CN103079203A - Terminal authentication method and smart card - Google Patents

Terminal authentication method and smart card Download PDF

Info

Publication number
CN103079203A
CN103079203A CN2013100462241A CN201310046224A CN103079203A CN 103079203 A CN103079203 A CN 103079203A CN 2013100462241 A CN2013100462241 A CN 2013100462241A CN 201310046224 A CN201310046224 A CN 201310046224A CN 103079203 A CN103079203 A CN 103079203A
Authority
CN
China
Prior art keywords
terminal
smart card
identification code
authentication
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013100462241A
Other languages
Chinese (zh)
Other versions
CN103079203B (en
Inventor
刘宏伟
李亚岚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Limited by Share Ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN201310046224.1A priority Critical patent/CN103079203B/en
Publication of CN103079203A publication Critical patent/CN103079203A/en
Application granted granted Critical
Publication of CN103079203B publication Critical patent/CN103079203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a terminal authentication method and a smart card. The terminal authentication method comprises the steps of: when the smart card is connected into a terminal for the first time and is authenticated successfully, storing an identification code of the terminal undergoing the first connection with the smart card; if the smart card is connected into the terminal again, acquiring the identification code of the terminal connected with the smart card at the current moment by the smart card; and judging whether the identification code of the terminal connected with the smart card at the current moment is the same as the identification code of the terminal undergoing the first connection with the smart card or not, if not, executing network authentication and sending an authentication parameter generated based on error authentication information to a network side. According to the invention, when the smart card determines that the terminal connected with the smart card at the current moment is not the terminal undergoing the first connection with the smart card, the smart card sends the error authentication parameter to the network side so as to make the network side determine that the smart card is failed in authentication in the terminal connected with the smart card at the current moment, and thus, the purpose of preventing the loss of the smart card or preventing the smart card from being applied to other terminals after being stolen is achieved.

Description

A kind of terminal authentication method and smart card
Technical field
The present invention relates to the communication technology, particularly relate to a kind of terminal authentication method and smart card.
Background technology
Along with the development of the communication technology, constantly to the multifunction development, communication mode is more flexible, for people's communication is provided convenience for communication terminal (for example mobile phone).In actual applications, communication terminal will be linked into network and use, and in each access procedure, such as beating/answer the call and receive and dispatch short message etc., network side all will authenticate terminal to be accessed (communication terminal), is linked into network to prevent illegal terminal.Network side is by smart card (SIM card or the UIM card) authentication that accesses in the terminal is realized to the authentication of terminal to be accessed, when network side during to the success of the authentication of smart card, network side just allows described accessing terminal to network to carry out smart card in the business of network side registration.
When smart card accesses terminal at every turn, network side all can be stored the authentication information of described smart card, and utilize the authentication information of described storage that smart card is carried out authentication, be specially: network side sends an authentication random number to smart card, smart card is after receiving described authentication random number, authentication information to described authentication random number and smart card is carried out the authentication arithmetic that presets, and the result of calculation that obtains is sent to network as authentication parameter.Simultaneously, network side is carried out described authentication arithmetic to authentication information and the described authentication random number of the smart card stored in network, and the authentication parameter that the result that will obtain and smart card send compares, if identical, the authentication success, otherwise, failed authentication then.
In the prior art, in case smart card uses in terminal, authentication information in the smart card and authentication arithmetic just no longer change in smart card, and identical with authentication information and the authentication arithmetic of network side storing, so, smart card lose or " stolen " after, (described smart card " stolen " refers to that the user utilizes certain means that the full detail of smart card is copied in another smart card of the same type.If) smart card access other-end, because of the authentication information in the smart card identical with network side with authentication arithmetic, and do not change, so just can be by the authentication of network side in other-end, and in other-end, use, reduce to a certain extent the safety in utilization of smart card, caused the loss of former holder's telephone expenses.
Summary of the invention
The invention provides a kind of terminal authentication method and smart card, to solve in the prior art, the technical problem that the smart card that the smart card that can not prevent loss and copying obtains after the former smart card information uses in other-end, improve the safety in utilization of smart card, effectively avoid the loss of telephone expenses, ensure holder's interests.
For solving the problems of the technologies described above, the invention provides a kind of terminal authentication method and smart card, the invention provides following technical scheme:
A kind of terminal authentication method, the method comprises:
When smart card accessed terminal first, after the authentication success, backup is the identification code of the terminal of access first, and described method comprises:
Described smart card accesses terminal again, and smart card obtains the identification code of the terminal of current time access;
Smart card judges whether the identification code of the terminal that described current time accesses is identical with the identification code of the first terminal of access of backup, if different, when then smart card is carried out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
Preferably, described method also comprises: when smart card accessed terminal first, smart card backed up the correct authentication information of described smart card, to realize smart card and the binding that accesses terminal first.
Preferably, described method also comprises:
The identification code of the correct authentication information of the smart card of deletion backup and the terminal that accesses first is to remove smart card and the binding that accesses terminal first.
Preferably, described smart card is the UIM card, and smart card obtains before the identification code of terminal of current time access, also comprises:
Whether the authentication information when the UIM card accesses terminal again according to the correct authentication information judgement of backing up is correct, and if not, the authentication information in the time of then will again accessing terminal reverts to correct authentication information.
Preferably, the identification code of described terminal is Electronic Serial Number ESN, and the described identification code of obtaining the terminal of current time access then specifically comprises:
Receive the storage instruction of carrying described terminal ESN of the terminal transmission of current time access;
Store described ESN according to described instruction.
Preferably, the authentication information of described smart card is UIM card sign UIMID and/or international mobile subscriber identity IMSI.
Preferably, described smart card is SIM card, and the identification code of described terminal is international mobile device identification code IMEI, and the described identification code of obtaining the terminal of current time access specifically comprises:
Terminal transmission IMEI to the current time access obtains instruction;
Read described terminal and carry out the IMEI that described IMEI obtains the described terminal of returning after the instruction.
Preferably, the authentication information of described smart card is key K i.
Preferably, described method also comprises: if the identification code of the terminal of described current time access is identical with the identification code of the terminal that accesses first, when then smart card is carried out network authentication, send the authentication parameter that generates according to correct authentication information to network side, so that network side is determined described intelligent card authentication success.
The present invention also provides a kind of smart card, and described smart card comprises:
Memory module, when accessing terminal first for smart card, after the authentication success, backup is the identification code of the terminal of access first;
Acquisition module when again accessing terminal for smart card, obtains the identification code of the terminal of current time access;
Whether the first judge module is identical with the identification code of the terminal that accesses first for the identification code of the terminal of judging described current time access;
The first sending module, be used for described current time access terminal identification code and the terminal that accesses first of backup identification code not simultaneously, when carrying out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
Preferably, described smart card also comprises:
Backup module when accessing terminal first for smart card, backs up the correct authentication information of described smart card, to realize smart card and the binding that accesses terminal first.
Preferably, described smart card also comprises:
Remove module, be used for correct authentication information and the identification code of the terminal of access first of the smart card of deletion backup, with the binding of removing smart card and accessing terminal first.
Preferably, described smart card is the UIM card, and described smart card also comprises:
The second judge module is used for before the identification code of terminal that smart card obtains the current time access, and whether the authentication information when judging that according to the correct authentication information of smart card of backup smart card accesses terminal again is correct;
Recover module, during authentication information mistake when being used for smart card and again accessing terminal, the authentication information when smart card is accessed terminal again reverts to correct authentication information.
Preferably, described acquisition module specifically comprises:
Receive submodule, be used for being received in the storage instruction of the Electronic Serial Number ESN that carries described terminal that the terminal of current time access sends, described Electronic Serial Number ESN is the identification code of terminal;
Sub module stored is used for storing described ESN according to described instruction.
Preferably, described smart card is SIM card, and described acquisition module specifically comprises:
Send submodule, be used for sending international General Mobile EIC equipment identification code IMEI to the terminal of current time access and obtain instruction, described IMEI is the identification code of terminal;
Reading submodule is used for reading described terminal and carries out the IMEI that described IMEI obtains the described terminal of returning after the instruction.
Preferably, described method also comprises:
The second sending module, be used for the identification code of identification code and the terminal that accesses first of backup of terminal of described current time access when identical, when carrying out network authentication, send the authentication parameter that generates according to correct authentication information to network side, so that network side is determined described intelligent card authentication success.
In the technical scheme of the present invention, smart card compares the identification code of the terminal of the current time that obtains access and the identification code of the terminal of access first, if different, then when carrying out the authentication of network side, send the authentication parameter that generates according to wrong authentication information to network side.Because the authentication information that network side presets is constant, and all the time as correct authentication information, so, when network side uses identical authentication random number and authentication arithmetic with smart card, because of the authentication information difference of using, the characteristics of authentication arithmetic are when only having the parameter of carrying out authentication arithmetic all identical, the result who obtains is only identical, so, network side is different with the authentication parameter that smart card generates, thereby network side is determined the intelligent card authentication failure, and the terminal of current time access can not access network.Realized the smart card lost or stolen after smart card in other terminal except the terminal of first access, can not pass through authentication, thereby the purpose that terminal can not access network be used, improved to a certain extent the safety in utilization of smart card, further, also can avoid smart card lose or " stolen " after the user telephone fee that causes run off, ensured former holder's interests.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, the accompanying drawing that the following describes only is some embodiment that put down in writing among the application, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of a kind of terminal authentication method embodiment 1 of the present invention;
Fig. 2 is the flow chart of a kind of terminal authentication method embodiment 2 of the present invention;
Fig. 3 is the flow chart of a kind of terminal authentication method embodiment 3 of the present invention;
Fig. 4 is the structural representation of a kind of smart card embodiment 1 of the present invention;
Fig. 5 is the structural representation of acquisition module among the present invention;
Fig. 6 is the another kind of structural representation of acquisition module among the present invention;
Fig. 7 is the structural representation of a kind of smart card embodiment 2 of the present invention;
Fig. 8 is the structural representation of a kind of smart card embodiment 3 of the present invention.
Embodiment
In order to make those skilled in the art person understand better the present invention program, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
With reference to shown in Figure 1, be the flow chart of a kind of terminal authentication method embodiment 1 provided by the invention, the present embodiment specifically can comprise:
Step 101: when smart card accessed terminal first, the smart card backup is the identification code of the terminal of access first.
If smart card is the authentication success in the terminal of first access, then smart card backs up the first identification code of the terminal of access; When described smart card was SIM card (Subscriber Identity Module, client identification module), the identification code of described terminal was IMEI(International Mobile Equipment Identity, the International Mobile Equipment Identity code); When described smart card was UIM card (User Identity Model, subscriber identification module), the identification code of described terminal was ESN(Electronic Serial Number, Electronic Serial Number).
Step 102: when smart card accessed terminal again, smart card obtained the identification code of the terminal of current time access.
The physical significance of the identification code of the terminal of described current time access can with reference to described step 101, repeat no more here.
For different smart cards, the mode of identification code that described smart card obtains the terminal of current time access is different, when smart card is SIM card, the mode of IMEI that SIM card is obtained the terminal of current time access is: SIM card sends IMEI to the terminal of current time access and obtains instruction, after the terminal of current time access is carried out described instruction, can return to SIM card the IMEI of described terminal;
And when smart card is the UIM card, the mode of ESN that described UIM card obtains the terminal of current time access is: the storage instruction of the carried terminal ESN that the terminal of current time access sends is received in the UIM clamping, then, the UIM card is stored the ESN of the terminal of described current time access according to described storage instruction, so far, described UIM card just gets access to the identification code of described terminal.
Step 103: judge that whether the identification code of the terminal that described current time accesses is identical with the identification code of the terminal that accesses first, if different, enters step 104.
The purpose of described step 103 is to determine the terminal terminal whether smart card accesses first of described current time access, if the identification code of the terminal of described current time access is different from the identification code of the terminal that accesses first, the terminal that then can determine described current time access is not the terminal that smart card accesses first, enters step 104.
Step 104: when carrying out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
When the terminal of described current time access be not smart card access first terminal the time, will guarantee that smart card can not be by the authentication of network side.At this moment, smart card adopts wrong authentication information and described authentication random number to carry out the authentication arithmetic that presets and obtains authentication parameter behind the authentication random number that receives the network side transmission; The correct authentication information of the smart card that presets of network side because use during network side compute authentication parameter this moment, and network side is identical with authentication arithmetic and the authentication random number that smart card adopts, so smart card is different from the authentication parameter that network side generates certainly, thereby guaranteed that smart card can not be by the authentication of network side in the terminal of current time access.
In the technical scheme of the present embodiment, smart cards for storage the identification code of terminal of access first, when smart card accesses terminal again, the identification code of the terminal of the current time that obtains access and the identification code of the terminal of access are first compared, if different, then when carrying out the authentication of network side, send the wrong authentication parameter that generates according to wrong authentication information to network side; Because network side adopts identical authentication arithmetic with smart card, and the characteristics of authentication arithmetic are when only having the parameter of carrying out authentication arithmetic all identical, the result who obtains is only identical, so, the authentication information of network side and smart card execution authentication arithmetic is not simultaneously, the authentication parameter that smart card generates is just different from network side, the intelligent card authentication failure, and the terminal of current time access can not access network.Realized the smart card lost or stolen after smart card in other terminal except the terminal of first access, can not pass through network authentication, thereby the purpose that terminal can not access network be used, improved to a certain extent the safety in utilization of smart card, further, also avoided smart card lose or " stolen " after the user telephone fee that causes run off, ensured former holder's interests.
For technical scheme of the present invention there being one better understand, the below is take terminal as mobile phone, and smart card is that UIM card and SIM are example, and technical scheme of the present invention is described in detail.With reference to shown in Figure 2, flow chart for a kind of terminal authentication method embodiment 2 provided by the invention, the present embodiment is elaborated to technical scheme of the present invention as an example of SIM card example, the present embodiment can be regarded as a specific implementation on the basis of described embodiment 1, and the present embodiment specifically can comprise:
Step 201:SIM card accesses mobile phone first, and SIM card backs up the identification code of described mobile phone, and the correct authentication information of SIM card.
The authentication information of SIM card is key K i, and in actual applications, when the GSM network carried out authentication to SIM card, the GSM network used the correct key K i of the corresponding described SIM card that presets at the GSM network side; Be the key K i that stores in the 6F07 file under the 7F20 catalogue of SIM card inside and SIM card is used, described 7F20 catalogue can be understood as a file, and the 6F07 file is the storage file that has certain format under the described file, such as the document of txt form.SIM card is not when accessing any mobile phone use, preset correct key K i in the 6F07 file in SIM card, the key K i that presets in correct key K i and the GSM network in this moment 6F07 file is identical, makes SIM card can access the use of GSM network in the mobile phone of for the first time access.
When described SIM card accesses mobile phone first, described SIM card is with correct key K i and the described first IMEI of the mobile phone of access of storage (backup) described SIM card in other any two the read-write files in SIM card, this process can be regarded as SIM and accesses first the process of binding between the mobile phone, and described IMEI sends the ProvLocalInfo instruction by SIM card to mobile phone and obtains.In practical operation, can preset a file and be used for the memory mobile phone identification code, when SIM card access mobile phone, whether the file that can preset by judgement is empty, judge whether SIM card accesses mobile phone (file then judges it is to access mobile phone for the first time for empty) for the first time.
When step 202:SIM card accesses mobile phone again, obtain the IMEI of current time access mobile phone.
The acquisition process of the IMEI of the mobile phone of described current time access can with reference to described step 201, repeat no more here.
Step 203:SIM card judges whether the IMEI of the mobile phone that current time accesses is identical with the IMEI of the mobile phone that accesses first, if, enter step 204, if not, enter step 205.
Step 204: behind the authentication random number that receives the transmission of GSM network, send the authentication parameter that generates according to correct key K i to the GSM network.
If SIM card is identical with the IMEI of the mobile phone that accesses first at the IMEI of the mobile phone of current time access, illustrate that SIM card has accessed its mobile phone that accesses first again, at this moment, SIM card need to write the 6F07 file with the correct key K i of backup, SIM card is used when key K i carries out authentication in the 6F07 file, because of the key K i, the authentication arithmetic (A3 algorithm) that use identical with network side with authentication random number, so, SIM card is identical with the authentication parameter that network side obtains, thereby guarantees the authentication success of SIM card.
Step 205: when carrying out network authentication, send the authentication parameter that generates according to false key Ki to the GSM network.
At this moment, in order to guarantee that SIM card can not by the authentication of GSM network, then need the key K i deletion of storing in the 6F07 file with SIM card or be revised as misdata as false key Ki in the mobile phone of current time access.When SIM card is carried out network authentication, adopt the A3 algorithm that false key Ki and the described authentication random number of storing in the 6F07 file calculated, obtain authentication parameter, and the authentication parameter that obtains is sent to the GSM network; Equally, the described A3 algorithm of GSM network using calculates an authentication parameter to correct key K i and the described authentication random number of SIM card, because the GSM network is identical with authentication arithmetic with the authentication random number that SIM card adopts, and the key K i that adopts is different, so, the GSM network is different with the authentication parameter that SIM card obtains respectively, and the GSM network is determined the SIM card failed authentication.
In the technical scheme of the present embodiment, take terminal as mobile phone, smart card is that SIM card is that example has been described in detail technical scheme of the present invention, form by backup IMEI and key K i in SIM card, realize the automatically mode of binding of SIM card and mobile phone, not only realized the beneficial effect that embodiment 1 brings; Further, when SIM card accesses the mobile phone of first access again, write the form of 6F07 file by the correct key K i that will back up, guaranteed that SIM card can provide the authentication of GSM network in the mobile phone of first access.
Need to prove, the technical scheme of embodiment 1 avoided the smart card lost or stolen after smart card, in other terminal except the terminal of first access, can pass through network authentication, and then the problem that terminal can the access network use.But, in actual applications, it is uncertain that the UIM card gets access to time of identification code of mobile phone, gets access at the UIM card before the identification code of mobile phone, the UIM card passes through described cdma network possibly at least one times authentication process of UIM card, and this is by cdma network UIM card authentication mechanism to be determined.In this case, for the UIM card, adopt the technical scheme among the described embodiment 1, will bring such problem: when the UIM card accesses the mobile phone that it accesses first again, if this moment, UIMID was wrong, and cdma network carried out authentication to it obtain the identification code of mobile phone at the UIM card before, and then the UIM card can not use by access network.In order to address this problem, the invention provides a kind of terminal authentication method embodiment 3.
With reference to shown in Figure 3, be the flow chart of a kind of terminal authentication method embodiment 3 provided by the invention, the present embodiment is elaborated to technical scheme of the present invention as an example of the UIM card example, and the present embodiment specifically can comprise:
Step 301:UIM card accesses mobile phone first, and the UIM card backs up the identification code of described mobile phone, and the correct authentication information of UIM card.
The authentication information of UIM card is UIM card sign UIMID, in actual applications, when cdma network enters mobile phone in the UIM clamping, at first obtains and preserve the UIMID of UIM card, follow-up during to UIM card authentication, all the time with the UIMID of the UIM card that obtains as correct UIMID.When the UIM card was carried out authentication, the UIMID that stores in the 6F31 file under the 7F25 catalogue of UIM card use UIM card inside carried out the network authentication flow process.UIM is stuck in when not accessing any mobile phone, and that store in the 6F31 file in the UIM card is the correct UIMID of UIM card, UIM is stuck in can accesses the cdma network use in the mobile phone that accesses for the first time.
6F38 file under 2700 catalogues of UIM card is fixed and is set to store the ESN of the mobile phone that the UIM card obtains.When described UIM card accesses mobile phone first, the UIM cartoon is crossed the A0DE instruction of the carrying mobile phone ESN that receives the mobile phone transmission and is obtained mobile phone ESN, described A0DE instruction is STORE ESN instruction, UIM is stuck in when carrying out described A0DE instruction, mobile phone ESN is stored in the 6F38 file under 2700 catalogues of UIM card.Simultaneously, described UIM card will back up respectively the correct UIMID of described UIM card in other any two read-write files of inside, and the ESN that accesses first mobile phone, realize the binding of UIM card and mobile phone.
When step 302:UIM card accesses mobile phone again, judge according to the correct UIMID of UIM card that backs up whether the UIMID in the 6F31 file is correct, if not, enters step 303, if enter step 304.
Step 303: in the 6F31 file, write correct UIMID.
Step 304: when carrying out network authentication, send the authentication parameter that generates according to correct UIMID to cdma network, so that network side is determined described UIM card authentication success.
Described step 302-step 303 occurs in the process of mobile phone power-on, at this moment, mobile phone does not carry out the business such as any breath of making a phone call, send short messages, so UIM is stuck in the authentication parameter that uses correct UIMID to generate this moment, can by the authentication of cdma network, still can not cause the loss of telephone expenses.
Step 305: the ESN that obtains the mobile phone of current time access.
When the UIM card obtains the identification code of mobile phone of current time access, the ESN of the mobile phone of the current time access of obtaining is stored in the 6F38 file under 2700 catalogues.
Step 306:UIM card judges whether the ESN of the mobile phone that current time accesses is identical with the ESN of the mobile phone of backup, if, enter step 307, if not, enter step 308.
Step 307: when carrying out network authentication, send the authentication parameter that generates according to correct UIMID to cdma network, so that network side is determined described UIM card authentication success.
Step 308: when carrying out network authentication, send the authentication parameter that generates according to wrong UIMID to cdma network.
Can not by the authentication of cdma network, then need the correct UIMID deletion of storing in the 6F31 file with the UIM card or be revised as misdata as the UIMID of mistake in order to guarantee that UIM is stuck in the mobile phone of current time access.When the UIM card is carried out network authentication, adopt wrong UIMID, shared key SSD, IMSI(international mobile subscriber identity, International Mobile Subscriber Identification Number) and the authentication random number that sends of cdma network carry out authentication arithmetic and obtain authentication parameter; Simultaneously, cdma network adopts correct UIMID, SSD, IMSI and the described authentication random number of UIM card to carry out authentication arithmetic and also obtains an authentication parameter.
It should be noted that, in actual applications, cdma network is at every turn to before the UIM card authentication, all to carry out the renewal of SSD, be specially: cdma network sends shared secret data (SSD) update message to mobile phone, and along with in addition random parameter RAND SSD that this message is sent simultaneously, then the UIM card uses the UIMID and the A-Key that are stored in the 6F31 file (to be determined by operator, when dispatching from the factory, write the UIM card), jointly calculate the SSD that makes new advances by the CAVE algorithm.After the UIM calorimeter is calculated new SSD, select a random parameter RAND BS then again to calculate an AUTHBS value by the CAVE algorithm in conjunction with the new SSD that generates previously and IMSI; In addition, cdma network uses same calculation of parameter to go out a new SSD and AUTHBS, and and the AUTHBS that sends of UIM card compare, if the same shared secret data (SSD) update success, new SSD can be stored in the database of network side and in the UIM card; If different, then network side and UIM keep original SSD, do not carry out the renewal of SSD.Renewal process by above-mentioned SSD can be found out, no matter whether the renewal of SSD is successful, the UIM card all has identical SSD with the cdma network side, be that cdma network is identical with authentication random number, SSD, IMSI and the authentication arithmetic that the UIM card adopts, and the UIMID that adopts is different, so cdma network is different with the authentication parameter that the UIM card obtains respectively, cdma network is determined UIM card failed authentication.
The present embodiment is that the authentication information take the UIM card describes as UIMID as example, authentication information for the UIM card is the IMSI(international mobile subscriber identity, International Mobile Subscriber Identification Number) situation, the authentication information of its implementation and UIM card is that the implementation of UIMID is similar, in like manner, with UIMID and IMSI together as authentication information, its implementation can be the implementation of UIMID with reference to the authentication information of UIM card also, repeats no more here.
In the technical scheme of the present embodiment, take terminal as mobile phone, smart card is that the UIM card is that example has been described in detail technical scheme of the present invention, not only realized the beneficial effect that embodiment 1 brings, further, consider that UIM is stuck in before the identification code of obtaining the access mobile phone, will be through at least one times authentication of cdma network to the UIM card, before the identification code of obtaining again the mobile phone of access at the UIM card, write the mode of correct UIMID in the 6F31 file with the UIM card, when guaranteeing that the UIM card accesses the mobile phone of first access again, UIM is stuck in the mobile phone that accesses first and can uses.
Need to prove, when needs are removed the binding relationship of smart card and terminal, in embodiment 2 and embodiment 3, can increase such step, with the identification code of terminal of the first access of backup and the correct authentication information deletion of smart card, here deletion only be the identification code of the terminal that accesses first and the correct authentication information of smart card, the file of preserving the correct authentication information of the file of the identification code of the terminal of access first and smart card still exists.
It should be noted that, when the binding that realizes smart card and terminal and releasing, although be to be undertaken by the form of back-up terminals identification code and intelligent card authentication information hereof among the present invention, but in actual applications, the every memory module that can store (for example memory) can be used for implementing the binding of smart card and terminal in the smart card; But note, in order to carry out the releasing of smart card and terminal binding, also require the memory module of the correct authentication information of the identification code of back-up terminals in the smart card and smart card can realize deletion to storage information, for example, adopt EEPROM can realize the binding of smart card and terminal, but EEPROM can not be to the content deletion of its storage, so can not realize the releasing of smart card and terminal binding.So when will not only can realize the binding of smart card and terminal but also can realize the releasing of smart card and terminal binding, it obviously be inappropriate adopting EEPROM.
Accordingly, the present invention also provides a kind of smart card, with reference to shown in Figure 4, is the structural representation of a kind of smart card embodiment 1 provided by the invention, and described smart card comprises:
Memory module 401, when accessing terminal first for smart card, backup is the identification code of the terminal of access first;
Acquisition module 402 when again accessing terminal for smart card, obtains the identification code of the terminal of current time access;
Whether the first judge module 403 is identical with the identification code of the first terminal of access of backup for the identification code of the terminal of judging described current time access;
The first sending module 404, be used for described current time access terminal identification code and the terminal of access first identification code not simultaneously, when carrying out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
Preferably, with reference to shown in Figure 5, when being SIM card for described smart card, the structural representation of described acquisition module, described acquisition module 402 comprises:
Send submodule 501, be used for sending international General Mobile EIC equipment identification code IMEI to the terminal of current time access and obtain instruction, described IMEI is the identification code of terminal;
Reading submodule 502 is used for reading described terminal and carries out the IMEI that described IMEI obtains the described terminal of returning after the instruction.
Preferably, with reference to shown in Figure 6, when being the UIM card for described smart card, be the structural representation of described acquisition module 402, described acquisition module 402 comprises:
Receiver module 601 is used for receiving smart card in the storage instruction of the Electronic Serial Number ESN that carries described terminal of the terminal transmission of current time access, and described Electronic Serial Number ESN is the identification code of terminal;
Sub module stored 602 is used for storing described ESN according to described instruction.
The function that each module realizes in the smart card is corresponding with method operating procedure in the embodiment of the method 1, repeats no more here.
With reference to shown in Figure 7, be the structural representation of a kind of smart card embodiment 2 provided by the invention, except module shown in Figure 3, described smart card also comprises:
The second sending module 701, be used for the identification code of identification code and the terminal that accesses first of backup of terminal of described current time access when identical, when carrying out network authentication, send the authentication parameter that generates according to correct authentication information to network side, so that network side is determined described intelligent card authentication success.
Backup module 702 when accessing terminal first for smart card, backs up the correct authentication information of described smart card, to realize smart card and the binding that accesses terminal first;
Remove module 703, be used for correct authentication information and the identification code of the terminal of access first of the smart card of deletion backup, with the binding of removing smart card and accessing terminal first.
The function that each module realizes in the smart card is corresponding with method operating procedure in the embodiment of the method 2, repeats no more here.
Preferably, with reference to shown in Figure 8, be the structural representation of a kind of smart card embodiment 3 provided by the invention, except comprising described Fig. 3, module shown in Figure 7, described smart card also comprises:
The second judge module 801 is used for before the identification code of terminal that smart card obtains the current time access, and whether the authentication information when judging that according to the correct authentication information of smart card of backup smart card accesses terminal again is correct;
Recover module 802, during authentication information mistake when being used for smart card and again accessing terminal, the authentication information when according to the correct authentication information of smart card of backup smart card being accessed terminal again reverts to correct authentication information.
The function that each module realizes in the smart card is corresponding with method operating procedure in the embodiment of the method 3, repeats no more here.
Need to prove, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby not only comprise those key elements so that comprise process, method, article or the equipment of a series of key elements, but also comprise other key elements of clearly not listing, or also be included as the intrinsic key element of this process, method, article or equipment.In the situation that not more restrictions, the key element that is limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
For system embodiment, because it corresponds essentially to embodiment of the method, so relevant part gets final product referring to the part explanation of embodiment of the method.System embodiment described above only is schematic, wherein said unit as the separating component explanation can or can not be physically to separate also, the parts that show as the unit can be or can not be physical locations also, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of module to realize the purpose of the present embodiment scheme.Those of ordinary skills namely can understand and implement in the situation that do not pay creative work.
The above only is the specific embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (16)

1. a terminal authentication method is characterized in that, when smart card accessed terminal first, after the authentication success, backup is the identification code of the terminal of access first, and described method comprises:
Described smart card accesses terminal again, and smart card obtains the identification code of the terminal of current time access;
Smart card judges whether the identification code of the terminal that described current time accesses is identical with the identification code of the first terminal of access of backup, if different, when then smart card is carried out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
2. method according to claim 1 is characterized in that, also comprises: when smart card accessed terminal first, smart card backed up the correct authentication information of described smart card, to realize smart card and the binding that accesses terminal first.
3. method according to claim 2 is characterized in that, described method also comprises:
The identification code of the correct authentication information of the smart card of deletion backup and the terminal that accesses first is to remove smart card and the binding that accesses terminal first.
4. method according to claim 2 is characterized in that, described smart card is the UIM card, and smart card obtains before the identification code of terminal of current time access, also comprises:
Whether the authentication information when the UIM card accesses terminal again according to the correct authentication information judgement of backing up is correct, and if not, the authentication information in the time of then will again accessing terminal reverts to correct authentication information.
5. method according to claim 4 is characterized in that, the identification code of described terminal is Electronic Serial Number ESN, and the described identification code of obtaining the terminal of current time access then specifically comprises:
Receive the storage instruction of carrying described terminal ESN of the terminal transmission of current time access;
Store described ESN according to described instruction.
6. method according to claim 4 is characterized in that, the authentication information of described smart card is UIM card sign UIMID and/or international mobile subscriber identity IMSI.
7. method according to claim 2 is characterized in that, described smart card is SIM card, and the identification code of described terminal is international mobile device identification code IMEI, and the described identification code of obtaining the terminal of current time access specifically comprises:
Terminal transmission IMEI to the current time access obtains instruction;
Read described terminal and carry out the IMEI that described IMEI obtains the described terminal of returning after the instruction.
8. method according to claim 7 is characterized in that, the authentication information of described smart card is key K i.
9. according to claim 4 or 7 described methods, it is characterized in that, described method also comprises: if the identification code of the terminal of described current time access is identical with the identification code of the first terminal of access of backup, when then smart card is carried out network authentication, send the authentication parameter that generates according to correct authentication information to network side, so that network side is determined described intelligent card authentication success.
10. a smart card is characterized in that, described smart card comprises:
Memory module, when accessing terminal first for smart card, after the authentication success, backup is the identification code of the terminal of access first;
Acquisition module when again accessing terminal for smart card, obtains the identification code of the terminal of current time access;
Whether the first judge module is identical with the identification code of the first terminal of access of backup for the identification code of the terminal of judging described current time access;
The first sending module, be used for described current time access terminal identification code and the terminal of access first identification code not simultaneously, when carrying out network authentication, send the authentication parameter that generates according to wrong authentication information to network side, so that network side is determined described intelligent card authentication failure.
11. smart card according to claim 10 is characterized in that, described smart card also comprises:
Backup module when accessing terminal first for smart card, backs up the correct authentication information of described smart card, to realize smart card and the binding that accesses terminal first.
12. smart card according to claim 11 is characterized in that, described smart card also comprises:
Remove module, be used for correct authentication information and the identification code of the terminal of access first of the smart card of deletion backup, with the binding of removing smart card and accessing terminal first.
13. smart card according to claim 11 is characterized in that, described smart card is the UIM card, and described smart card also comprises:
The second judge module is used for before the identification code of terminal that smart card obtains the current time access, and whether the authentication information when judging that according to the correct authentication information of smart card of backup smart card accesses terminal again is correct;
Recover module, during authentication information mistake when being used for smart card and again accessing terminal, the authentication information when smart card is accessed terminal again reverts to correct authentication information.
14. smart card according to claim 13 is characterized in that, described acquisition module specifically comprises:
Receive submodule, be used for being received in the storage instruction of the Electronic Serial Number ESN that carries described terminal that the terminal of current time access sends, described Electronic Serial Number ESN is the identification code of terminal;
Sub module stored is used for storing described ESN according to described instruction.
15. smart card according to claim 11 is characterized in that, described smart card is SIM card, and described acquisition module specifically comprises:
Send submodule, be used for sending international General Mobile EIC equipment identification code IMEI to the terminal of current time access and obtain instruction, described IMEI is the identification code of terminal;
Reading submodule is used for reading described terminal and carries out the IMEI that described IMEI obtains the described terminal of returning after the instruction.
16. according to claim 13 or 15 described smart cards, it is characterized in that, described method also comprises:
The second sending module, be used for the identification code of identification code and the terminal that accesses first of backup of terminal of described current time access when identical, when carrying out network authentication, send the authentication parameter that generates according to correct authentication information to network side, so that network side is determined described intelligent card authentication success.
CN201310046224.1A 2013-02-05 2013-02-05 A kind of terminal authentication method and smart card Active CN103079203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310046224.1A CN103079203B (en) 2013-02-05 2013-02-05 A kind of terminal authentication method and smart card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310046224.1A CN103079203B (en) 2013-02-05 2013-02-05 A kind of terminal authentication method and smart card

Publications (2)

Publication Number Publication Date
CN103079203A true CN103079203A (en) 2013-05-01
CN103079203B CN103079203B (en) 2016-01-20

Family

ID=48155587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310046224.1A Active CN103079203B (en) 2013-02-05 2013-02-05 A kind of terminal authentication method and smart card

Country Status (1)

Country Link
CN (1) CN103079203B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104967993A (en) * 2015-04-29 2015-10-07 深圳市中兴物联科技有限公司 Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA
CN106304033A (en) * 2016-08-31 2017-01-04 北京握奇数据系统有限公司 A kind of cellphone information defence method based on binding machine and card and system
CN106797535A (en) * 2014-08-28 2017-05-31 酷派软件技术(深圳)有限公司 Terminal and its antitheft tracing method and anti-theft tracking device
CN106851638A (en) * 2015-12-04 2017-06-13 中移(杭州)信息技术有限公司 The method for authenticating and device of a kind of client identification module card
CN107872786A (en) * 2016-09-23 2018-04-03 中国移动通信有限公司研究院 A kind of control method and smart card
CN108024243A (en) * 2017-12-05 2018-05-11 恒宝股份有限公司 A kind of eSIM is caught in Network Communication method and its system
CN108235320A (en) * 2017-12-28 2018-06-29 中国联合网络通信集团有限公司 Networking method for authenticating, the apparatus and system of unmanned plane
CN109714753A (en) * 2017-10-25 2019-05-03 北京握奇智能科技有限公司 A kind of method and system of the network terminal and the certification of Internet of Things SIM card

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170823A (en) * 2007-11-19 2008-04-30 中兴通讯股份有限公司 Authentication method between user recognition module and terminal
CN101711023A (en) * 2009-11-10 2010-05-19 中兴通讯股份有限公司 Method and system for realizing interlocking of phone and card

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170823A (en) * 2007-11-19 2008-04-30 中兴通讯股份有限公司 Authentication method between user recognition module and terminal
CN101711023A (en) * 2009-11-10 2010-05-19 中兴通讯股份有限公司 Method and system for realizing interlocking of phone and card

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106797535A (en) * 2014-08-28 2017-05-31 酷派软件技术(深圳)有限公司 Terminal and its antitheft tracing method and anti-theft tracking device
CN104967993A (en) * 2015-04-29 2015-10-07 深圳市中兴物联科技有限公司 Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA
CN104967993B (en) * 2015-04-29 2019-04-05 深圳市中兴物联科技有限公司 Authentication code dynamic creation method, system and device based on CDMA
CN106851638A (en) * 2015-12-04 2017-06-13 中移(杭州)信息技术有限公司 The method for authenticating and device of a kind of client identification module card
CN106304033A (en) * 2016-08-31 2017-01-04 北京握奇数据系统有限公司 A kind of cellphone information defence method based on binding machine and card and system
CN107872786A (en) * 2016-09-23 2018-04-03 中国移动通信有限公司研究院 A kind of control method and smart card
CN107872786B (en) * 2016-09-23 2021-06-25 中国移动通信有限公司研究院 Control method and smart card
CN109714753A (en) * 2017-10-25 2019-05-03 北京握奇智能科技有限公司 A kind of method and system of the network terminal and the certification of Internet of Things SIM card
CN108024243A (en) * 2017-12-05 2018-05-11 恒宝股份有限公司 A kind of eSIM is caught in Network Communication method and its system
CN108024243B (en) * 2017-12-05 2019-06-21 恒宝股份有限公司 A kind of eSIM is caught in Network Communication method and its system
CN108235320A (en) * 2017-12-28 2018-06-29 中国联合网络通信集团有限公司 Networking method for authenticating, the apparatus and system of unmanned plane

Also Published As

Publication number Publication date
CN103079203B (en) 2016-01-20

Similar Documents

Publication Publication Date Title
CN103079203B (en) A kind of terminal authentication method and smart card
US10104535B2 (en) Mobile terminal, maintenance server, and method and apparatus for maintaining virtual SIM card
US20120149331A1 (en) Method and system for remote control of smart card
CN101252703A (en) Terminal data protecting method, system as well as mobile communication terminal
CN101026834A (en) Locking method and unlocking method
US8571522B2 (en) Authentication method for the mobile terminal and a system thereof
CN106937274A (en) A kind of Profile changing methods and device based on EUICC
CN106162517A (en) The management method of a kind of virtual SIM card and system
EP2472923A1 (en) Remote control method and system for smart card
WO2011015075A1 (en) Method for reserving card information of subscriber identity module card and system thereof
CN106304033A (en) A kind of cellphone information defence method based on binding machine and card and system
CN104765657A (en) Data backup method, data recovery method and relative device
CN107623907B (en) eSIM card network locking method, terminal and network locking authentication server
US20120149333A1 (en) Method and system for remote control of a smart card
CN109951563A (en) A kind of smart card update method and its more new system working method
CN102595376B (en) A kind of activating method, Apparatus and system of User Identity card
CN107172194B (en) Virtual SIM card management method and device and communication terminal
CN103237118A (en) Mobile terminal startup method and system, and mobile terminal
CN105120451A (en) Method for realizing card-less operation of mobile terminal, operator business platform and mobile terminal
CN102667806B (en) A chip card, an electronic system, a method being implemented by a chip card and a computer program product
CN102104864A (en) Method for realizing network and card locking function of terminal and terminal
CN103533563A (en) Restoring method and terminal for wireless local area network account number
CN103152724A (en) Method and system for locking SIM (subscriber identity module) card by utilizing hardware
CN101350985A (en) Method for backup of SIM card information, mobile terminal and system
CN103379478A (en) Control method, control system, client terminal and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CB03 Change of inventor or designer information

Inventor after: Liu Hongwei

Inventor after: Guo Tianguang

Inventor after: Li Yalan

Inventor before: Liu Hongwei

Inventor before: Li Yalan

COR Change of bibliographic data
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100102 Beijing, Chaoyang District, Wangjing Li Ze Park 101, Qiming International Building 7.

Patentee after: Beijing Watchdata Limited by Share Ltd

Address before: 100102 Beijing, Chaoyang District, Wangjing Li Ze Park 101, Qiming International Building 7.

Patentee before: Beijing Woqi Data System Co., Ltd.