CN105657696A - Mobile phone communication method and system without SIM card - Google Patents
Mobile phone communication method and system without SIM card Download PDFInfo
- Publication number
- CN105657696A CN105657696A CN201510971492.3A CN201510971492A CN105657696A CN 105657696 A CN105657696 A CN 105657696A CN 201510971492 A CN201510971492 A CN 201510971492A CN 105657696 A CN105657696 A CN 105657696A
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- encryption
- encryption algorithm
- sim card
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/11—Allocation or use of connection identifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a mobile phone communication method and system without an SIM card. The mobile phone communication method is applied to the field of mobile communication and is used for completing verification of a mobile phone to a base station by codes of the mobile phone and further determining a random encryption algorithm to encrypt a communication channel, no SIM card of the mobile phone is realized, the structure of the mobile phone is simplified, the cost is lowered, the usability of the mobile phone is provided, and a new choice is provided for the mobile communication industry, and based on which, the communication security level is improved beneficially, and the cooperation and sharing of operators are consolidated.
Description
Technical field
The present invention relates to moving communicating field, particularly relate to a kind of the mobile phone communication method and the system that depart from SIM card.
Background technology
SIM card is as the one of smart card, and its effect is still limited at data and stores and encryption and decryption process aspect. The concept of SIM card is not had at the mobile communication initial stage, adopted at that time be plane No. one mode (separation between machine and card and machine card integrated saying had occurred for CDMA technology afterwards, the early stage concept also not having SIM card, just do not know where to begin machine card integrated) yet, need number and mobile phone to be mated by burning number (saying in a sense, exactly certain storage zone of mobile phone is write the data content specified). Domestic early stage mobile telephone is exactly this kind of mode, and Personal Handyphone System afterwards was also once adopted in such a way. It is more loaded down with trivial details that its shortcoming changes mobile phone exactly, and because there being burning number to operate, it is easy to copying, so machine phenomenon is popularized, hand-set from stolen beats wildness. Just needed to find a kind of storage carrier that can be safer at that time, and stored these responsive information, and complete certain encryption and decryption functions. Just during this time, smart card techniques starts maturation. So people wish to rely on smart card to improve the safety defect in original mobile communication very naturally. So european telecommunication stdn council ETSI, just formulate a series of standards about SIM card. Describe in detail and SIM card needs the data content that stores and form, and SIM is stuck in user and uses the effect that should play in mobile network service process. The technical development of plane No. one is interrupted since then.
SIM card, from structure, is exactly the chip card of band microprocessor, and it is made up of CPU, working memory RAM, program memory ROM, data-carrier store EEPRoM and serial communication unit 5 modules, and these 5 module integrations are in one piece of unicircuit. SIM card contains all information belonging to this user. Its inside contains relevant with user, is stored in the information of this side of user, comprising: A, authentication and add confidential information Ki (Kc algorithm input one of parameter, cipher key number); B, international mobile subscriber number (IMSI); C, A3:IMSI identifying algorithm; D, A5: encryption key schedule; E, A8: before key (Kc) generates, user's key (Kc) generates algorithm. F, call blocking information, abbreviated dialing information, in addition, in order to network operation runs, SIM also should be able to store some interim data.
What the authentication of GSM network adopted is Comp128-1/2/3 algorithm, is also exactly so-called A3A8 algorithm.And CDMA employing is CAVE algorithm, what 3G network adopted is MILENAGE algorithm. Although specific algorithm exists difference, but authentication process is similar, as follows for the authorizing procedure that Comp128 is main: 1. can read IMSI (15 numerals) and TMSI (4 byte) from SIM card after mobile phone power-on; 2., during mobile phone logging in network, network will be issued by IMSI or TMSI; 3. network determines this IMSI or TMSI effectively, will generate the RAND of a 128bit, then issue mobile phone; 4., after mobile phone receives RAND, RAND is issued SIM card; 5.SIM, taking the KI of the inside as double secret key RAND carries out A3A8 computing, generates (SRES+Kc); 6. mobile phone reads (SRES+Kc) (32bit+64bit), and SRES is issued network; 7. network oneself carries out an A3A8 computing, if the SRES that result returns with mobile phone is identical, then thinks that this user is legal. Whole process only relates to examines authentication to SIM clamp part.
SIM card authorizing procedure, international mobile subscriber unique identifier IMSI and key K i wherein is the data that maintain secrecy needing safety storing, if IMSI and Ki leaks, even if so this SIM card has been decrypted, usually for adopting the SIM card of Comp128-1 algorithm approximately to need just can decode by colliding the mode of attack for 3-10 hour, and for the omp128-2/3 algorithm decoding means that also have nothing effective at present.
Existing mobile phone wants mobile base station docking to realize communication must insert SIM card, but from security standpoint and cost angle, this kind of traditional way is not all preferred plan.
From security standpoint: the core technology of SIM rests in minority several American-European company hand, and in recent years encrypt that algorithm is revealed, Computing performance and decoding technology is more and more powerful, the SIM card key event of being stolen happens occasionally, as Jin Yatuo (Gemalto) information security events, some country's tissue implement spy's monitoring by SIM card, lawless person with SIM reproducer, other people SIM is carried out bootlegging etc. The user even information security of country are all constituted a threat to by undoubtedly. And the development trend along with present SIM, SIM storage space is increasing, power consumption is more and more lower, turn increases undoubtedly and improves, in the quantity of information and technological layer divulged a secret, probability of divulging a secret.
From cost angle, present 80% mobile phone is all intelligence machine, inherently having huge storage space and powerful arithmetic capability, the effect that SIM card is main in a mobile network: subscriber identity authentication, data information memory, utilize STK to provide value added service, these all substitute by mobile phone self. Mobile phone needs to load SIM card and wastes mobile phone space undoubtedly, needs to arrange separately sim card slot, affects handset size and three anti-abilities, to be prevented user from pulling out after stepping on net the state that SIM card also to be verified repeatedly by SIM card hand machine in using. Also add the extra cost buying SIM card and change that operator changes SIM card.
Summary of the invention
The main technical problem to be solved in the present invention is, it is provided that a kind of mobile phone communication method and system departing from SIM card, it is provided that a kind of alternative communication scheme without entity SIM card.
For solving the problems of the technologies described above, the present invention provides a kind of mobile phone communication method departing from SIM card, comprises the mobile phone being built-in with computing encryption software; After user purchases mobile phone, need to by cellphone information and personal identification card be supplied to communication operation business carry out registering and with mobile phone number binding, service password is set, operator is by complete set information record and uploads to communication terminal server, and the inventory that is associated in mobile switching centre; Its communication process is:
Searching automatically computing encryption software being carried out search after the first step, mobile phone power-on, whether detection of handset stores the 2nd encryption algorithm, if having, directly sets up wireless link and then the use that can network by the 2nd encryption algorithm channel encryption with neighbouring base station;If nothing, enter next step;
Automatically read at least two in the service password of self IMEI code, SNR code, Wi-FiMAC address, licence for entry to network code, user's input after 2nd step, mobile phone power-on, and the data input computing encryption software read is encrypted algorithm composition identity code by first;
When 3rd step, mobile phone dock with base station, identity code is sent to base station;
Identity code is decrypted by the 4th step, base station by the same first encryption algorithm, and the information that draws of deciphering is associated information in inventory carries out retrieval with described and mates, judge whether it mates with inventory information, cannot mate, refuse access, coupling then generates a random signcode by signcode system, it is handed down to mobile phone, obtains the 2nd encryption algorithm in conjunction with the first encryption algorithm and signcode simultaneously;
After 5th step, mobile phone receive signcode, signcode is issued computing encryption software, and computing encryption software in conjunction with described first encryption algorithm, forms the 2nd encryption algorithm according to signcode, mobile phone generates access by the 2nd encryption algorithm and completes information, is sent to base station;
6th step, base station receive access and complete information, carry out binding association, and share to all base stations by mobile switching centre under the obtain the 2nd encryption algorithm is put into user name corresponding in described association inventory;
7th step, all base stations and give tacit consent between this mobile phone by the described the 2nd encryption algorithm carry out channel encryption communicate.
During enforcement, also can include and alarm flow, described in this flow process, online mobile phone is added up by communication terminal server, when appearance: find when in described 4th step, base station is searched in described association inventory this identity code effectively but there is the 2nd encryption algorithm record, two mobile phones use the 2nd identical encryption algorithm to communicate, or mobile phone is when there is unusual strange land switch instances, carry out alarm, record, lock dead, require that mobile phone sends described identity code, prompting user and operator, and/or directly disconnect communication connection.
The present invention also provides a kind of cellular communications network departing from SIM card, comprises the described base station of described mobile phone and correspondence and described communication terminal server.
Further, described mobile switching centre is the supervisory control desk connecting multiple base station, and communication terminal server is the overall control center of all mobile switching centres.
Described association inventory is shared between the communication terminal server of all operators.
Useful effect is: a kind of mobile phone communication method and system departing from SIM card, it is by verifying based between the coding of mobile phone self and base station, further by determining that a kind of encryption algorithm at random encrypts communication channel, realize mobile phone without SIM card, simplify handset structure, reduce costs, improve mobile phone ease for use and the compatibility of the use at different communication networks, provide a kind of selection newly simultaneously and for mobile communication industry, be beneficial on this basis improve communication security rank, the cooperation of consolidating between operator shared.
Further arranges alarm flow so that even if basic algorithm (the first encryption algorithm) is divulged a secret, user or operator are still known, controlled, reduce security risk.
Embodiment
Below by embodiment, the present invention is described in further detail.
The coding that the present invention relates to:
IMEI (the international identify code of InternationalMobileEquipmentIdentity mobile equipment is also called international mobile equipment mark) is the unique identification number of mobile phone, and IMEI is made up of 15 bit digital.IMEI code is by GSM (GlobalSystemforMobileCommunications, global mobile communication association) unified distribution, authorize BABT (BritishapprovalsBoardofTelecommunications, communication authentication management committee of Britain) to examine to be subject to.
SNR (SerialNumber) code and serial number, also distributed by producer. Identify certain equipment in each TAC and FAC. The SNR of each mobile phone can not be the same.
Wi-FiMAC address, MAC (MediaAccessControl or MediumAccessControl) address, free translation is media interviews control, or is called physical address, hardware address, is used for defining the position of the network equipment. The Wi-FiMAC of mobile phone namely, the address of the wireless network firmware of mobile phone connection route.
The technical scheme of the present invention
A kind of mobile phone communication method departing from SIM card of the technical scheme of the present invention, comprises the mobile phone being built-in with computing encryption software; After user purchases mobile phone, need to by cellphone information and personal identification card be supplied to communication operation business carry out registering and with mobile phone number binding, service password is set, operator is by complete set information record and uploads to communication terminal server, and the inventory that is associated in mobile switching centre; Its communication process is:
Searching automatically computing encryption software being carried out search after the first step, mobile phone power-on, whether detection of handset stores the 2nd encryption algorithm, if having, directly sets up wireless link and then the use that can network by the 2nd encryption algorithm channel encryption with neighbouring base station; If nothing, enter next step;
Automatically read at least two in the service password of self IMEI code, SNR code, Wi-FiMAC address, licence for entry to network code, user's input after 2nd step, mobile phone power-on, and the data input computing encryption software read is encrypted algorithm composition identity code by first;
When 3rd step, mobile phone dock with base station, identity code is sent to base station;
Identity code is decrypted by the 4th step, base station by the same first encryption algorithm, and the information that draws of deciphering is associated information in inventory carries out retrieval with described and mates, judge whether it mates with inventory information, cannot mate, refuse access, coupling then generates a random signcode by signcode system, it is handed down to mobile phone, obtains the 2nd encryption algorithm in conjunction with the first encryption algorithm and signcode simultaneously;
After 5th step, mobile phone receive signcode, signcode is issued computing encryption software, and computing encryption software in conjunction with described first encryption algorithm, forms the 2nd encryption algorithm according to signcode, mobile phone generates access by the 2nd encryption algorithm and completes information, is sent to base station;
6th step, base station receive access and complete information, carry out binding association, and share to all base stations by mobile switching centre under the obtain the 2nd encryption algorithm is put into user name corresponding in described association inventory;
7th step, all base stations and give tacit consent between this mobile phone by the described the 2nd encryption algorithm carry out channel encryption communicate.
During enforcement, also can include and alarm flow, described in this flow process, online mobile phone is added up by communication terminal server, when appearance: find when in described 4th step, base station is searched in described association inventory this identity code effectively but there is the 2nd encryption algorithm record, two mobile phones use the 2nd identical encryption algorithm to communicate, or mobile phone is when there is unusual strange land switch instances, carry out alarm, record, lock dead, require that mobile phone sends described identity code, prompting user and operator, and/or directly disconnect communication connection.
Certainly, during enforcement, in mobile phone and base station communication, base station can require that mobile phone provides operation information, when detecting mobile phone operation information and be abnormal, also carries out alarm. Can further improve security like this.
The present invention also provides a kind of cellular communications network departing from SIM card, comprises described base station and mobile switching centre, the communication terminal server of described mobile phone and correspondence.
Further, described mobile switching centre is the supervisory control desk connecting multiple base station, and communication terminal server is the overall control center of all mobile switching centres. Information can be shared between base station and transmit by mobile switching centre, and the data that communication terminal server stores can be consulted for mobile switching centre.
Described association inventory is shared between the communication terminal server of all operators.
A kind of mobile phone communication method and system departing from SIM card, during enforcement, it is invalid reason that described 4th step base station determines this identity code, comprise: described association inventory records this mobile phone and has put under in Black List, described association inventory and record this mobile phone un-activation without in this cellphone information, described association inventory, or described association inventory records this mobile phone lost efficacy.
During enforcement, described in be built-in with the mobile phone of computing encryption software, its computing encryption software can be built-in manner be integrate with cell phone system be solidificated in mobile phone installation kit or burning in chip for cell phone.
During enforcement, automatically read after described 2nd step mobile phone power-on can be IMEI code, SNR code, Wi-FiMAC address, licence for entry to network code, user input that a series of mobile phones such as service password network in required firmware data whole. Spread unchecked use with what avoid informal mobile phone, it is improve level security.
During enforcement, being arranged on described 2nd step, the data automatically read after mobile phone power-on must comprise the service password of user's input. The security that can improve identity code (can promote service password risk of leakage certainly to a certain extent. ).
During enforcement, when mobile phone occurs to lose or stolen, by service password to operator request identity verification, by rear operator by architecture function, it is achieved mobile phone location is located.
Further, control authority and the rank of the computing encryption software promoting embedded in mobile phone are set, make it mobile phone can be carried out high-level control, thus by the interface that operator provides, user can send that instruction realizes that mobile phone control, warning, lock are dead, address list passback, removing etc.
Although existing part cell phone software can realize preceding sections function, but because the system that rises to of this patent computing encryption software or mobile phone firmware height, therefore there is not problem unloaded, brush machine, damage inactivation, more safer and more effective than traditional way.
During enforcement, it is possible to require that user must comprise Chinese and English capital and small letter, Arabic numerals and special symbol from the service password established, it is possible to the situation avoiding service password to repeat cracks difficulty with raising service password. On the other hand this also concern user in the future can lost mobile phone or stolen after prevent mobile phone from being used by other people, or even the key given for change,
During enforcement, when user occur lost mobile phone can stolen situation time, user can also use the encryption algorithm software of other networking mobile phones to realize mobile phone and give for change, after input user certainly establishes password and is verified by operator, user directly Long-distance Control can lose or encrypt the retrieval function of algorithm software in stolen mobile phone, user can when not startling other people locating cellphone and allow software automatically report to the police, allow police go to give for change, also or when not needing to give mobile phone for change, by encryption algorithm software, information material important in mobile phone is passed back existing use mobile phone, to lose again after completing or stolen mobile phone lock dead (mobile phone power-on is forced to cut off the electricity supply), this mobile phone can not be used again.
When user changes mobile phone, only need communication operation business to locate, new cell-phone information and identification paper are supplied to operator and carry out registering and upgrading, re-start number binding, operator records and uploads to communication terminal server, and upgrades original association inventory on communication terminal server; Veteran's machine cancels or registers under operator is authorized and again circulates.
First encryption algorithm comprises basic algorithm and key. When the first encryption algorithm security reduces, or operator monitors situation about cracking, or according to actual needs, then can upgrade, upgrading flow process is: the key sending the first new encryption algorithm generates the first new encryption algorithm to all mobile phones automatically by mobile phone, and instruction removes the 2nd encryption algorithm stored to all mobile phones; Communication terminal server update first encrypts the key of algorithm simultaneously, and is removed by the 2nd encryption algorithm of record in association inventory; Mobile phone reenters aforesaid 2nd step flow process.
When operator monitors the situation that the 2nd encryption algorithm has leakage, then can upgrade, more new technological process is: send instruction to all mobile phones, require to remove the 2nd encryption algorithm stored, being removed by 2nd encryption algorithm of record in the association inventory on communication terminal server, mobile phone reenters aforesaid 2nd step flow process simultaneously.
The 2nd encryption algorithm with randomness is core communication algorithm, current SIM card key, IMEI information are all stored in SIM card, once both are cracked, this card can be copied utilization by lawless person, and the mobile phone communication method that the present invention departs from SIM card effectively avoids occurring similar problem.
The present invention is built-in with the mobile phone of computing encryption software, its computing encryption software is and the software of communication operation business cooperative development, the accreditation obtaining communication operation business is (for improving security, can also be communication operation business's stand-alone development), the owned extremely strong safety self-protective measure of software, as: once be gone by any mode to read, decode, revise or delete, mobile phone can force automatic shutdown, prevents from being utilized by lawless person. Have outstanding safety performance due to it and the mobile phone production cost of cell phone manufacturer can be reduced, this computing encryption software and cell phone system, when producing mobile phone, can be integrated the system installation kit of making and be solidified togather and become built-in software or direct burning in chip for cell phone by cell phone manufacturer.
During the invention process:
For the first encryption algorithm, adopt mixing encryption algorithm namely by AES symmetry encryption algorithm for encryption information, safely and fast efficiently, it may also be useful to ECC asymmetric encryption mode encrypts transmission key, substantially increase the security that information is transmitted. Its implementation is namely:
1, information (expressly) adopts AES key encryption.
2, ECC encryption AES key information above is used.
Mixed information transmits the most at last.
And after take over party receives information:
1, AES key information is deciphered with ECC.
2, the key decrypts information cipher-text information got is deciphered again with ECC.
The final information (expressly) that just can obtain us and want.
For key, operator monitors situation about cracking as previously, or according to actual needs, then can carry out irregularly changing (namely upgrading), cracking of key is a process consuming time, key constant for a long time, and nothing left creates the chance cracked to assailant, when assailant has cracked key, bring risk can to user and operator.
During the invention process:
For the 2nd encryption algorithm, signcode is that signcode system produces at random, the key chosen at random is used to be encrypted by key management technology after the described service password of user's setting is combined with signcode, 3DES is adopted to encrypt algorithm for encryption information again, namely the 2nd encryption algorithm is formed, so anyone can not crack out correct information when not knowing concrete signcode and concrete key, only know that the participant of this signcode and key could calculate and verify the legitimacy of the 2nd encryption algorithm again, thus ensure that its security.
During this scheme implementation, can consider to there will be signcode at mobile phone terminal and respective base station end, after the 2nd encryption algorithm generates only when new cell-phone networking first time is verified, signcode is erased automatically, or only retains the signcode of corresponding mobile phone at communication terminal server.
By aforementioned service password and one of signcode combination object be for ensure different mobile phone the 2nd encryption algorithm do not duplicate. Certainly, can allow in order to ensure the 2nd encryption algorithm of different mobile phone identical signcode system production signcode time, to during signcode and existing signcode comparison, avoiding repetition. Described signcode needs enough length simultaneously, the signcode that guarantee can not be chosen at random all can have corresponding mobile phone in use, certain signcode can also comprise some checking positions (embedding some checking data bit), can see existing prepaid mobile phone recharging clip pin.
During the invention process, expressly adopting symmetrical encryption algorithm for encryption, key adopts asymmetric algorithm for encryption. For these two kinds of algorithms:
Symmetrical encryption algorithm
Symmetrical encryption algorithm is used for encrypt information such as sensitive datas, and conventional algorithm comprises:
DES (DataEncryptionStandard): data encryption standards, speed is very fast, is applicable to encrypt the occasion of mass data.
3DES (TripleDES): be based on DES, carries out Tertiary infilling to a blocks of data with three different keys, and intensity is higher.
AES (AdvancedEncryptionStandard): Advanced Encryption Standard is follow-on encryption algorithm standard rules, and speed is fast, safe rank height;
AES
In October, 2000, NIST (American National Standard and technology association) announces a new Advanced encryption standard by selecting from 15 kinds of Hou Xuan algorithms. Rijndael is selected becomes AES in the future. Rijndael is the second half year in 1999, creates by researcher JoanDaemen and VincentRijmen. AES becomes the actual standard of the electronic data encrypting various form just day by day.
USS and Institute for Research and Technology (NIST) have formulated new Advanced Encryption Standard (AES) specification on May 26th, 2002.
Algorithm principle: aes algorithm is based on arrangement and displacement computing. Arrangement is that data are re-started arrangement, and displacement replaces a data cell for another. AES uses several different method to perform arrangement and displacement computing.
AES is the password of an iteration, the grouping of symmetrical key, and it can use 128,192 and 256 keys, and divides into groups encryption and decryption data with 128 (16 bytes). Using double secret key different from public key cryptography, symmetric key cipher uses identical key encryption and decryption data. The figure place of the enciphered data returned by grouping password is identical with input data. Iterative cryptographic uses a loop structure, repeats displacement in the cycle and replaces input data.
The comparison of AES and 3DES:
Asymmetric algorithm
Common asymmetric encryption algorithm is as follows:
RSA: invent by RSA company is a public key algorithm supporting elongated key, it is necessary to the length of the blocks of files of encryption is also variable;
DSA (DigitalSignatureAlgorithm): digital signature algorithm is the DSS (digital signature standard) of a kind of standard;
ECC (EllipticCurvesCryptography): elliptic curve cipher coding is learned.
ECC
In 1976, encrypting algorithm due to symmetry and can not satisfy the demand, Diffie and Hellman has delivered the article that a section is " cryptography new trend ", describes the concept of public spoon encryption, proposes RSA algorithm by Rivet, Shamir, Adelman.
Along with the progress of decomposing large integer method and perfect, the raising of computer speed and the development of computer network, in order to ensure the safety of data, the key of RSA needs constantly to increase, but, the speed that the increase of key length result in its encryption and decryption greatly reduces, hardware implementing also becomes more and more to be difficult to stand, and the application using RSA is brought very heavy burden by this, it is thus desirable to a kind of new algorithm replaces RSA.
N.Koblitz and Miller in 1985 proposes elliptic curve is used for cryptographic algorithm, according to be in the some group on the elliptic curve in Galois field from discrete logarithm problem ECDLP. ECDLP is the more difficult problem of specific factor resolution problem, and it is exponential difficulty.
A difficult problem on principle elliptic curve
Elliptic curve is defined as follows from discrete logarithm problem ECDLP: given prime number p and elliptic curve E, to Q=kP, obtains the positive integer k being less than p when known P, Q. Can prove that calculating Q ratio by k and P is easier to, and calculates k by Q and P then more difficult.
Additive operation in elliptic curve is corresponding with the modular multiplication in discrete logarithm, and the multiplying in elliptic curve is corresponding with the mould power operation in discrete logarithm, and we just can set up the password system of the correspondence based on elliptic curve.
Such as, corresponding Diffie-Hellman PKI system, we can be achieved in the following way on elliptic curve: chooses generator P on E, require that the group element produced by P is abundant, communication both sides A and B chooses a and b, a and b respectively and is maintained secrecy, but aP and bP is open, the key communicated between A with B is abP, and this is that the third party cannot learn.
Corresponding ELGamal cryptographic system can adopt following mode to be achieved on elliptic curve:
Being embedded on E by plaintext m Pm point, select 1 B �� E, each user selects an integer a, 0 < a < N, and N is that rank number is known, and a maintains secrecy, and aB is open. For sending m to A, can sending to a logarithm below even: [kB, Pm+k (aAB)], k is the random integer produced. A can try to achieve k (aAB) from kB. Pass through: Pm+k (aAB)-k (aAB)=Pm recovers Pm. Same corresponding DSA, it is contemplated that following equation:
K=kG [wherein K, G are the point on Ep (a, b), and k is for being less than the integer of the n rank of a G (n be)]
Being not difficult to find, given k and G, according to Adding law, calculating K is easy to; But given K and G, has asked k with regard to relative difficulty.
This is exactly the difficult problem that elliptic curve encryption algorithm adopts. We call basic point (basepoint) a G, and the k rank of basic point G (k < n, n be) is called private cipher key (privtekey), and K is called public-key cryptography (publickey).
The comparison of ECC and RSA
ECC with RSA compares, and has absolute advantage in many, major embodiment in the following areas:
Attack tolerant is strong. Identical key length, its attack tolerant is eager to excel doubly a lot.
Calculated amount is little, and processing speed is fast. Total velocity ratio RSA, the DSA of ECC is faster.
Storage space takies little. The keys sizes of ECC and system parameter are much smaller compared with RSA, DSA, it is meant that the memory space shared by it is much smaller. This has the meaning of particularly important for the encryption application of algorithm on IC-card.
Bandwidth requires low. When long message is carried out encryption and decryption, three class cryptographic systems have identical bandwidth requirement, but when being applied to short message, ECC bandwidth requires much low. Bandwidth requires that the low ECC of making is with a wide range of applications in field of wireless.
These features of ECC make it will replace RSA, become general PKI encryption algorithm. The maker of such as set protocol is using its public key algorithm default in set protocol of future generation.
Two expressions below are the security of RSA and ECC and the comparison of speed.
The safe mould of RSA and ECC is looked and is compared
RSA and ECC velocity ratio is relatively
During the invention process, it is cracked for preventing computing encryption software, by the consideration of attack:
Due to software crack and counter cracking be technical antagonism, key problem is costs and benefits. Even if software program the most well-known in the world, the problem cracked by people also cannot be stoped. And senior anti-breaking techniques needs to pay a price: performance, stability, expandability, ease for use, the easily property read all can be affected, if the benefit that advanced techniques brings is not much larger than employing legal means, so these technology would not be used. American-European copyright protection is relatively more abundant, and therefore a lot of software is all adopt Paperlicense, is also exactly that pure law controls. Meanwhile, online anti-cracking neither be indestructible, and server is invaded, or cryptographic algorithm is cracked, or the Key of big customer leaks, and the anti-means that crack can be caused to lose efficacy.
The present invention is for realizing counter cracking, and corresponding measure has following several aspects:
1. core code non-localized.
2. core code hardware, refers to the SDK of various intelligence dog.
3. core code virtualization, non-core random sequence. As: VMP.
4. verifying randomization, verify at random, make mistakes at random, random time delay is pointed out or without prompting, is prevented from reappearing to greatest extent.
5. dirty stake divides dispersion, dirty stake verification is all ensconced in tiny function point, does not repeat mutually, and the people cracked generally can not use these details to configure.
6. upgrading normalization, updating speed is greater than the speed of cracking, and coordinates core code non-localized to use together, and new edition upgrading old edition lost efficacy.
During the invention process, for meeting military, the contour security classification scene of official of government, the present invention can adopt the mode by end end combines with the encryption of chain chain to carry out channel encryption:
End end is combined with the encryption of chain chain, encrypts each physics link and make route information analysis is become impossible, and end encryption reduces the threat that in node of network, clear data process brings. The key management of two schemes can be separated completely: network management personnel can only be concerned about physical layer, and each user is only responsible for corresponding end end encryption. Chain-chain encryption is compared as follows table with end-end encryption:
Certainly, going out and cost consideration, channel is encrypted, it may be considered that be used alone the encryption of chain chain, or the mode of end end encryption.
Above content is in conjunction with concrete enforcement mode further description made for the present invention, can not assert that specific embodiment of the invention is confined to these explanations. For general technical staff of the technical field of the invention, without departing from the inventive concept of the premise, it is also possible to make some simple deduction or replace, all should be considered as belonging to protection scope of the present invention.
Claims (10)
1. one kind departs from the mobile phone communication method of SIM card, it is characterised in that, comprise the mobile phone being built-in with computing encryption software; After user purchases mobile phone, need to by cellphone information and personal identification card be supplied to communication operation business carry out registering and with mobile phone number binding, service password is set, operator is by complete set information record and uploads to communication terminal server, and the inventory that is associated in mobile switching centre;Its communication process is:
Searching automatically computing encryption software being carried out search after the first step, mobile phone power-on, whether detection of handset stores the 2nd encryption algorithm, if having, directly sets up wireless link and then the use that can network by the 2nd encryption algorithm channel encryption with neighbouring base station; If nothing, enter next step;
Automatically read at least two in the service password of self IMEI code, SNR code, Wi-FiMAC address, licence for entry to network code, user's input after 2nd step, mobile phone power-on, and the data input computing encryption software read is encrypted algorithm composition identity code by first;
When 3rd step, mobile phone dock with base station, identity code is sent to base station;
Identity code is decrypted by the 4th step, base station by the same first encryption algorithm, and the information that draws of deciphering is associated information in inventory carries out retrieval with described and mates, judge whether it mates with inventory information, cannot mate, refuse access, coupling then generates a random signcode by signcode system, it is handed down to mobile phone, obtains the 2nd encryption algorithm in conjunction with the first encryption algorithm and signcode simultaneously;
After 5th step, mobile phone receive signcode, signcode is issued computing encryption software, and computing encryption software in conjunction with described first encryption algorithm, forms the 2nd encryption algorithm according to signcode, mobile phone generates access by the 2nd encryption algorithm and completes information, is sent to base station;
6th step, base station receive access and complete information, carry out binding association, and share to all base stations by mobile switching centre under the obtain the 2nd encryption algorithm is put into user name corresponding in described association inventory;
7th step, all base stations and give tacit consent between this mobile phone by the described the 2nd encryption algorithm carry out channel encryption communicate.
2. the mobile phone communication method departing from SIM card as claimed in claim 1, it is characterised in that, described first encryption algorithm comprises basic algorithm and key; When needed, base station sends the key of the first new encryption algorithm to mobile phone, and mobile phone generates the first new encryption algorithm automatically.
3. the mobile phone communication method departing from SIM card as claimed in claim 1, it is characterized in that, it is invalid reason that described 4th step base station determines this identity code, comprise: described association inventory records this mobile phone and has put under in Black List, described association inventory and record this mobile phone un-activation without in this cellphone information, described association inventory, or described association inventory records this mobile phone lost efficacy.
4. the mobile phone communication method departing from SIM card as claimed in claim 1, it is characterized in that, the described mobile phone being built-in with computing encryption software, its computing encryption software is solidified togather becomes built-in software or direct burning in chip for cell phone for integrating, with cell phone system, the system installation kit of making.
5. the mobile phone communication method departing from SIM card as claimed in claim 1, it is characterised in that, the computing encryption software of described embedded in mobile phone has mobile phone control authority.
6. the mobile phone communication method departing from SIM card as claimed in claim 2, it is characterised in that, described first encryption algorithm, adopts mixing encryption algorithm, namely by AES symmetry encryption algorithm for encryption information, it may also be useful to ECC asymmetric encryption mode encrypts transmission key.
7. the mobile phone communication method departing from SIM card as claimed in claim 1, it is characterized in that, the acquisition of described 2nd encryption algorithm: described signcode is that signcode system produces at random, the key chosen at random is used to be encrypted by key management technology after the described service password of user's setting is combined with signcode, adopt 3DES to encrypt algorithm for encryption information again, namely form the 2nd encryption algorithm.
8. the mobile phone communication method of disengaging SIM card as described in item as arbitrary in claim 1 to 7, it is characterized in that, also can include and alarm flow, described in this flow process, online mobile phone is added up by communication terminal server, when appearance: find when base station is searched in described association inventory in described 4th step that this identity code effectively but has existed the 2nd encryption algorithm record, two mobile phones use the 2nd identical encryption algorithm to communicate, or mobile phone is when there is unusual strange land switch instances, carry out alarm, record, lock is dead, require that mobile phone sends described identity code, prompting user and operator, and/or directly disconnect communication connection.
9. as described in item as arbitrary in claim 1 to 8, a kind of cellular communications network departing from SIM card, it is characterised in that, comprise described base station and mobile switching centre, the communication terminal server of described mobile phone and correspondence.
10. the mobile phone communication method departing from SIM card as claimed in claim 9, it is characterised in that, described mobile switching centre is the supervisory control desk connecting multiple base station, and communication terminal server is the overall control center of all mobile switching centres.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510971492.3A CN105657696A (en) | 2015-12-22 | 2015-12-22 | Mobile phone communication method and system without SIM card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510971492.3A CN105657696A (en) | 2015-12-22 | 2015-12-22 | Mobile phone communication method and system without SIM card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105657696A true CN105657696A (en) | 2016-06-08 |
Family
ID=56477721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510971492.3A Pending CN105657696A (en) | 2015-12-22 | 2015-12-22 | Mobile phone communication method and system without SIM card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105657696A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107071761A (en) * | 2017-05-04 | 2017-08-18 | 山东荣安电子科技有限公司 | One kind is without SIM card mobile phone |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202818612U (en) * | 2012-06-19 | 2013-03-20 | 吴振陵 | System capable of blocking unauthorized SMS text messages or bulk SMS text messages |
| CN103139737A (en) * | 2011-11-30 | 2013-06-05 | 中国移动通信集团公司 | Method and device for key negotiation, method, system and device for short message second-time confirmation |
| US20130179681A1 (en) * | 2012-01-10 | 2013-07-11 | Jpmorgan Chase Bank, N.A. | System And Method For Device Registration And Authentication |
| CN103813314A (en) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | Soft SIM card enabling method and network access method, terminal, and network access device |
| CN104125555A (en) * | 2013-04-24 | 2014-10-29 | 中国移动通信集团公司 | MSISDN code number resource allocation method, apparatus, and home location register |
| US8984274B1 (en) * | 2013-01-29 | 2015-03-17 | Microstrategy Incorporated | Secure data updates |
| CN104811926A (en) * | 2014-01-26 | 2015-07-29 | 中兴通讯股份有限公司 | Mobile terminal network-locking and card-locking methods, devices, mobile terminal and SIM card |
-
2015
- 2015-12-22 CN CN201510971492.3A patent/CN105657696A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139737A (en) * | 2011-11-30 | 2013-06-05 | 中国移动通信集团公司 | Method and device for key negotiation, method, system and device for short message second-time confirmation |
| US20130179681A1 (en) * | 2012-01-10 | 2013-07-11 | Jpmorgan Chase Bank, N.A. | System And Method For Device Registration And Authentication |
| CN202818612U (en) * | 2012-06-19 | 2013-03-20 | 吴振陵 | System capable of blocking unauthorized SMS text messages or bulk SMS text messages |
| CN103813314A (en) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | Soft SIM card enabling method and network access method, terminal, and network access device |
| US8984274B1 (en) * | 2013-01-29 | 2015-03-17 | Microstrategy Incorporated | Secure data updates |
| CN104125555A (en) * | 2013-04-24 | 2014-10-29 | 中国移动通信集团公司 | MSISDN code number resource allocation method, apparatus, and home location register |
| CN104811926A (en) * | 2014-01-26 | 2015-07-29 | 中兴通讯股份有限公司 | Mobile terminal network-locking and card-locking methods, devices, mobile terminal and SIM card |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107071761A (en) * | 2017-05-04 | 2017-08-18 | 山东荣安电子科技有限公司 | One kind is without SIM card mobile phone |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101583124B (en) | Authentication method and system of subscriber identity module and terminal | |
| CN100515135C (en) | Method for establishing and managing a trust model between a chip card and a radio terminal | |
| CN101278516B (en) | Shared key encryption using long keypads | |
| CN102196422B (en) | Method for preventing leakage of lost file of handheld communication terminal | |
| CN102026178B (en) | User identity protection method based on public-key mechanism | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN101094065B (en) | Method and system for distributing cipher key in wireless communication network | |
| EP1401141A2 (en) | Method for establishing a key using over-the-air communication | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| GB2384402A (en) | Secure data transmission links | |
| GB2384403A (en) | Establishing secure data transmission links using the Diffie-Hellman key exchange protocol and public key cryptography | |
| CN102685739B (en) | Authentication method and system for Android enterprise applications | |
| CN102647279B (en) | Encryption method, encrypted card, terminal equipment and interlocking of phone and card device | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| CN102867157B (en) | Mobile terminal and data guard method | |
| CN107454590A (en) | A kind of data ciphering method, decryption method and wireless router | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| CN101635924A (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
| CN107968999A (en) | A kind of method for secret protection and relevant device | |
| CN101808313A (en) | Method for acquiring TMSI (Temporary Mobile Subscriber Identity), mobile station, home location register and communication system | |
| CN103179514A (en) | Cell phone safe group-sending method and device for sensitive message | |
| CN101860850B (en) | Method for realizing mobile terminal to lock network or card by utilizing driver | |
| CN111464998B (en) | Burning and accessing method and system for private network SIM card | |
| CN104955029A (en) | Address book protection method, address book protection device and communication system | |
| CN102958021A (en) | Short message encryption and decryption communication system and communication method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |