A kind of method that SIM card and external equipment are bound and verified
Technical field
The present invention relates to binding and verifying field, bound and verified more particularly to a kind of SIM card and external equipment
Method.
Background technology
With the development of mobile payment, more and more people carry out mobile payment using external equipment, these are external to set
The standby equipment that all can be attached with the SIM card of mobile equipment including audio mobile payment device, USB device etc..User exists
After carrying out business operation using external equipment in mobile equipment containing SIM card, if the external equipment is lost by other staff
Take, and in the case of the no handling of card loss of progress in time of user, other people can be can be used by simple technological means should
External equipment pretends to be original subscriber to carry out business handling to the account of original subscriber, so fund of user etc. can be caused unnecessary
Loss.
That is, how to ensure the security of external equipment, i.e., how to ensure the external equipment is legal used
, it is a problem to be solved.
The content of the invention
An embodiment of the present invention provides a kind of method that SIM card and external equipment are bound and verified, solving can not
It is the legal technical problem used to ensure external equipment.
The embodiment of the invention discloses following technical solution:
A kind of method that SIM card and external equipment are bound, including step:
When external equipment accesses the mobile equipment containing SIM card first, external equipment sends external equipment ID, SIM card
International mobile user identity code IMSI, random number and the first secret value are to background system;
First secret value be external equipment by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI, random number are encrypted to obtain;
Background system according to external equipment ID search to obtain in advance backstage preserve described in it is uniquely right with external equipment ID
The master key answered, is encrypted to obtain by the master key to the external equipment ID received, SIM card IMSI, random number
Second secret value;
Background system compares first secret value and the second secret value, if unanimously, background system determines described first
Secret value is sent by legal external equipment;
The correspondence of the external equipment ID and SIM card IMSI is bound and stored by background system.
Preferably, after the correspondence of the external equipment ID and SIM card IMSI is bound and preserved by background system, also
Including:
External equipment receives the special parameter and the 3rd secret value that background system is sent;
The special parameter is the random number or tied up with external equipment ID and SIM card IMSI correspondences that background system produces
Fixed relevant parameter;
3rd secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI and special parameter are encrypted to obtain;
External equipment to the external equipment ID, the SIM card IMSI that itself preserve and the special parameter use received with
Uniquely corresponding master key is encrypted external equipment ID, obtains the 4th secret value;
External equipment compares the 3rd secret value and the 4th secret value, if unanimously, external equipment determines the described 3rd
Secret value is sent by legal background system;
External equipment ID is bound and is stored with SIM card IMSI by external equipment.
Preferably, the special parameter is specially backstage binding time.
A kind of method that SIM card and external equipment are verified, including step:
The external equipment request of the mobile equipment of access carries out business operation;
Background system receives the external equipment ID and SIM card IMSI of external equipment transmission;
Background system to the reception to external equipment ID and the SIM card IMSI and external equipment ID that binds and store
It is compared with SIM card IMSI;
Only when comparison result is consistent, background system allows external equipment to carry out business operation using the SIM card.
Preferably, further include:
External equipment accesses the mobile equipment containing SIM card;
External equipment obtains the SIM card IMSI;
The SIM card IMSI is compared with the SIM card IMSI of binding storage for external equipment;
Only when comparison result is consistent, external equipment allows the SIM card to carry out business operation.
A kind of method that SIM card and external equipment are bound, including step:
When external equipment accesses the mobile equipment containing SIM card first, external equipment sends external equipment ID, SIM card
IMSI, random number and the first secret value are to background system;
First secret value be external equipment by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI, random number are encrypted to obtain;
Background system according to external equipment ID search to obtain in advance backstage preserve described in it is uniquely right with external equipment ID
The master key answered, is encrypted to obtain by the master key to the external equipment ID received, SIM card IMSI, random number
Second secret value;
Background system compares first secret value and the second secret value, if unanimously, background system determines described first
Secret value is sent by legal external equipment;
External equipment receives the special parameter and the 3rd secret value that background system is sent;
The special parameter is the random number or tied up with external equipment ID and SIM card IMSI correspondences that background system produces
Fixed relevant parameter;
3rd secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI and special parameter are encrypted to obtain;
External equipment to the external equipment ID, the SIM card IMSI that itself preserve and the special parameter use received with
Uniquely corresponding master key is encrypted external equipment ID, obtains the 4th secret value;
External equipment compares the 3rd secret value and the 4th secret value, if unanimously, external equipment determines the described 3rd
Secret value is sent by legal background system;
External equipment ID is bound and is stored with SIM card IMSI by external equipment.
Preferably, described, background system determines that first secret value is after being sent by legal external equipment, to send out
Special parameter and the 3rd secret value is sent to be further included to before external equipment:
The correspondence of the external equipment ID and SIM card IMSI is bound and stored by background system.
Preferably, the characteristic parameter is specially backstage binding time.
A kind of method that SIM card and external equipment are verified, including:
External equipment accesses the mobile equipment containing SIM card;
External equipment obtains the SIM card IMSI;
The SIM card IMSI is compared with the binding SIM card IMSI stored for external equipment;
Only when comparison result is consistent, external equipment allows the SIM card to carry out business operation.
Preferably, further include:
The external equipment request of the mobile equipment of access carries out business operation;
Background system receives the external equipment ID and SIM card IMSI of external equipment transmission;
Background system docks received external equipment ID and SIM card IMSI and the external equipment ID and SIM that bind and store
Card IMSI is compared;
Only when comparison result is consistent, background system allows external equipment to carry out business operation using the SIM card.
As can be seen from the above-described embodiment, the present invention is bound and is verified by the SIM card to user and external equipment
Method, SIM card is bound in external equipment mobile equipment of the access containing SIM card for the first time, is used every time afterwards
The external equipment carries out being required for verifying the mobile equipment of access during business operation so that external equipment only accesses quilt
The SIM card of binding could carry out business operation, thus greatly improve the security of external equipment.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also
To obtain other attached drawings according to these attached drawings.
The binding method signaling diagram for the method that Fig. 1 is a kind of SIM card of the present invention and external equipment is bound;
The method of calibration flow chart for the method that Fig. 2 is a kind of SIM card of the present invention and external equipment is verified;
Another binding method signaling diagram for the method that Fig. 3 is a kind of SIM card of the present invention and external equipment is bound;
Another method of calibration flow chart for the method that Fig. 4 is a kind of SIM card of the present invention and external equipment is verified.
Embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, below in conjunction with the accompanying drawings to the present invention
Embodiment is described in detail.
Embodiment one
The present invention is provided for this pattern that related service operation is carried out using the external equipment for having accessed mobile equipment
Two kinds of different binding methods, are the binding of mobile equipment and external equipment and tying up for mobile equipment and background system respectively
Fixed, the present embodiment mainly describes the binding of mobile equipment and background system.
Referring to Fig. 1, the binding method signaling of its method bound for a kind of SIM card of the present invention and external equipment
Figure, this method comprise the following steps:
S101:When external equipment accesses the mobile equipment containing SIM card first, external equipment obtains the SIM card
IMSI (international mobile user identity code), the ID of the external equipment, and produce a random number;
External equipment using it is prestoring, with the unique corresponding master keys of external equipment ID, to external device id, SIM card
IMSI and random number are encrypted, and obtain the first secret value.
It should be noted that user can pass through shifting after first by the mobile equipment access external equipment containing SIM card
Software interface in dynamic equipment sends bind request to external equipment, and external equipment is after bind request is obtained, you can in completion
The encrypting step stated.
Preferably, process key SESLK is produced used here as by master key, then by the SESLK to external equipment
ID and SIM card IMSI are encrypted, and generate MAC1, i.e. the first secret value.
The SESLK is the single-length key produced with variable data, is used only once after generation.The group of the SESLK
It is as follows into form:
SESLK:Random number ‖ external equipment ID ‖ ' 8000 '.
It should be noted that random number here refers in particular to the random number that external equipment produces in S101.
The MAC is the data chunk produced by following methods, and computing is encrypted by SESLK and obtains:
The first step:The initial value (Initial Vector) of one 8 byte long is set as 16 systems ' 0x 00 00
00 00 00 00 00 00’。
Second step:All input datas are connected into a data block in a designated order.
3rd step:The data block connected into is divided into the data chunk of 8 byte longs, is identified as D1, D2, D3, D4 etc..
To the end, remaining byte forms last block data block that a length is less than or equal to 8 bytes for segmentation.
4th step:If last data block length is 8 bytes, additional 8 byte longs after this data block
Data block, additional data block are:16 systems ' 0x 80 00 00 00 00 00 00 00 '.If last data block
The byte that length is less than 8 bytes, then to fill up a value be 16 systems for the data block last ' 0x80 '.If the number after filling up
It is equal to 8 bytes according to block length, then skips to the 5th step.If the data block length after filling up is still less than 8 bytes, in data block
Filling up 16 systems afterwards, byte to the data block length of ' 0x00 ' is 8 bytes.
5th step, be encrypted computing to obtained data using SESLK.
6th step, obtain the MAC of 4 byte lengths.
Certainly, it is a preferable cipher mode above, the present invention is not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S102:External equipment is added external equipment ID, SIM card IMSI, random number and first by the mobile equipment of access
Close value is sent to background system.
S103:Background system is found close with its unique corresponding master in the database by the external equipment ID received
Key, using the master key with the received above-mentioned external equipment ID of cipher mode docking, SIM card IMSI identical in S101 and at random
Number is encrypted, and obtains the second secret value.
S104:Background system docks received first secret value and the second secret value and is compared, if comparison result one
Cause, this means that used master key and background system, which is encrypted, in external equipment is encrypted used master key one
Cause, then background system determines that first secret value is sent by legal external equipment.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then background system determines that first secret value is by illegal
What external equipment was sent, and refusal request message is sent immediately to the external equipment for accessing the mobile equipment containing SIM card.
S105:The correspondence of the external equipment ID and SIM card IMSI is bound and stored by background system.
It is corresponding, there is a kind of method of calibration, see embodiment two.
Embodiment two
Referring to Fig. 2, the method for calibration flow chart of its a kind of method verified for SIM card and external equipment, including
Step:
S201:The external equipment request of the mobile equipment of access carries out business operation.
After binding, business operation is carried out using the external equipment request of mobile equipment of the access containing SIM card every time
When, external equipment can all send external equipment ID and SIM card IMSI to background system by the mobile equipment of access.
S202:Background system receives the external equipment ID and SIM card IMSI of external equipment transmission.
S203:Background system docks received external equipment ID and SIM card IMSI and the external equipment ID for binding and storing
It is compared with SIM card IMSI.
S204:Only when comparison result is consistent, background system allows external equipment to carry out business behaviour using the SIM card
Make.
By this verification mode it can be seen from embodiment two, tied up only on external equipment using corresponding
Fixed SIM card, could carry out business operation by the external equipment.
Embodiment three
The present embodiment mainly describes the binding of mobile equipment and external equipment.
Referring to Fig. 3, another binding method signaling of its a kind of method bound for SIM card and external equipment
Figure, including step:
The particular content of S301 to S304 refers to the S101 to S104 in embodiment one.
It is distinguishing to be, step S304 be compared result it is consistent after, background system and without bindings, but
It is directly entered S305.
S305:Background system sends special parameter and the 3rd secret value to the external equipment of access SIM card.
The special parameter is the random number or tied up with external equipment ID and SIM card IMSI correspondences that background system produces
Fixed relevant parameter.
3rd secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI and special parameter are encrypted to obtain.
Preferably, used here as by the way that uniquely corresponding master key produces process key SESLK with external equipment ID, then
The external equipment ID, SIM card IMSI and special parameter are encrypted by the SESLK, generate MAC2, i.e., the 3rd encryption
Value.
The SESLK is the single-length key produced with variable data, is used only once after generation.The group of the SESLK
It is as follows into form:
SESLK:Random number ‖ external equipment ID ‖ ' 8000 '.
Explanation is needed exist for, random number here is to refer in particular to external equipment in S302 to be sent to the described of background system
Random number.
Certainly, it is a preferable cipher mode above, the present invention is not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S306:External equipment makes the external equipment ID, the SIM card IMSI that itself preserve and the special parameter received
With uniquely corresponding master key is encrypted with external equipment ID, the 4th secret value is obtained.
It should be noted that it is encrypted used here as the cipher mode identical with S305.
S307:External equipment compares the 3rd secret value and the 4th secret value, if comparison result is consistent, this means that
External equipment be encrypted used in master key and background system be encrypted used in master key it is consistent, then external equipment
Determine that the 3rd secret value is sent by legal background system.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then external equipment determines that the 3rd secret value is by illegal
Background system send, external equipment will not carry out bindings.
S308:External equipment ID is bound and is stored with SIM card IMSI by external equipment.
It should be noted that external equipment energy and be only capable of carry out a bindings, once to movement on external equipment
Equipment is bound, and user will be unable to carry out other bindings using the external equipment, and also the binding can not be repaiied
Change or solve binding.
It is corresponding, there is a kind of method of calibration, see the S401 to S404 in example IV.
Example IV
Referring to Fig. 4, another method of calibration flow of its a kind of method verified for SIM card and external equipment
Figure, including step:
S401:External equipment accesses the mobile equipment containing SIM card.
After binding, business operation is carried out using the external equipment request of mobile equipment of the access containing SIM card every time
When, external equipment can carry out verification operation to the movement equipment.
S402:External equipment obtains the IMSI of the SIM card of access.
S403:The SIM card IMSI of access is compared with the SIM card IMSI of binding storage for external equipment.
S404:Only when comparison result is consistent, external equipment allows the SIM card to carry out business operation.
S405 to S408 refers to the S201 to S204 in embodiment two.
By this verification mode it can be seen from example IV, tied up only on external equipment using corresponding
Fixed SIM card, could carry out business operation by the external equipment.
Embodiment five
It will be described in being based on for the mobile equipment described in embodiment one and the binding of background system, the present embodiment
The binding of mobile equipment and external equipment after the binding of mobile equipment and background system.
Referring to Fig. 1, being based on embodiment one, step is further included:
S106:Background system sends special parameter and the 3rd secret value to the external equipment of access SIM card.
The special parameter is the random number or tied up with external equipment ID and SIM card IMSI correspondences that background system produces
Fixed relevant parameter.
Preferably, the special parameter is specially backstage binding time.
3rd secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
SIM card IMSI and special parameter are encrypted to obtain.
Preferably, used here as by the way that uniquely corresponding master key produces process key SESLK with external equipment ID, then
The external equipment ID, SIM card IMSI and special parameter are encrypted by the SESLK, generate MAC2, i.e., the 3rd encryption
Value.
SESLK is the single-length key produced with variable data, is used only once after generation.The composition shape of the SESLK
Formula is as follows:
SESLK:Random number ‖ external equipment ID ‖ ' 8000 '.
Explanation is needed exist for, random number here refers in particular to external equipment in embodiment one and is sent to background system
The random number.
Certainly, it is a preferable cipher mode above, the present invention is not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S107:External equipment makes the external equipment ID, the SIM card IMSI that itself preserve and the special parameter received
With uniquely corresponding master key is encrypted with external equipment ID, the 4th secret value is obtained.
It should be noted that it is encrypted used here as the cipher mode identical with S106.
S108:External equipment compares the 3rd secret value and the 4th secret value, if comparison result is consistent, this means that
External equipment be encrypted used in master key and background system be encrypted used in master key it is consistent, then external equipment
Determine that the 3rd secret value is sent by legal background system.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then external equipment determines that the 3rd secret value is by illegal
Background system send, external equipment will not carry out bindings.
S109:External equipment ID is bound and is stored with SIM card IMSI by external equipment.
It should be noted that external equipment energy and be only capable of carry out a bindings, once to movement on external equipment
Equipment is bound, and user will be unable to carry out other bindings using the external equipment, and also the binding can not be repaiied
Change or solve binding.
For this binding mode, corresponding verification mode refers to example IV.
Embodiment six
For the mobile equipment described in embodiment three and the binding of external equipment, the present embodiment will be described in moving
The binding of mobile equipment and background system before the binding of dynamic equipment and background system.
Referring to Fig. 3, based on the basis of embodiment three, step is further included:
After comparison in S304 is consistent, S305 background systems send special parameter and the 3rd secret value to accessing SIM card
External equipment before, the correspondence of the external equipment ID and SIM card IMSI is bound and preserved by background system.
Accordingly, it is preferred that the special parameter in embodiment three is specially backstage binding time.
For this binding mode, corresponding verification mode refers to example IV.
Embodiment seven
Certainly, in addition to above-mentioned cryptographic check method, it can also use following method:
Each external equipment has a pair of of an external equipment public key and external equipment private key, the external equipment public key and external
Device private is unique corresponding, the external equipment private key of oneself can be write in external equipment, by corresponding external equipment public key
It is stored in background system.
Background system also has a pair of of background system public key and background system private key, the background system public key and background system
Private key is unique corresponding, the background system private key of oneself is preserved in background system, all external equipments all can when dispatching from the factory
Preserve the public key of background system.
When binding information is sent to background system by external equipment, encryption process is as follows:
External equipment uses the external device private key encryption data of oneself, then with the external device private key pair encryption of oneself
Data afterwards are signed.
It will sign and encrypted data sending is to background system.
Whether background system is effective come the signature verified using the external equipment public key of the corresponding external equipment, if
Effectively, then the external equipment public key is continuing with data are decrypted.
After decryption passes through, the binding relationship of external equipment ID and SIM card IMSI are stored in background system.
After the completion of background system binding, when issuing data to external equipment, using procedure below:
Background system uses background system private key encryption data, is then carried out with the data after background system private key pair encryption
Signature.
By the signature and encrypted data sending to external equipment.
Whether external equipment is effective come the signature verified using the system background public key of preservation, if it is valid, after
The continuous background system public key using preservation is to data deciphering.
After the completion of decryption, external equipment is by the binding relationship write device with SIM card IMSI.
As can be seen from the above-described embodiment, the present invention is bound and is verified by the SIM card to user and external equipment
Method, SIM card is bound in external equipment mobile equipment of the access containing SIM card for the first time, is used every time afterwards
The external equipment carries out being required for verifying the mobile equipment of access during business operation so that external equipment only accesses quilt
The SIM card of binding could carry out business operation, thus greatly improve the security of external equipment.
It should be noted that one of ordinary skill in the art will appreciate that realize the whole in above-described embodiment method or portion
Split flow, is that relevant hardware can be instructed to complete by computer program, the program can be stored in a computer
In read/write memory medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, it is described
Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory
(Random Access Memory, RAM) etc..
The method that a kind of SIM card provided by the present invention and external equipment are bound and verified above has carried out in detail
Introduce, specific embodiment used herein is set forth the principle of the present invention and embodiment, and above example is said
It is bright to be only intended to help the method and its core concept for understanding the present invention;Meanwhile for those of ordinary skill in the art, foundation
The thought of the present invention, there will be changes in specific embodiments and applications, in conclusion this specification content is not
It is interpreted as limitation of the present invention.