Summary of the invention
In view of this, the present invention provides a kind of communication means and device based on virtual SIM card, for improving virtual SIM
The safety of parameters in card.
The present invention provides a kind of communication means based on virtual SIM card, is applied in mobile terminal, which comprises
The mobile terminal use the virtual SIM card in the case where, to server send first message, described first
Message is used to indicate the mobile terminal and is being currently used the virtual SIM card, and using encrypted first parameter with
The server carries out service interaction;
Receive encrypted first parameter that server is sent;
Service interaction is carried out based on encrypted first parameter and the server.
It is preferably, described to send first message to server, comprising:
Login request message is sent to the server, carries the virtual SIM card in the login request message
Identification information, the identification information of the virtual SIM card are used to indicate the mobile terminal and the virtual SIM are being currently used
Card, and service interaction is carried out using encrypted first parameter and the server.
It is preferably, described to send first message to server, comprising:
Radio connection request message is sent to the server, is carried in the radio connection request message described virtual
The identification information of SIM card, the identification information of the virtual SIM card are used to indicate the mobile terminal and the void are being currently used
Quasi- SIM card, and service interaction is carried out using encrypted first parameter and the server.
Preferably, the method also includes:
Encryption key and Encryption Algorithm are obtained, the encryption key and the Encryption Algorithm are used for the virtual SIM card
The first parameter be decrypted;
Judge whether the rank of the communication module of the mobile terminal configuration meets communication security requirements;
If it is, first parameter is decrypted using the encryption key and the Encryption Algorithm;
If it is not, then controlling the mobile terminal directly stores encrypted first parameter.
Preferably, whether the rank of the communication module for judging the mobile terminal configuration meets communication security requirements,
It include: to judge whether the identification information of the communication module is default identification information.
The present invention also provides a kind of communication devices based on virtual client identification module SIM card, are applied in mobile terminal,
Described device includes:
Transmission unit, for sending first to server in the case where the mobile terminal uses the virtual SIM card
Message, the first message are used to indicate the mobile terminal and the virtual SIM card are being currently used, and after use encryption
The first parameter and the server carry out service interaction;
Receiving unit, for receiving encrypted first parameter of server transmission;
Interactive unit, for carrying out service interaction based on encrypted first parameter and the server.
Preferably, the transmission unit is used to send login request message, the login request message to the server
In carry the identification information of the virtual SIM card, the identification information of the virtual SIM card is used to indicate the mobile terminal and works as
Before be used the virtual SIM card, and carry out service interaction using encrypted first parameter and the server.
Preferably, the transmission unit is used to send radio connection request message, the wireless connection to the server
The identification information of the virtual SIM card is carried in request message, the identification information of the virtual SIM card is used to indicate the shifting
The virtual SIM card is being currently used in dynamic terminal, and carries out business using encrypted first parameter and the server
Interaction.
Preferably, described device further include:
Acquiring unit, for obtaining encryption key and Encryption Algorithm, the encryption key and the Encryption Algorithm for pair
First parameter of the virtual SIM card is decrypted;
Judging unit is wanted for judging whether the rank of communication module of the mobile terminal configuration meets communication security
It asks;
The case where control unit, the rank for the communication module in the mobile terminal configuration meets communication security requirements
Under, then first parameter is decrypted using the encryption key and the Encryption Algorithm;And in the movement
Terminal configuration communication module rank be unsatisfactory for communication security requirements in the case where, control the mobile terminal directly store add
The first parameter after close.
Preferably, the judging unit is used to judge whether the identification information of the communication module to be default identification information,
To judge whether the rank of the communication module of the mobile terminal configuration meets communication security requirements.
Compared with prior art, above-mentioned technical proposal provided by the invention has the advantages that
In above-mentioned technical proposal provided by the invention, first message is being sent to indicate mobile terminal currently just to server
In the case where carrying out service interaction using virtual SIM card and using encrypted first parameter and server, can use
Encrypted first parameter that receives and server carry out service interaction, such mobile terminal after getting the first parameter,
Service interaction no longer can be carried out using the first parameter with clear-text way, to improve the safety of the first parameter in virtual SIM card
Property, such as service interaction can be carried out based on encrypted Ki and server, to improve the safety of Ki.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Referring to Fig. 1, being applied to move it illustrates the communication means provided in an embodiment of the present invention based on virtual SIM card
In dynamic terminal, this mobile terminal can be communicated based on virtual SIM card with the server that carrier network uses, so that mobile
Terminal can complete every business using virtual SIM.Specifically, the communication means based on virtual SIM card shown in above-mentioned Fig. 1 can
With the following steps are included:
101: in the case where mobile terminal uses virtual SIM card, sending first message to server, first message is used for
Virtual SIM card is being currently used in instruction mobile terminal, and carries out industry using encrypted first parameter and the server
Business interaction, such server can carry out business friendship after receiving first message with encrypted first parameter and mobile terminal
Mutually.And if mobile terminal using encrypted first parameter carry out service interaction, and server using plaintext the first parameter (i.e.
First parameter of unencryption) when carrying out service interaction, it will lead to mobile terminal and server can not identify the message that other side sends,
Therefore when mobile terminal is wanted to carry out service interaction using encrypted first parameter and server, it is necessary first to send first
Message carrys out tell the server.
In embodiments of the present invention, mobile terminal can be used using some message interacted with server
Message is used to indicate mobile terminal and virtual SIM card is being currently used, and uses encrypted first parameter and the service
Device carries out service interaction, and such as during starting register flow path after activating virtual SIM card, mobile terminal is sent to server
The identification information of virtual SIM card, the virtual SIM card can be carried in login request message or radio connection request message
Identification information be used to indicate mobile terminal and be being currently used virtual SIM card, and use encrypted first parameter and institute
It states server and carries out service interaction, in this way under the premise of not changing existing business interaction flow, by being asked in existing registration
Ask the mode for increasing the identification information of a virtual SIM card in message or radio connection request message can tell the server movement
Virtual SIM card is being currently used in terminal, and carries out service interaction using encrypted first parameter and the server.
Wherein the identification information of above-mentioned virtual SIM card can use binary sequence form, and binary sequence 0101 indicates
Virtual SIM card is used in mobile terminal, and carries out service interaction using encrypted first parameter and the server, and
Binary sequence 0011 indicates that entity SIM card is used in mobile terminal, therefore can pass through judgement in embodiments of the present invention
Which binary sequence what is carried in first message is to determine whether mobile terminal is used virtual SIM card, and is used
Encrypted first parameter and the server carry out service interaction.
When the identification information of certain virtual SIM card is a sequence, the form in addition to binary sequence can also be used,
If the identification information of virtual SIM card is a Serial No. and/or alphabetical sequence, such as can using number 1 and 2 the two it is digital come
It determines whether mobile terminal is used virtual SIM card, and carries out industry using encrypted first parameter and the server
Business interaction, wherein number 1 can indicate that mobile terminal is used virtual SIM card, and using encrypted first parameter with
The server carries out service interaction, and number 2 then indicates that entity SIM card is used in mobile terminal.
102: receiving encrypted first parameter that server is sent.Wherein the encryption of the first parameter be using server with
Mobile terminal negotiates the encryption key passed through and Encryption Algorithm in advance, and the encryption key and Encryption Algorithm negotiated can be using existing
There is mode, if Encryption Algorithm can be rivest, shamir, adelman, such as RSA public key encryption algorithm, wherein RSA public key encryption algorithm
It is 1977 by Peter Lonard Lee Vista (Ron Rivest), A Di Shamir (Adi Shamir) and Leonard A De
Graceful (Leonard Adleman) is proposed together, and RSA is exactly that their three people's surnames start the alphabetical composition that is stitched together.
After negotiating to pass through, server can be used the encryption key for negotiating to pass through and Encryption Algorithm and carry out to the first parameter
Encryption.In embodiments of the present invention, the first parameter is mobile terminal and server carries out the parameter used when service interaction, such as
In the authentication services of virtual SIM card, the Ki in virtual SIM card is encrypted, thus can be used encrypted Ki into
Row authentication services.
103: service interaction is carried out based on encrypted first parameter and server.By taking authentication services as an example, server exists
When executing authentication services between mobile terminal, server will use encrypted Ki as input to calculate authentication vector, so
Authentication vector is carried in authentication request message afterwards and is sent to mobile terminal.Mobile terminal receive authentication request message it
Afterwards, it will the encrypted Ki saved using itself verifies authentication vector as input, with the identity of authentication server.
After authentication passes through, mobile terminal recycles encrypted Ki to calculate Authentication Response, and is sent to server.Work as server
When determining that Authentication Response is correct, server carries out subsequent register flow path.
From above-mentioned technical proposal it is found that it is provided in an embodiment of the present invention based on the communication means of virtual SIM card to service
Device sends first message and is being currently used virtual SIM card to indicate mobile terminal, and using encrypted first parameter with
In the case that server carries out service interaction, business friendship can be carried out using encrypted first parameter and server received
Mutually, such mobile terminal no longer can carry out service interaction using the first parameter with clear-text way after getting the first parameter,
To improve the safety of the first parameter in virtual SIM card, such as business friendship can be carried out based on encrypted Ki and server
Mutually, to improve the safety of Ki.
In order to further increase virtual SIM card the first parameter safety, it is provided in an embodiment of the present invention based on virtual
The communication means of SIM card can also further determine whether that storage is decrypted to encrypted first parameter, and detailed process is such as
Shown in Fig. 2, on the basis of Fig. 1 further include:
104: obtaining encryption key and Encryption Algorithm, encryption key and Encryption Algorithm are used for the first ginseng to virtual SIM card
Number is decrypted.
For encryption key and Encryption Algorithm can be obtained, need to hold consultation between mobile terminal and server, wherein assisting
The purpose of quotient be determining both sides when carrying out service interaction using which kind of encryption key and Encryption Algorithm, process may is that with
Server negotiates the encryption key and Encryption Algorithm that the first parameter of encryption uses and obtains and negotiate after passing through with server negotiation
By encryption key and Encryption Algorithm.Specific steps can be such that
Mobile terminal sends the negotiation request message for carrying encryption key and Encryption Algorithm to server, wherein negotiating to ask
It asks the encryption key carried in message and Encryption Algorithm to can be mobile terminal itself configuration, adds for what intercommunication used
Key and Encryption Algorithm, it is therefore desirable to which whether request server using the encryption key that mobile terminal itself configures and can add
Close algorithm encrypts the first parameter, so that server can know that the encryption key that mobile terminal uses and encryption are calculated
Method, such server can just be handled using corresponding manner;
After server agrees to the encryption key and Encryption Algorithm of mobile terminal configuration, is sent to mobile terminal and negotiate affirmative
Message is agreed to encrypt the first parameter using the encryption key and Encryption Algorithm of mobile terminal configuration with instruction.If service
Device disagrees the encryption key and Encryption Algorithm of mobile terminal configuration, then needs to send to mobile terminal and negotiate nack message, with
Instruction mobile terminal reconfigures encryption key and Encryption Algorithm, or sends the encryption key that server configures to mobile terminal
And Encryption Algorithm.
In embodiments of the present invention, mobile terminal and server are in the negotiations process for carrying out encryption key and Encryption Algorithm
In, it can be held consultation by wifi (Wireless Fidelity, WLAN) or cellular network with server.
105: judging whether the rank of the communication module of mobile terminal configuration meets communication security requirements, if so, executing
Step 106, step 107 is executed if not.The purpose for wherein judging whether the rank of communication module meets communication security requirements exists
In: whether storage is decrypted in encrypted first parameter, with the first ginseng after sending decryption from the application layer of mobile terminal
Number is into communication module.
In embodiments of the present invention, judge whether the rank of the communication module of mobile terminal configuration meets communication security requirements
Feasible pattern be: whether the identification information for judging the communication module is default identification information, if it is determining mobile terminal
The rank of the communication module of configuration meets communication security requirements, if otherwise determining the rank of the communication module of mobile terminal configuration
It is unsatisfactory for communication security requirements.Wherein preset the mark that identification information is the higher each communication module of preconfigured security level
Information is known, such as the communication module of Gao De.
106: first parameter being decrypted using the encryption key and the Encryption Algorithm, when communication module
When rank meets communication security requirements, illustrate that the safety of communication module is higher, the first parameter after can store decryption, so far
Mobile terminal can be used the encryption key and the Encryption Algorithm and first parameter be decrypted, and be existed with clear-text way
Communication module or the application layer of mobile terminal are stored.
107: it controls the mobile terminal and directly stores encrypted first parameter, i.e., the first parameter is not decrypted,
To prevent from obtaining the first parameter by communication module, and then the safety of the first parameter can be improved.
Referring to Fig. 3, it illustrates provided in an embodiment of the present invention, the communication based on virtual client identification module SIM card is filled
The structural schematic diagram set is applied in mobile terminal, may include: transmission unit 11, receiving unit 12 and interactive unit 13.
Transmission unit 12, for sending the to server in the case where the mobile terminal uses the virtual SIM card
One message, first message is used to indicate mobile terminal and virtual SIM card is being currently used, and uses encrypted first parameter
Service interaction is carried out with the server.
In embodiments of the present invention, transmission unit 11 can be used using some message interacted with server
Message be used to indicate mobile terminal and be being currently used virtual SIM card, and use encrypted first parameter and the clothes
Business device carries out service interaction, and such as during starting register flow path after activating virtual SIM card, transmission unit 12 is sent out to server
The identification information of virtual SIM card can be carried in the login request message or radio connection request message sent, it is described virtual
The identification information of SIM card is used to indicate mobile terminal and virtual SIM card is being currently used, and uses encrypted first parameter
Service interaction is carried out with the server, in this way under the premise of not changing existing business interaction flow, by existing note
The mode for the identification information for increasing by a virtual SIM card in volume request message or radio connection request message can tell the server
Virtual SIM card is being currently used in mobile terminal.
Wherein the identification information of above-mentioned virtual SIM card can use binary sequence form, and binary sequence 0101 indicates
Virtual SIM card is used in mobile terminal, and carries out service interaction using encrypted first parameter and the server, and
Binary sequence 0011 indicates that entity SIM card is used in mobile terminal, therefore can pass through judgement in embodiments of the present invention
Which binary sequence what is carried in first message is to determine whether mobile terminal is used virtual SIM card, and is used
Encrypted first parameter and the server carry out service interaction.
When the identification information of certain virtual SIM card is a sequence, the form in addition to binary sequence can also be used,
If the identification information of virtual SIM card is a Serial No. and/or alphabetical sequence, such as can using number 1 and 2 the two it is digital come
It determines whether mobile terminal is used virtual SIM card, and carries out industry using encrypted first parameter and the server
Business interaction, wherein number 1 can indicate that mobile terminal is used virtual SIM card, and using encrypted first parameter with
The server carries out service interaction, and number 2 then indicates that entity SIM card is used in mobile terminal.
Receiving unit 12, for receiving encrypted first parameter of server transmission.The wherein encryption of the first parameter is
Negotiate the encryption key passed through and Encryption Algorithm in advance using server and mobile terminal, the encryption key negotiated and encryption are calculated
Method can use existing way, if Encryption Algorithm can be rivest, shamir, adelman, such as RSA public key encryption algorithm, wherein RSA
Public key encryption algorithm be 1977 by Peter Lonard Lee Vista (Ron Rivest), A Di Shamir (Adi Shamir) and
Leonard A Deman (Leonard Adleman) proposes that RSA is exactly that their three people's surnames beginning letters are stitched together together
Composition.
After negotiating to pass through, server can be used the encryption key for negotiating to pass through and Encryption Algorithm and carry out to the first parameter
Encryption.In embodiments of the present invention, the first parameter is mobile terminal and server carries out the parameter used when service interaction, such as
In the authentication services of virtual SIM card, the Ki in virtual SIM card is encrypted, thus can be used encrypted Ki into
Row authentication services.
Interactive unit 13, for carrying out service interaction based on encrypted first parameter and server.It is with authentication services
Example, when server executes authentication services between mobile terminal, server will use encrypted Ki as input to calculate
Then authentication vector is carried in authentication request message and is sent to mobile terminal by authentication vector.Mobile terminal is receiving mirror
After weighing request message, interactive unit 14 will be tested authentication vector as input using the encrypted Ki that itself is saved
Card, with the identity of authentication server.After authentication passes through, mobile terminal recycles encrypted Ki to calculate Authentication Response,
And it is sent to server.When server determines that Authentication Response is correct, server carries out subsequent register flow path.
From above-mentioned technical proposal it is found that it is provided in an embodiment of the present invention based on the communication device of virtual SIM card to service
Device sends first message and is being currently used virtual SIM card to indicate mobile terminal, and using encrypted first parameter with
In the case that the server carries out service interaction, service interaction can be carried out using encrypted first parameter and server,
Mobile terminal so no longer can carry out service interaction using the first parameter with clear-text way after getting the first parameter, from
And the safety of the first parameter in virtual SIM card is improved, such as service interaction can be carried out based on encrypted Ki and server,
To improve the safety of Ki.
Referring to Fig. 4, it illustrates the another kind knots of the communication device provided in an embodiment of the present invention based on virtual SIM card
Structure schematic diagram, on the basis of Fig. 3, further includes: acquiring unit 14, judging unit 15 and control unit 16.
Acquiring unit 11, for obtaining encryption key and Encryption Algorithm, encryption key and Encryption Algorithm are used for virtual SIM
First parameter of card is decrypted.Needed for encryption key and Encryption Algorithm can be obtained, between mobile terminal and server into
Row is negotiated, wherein the purpose negotiated is determining both sides use which kind of encryption key and Encryption Algorithm when carrying out service interaction,
Process may is that acquiring unit 11 and server negotiate the encryption key and Encryption Algorithm that the first parameter of encryption uses, with clothes
After business device negotiation passes through, the encryption key for negotiating to pass through and Encryption Algorithm are obtained.In embodiments of the present invention, acquiring unit 11 exists
In the negotiations process for carrying out encryption key and Encryption Algorithm, it can be held consultation by wifi or cellular network with server.
Judging unit 15 is wanted for judging whether the rank of communication module of the mobile terminal configuration meets communication security
It asks.Whether the purpose for wherein judging whether the rank of communication module meets communication security requirements is: encrypted first being joined
Storage is decrypted in number, to send the first parameter after decryption from the application layer of mobile terminal into communication module.
In embodiments of the present invention, judge whether the rank of the communication module of mobile terminal configuration meets communication security requirements
Feasible pattern be: whether the identification information for judging the communication module is default identification information, if it is determining mobile terminal
The rank of the communication module of configuration meets communication security requirements, if otherwise determining the rank of the communication module of mobile terminal configuration
It is unsatisfactory for communication security requirements.Wherein preset the mark that identification information is the higher each communication module of preconfigured security level
Know information, the communication module that such as high moral generates.
Control unit 16, the rank for the communication module in the mobile terminal configuration meet the feelings of communication security requirements
Under condition, then first parameter is decrypted using the encryption key and the Encryption Algorithm;And in the shifting
In the case that the rank of the communication module of dynamic terminal configuration is unsatisfactory for communication security requirements, controls the mobile terminal and directly store
Encrypted first parameter.
When the rank of communication module meets communication security requirements, illustrates that the safety of communication module is higher, can store
The first parameter after decryption, so far the encryption key and the Encryption Algorithm can be used to first ginseng in control unit 16
Number is decrypted, and the application layer with clear-text way in communication module or mobile terminal is stored.And in the mobile terminal
In the case that the rank of the communication module of configuration is unsatisfactory for communication security requirements, control the mobile terminal directly store encryption after
The first parameter, i.e., the first parameter is not decrypted, to prevent from obtaining the first parameter by communication module, and then be can be improved
The safety of first parameter.
Finally, it should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to contain
Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.