Summary of the invention
In view of this, the present invention provides a kind of communication method based on virtual SIM card and device, for improving the security of each parameter in virtual SIM card.
The present invention provides a kind of communication method based on virtual SIM card, is applied in mobile terminal, and described method comprises:
When described mobile terminal uses described virtual SIM card, the first message is sent to server, described first message is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business;
The first parameter after the encryption that reception server sends;
Business is carried out mutual based on the first parameter after described encryption and described server.
Preferably, described send the first message to server, comprising:
Login request message is sent to described server, described login request message carries the identification information of described virtual SIM card, the identification information of described virtual SIM card is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business.
Preferably, described send the first message to server, comprising:
Radio connection request message is sent to described server, described radio connection request message carries the identification information of described virtual SIM card, the identification information of described virtual SIM card is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business.
Preferably, described method also comprises:
Acquisition adds decryption key and encryption algorithm, described in add decryption key and described encryption algorithm for the first parameter of described virtual SIM card being decrypted;
Judge whether the rank of the communication module of described mobile terminal configuration meets communication security requirements;
If it does, then add decryption key and described first parameter is decrypted by described encryption algorithm described in using;
If not, then the first parameter after the direct storage encryption of described mobile terminal is controlled.
Preferably, whether the rank of the described communication module judging described mobile terminal configuration meets communication security requirements, comprising: whether the identification information judging described communication module is default identification information.
The present invention also provides a kind of communicator based on virtual client identification Module SIM card, is applied in mobile terminal, and described device comprises:
Send unit, for sending the first message when described mobile terminal uses described virtual SIM card to server, described first message is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business;
Receive unit, for the first parameter after the encryption that reception server sends;
Interactive unit, mutual for carrying out business based on the first parameter after described encryption and described server.
Preferably, described transmission unit is used for sending login request message to described server, described login request message carries the identification information of described virtual SIM card, the identification information of described virtual SIM card is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business.
Preferably, described transmission unit is used for sending radio connection request message to described server, described radio connection request message carries the identification information of described virtual SIM card, the identification information of described virtual SIM card is used to indicate described mobile terminal and is currently using described virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business.
Preferably, described device also comprises:
Acquiring unit, adds decryption key and encryption algorithm for obtaining, described in add decryption key and described encryption algorithm for the first parameter of described virtual SIM card being decrypted;
Whether judging unit, meet communication security requirements for judging the rank of the communication module of described mobile terminal configuration;
Control unit, for when the rank of the communication module of described mobile terminal configuration meets communication security requirements, then adds decryption key described in using and described first parameter is decrypted by described encryption algorithm; And for when the rank of the communication module of described mobile terminal configuration does not meet communication security requirements, controlling the first parameter after the direct storage encryption of described mobile terminal.
Preferably, described judging unit is for judging whether the identification information of described communication module is default identification information, whether meets communication security requirements to judge the rank of the communication module of described mobile terminal configuration.
Compared with prior art, technique scheme tool provided by the invention has the following advantages:
In technique scheme provided by the invention, virtual SIM card is currently being used sending the first message to server with indicating mobile terminal, and use the first parameter after encryption and server carry out business mutual when, the first parameter after the encryption received and server can be adopted to carry out business mutual, such mobile terminal is after getting the first parameter, no longer the first parameter can be used to carry out business with clear-text way mutual, thus improve the security of the first parameter in virtual SIM card, such as can carry out business based on the Ki after encryption and server mutual, to improve the security of Ki.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments. Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
Refer to Fig. 1, it illustrates the communication method based on virtual SIM card that the embodiment of the present invention provides, it is applied in mobile terminal, this mobile terminal can communicate with the server of operator Web vector graphic based on virtual SIM card, so that mobile terminal can adopt virtual SIM to complete every business. Concrete, the shown communication method based on virtual SIM card of above-mentioned Fig. 1 can comprise the following steps:
101: when mobile terminal uses virtual SIM card, the first message is sent to server, first message is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, such server, after receiving the first message, can carry out business with the first parameter after encrypting and mobile terminal mutual. And if mobile terminal adopts the first parameter after encryption, and to carry out business mutual, and server adopt the first parameter (i.e. the first parameter of unencryption) expressly carry out business mutual time, the message that mobile terminal and server None-identified the other side send can be caused, therefore mobile terminal want the first parameter and the server after using encryption carry out business mutual time, first need transmission the first message to carry out notification server.
In embodiments of the present invention, mobile terminal can adopt and carry out certain mutual message with server, its message adopted is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, as in the process starting register flow path after activating virtual SIM card, the login request message that mobile terminal sends to server or radio connection request message can carry the identification information of virtual SIM card, the identification information of described virtual SIM card is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, like this under the prerequisite not changing existing business interaction flow, virtual SIM card currently can be being used by notification server mobile terminal by increasing the mode of the identification information of a virtual SIM card in existing login request message or radio connection request message, and it is mutual to use the first parameter after encryption and described server to carry out business.
Wherein the identification information of above-mentioned virtual SIM card can adopt scale-of-two sequence form, scale-of-two sequence 0101 represents that mobile terminal is using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, and scale-of-two sequence 0011 represents that mobile terminal is using entity SIM card, therefore can be which scale-of-two sequence determines whether mobile terminal is using virtual SIM card by what judge the first message is carried in embodiments of the present invention, and it is mutual to use the first parameter after encryption and described server to carry out business.
When the identification information of certain virtual SIM card is a sequence, it can also adopt the form except scale-of-two sequence, identification information such as virtual SIM card is numeral sequence and/or an alphabetical sequence, as numeral 1 and 2 these two numerals can be adopted to determine whether mobile terminal is using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, wherein numeral 1 can use virtual SIM card by indicating mobile terminal, and it is mutual to use the first parameter after encryption and described server to carry out business, numeral 2 then indicating mobile terminal using entity SIM card.
102: the first parameter after the encryption that reception server sends. Wherein the encryption of the first parameter be use that server and mobile terminal consult to pass through in advance add decryption key and encrypt algorithm, adding decryption key and encrypting algorithm of being consulted can adopt existing mode, can be asymmetric encryption algorithm as encrypted algorithm, such as RSA PKI encryption algorithm, wherein RSA PKI encryption algorithm proposes together by Luo Nadeli Vista (RonRivest), A Disa More (AdiShamir) and Leonard A Deman (LeonardAdleman) for 1977, and RSA is exactly that their three alphabetical being stitched together of people's surname beginning form.
When consult by after, server can use consult pass through add decryption key and encryption algorithm the first parameter is encrypted. In embodiments of the present invention, first parameter be mobile terminal and server carry out business mutual time use parameter, such as in the authentication business of virtual SIM card, the Ki in virtual SIM card is encrypted, the Ki after encryption so just can be used to carry out authentication business.
103: carry out business based on the first parameter after encryption and server mutual. For authentication business, when server performs authentication business between mobile terminal, using using, the Ki after encrypting carrys out compute authentication vector as input to server, is then carried in authentication request message by authentication vector and is sent to mobile terminal. Mobile terminal, after receiving authentication request message, will utilize the Ki after the encryption self preserved authentication vector to be verified as input, with the identity of authentication server. After authentication is passed through, the Ki compute authentication response after mobile terminal recycling encryption, send is to server. When server determines that authentication response is correct, server carries out follow-up register flow path.
From technique scheme, the communication method based on virtual SIM card that the embodiment of the present invention provides currently is using virtual SIM card with indicating mobile terminal sending the first message to server, and use the first parameter after encryption and server carry out business mutual when, the first parameter after the encryption received and server can be adopted to carry out business mutual, such mobile terminal is after getting the first parameter, no longer the first parameter can be used to carry out business with clear-text way mutual, thus improve the security of the first parameter in virtual SIM card, such as can carry out business based on the Ki after encryption and server mutual, to improve the security of Ki.
In order to improve the security of the first parameter of virtual SIM card further, the communication method based on virtual SIM card that the embodiment of the present invention provides can also judge whether the first parameter after encryption is decrypted storage further, detailed process as shown in Figure 2, also comprises on Fig. 1 basis:
104: obtain and add decryption key and encryption algorithm, add decryption key and encrypt algorithm for the first parameter of virtual SIM card being decrypted.
Decryption key and encryption algorithm is added for obtaining, need between mobile terminal and server to hold consultation, the object wherein consulted determines which kind of both sides adopt add decryption key and encryption algorithm when carrying out business and be mutual, its process can be: encrypts adding decryption key and encrypting algorithm of the first parameter use with server negotiate, after passing through with server negotiate, what acquisition negotiation was passed through adds decryption key and encryption algorithm. Concrete steps can be as follows:
Mobile terminal sends the negotiation request message carrying and adding decryption key and encryption algorithm to server, adding decryption key and encrypting algorithm of wherein carrying in negotiation request message can be mobile terminal self configuration, what communicate for both sides and use adds decryption key and encrypts algorithm, it is thus desirable to the first parameter is encrypted by the decryption key that adds whether request server can adopt mobile terminal self to configure with encryption algorithm, so that server can know that mobile terminal adopts add decryption key and encryption algorithm, such server just can adopt corresponding manner to process;
When server agree to mobile terminal configuration add decryption key and encryption algorithm after, to mobile terminal send consult ack message, with indicate agree to use mobile terminal configuration add decryption key and encryption algorithm the first parameter is encrypted. If server does not agree to adding decryption key and encrypting algorithm of mobile terminal configuration, then need to send to mobile terminal to consult nack message, reconfigure with indicating mobile terminal and add decryption key and encryption algorithm, or add decryption key and encryption algorithm to what mobile terminal transmission server configured.
In embodiments of the present invention, mobile terminal and server are in the negotiation process being encrypted key and encryption algorithm, it is possible to held consultation by wifi (WirelessFidelity, WLAN (wireless local area network)) or cellular network and server.
105: judge whether the rank of the communication module of mobile terminal configuration meets communication security requirements, if it does, perform step 106, perform step 107 if not. The object whether rank of the module that wherein judges to communicate meets communication security requirements is: whether the first parameter after encryption is decrypted storage, to send the first parameter after deciphering in communication module from the applied layer of mobile terminal.
In embodiments of the present invention, judge whether the rank of the communication module of mobile terminal configuration meets the feasible pattern of communication security requirements and be: whether the identification information judging described communication module is default identification information, if the rank judging the communication module of mobile terminal configuration meets communication security requirements, if otherwise judging that the rank of the communication module of mobile terminal configuration does not meet communication security requirements. The identification information of each communication module that the safe rank that wherein default identification information is pre-configured is higher, such as the communication module of Gao De.
106: add decryption key described in use and described first parameter is decrypted by described encryption algorithm, when the rank of the module that communicates meets communication security requirements, illustrate that the security of communication module is higher, can the first parameter after store decrypted, so far mobile terminal can use described in add decryption key and described first parameter is decrypted by described encryption algorithm, store in the applied layer of communication module or mobile terminal with clear-text way.
107: control the first parameter after the direct storage encryption of described mobile terminal, namely the first parameter is not decrypted, to prevent obtaining the first parameter by communication module, and then the security of the first parameter can be improved.
Referring to Fig. 3, it illustrates the structural representation of the communicator based on virtual client identification Module SIM card that the embodiment of the present invention provides, it is applied in mobile terminal, it is possible to comprising: sends unit 11, receive unit 12 and interactive unit 13.
Send unit 12, for sending the first message when described mobile terminal uses described virtual SIM card to server, first message is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business.
In embodiments of the present invention, transmission unit 11 can adopt and carry out certain mutual message with server, its message adopted is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, as in the process starting register flow path after activating virtual SIM card, send the identification information that can carry virtual SIM card in the login request message or radio connection request message that unit 12 sends to server, the identification information of described virtual SIM card is used to indicate mobile terminal and is currently using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, like this under the prerequisite not changing existing business interaction flow, virtual SIM card currently can be being used by notification server mobile terminal by increasing the mode of the identification information of a virtual SIM card in existing login request message or radio connection request message.
Wherein the identification information of above-mentioned virtual SIM card can adopt scale-of-two sequence form, scale-of-two sequence 0101 represents that mobile terminal is using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, and scale-of-two sequence 0011 represents that mobile terminal is using entity SIM card, therefore can be which scale-of-two sequence determines whether mobile terminal is using virtual SIM card by what judge the first message is carried in embodiments of the present invention, and it is mutual to use the first parameter after encryption and described server to carry out business.
When the identification information of certain virtual SIM card is a sequence, it can also adopt the form except scale-of-two sequence, identification information such as virtual SIM card is numeral sequence and/or an alphabetical sequence, as numeral 1 and 2 these two numerals can be adopted to determine whether mobile terminal is using virtual SIM card, and it is mutual to use the first parameter after encryption and described server to carry out business, wherein numeral 1 can use virtual SIM card by indicating mobile terminal, and it is mutual to use the first parameter after encryption and described server to carry out business, numeral 2 then indicating mobile terminal using entity SIM card.
Receive unit 12, for the first parameter after the encryption that reception server sends. Wherein the encryption of the first parameter be use that server and mobile terminal consult to pass through in advance add decryption key and encrypt algorithm, adding decryption key and encrypting algorithm of being consulted can adopt existing mode, can be asymmetric encryption algorithm as encrypted algorithm, such as RSA PKI encryption algorithm, wherein RSA PKI encryption algorithm proposes together by Luo Nadeli Vista (RonRivest), A Disa More (AdiShamir) and Leonard A Deman (LeonardAdleman) for 1977, and RSA is exactly that their three alphabetical being stitched together of people's surname beginning form.
When consult by after, server can use consult pass through add decryption key and encryption algorithm the first parameter is encrypted. In embodiments of the present invention, first parameter be mobile terminal and server carry out business mutual time use parameter, such as in the authentication business of virtual SIM card, the Ki in virtual SIM card is encrypted, the Ki after encryption so just can be used to carry out authentication business.
Interactive unit 13, mutual for carrying out business based on the first parameter after encryption and server. For authentication business, when server performs authentication business between mobile terminal, using using, the Ki after encrypting carrys out compute authentication vector as input to server, is then carried in authentication request message by authentication vector and is sent to mobile terminal. Mobile terminal after receiving authentication request message, interactive unit 14 will utilize the encryption self preserved after Ki as input authentication vector is verified, with the identity of authentication server. After authentication is passed through, the Ki compute authentication response after mobile terminal recycling encryption, send is to server. When server determines that authentication response is correct, server carries out follow-up register flow path.
From technique scheme, the communicator based on virtual SIM card that the embodiment of the present invention provides currently is using virtual SIM card with indicating mobile terminal sending the first message to server, and use the first parameter after encryption and described server carry out business mutual when, the first parameter after encryption and server can be adopted to carry out business mutual, such mobile terminal is after getting the first parameter, no longer the first parameter can be used to carry out business with clear-text way mutual, thus improve the security of the first parameter in virtual SIM card, such as can carry out business based on the Ki after encryption and server mutual, to improve the security of Ki.
Refer to Fig. 4, it illustrates another kind of structural representation of the communicator based on virtual SIM card that the embodiment of the present invention provides, on Fig. 3 basis, also comprise: acquiring unit 14, judging unit 15 and control unit 16.
Acquiring unit 11, adds decryption key and encryption algorithm for obtaining, adds decryption key and encrypt algorithm for the first parameter of virtual SIM card being decrypted. Decryption key and encryption algorithm is added for obtaining, need between mobile terminal and server to hold consultation, the object wherein consulted determines which kind of both sides adopt add decryption key and encryption algorithm when carrying out business and be mutual, its process can be: acquiring unit 11 and server negotiate encrypt adding decryption key and encrypting algorithm of the first parameter use, after passing through with server negotiate, what acquisition negotiation was passed through adds decryption key and encryption algorithm. In embodiments of the present invention, acquiring unit 11 is in the negotiation process being encrypted key and encryption algorithm, it is possible to held consultation by wifi or cellular network and server.
Whether judging unit 15, meet communication security requirements for judging the rank of the communication module of described mobile terminal configuration. The object whether rank of the module that wherein judges to communicate meets communication security requirements is: whether the first parameter after encryption is decrypted storage, to send the first parameter after deciphering in communication module from the applied layer of mobile terminal.
In embodiments of the present invention, judge whether the rank of the communication module of mobile terminal configuration meets the feasible pattern of communication security requirements and be: whether the identification information judging described communication module is default identification information, if the rank judging the communication module of mobile terminal configuration meets communication security requirements, if otherwise judging that the rank of the communication module of mobile terminal configuration does not meet communication security requirements. The identification information of each communication module that the safe rank that wherein default identification information is pre-configured is higher, such as the communication module that high moral generates.
Control unit 16, for when the rank of the communication module of described mobile terminal configuration meets communication security requirements, then adds decryption key described in using and described first parameter is decrypted by described encryption algorithm; And for when the rank of the communication module of described mobile terminal configuration does not meet communication security requirements, controlling the first parameter after the direct storage encryption of described mobile terminal.
When the rank of the module that communicates meets communication security requirements, illustrate that the security of communication module is higher, can the first parameter after store decrypted, so far control unit 16 can use described in add decryption key and described first parameter is decrypted by described encryption algorithm, store in the applied layer of communication module or mobile terminal with clear-text way. And when the rank of the communication module of described mobile terminal configuration does not meet communication security requirements, control the first parameter after the direct storage encryption of described mobile terminal, namely the first parameter is not decrypted, to prevent obtain the first parameter by communication module, and then the security of the first parameter can be improved.
Finally, it should be noted that, herein, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, so that comprise the process of a series of key element, method, article or equipment not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise the key element intrinsic for this kind of process, method, article or equipment. When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
To the above-mentioned explanation of the disclosed embodiments, those skilled in the art are enable to realize or use the present invention. To be apparent for a person skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments. Therefore, the present invention can not be limited in these embodiments shown in this article, but be met the widest scope consistent with principle disclosed herein and features of novelty.
The above is only the preferred embodiment of the present invention; it is noted that for those skilled in the art, under the premise without departing from the principles of the invention; can also making some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.