, said TCM module is judged the data integrity of said second random sequence and said mobile platform identify label: the data integrity as if the two is all qualified through detecting, then execution in step B4; Otherwise the prompting state is insincere, finishes this testing process;
Step B4; The biomedical information acquisition device proper configuration parameter that said TCM module is preserved according to its inside is judged the data integrity of said biomedical information acquisition device: if the configuration parameter that said biomedical information acquisition device sends is identical with said proper configuration parameter, it is qualified that the data integrity of then said biomedical information acquisition device detects; Otherwise the data integrity of said biomedical information acquisition device detects defective.
Further, in said the 3rd step, SIM detects the legitimacy of mobile platform according to following steps,
Step C1, said mobile platform sends the platform validation request to said SIM, and said platform validation request comprises the 3rd random sequence, internal part testing result, mobile platform letter of identity, second identifying code;
Step C2, said SIM carries out Hash operation to said the 3rd random sequence, said internal part testing result and said User Identity, makes up second check value;
Step C3, said SIM is judged the legitimacy of said mobile platform: if said second check value is identical with said second identifying code, then said mobile platform is legal through detecting; Otherwise said mobile platform is illegal.
Further; Among the said step C2; Make up said second check value and detect before the said mobile platform legitimacy, also through the legal mobile platform letter of identity of comparison, judge the legitimacy of the mobile platform letter of identity that said mobile platform sends: if said mobile platform letter of identity is legal through detecting; Then continue to make up said second check value, judge the legitimacy of said mobile platform; Otherwise the prompting state is insincere.
Further, said SIM is judged the legitimacy of the mobile platform letter of identity that said mobile platform sends according to following steps,
Whether step D1 preserves said legal mobile platform letter of identity: if preserve said legal mobile platform letter of identity, then execution in step D2 in the said SIM; Otherwise execution in step D3;
Step D2, said SIM compare said legal mobile platform letter of identity, judge the legitimacy of the mobile platform letter of identity that said mobile platform sends: if the two is identical, then said mobile platform letter of identity is legal through detecting; Otherwise said mobile platform letter of identity is illegal through detecting;
Whether step D3 preserves the temporary identity sign that wireless carriers is issued: if preserve said temporary identity sign, then execution in step D4 in the said SIM; Otherwise the said wireless carriers of said SIM request is issued temporary identity sign, execution in step D4 then;
Step D4; Said SIM produces the 4th random sequence; Said the 4th random sequence and said temporary identity sign are carried out Hash operation, make up the 3rd check value, and said the 3rd check value and current timestamp information are sent to the base station that said wireless carriers provides;
Step D5, said base station judges according to current time value and preset time limit value whether the information that receives is effective: if said current time value deducts said timestamp information and is not more than said predetermined time limit value, then information is effective, execution in step D6; Otherwise information is invalid, directly finishes this testing process;
Step D6, said base station makes up the 4th check value through said temporary identity sign, judges the data integrity of platform credential identity marks:
If it is qualified that said platform credential identity marks data integrity detects; Then in the database that wireless carriers provides, search and obtain legal mobile platform letter of identity through said platform credential identity marks; Compare the mobile platform letter of identity that said mobile platform sends, judge the legitimacy of the mobile platform letter of identity that said mobile platform sends; Execution in step D7 then;
If it is defective that said platform credential identity marks data integrity detects, direct execution in step D7;
Step D7, said base station is sent to said SIM with mobile platform letter of identity legitimacy testing result: if said mobile platform letter of identity is legal through detecting, then said SIM continues to carry out said step C2, detects the data integrity of said mobile platform; If said mobile platform letter of identity is illegal through detecting, then testing result is sent to said mobile platform and points out state insincere.
Further; In said the 4th step; The identity information that said mobile platform obtains the operator comprises, user password that obtains through the external input device in the said mobile platform and/or the operator's that obtains through the biomedical information acquisition device in the said mobile platform biometric information.
Further, in said the 5th step, after mobile platform receives said validated user authentication information, judge the data integrity of said validated user authentication information earlier, again the legitimacy of decision operation person's identity information.
Further, said mobile platform is judged the data integrity of said validated user authentication information according to following steps,
Step e 1, said mobile platform receive the validated user authentication information that said SIM sends, and said validated user authentication information comprises user biological identifying information, first reference value;
Step e 2, said mobile platform makes up the 5th check value according to second fiducial value of its inside preservation and the user password of operator's input, and compares the data integrity that said first reference value is judged said validated user authentication information:
If said the 5th check value is identical with said first reference value, then the data integrity of said validated user authentication information is qualified through detecting;
Otherwise the data integrity of said validated user authentication information is defective through detecting, and said mobile platform prompting state is insincere.
Further, said mobile platform is according to the legitimacy of following steps decision operation person identity information,
Step F 1, said mobile platform are judged the legitimacy of the user password of said operator's input according to the validated user password of preserving in it;
The data that step F 2, said mobile platform judge whether to exist the biometric information with the operator to be complementary: if exist, execution in step F3 then; If do not exist, judge that then this operator is the disabled user, said mobile platform prompting state is insincere;
Step F 3, said mobile platform carries out Hash operation to the user password of said operator's input and said operator's biometric information, makes up the 6th check value;
Step F 4, said mobile platform decision operation person's identity information: if said the 6th check value is identical with said second fiducial value, then said operator is the holder of mobile platform; If said the 6th check value and said second fiducial value are inequality, the legal authorization user that then said operator is a mobile platform.
The invention has the beneficial effects as follows: technical scheme of the present invention just can realize that two-way ground Information Security detects between mobile platform and the SIM; Simultaneously, also realized detecting certainly, improved the reliability of mobile platform authentication, can prevent that sensitive data is stolen to the Information Security of inner each parts of mobile platform.Technical scheme of the present invention is accomplished mobile platform authentication process also from SIM, user password and biometric information three aspect factor, has improved the fail safe of authentication.
Description of drawings
Fig. 1 has the formation sketch map of the mobile platform of identity authentication function for the present invention;
Fig. 2 is the schematic flow sheet of first kind of implementation of mobile platform identity identifying method of the present invention;
Fig. 3 is the schematic flow sheet of second kind of implementation of mobile platform identity identifying method of the present invention;
Fig. 4 is the schematic flow sheet of the SIM legitimacy testing process among the present invention;
Fig. 5 is the schematic flow sheet of the biomedical information acquisition device data integrity testing process among the present invention;
Fig. 6 is the schematic flow sheet of first kind of implementation of the mobile platform legitimacy testing process among the present invention;
Fig. 7 is the schematic flow sheet of second kind of implementation of the mobile platform legitimacy testing process among the present invention;
Fig. 8 is the schematic flow sheet of the mobile platform letter of identity legitimacy testing process among the present invention;
Fig. 9 is the schematic flow sheet of the data integrity testing process of the validated user authentication information among the present invention;
Figure 10 is the schematic flow sheet of the operator's identity information legitimacy testing process among the present invention.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and characteristic are described, institute gives an actual example and only is used to explain the present invention, is not to be used to limit scope of the present invention.
One side as technical scheme of the present invention; A kind of mobile platform with identity authentication function is provided; Referring to Fig. 1; Mobile platform 100 comprises SIM interface 101, processing module, dma controller 104, TCM module 106 (Trusted Cryptography Module, credible password module), external input device 112 (for example keyboard), biomedical information acquisition device 113 (for example camera head, fingerprint identification device, iris identification device etc.), warning device, stores the secure ROM 115 of CRTM.Wherein, processing module links to each other with SIM interface 101, dma controller 104, secure ROM 115 respectively; Dma controller 104 links to each other with TCM module 106, external input device 112, biomedical information acquisition device 113, warning device respectively.Mobile platform 100 outside SIMs 201 communicate through SIM interface 101 and mobile platform 100.TCM module 106 is used to receive the data that SIM 201 sends, and detects the data integrity of SIM; TCM module 106 also is used to detect the data integrity of inner other parts of mobile platform, and the legitimacy of verification operation person identity information.Wherein, operator's identity information can comprise user password and/or biometric information, and biometric information can comprise human face image information, finger print information, iris information etc.
In technical scheme of the present invention; SIM 201 will detect the inner integrality of preserving data of the other side mutually with TCM module 106; Simultaneously, for fail safe and the reliability that improves authentication, TCM module 106 also detects the data integrity of inner other parts of mobile platform.In addition, the factor that the present invention also combines user password, biometric information etc. to characterize operator's identity information further improves the reliability of authentication, guarantees the fail safe of sensitive data in the mobile platform.
Referring to Fig. 1, further, mobile platform also comprises image processing accelerator 114, and image processing accelerator 114 links to each other with processing module.If biomedical information acquisition device 113 is a camera head, after then camera head gets access to operator's human face image information, accelerates the speed of image processing, and then shorten the time of mobile platform authentication operation person identity information through image processing accelerator 114.
Referring to Fig. 1; Processing module comprises BBP 102 and application processor 103; BBP 102 links to each other with application processor 103 with SIM interface 101 respectively, and application processor 103 also links to each other with dma controller 104, secure ROM 115, image processing accelerator 114.Wherein, BBP 102 is provided with to SIM 201 specially, can improve the operational performance of SIM.Application processor 103 then is used to realize cpu function.
The data integrity that the above-mentioned TCM module of mentioning 106 detects inner other parts of mobile platform can comprise following several respects: detect the data integrity of processing module, comprise that the data integrity to BBP 102 and 103 liang of aspects of application processor detects; And/or the data integrity of detection dma controller 104; And/or detect the data integrity of secure ROM 115, promptly detect the data integrity of the CRTM (core measurement root) of secure ROM 115 stored; And/or the data integrity of detection of biological information collecting device 113; Biomedical information acquisition device 113 internal memories contain the configuration parameter of biomedical information acquisition device (if biomedical information acquisition device 113 is camera head; Parameters such as then configuration parameter comprises that standard, valid pixel, horizontal resolution, minimal illumination, the optics of performance, the employing of camera head become doubly, numeral becomes doubly); Preserve biomedical information acquisition device proper configuration parameter in the TCM module 106 similarly, compare the two and realize the data integrity of biomedical information acquisition device is detected; And/or the data integrity of detected image processor accelerator 114; Preserve image processing parameter (like parameters such as motion-compensated values, color gamma transformation values) in the image processing accelerator 114; Preserve correct image processing parameter in the TCM module 106 similarly, compare the two and realize the data integrity of image processing accelerator is detected.
Referring to Fig. 1; Warning device comprises TMM (Trusted Mode Manager; The trusted mode manager) module 107 and TMI (Trusted Mode Indicator, trusted mode indicating device) module 108, TMI module 108 links to each other with dma controller 104 through TMM module 107; Control TMI module 108 is reported to the police to the operator, and the prompting state is insincere.
Referring to Fig. 1, mobile platform 100 also comprises display module, and display module links to each other with dma controller 104; Display module is used for identity authentication result.Display module can be LCD (LCD) 110.
Further, preserve user identity certificate CERT in the SIM 201 USER, User Identity ID SIM(User Identity ID SIMBe user identity certificate CERT USERCharacteristic value), user biological identifying information F i, first reference value y; Preserve mobile platform identify label ID in the TCM module 106 TCM(mobile platform identify label ID TCMThe public endorsement key that is TCM module 106 is EK, endorsement key), (the mobile platform letter of identity is the EK certificate of TCM module 106 to legal mobile platform letter of identity, with mobile platform identify label ID TCMBe one-to-one relationship), platform credential identity marks IDC TCM(platform credential identity marks IDC TCMBe the characteristic value of mobile platform letter of identity), the data integrity metric of inner other parts of legal users password, the second fiducial value x, mobile platform.Wherein, the second fiducial value x and the user password P that imports through external input device 112 WCarry out data encryption, and compare, judge the integrality of SIM to the data of mobile platform transmission with first reference value y.The data integrity metric of inner other parts of mobile platform is used to detect the data integrity of mobile platform internal part.
As technical scheme of the present invention on the other hand, a kind of mobile platform identity identifying method is provided, as shown in Figure 2.
The first step, the outside SIM of mobile platform sends SIM checking request to said mobile platform, and said mobile platform is verified the legitimacy of said SIM;
In second step, said mobile platform detects the data integrity of its internal part;
In the 3rd step, said mobile platform sends the platform validation request to said SIM, and said SIM is verified the legitimacy of said mobile platform;
In the 4th step, said mobile platform obtains operator's identity information;
In the 5th step, said SIM is sent to said mobile platform with the validated user authentication information, the legitimacy of said mobile platform decision operation person identity information.
In the authentication process, mobile platform 100 at first detects the legitimacy of SIM 201, guarantees that SIM is credible SIM.As shown in Figure 4, mobile platform detects the legitimacy of SIM according to following steps.
Steps A 1, SIM sends SIM checking request to mobile platform, and SIM checking request comprises the first request signal R 1, the first random sequence r 1, User Identity ID SIM, first identifying code.
Steps A 2, mobile platform is to the first request signal R 1, the first random sequence r 1, and User Identity ID SIMCarry out Hash operation, make up first check value.
Steps A 3; Mobile platform is judged the legitimacy of SIM, i.e. whether TCM module 106 comparisons first identifying code is identical with first check value: if the two is identical, then SIM is legal through detecting; That is to say that the data in the SIM are not distorted, it is qualified that data integrity detects; Otherwise SIM is illegal.
Mobile platform confirms that SIM is after the credible SIM, further carries out judging the data integrity of its internal part from detecting.Mainly comprise data integrity and/or the data integrity that detects dma controller 104 and/or data integrity and/or the data integrity of detected image processor accelerator 114 and/or the data integrity of detection of biological information collecting device 113 of the secure ROM 115 that detection of stored has CRTM that detects processing module from detecting.Judge whether safety of inner each parts of mobile platform through above-mentioned from detecting, whether data of promptly preserving in each parts or the parameter of each parts itself are distorted, thus the fail safe of raising mobile platform.Several of can choose according to actual needs in above-mentioned several respects of mobile platform detect, and that detects certainly is comprehensive more, and correspondingly the fail safe of mobile platform is just high more.
The data integrity of mobile platform is in detecting, and is according to the data integrity of following steps detection of biological information collecting device, as shown in Figure 5.
TCM module 106 in the step B1, mobile platform is sent biomedical information acquisition device checking request to biomedical information acquisition device 113, and biomedical information acquisition device checking request comprises the second request signal R 2, the second random sequence r 2, mobile platform identify label ID TCMTCM module 106 is with R 2, r 3And ID TCMBe sent to biomedical information acquisition device 113 through exterior I/O bus after the data encryption, the data integrity of request detection biomedical information acquisition device 113.
Step B2, biomedical information acquisition device 113 receive biomedical information acquisition device checking request, and deciphering obtains the second request signal R 2, and according to the configuration parameter D of request with biomedical information acquisition device 113 B, the second random sequence r 2, mobile platform identify label ID TCMBe sent to the TCM of institute module 106 after the data encryption.
Step B3,106 deciphering of TCM module obtain r 2And ID TCM, further judge r 2And ID TCMData integrity, promptly the two whether with step B1 in TCM module 106 send to the identical of biomedical information acquisition device 113: if identical, then declarative data is not distorted, and data integrity is qualified through detecting, and continues execution in step B4; If inequality, then declarative data is distorted, and data integrity is defective through detecting, and is insincere by warning device prompting state, and shows testing result through display module LCD110, finishes this testing process.
Step B4, the biomedical information acquisition device proper configuration parameter that TCM module 106 is preserved according to its inside is judged the data integrity of biomedical information acquisition device 113: if the configuration parameter D that biomedical information acquisition device 113 sends BIdentical with the proper configuration parameter, then the detection of the data integrity of biomedical information acquisition device is qualified; Otherwise the data integrity of biomedical information acquisition device detects defective.
Mobile platform is confirming that SIM is credible SIM, and after also confirming the fail safe of its internal part after detecting certainly, further asks the legitimacy of SIM checking mobile platform, and as shown in Figure 6, SIM detects the legitimacy of mobile platform according to following steps.
Step C1, mobile platform sends the platform validation request to SIM, and the platform validation request comprises the 3rd random sequence r 3, internal part testing result D T, mobile platform letter of identity CERT TCM, second identifying code.The TCM module 106 of mobile platform passes to SIM with the platform validation request after through the SM2 ciphering signature, carries out legitimacy by SIM and detects.
Step C2, SIM is to the 3rd random sequence r 3, internal part testing result D T, and User Identity CERT TCMCarry out Hash operation, make up second check value.
Step C3; SIM is judged the legitimacy of mobile platform, and promptly whether SIM to compare second identifying code identical with second check value: if the two is identical, then mobile platform is legal through detecting; That is to say that the data in the TCM module are not distorted, it is qualified that data integrity detects; Otherwise mobile platform is illegal.
As shown in Figure 7, among the step C2 that above-mentioned mobile platform legitimacy detects, before making up second check value detection mobile platform legitimacy, also, judge the mobile platform letter of identity CERT that mobile platform sends through the legal mobile platform letter of identity of comparison TCMLegitimacy: if mobile platform letter of identity CERT TCMLegal through detecting, then continue to make up second check value, judge the legitimacy of mobile platform; If CERT TCMIllegal through detecting, then point out state insincere to the operator, and stop mobile platform legitimacy testing process by mobile platform.
The platform validation request of SIM to receiving carried out data decryption and obtained r 2, D T, CERT TCMWith second identifying code, be used for verifying the legitimacy of mobile platform letter of identity and the legitimacy that detects mobile platform.As shown in Figure 8, SIM is judged the legitimacy of mobile platform letter of identity according to following steps.
Whether step D1 preserves legal mobile platform letter of identity: if preserve legal mobile platform letter of identity, then execution in step D2 in the SIM; Otherwise execution in step D3.
Step D2, the mobile platform letter of identity that the SIM comparison is legal is judged the mobile platform letter of identity CERT that mobile platform sends TCMLegitimacy: if the two is identical, mobile platform letter of identity CERT then TCMLegal through detecting; Otherwise mobile platform letter of identity CERT TCMIllegal through detecting.
Whether step D3 preserves the temporary identity sign TID that wireless carriers is issued in the SIM User: if preserve temporary identity sign TID User, execution in step D4 then; Otherwise SIM request wireless carriers is issued temporary identity sign TID User, promptly the user logins the base station that wireless carriers provides, and on the base station, accomplishes registration, thereby obtains the temporary identity sign TID that wireless carriers is issued User, execution in step D4 then.
Step D4, SIM produce the 4th random sequence r 4, to the 4th random sequence r 4With temporary identity sign TID UserCarry out Hash operation, make up the 3rd check value, and with the 3rd check value and current timestamp information t 1Be sent to the base station that wireless carriers provides.
Step D5, the base station is worth t according to the current time 2Limit value TS judges whether the information that receives is effective when preset: if t 2-t 1≤TS, it is effective to explain that then SIM is issued the information of base station, continues execution in step D6; If t 2-t 1>TS explains that then SIM issues the information of base station and lost efficacy, and this information is unavailable, directly finishes this testing process.
Step D6, the base station is through temporary identity sign TID UserMake up the 4th check value, judge platform credential identity marks IDC TCMData integrity:
If platform credential identity marks IDC TCMIt is qualified that data integrity detects, then through platform credential identity marks IDC TCMRecover legal mobile platform letter of identity, promptly the base station is through platform credential identity marks IDC TCMIn the certificate database that wireless carriers provides, search and obtain legal mobile platform letter of identity, and then the mobile platform letter of identity CERT of comparison mobile platform transmission TCM, judge the mobile platform letter of identity CERT that mobile platform sends TCMLegitimacy; Execution in step D7 then;
If platform credential identity marks IDC TCMData integrity detects defective, directly execution in step D7.
Step D7, the base station is sent to SIM with mobile platform letter of identity legitimacy testing result: if the mobile platform letter of identity is legal through detecting, then SIM continues execution in step C2, detects the data integrity of mobile platform; If the mobile platform letter of identity is illegal through detecting, then testing result is sent to mobile platform and points out state insincere.
Above-mentioned mobile platform letter of identity legitimacy testing process is mainly realized from following two kinds of technical schemes.
A kind of is to preserve legal mobile platform letter of identity in the SIM, if this situation, and the CERT that directly sends of SIM then with legal mobile platform letter of identity and mobile platform TCMCompare and to accomplish the legitimacy detection.
Another kind is not preserve legal mobile platform letter of identity in the SIM, then needs this moment wireless carriers to issue a temporary identity sign TID to user terminal User, and then accomplish mobile platform letter of identity legitimacy and detect, detailed process is following:
Because the TID that has negotiated to issue in the SIM User, share key K S, and be used to visit the PKI e that negotiated provides the base station ANWhen carrying out the legitimacy detection, at first, the base station broadcast random number p of base station generates session key K to the p data encryption tSecondly, SIM produces the 4th random sequence, and utilizes session key K tTo the 4th random sequence r 4With temporary identity sign TID UserCarry out Hash operation, constitute generation the 3rd check value.Then, SIM is with the 3rd check value and timestamp t 1Be sent to the base station together.Then, after the base station received the information of SIM transmission, the validity of first judgement information had only to effective information, can proceed legitimacy and judge.At last, the base station is through temporary identity sign TID UserFind shared key K S, and utilize and share key K SThe reconstruct check value forms the 4th check value, judges mobile platform identity marks IDC TCMData integrity, and further from IDC TCMIn recover legal mobile platform letter of identity, thereby the CERT that sends with mobile platform TCMCompare and accomplish the legitimacy detection, and testing result is sent to SIM the most at last.This just can further improve the fail safe of authentication, because what in the present technique scheme, adopt is the temporary identity sign that wireless carriers is issued, is gone out by leakage so can effectively prevent user's true identity.
Confirm the credibility of mobile platform and SIM respectively, mobile platform obtains operator's identity information, and whether further decision operation person's identity is legal.Operator's identity information can comprise, the user password P that obtains through the external input device in the mobile platform 112 W, and/or the operator's that obtains through the biomedical information acquisition device 113 in the mobile platform biometric information F i' (biometric information can comprise in human face image information, finger print information, the iris information one or multinomial).
After mobile platform gets access to operator's identity information, then receive the validated user authentication information of SIM to its transmission.At this moment, mobile platform can directly pass through the legitimacy of validated user authentication information decision operation person identity information, also can be as shown in Figure 3, judge the data integrity of the validated user authentication information that receives earlier, again the legitimacy of decision operation person's identity information.
As shown in Figure 9, mobile platform is judged the data integrity of validated user authentication information according to following steps.
Step e 1, mobile platform receives the validated user authentication information that SIM sends, and the validated user authentication information comprises user biological identifying information F i, first reference value y.
Step e 2, mobile platform is according to the second fiducial value x of its inside preservation and the user password P of operator's input WMake up the 5th check value, and comparison first reference value y judges the data integrity of validated user authentication information: if the 5th check value is identical with first reference value y, then the data integrity of validated user authentication information is qualified through detecting; Otherwise the data integrity of validated user authentication information is defective through detecting, and mobile platform prompting state is insincere.Before utilizing validated user authentication information decision operation person identity information, the validated user authentication information that earlier SIM is sent carries out data integrity and detects, and further improves the reliability of authentication.
Shown in figure 10, mobile platform is according to the legitimacy of following steps decision operation person identity information.
Step F 1, mobile platform are according to the validated user password of preserving in it, and decision operation person is through the user password P of external input devices such as keyboard 112 inputs WLegitimacy.In this step, can be through the flexibility that predetermined input number of times improves the authentication process be set.If the password that the operator imports in pre-determined number is illegal, then the operator still can continue the checking of entering password; If it is still illegal to exceed pre-determined number, then the detection of end flow process.
Step F 2, mobile platform judge whether to exist the biometric information F with the operator i' the data that are complementary: if exist, execution in step F3 then; If do not exist, judge that then this operator is the disabled user, mobile platform prompting state is insincere.As a kind of implementation of the present invention, biometric information is a human face image information, and then mobile platform can be searched the operator's who whether has shooting facial image data through biological adapting software CS.Wherein, biological adapting software CS can be kept in the SIM, also can be kept in the mobile platform.If biological adapting software CS is kept in the SIM; Then can be when mobile platform sends the validated user authentication information at SIM; Biological adapting software CS is sent to mobile platform, and then searches relevant people face view data by the biological adapting software CS of mobile platform utilization.
Step F 3, mobile platform is to the user password P of operator's input WBiometric information F with the operator i' carry out Hash operation, make up the 6th check value.
Step F 4, mobile platform decision operation person's identity information: if the 6th check value is identical with the second fiducial value x, then the operator is the holder of mobile platform; If the 6th check value and the second fiducial value x are inequality, then the operator is the legal authorization user of mobile platform.
In the technical scheme provided by the invention, carrying out data integrity when detecting, all can generate different random sequences, this is in order to prevent Replay Attack, guarantees that the authentication process can normally carry out, and has improved the fail safe of verification process.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (19)

1. the mobile platform with identity authentication function is characterized in that, comprise SIM interface, processing module, dma controller, TCM module, external input device, biomedical information acquisition device, warning device, store the secure ROM of CRTM,
Said processing module links to each other with said SIM interface, said dma controller, said secure ROM respectively; Said dma controller links to each other with said TCM module, said external input device, said biomedical information acquisition device, said warning device respectively;
The outside SIM of said mobile platform communicates through said SIM interface and said mobile platform;
Said SIM is used to receive the data that said mobile platform sends, and detects the data integrity of said mobile platform;
Said TCM module is used to receive the data that said SIM sends, and detects the data integrity of said SIM; Said TCM module also is used to detect the data integrity of inner other parts of said mobile platform, and the legitimacy of verification operation person identity information.
2. according to the described mobile platform of claim 1, it is characterized in that with identity authentication function,
Said mobile platform also comprises the image processing accelerator, and said image processing accelerator links to each other with said processing module, is used to accelerate the speed of image processing.
3. according to the described mobile platform of claim 2, it is characterized in that with identity authentication function,
Said processing module comprises BBP and application processor; Said BBP links to each other with said SIM interface, said application processor respectively, and said application processor also links to each other with said dma controller, said secure ROM, said image processing accelerator.
4. according to the described mobile platform of claim 2 with identity authentication function; It is characterized in that the particular content that said TCM module detects the data integrity of inner other parts of mobile platform comprises: detect the data integrity of said processing module and/or detect the data integrity of said dma controller and/or detect the data integrity of said secure ROM and/or detect the data integrity of said biomedical information acquisition device and/or detect the data integrity of said image processing accelerator.
5. according to the described mobile platform of claim 1 with identity authentication function; It is characterized in that; Said warning device comprises trusted mode manager module and trusted mode indicator module; Said trusted mode indicator module links to each other with said dma controller through said trusted mode manager module, controls said trusted mode indicator module and reports to the police.
6. according to the described mobile platform with identity authentication function of claim 1, it is characterized in that said mobile platform also comprises display module, said display module links to each other with said dma controller; Said display module is used to show identity authentication result.
7. according to the described mobile platform of claim 1, it is characterized in that said operator's identity information comprises user password and/or biometric information with identity authentication function.
8. according to the described mobile platform of claim 1, it is characterized in that with identity authentication function,
Preserve user identity certificate, User Identity, user biological identifying information, first reference value in the said SIM; Preserve the data integrity metric of legal mobile platform letter of identity, platform credential identity marks, mobile platform identify label, legal users password, second fiducial value, inner other parts of mobile platform in the said TCM module;
Said second fiducial value is carried out data encryption with the user password of importing through said external input device, and compares with said first reference value, judges the integrality of said SIM to the data of said mobile platform transmission;
The data integrity metric of inner other parts of said mobile platform is used to detect the data integrity of said mobile platform internal part.
9. mobile platform identity identifying method, concrete steps comprise,
The first step, the outside SIM of mobile platform sends SIM checking request to said mobile platform, and said mobile platform is verified the legitimacy of said SIM;
In second step, said mobile platform detects the data integrity of its internal part;
In the 3rd step, said mobile platform sends the platform validation request to said SIM, and said SIM is verified the legitimacy of said mobile platform;
In the 4th step, said mobile platform obtains operator's identity information;
In the 5th step, said SIM is sent to said mobile platform with the validated user authentication information, the legitimacy of said mobile platform decision operation person identity information.
10. according to the described mobile platform identity identifying method of claim 9, it is characterized in that,
In the said first step, mobile platform detects the legitimacy of SIM according to following steps,
Steps A 1, said SIM sends SIM checking request to said mobile platform, and said SIM checking request comprises first request signal, first random sequence, User Identity, first identifying code;
Steps A 2, said mobile platform carries out Hash operation to said first request signal, said first random sequence and said User Identity, makes up first check value;
Steps A 3, said mobile platform is judged the legitimacy of said SIM: if said first check value is identical with said first identifying code, then said SIM is legal through detecting; Otherwise said SIM is illegal.
11. according to the described mobile platform identity identifying method of claim 9, it is characterized in that,
In said second step; Said mobile platform detects the data integrity of its internal part, comprises the data integrity and/or the data integrity that detects dma controller and/or data integrity and/or the data integrity of detected image processor accelerator and/or the data integrity of detection of biological information collecting device of the secure ROM that detection of stored has CRTM that detect processing module.
12. according to the described mobile platform identity identifying method of claim 11, it is characterized in that,
Said mobile platform is according to the data integrity of following steps detection of biological information collecting device,
TCM module in the step B1, said mobile platform is sent biomedical information acquisition device checking request to said biomedical information acquisition device, and said biomedical information acquisition device checking request comprises second request signal, second random sequence, mobile platform identify label;
Step B2; Said biomedical information acquisition device receives said biomedical information acquisition device checking request, and the configuration parameter of said biomedical information acquisition device, said second random sequence, said mobile platform identity data are sent to the TCM of institute module after encrypting;
Step B3, said TCM module is judged the data integrity of said second random sequence and said mobile platform identify label: the data integrity as if the two is all qualified through detecting, then execution in step B4; Otherwise the prompting state is insincere, finishes this testing process;
Step B4; The biomedical information acquisition device proper configuration parameter that said TCM module is preserved according to its inside is judged the data integrity of said biomedical information acquisition device: if the configuration parameter that said biomedical information acquisition device sends is identical with said proper configuration parameter, it is qualified that the data integrity of then said biomedical information acquisition device detects; Otherwise the data integrity of said biomedical information acquisition device detects defective.
13. according to the described mobile platform identity identifying method of claim 9, it is characterized in that,
In said the 3rd step, SIM detects the legitimacy of mobile platform according to following steps,
Step C1, said mobile platform sends the platform validation request to said SIM, and said platform validation request comprises the 3rd random sequence, internal part testing result, mobile platform letter of identity, second identifying code;
Step C2, said SIM carries out Hash operation to said the 3rd random sequence, said internal part testing result and said User Identity, makes up second check value;
Step C3, said SIM is judged the legitimacy of said mobile platform: if said second check value is identical with said second identifying code, then said mobile platform is legal through detecting; Otherwise said mobile platform is illegal.
14. according to the described mobile platform identity identifying method of claim 13, it is characterized in that,
Among the said step C2; Making up said second check value detects before the said mobile platform legitimacy; Also through the legal mobile platform letter of identity of comparison; Judge the legitimacy of the mobile platform letter of identity that said mobile platform sends: if said mobile platform letter of identity is legal through detecting, then continue to make up said second check value, judge the legitimacy of said mobile platform; Otherwise the prompting state is insincere.
15. according to the described mobile platform identity identifying method of claim 14, it is characterized in that,
Said SIM is judged the legitimacy of the mobile platform letter of identity that said mobile platform sends according to following steps,
Whether step D1 preserves said legal mobile platform letter of identity: if preserve said legal mobile platform letter of identity, then execution in step D2 in the said SIM; Otherwise execution in step D3;
Step D2, said SIM compare said legal mobile platform letter of identity, judge the legitimacy of the mobile platform letter of identity that said mobile platform sends: if the two is identical, then said mobile platform letter of identity is legal through detecting; Otherwise said mobile platform letter of identity is illegal through detecting;
Whether step D3 preserves the temporary identity sign that wireless carriers is issued: if preserve said temporary identity sign, then execution in step D4 in the said SIM; Otherwise the said wireless carriers of said SIM request is issued temporary identity sign, execution in step D4 then;
Step D4; Said SIM produces the 4th random sequence; Said the 4th random sequence and said temporary identity sign are carried out Hash operation, make up the 3rd check value, and said the 3rd check value and current timestamp information are sent to the base station that said wireless carriers provides;
Step D5, said base station judges according to current time value and preset time limit value whether the information that receives is effective: if said current time value deducts said timestamp information and is not more than said predetermined time limit value, then information is effective, execution in step D6; Otherwise information is invalid, directly finishes this testing process;
Step D6, said base station makes up the 4th check value through said temporary identity sign, judges the data integrity of platform credential identity marks:
If it is qualified that said platform credential identity marks data integrity detects; Then in the database that wireless carriers provides, search and obtain legal mobile platform letter of identity through said platform credential identity marks; Compare the mobile platform letter of identity that said mobile platform sends, judge the legitimacy of the mobile platform letter of identity that said mobile platform sends; Execution in step D7 then;
If it is defective that said platform credential identity marks data integrity detects, direct execution in step D7;
Step D7, said base station is sent to said SIM with mobile platform letter of identity legitimacy testing result: if said mobile platform letter of identity is legal through detecting, then said SIM continues to carry out said step C2, detects the data integrity of said mobile platform; If said mobile platform letter of identity is illegal through detecting, then testing result is sent to said mobile platform and points out state insincere.
16. according to the described mobile platform identity identifying method of claim 9, it is characterized in that,
In said the 4th step; The identity information that said mobile platform obtains the operator comprises, user password that obtains through the external input device in the said mobile platform and/or the operator's that obtains through the biomedical information acquisition device in the said mobile platform biometric information.
17. according to the described mobile platform identity identifying method of claim 9, it is characterized in that,
In said the 5th step, after mobile platform receives said validated user authentication information, judge the data integrity of said validated user authentication information earlier, again the legitimacy of decision operation person's identity information.
18. according to the described mobile platform identity identifying method of claim 17, it is characterized in that,
Said mobile platform is judged the data integrity of said validated user authentication information according to following steps,
Step e 1, said mobile platform receive the validated user authentication information that said SIM sends, and said validated user authentication information comprises user biological identifying information, first reference value;
Step e 2, said mobile platform makes up the 5th check value according to second fiducial value of its inside preservation and the user password of operator's input, and compares the data integrity that said first reference value is judged said validated user authentication information:
If said the 5th check value is identical with said first reference value, then the data integrity of said validated user authentication information is qualified through detecting;
Otherwise the data integrity of said validated user authentication information is defective through detecting, and said mobile platform prompting state is insincere.
19. according to claim 9 or 18 described mobile platform identity identifying methods, it is characterized in that,
Said mobile platform is according to the legitimacy of following steps decision operation person identity information,
Step F 1, said mobile platform are judged the legitimacy of the user password of said operator's input according to the validated user password of preserving in it;
The data that step F 2, said mobile platform judge whether to exist the biometric information with the operator to be complementary: if exist, execution in step F3 then; If do not exist, judge that then this operator is the disabled user, said mobile platform prompting state is insincere;
Step F 3, said mobile platform carries out Hash operation to the user password of said operator's input and said operator's biometric information, makes up the 6th check value;
Step F 4, said mobile platform decision operation person's identity information: if said the 6th check value is identical with said second fiducial value, then said operator is the holder of mobile platform; If said the 6th check value and said second fiducial value are inequality, the legal authorization user that then said operator is a mobile platform.
CN2011100737902A 2011-03-25 2011-03-25 Mobile platform possessing identity authentication function and identity authentication method Pending CN102695170A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100737902A CN102695170A (en) 2011-03-25 2011-03-25 Mobile platform possessing identity authentication function and identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100737902A CN102695170A (en) 2011-03-25 2011-03-25 Mobile platform possessing identity authentication function and identity authentication method

Publications (1)

Publication Number Publication Date
CN102695170A true CN102695170A (en) 2012-09-26

Family

ID=46860420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100737902A Pending CN102695170A (en) 2011-03-25 2011-03-25 Mobile platform possessing identity authentication function and identity authentication method

Country Status (1)

Country Link
CN (1) CN102695170A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104955033A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Voice encryption communication method
CN104955034A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Communication conversation method
CN105590124A (en) * 2014-10-27 2016-05-18 中国银联股份有限公司 Security smart card using external terminal for verification and verification method thereof
CN106304052A (en) * 2015-06-08 2017-01-04 中国移动通信集团公司 A kind of method of secure communication, device, terminal and client identification module card
CN106778599A (en) * 2016-12-13 2017-05-31 郑州同心创远生物科技有限公司 A kind of biological information integration collection system
CN106826410A (en) * 2017-02-16 2017-06-13 福建金闽再造烟叶发展有限公司 Abrasive machine and its control method and device
CN107113315A (en) * 2016-04-15 2017-08-29 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN107633403A (en) * 2016-07-18 2018-01-26 北京网际威信科技有限公司 Status verification method
CN109447029A (en) * 2018-11-12 2019-03-08 公安部第三研究所 Electronic identity license generates system and method
CN109639731A (en) * 2019-01-22 2019-04-16 西安电子科技大学 The certification of multiple-factor Universal-Composability and service authorizing method, communications service system
CN111310517A (en) * 2018-12-11 2020-06-19 上海耕岩智能科技有限公司 Authentication method, device and system based on SIM card
CN114223233A (en) * 2019-08-13 2022-03-22 上海诺基亚贝尔股份有限公司 Data security for network slice management

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005052770A1 (en) * 2003-11-19 2005-06-09 Intel Corporation A method and apparatus for implementing subscriber identity module (sim) capabilities in an open platform
CN1805339A (en) * 2005-12-31 2006-07-19 北京握奇数据系统有限公司 Digital signature supporting personal trusted device and its method for implementing signature
CN101163290A (en) * 2006-10-09 2008-04-16 中兴通讯股份有限公司 Method of limiting use of mobile terminal through machine-card mutual authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005052770A1 (en) * 2003-11-19 2005-06-09 Intel Corporation A method and apparatus for implementing subscriber identity module (sim) capabilities in an open platform
CN1805339A (en) * 2005-12-31 2006-07-19 北京握奇数据系统有限公司 Digital signature supporting personal trusted device and its method for implementing signature
CN101163290A (en) * 2006-10-09 2008-04-16 中兴通讯股份有限公司 Method of limiting use of mobile terminal through machine-card mutual authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
潘军莉: "可信移动终端的用户身份认证方案的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 07, 15 July 2010 (2010-07-15) *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105590124B (en) * 2014-10-27 2018-08-07 中国银联股份有限公司 A kind of safety intelligent card and its verification method verified by exterior terminal
CN105590124A (en) * 2014-10-27 2016-05-18 中国银联股份有限公司 Security smart card using external terminal for verification and verification method thereof
CN104955034A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Communication conversation method
CN104955033A (en) * 2015-05-28 2015-09-30 盛耀无线通讯科技(北京)有限公司 Voice encryption communication method
CN106304052A (en) * 2015-06-08 2017-01-04 中国移动通信集团公司 A kind of method of secure communication, device, terminal and client identification module card
CN107113315B (en) * 2016-04-15 2020-11-13 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN107113315A (en) * 2016-04-15 2017-08-29 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN107633403A (en) * 2016-07-18 2018-01-26 北京网际威信科技有限公司 Status verification method
CN106778599A (en) * 2016-12-13 2017-05-31 郑州同心创远生物科技有限公司 A kind of biological information integration collection system
CN106826410A (en) * 2017-02-16 2017-06-13 福建金闽再造烟叶发展有限公司 Abrasive machine and its control method and device
CN109447029A (en) * 2018-11-12 2019-03-08 公安部第三研究所 Electronic identity license generates system and method
CN111310517A (en) * 2018-12-11 2020-06-19 上海耕岩智能科技有限公司 Authentication method, device and system based on SIM card
CN111310517B (en) * 2018-12-11 2024-01-19 上海耕岩智能科技有限公司 Authentication method, device and system based on SIM card
CN109639731A (en) * 2019-01-22 2019-04-16 西安电子科技大学 The certification of multiple-factor Universal-Composability and service authorizing method, communications service system
CN109639731B (en) * 2019-01-22 2021-11-30 西安电子科技大学 Multi-factor general combinable authentication and service authorization method and communication service system
CN114223233A (en) * 2019-08-13 2022-03-22 上海诺基亚贝尔股份有限公司 Data security for network slice management

Similar Documents

Publication Publication Date Title
CN102695170A (en) Mobile platform possessing identity authentication function and identity authentication method
US20200396076A1 (en) Public/Private Key Biometric Authentication System
ES2818199T3 (en) Security verification method based on a biometric characteristic, a client terminal and a server
CN105847247B (en) Authentication system and working method thereof
CN104579649B (en) Personal identification method and system
CN109327457A (en) A kind of internet of things equipment identity identifying method and system based on block chain
US20160219046A1 (en) System and method for multi-modal biometric identity verification
US20080120698A1 (en) Systems and methods for authenticating a device
WO2012042775A1 (en) Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method
US20080120707A1 (en) Systems and methods for authenticating a device by a centralized data server
US20140289822A1 (en) System and method for confirming location using supplemental sensor and/or location data
US20100310070A1 (en) Generation and Use of a Biometric Key
CN101036340A (en) Two-way error correction for physical tokens
JP2008538146A (en) Architecture for privacy protection of biometric templates
Taher et al. Low-overhead remote user authentication protocol for IoT based on a fuzzy extractor and feature extraction
CN103024706A (en) Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication
GB2560047A (en) Electronic device verification
CN102456102A (en) Method for carrying out identity recertification on particular operation of information system by using Usb key technology
CN112398920A (en) Medical privacy data protection method based on block chain technology
Pahlevi et al. Secure two-factor authentication for iot device
JP2019512786A (en) Authorization authorization method, authorization device and authorization system
CN108989038A (en) It is a kind of for the identification equipment of geographic position authentication, system and method
Sethuraman et al. Metasecure: A passwordless authentication for the metaverse
Xiao et al. Security Protocol for RFID System Conforming to EPC-C1G2 Standard.
US20180060558A1 (en) Method of authenticating a user at a security device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120926