CN106060788A - Short message-based security TF card issuing method applicable to circuit domain encrypted communication - Google Patents
Short message-based security TF card issuing method applicable to circuit domain encrypted communication Download PDFInfo
- Publication number
- CN106060788A CN106060788A CN201610348079.6A CN201610348079A CN106060788A CN 106060788 A CN106060788 A CN 106060788A CN 201610348079 A CN201610348079 A CN 201610348079A CN 106060788 A CN106060788 A CN 106060788A
- Authority
- CN
- China
- Prior art keywords
- key
- umc
- card
- pki
- note
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a short message-based security TF card issuing method applicable to circuit domain encrypted communication. The method comprises the following steps: (1) a key management center KMC sends initial public and private keys, a UMC (User Management Center) short message number and a UMC public key to a security TF card of a client, and records the corresponding relation between UID and the initial public and private keys, and the security TF card generates an initial signature certificate thereof; (2) the client generates a registration short message with use of the initial signature certificate and sends the registration short message to a UMC, the UMC queries a corresponding initial public key according to the UID in the registration short message to verify the registration short message, and after verification, the UMC generates a short message containing key and identity information and sends the short message to the client; (3) the client sends a phone number, an identity information group and a key to the security TF card after receiving the short message containing key and identity information, and the security TF card generates a report short message and sends the report short message to the UMC; and (4) the UMC records the completion status of card issuing according to the report short message.
Description
Technical field
The invention belongs to Network Communicate Security technical field, relate to a kind of in circuit domain encryption based on safe TF card lead to
Note hair fastener method in letter.
Background technology
Developing rapidly and extensively applying of mobile communication technology makes people further pay attention to its safety problem.Existing coded communication
Technology is the most expanded, and hardware based mobile phone cipher communication mode is used by more people.For based on hardware security TF
The encryption mobile phone of card, when number of users increases, common off-line hair fastener means can not meet needs.To this end, we design
A kind of note hair fastener scheme, can make efficient and safe the carrying out safe TF card hair fastener by note and grasp of Android phone user
Make.
Coded communication to be realized, it is necessary first to carry out authentication and key agreement.Existing identification authentication mode is main
Based on digital certificate.User, before coded communication, need to register and obtain the digital certificate of oneself for certification at associated mechanisms.
In coded communication based on safe TF card, certificate can be brushed in card in advance with offline mode, or when user uses with
Line mode writes.For offline mode, owing to the generation of certificate needs safe TF card indispensable with phone number, user
Need to carry TF card and become the lowest with mobile phone to off-line hair fastener center operations, this mode efficiency when user increases.For
Line mode, the present invention proposes a kind of note hair fastener scheme being specifically designed to circuit domain coded communication, it is ensured that before safe enough
Put, carry out online hair fastener with the least cost, improve hair fastener efficiency and the experience of user.
Use note is a kind of method of high-efficient simple as carrier transmission secure identity information, and form is changeable, permissible
Other secure communication scenes are adapted it to by suitably modified.Coded communication at present still do not has a kind of peace for safe TF card
Complete efficient note hair fastener scheme.
Summary of the invention
The present invention proposes a kind of for circuit domain coded communication note hair fastener method based on safe TF card.The method is led to
Cross digital envelope protection selling information, it is possible to reach enough safeties.
The technical scheme is that
A kind of safe TF card note hair fastener method being applicable to circuit domain coded communication, the steps include:
1) initial public and private key, UMC note number, UMC PKI are sent the safety to client by KMC KMC
In TF card, and record UID and the corresponding relation of initial public and private key;Safe TF card generates the initial signing certificate of self;Wherein,
UID is safe TF card ID;
2) client utilizes initial signing certificate generation one registration short message sending to UMC, and then UMC is according to this registration note
In UID corresponding initial this registration note of public key verifications of inquiry, generate containing key and the note of identity information after being verified
It is sent to this client;
3) after this client receives this note containing key and identity information, by telephone number, this identity information group with
And key is sent to safe TF card;The safest TF card produces one and reports for work note, this client by this report for work short message sending to
UMC;
4) UMC is according to this note record hair fastener completion status of reporting for work.
Further, initial signing certificate includes: UID and the signature of initial private key PKI initial to UID+.
Further, the registration note using initial signing certificate to produce includes: note identification field, status code fields and
Initial signing certificate field.
Further, the note containing key and identity information includes: cleartext information, cipher-text information, and wherein, this is believed in plain text
Breath includes: note mark, telephone number, PKI identity information and UMC signature value;This cipher-text information includes: UID, master control key,
Encryption key, signature key, PKI key and PKI parameter;UMC signature value is the private key signature to ciphertext that UMC utilizes oneself.
Further, generating the method containing key and the note of identity information is: UMC reads electricity from this registration note
Words number also obtains the PKI identity information corresponding with this telephone number, master control key, encryption key, signature key, PKI from KMC
Key;Then use the initial PKI of safe TF card close to UID, master control key, signature key, encryption key, PKI at UMC end
Key is encrypted, and uses UMC private key to sign;Then UMC is according to this telephone number, PKI identity information, and to UID,
Ciphertext after the encryption of master control key, signature key, encryption key, PKI key generates containing key and the note of identity information.
Further, step 3) in, this note containing key and identity information is verified by this client, and checking is logical
Later by this telephone number and this PKI identity information, and this master control key, encryption key, signature key, PKI key, PKI
Parameter passes to safe TF card;Safe TF card utilizes initial private key to be decrypted preservation.
Further, telephone number, PKI identity information composition command forms are passed to safe TF card by this client;Will be main
Control key, encryption key, signature key, PKI key, PKI parameter group are bundled into command forms and pass to safe TF card;When order energy
When success returns, safe TF card produces this note of reporting for work.
Main contents of the present invention include:
1. certificate and messaging format
The authentication procedures of the coded communication related in the present invention, based on certificate, is stored in safe TF card.Safe TF
Card factory state is 0x0055.During initialization, KMC (KMC) issues initial public and private key, UMC (in user's management
The heart) note number, in UMC PKI to TF card, and record UID and the corresponding relation of initial public and private key.Safe TF card generates certainly
Body uniquely initial signing certificate, such as table 1.
The table 1 safe TF initial signing certificate of card
UID | From signature (the initial PKI of UID+) |
32B | 64B |
The most every implication is as follows:
◆ UID: safe TF card ID;
◆ from signature: the signature of initial private key PKI initial to UID+;
The registration messaging format using above initial signing certificate to produce is as follows:
Note registered by table 2
Note identifies | Conditional code | Initial signing certificate |
8B | 2B | 96B |
The most every implication is as follows:
◆ note identifies: be 0086+ phone number+0 (binary-coded decimal, 8B);
◆ conditional code: be herein 0x0700, identify SMS;
◆ initial signing certificate: be the safe initial signing certificate of TF card in table 1;
Registration note is issued UMC, and then UMC is according to initial PKI corresponding to UID inquiry, and with initial public key verifications label
Name, after UMC is verified, issues the note containing key, length totally 452 bytes, and form is as follows:
Table 3 delivering key note
UMC utilizes the private key of oneself that the information of cipher text part is carried out signature to obtain UMC signature value.Because when initializing
The PKI of UMC has been written in safe TF card, so client can be verified after receiving note.
The most every implication is as follows:
Note identifies: FEFE0001, represents that this note is identity information note;
PN: telephone number;
PKI identity information: information contained includes version (1B), algorithm race (1B), serial number (4B), PKI (64B) is right
The signature (64B) of " PKI+telephone number " and reserved place (2B), message overall length 136 byte;
UID: safe TF card ID;
Master control key: retain portion in cell-phone customer terminal local datastore, UMC server;
Encryption key: encrypt for ID authentication system (IPA system);
Signature key: for data signature;
PKI key: for authentication, key exchange, note encryption and decryption etc., PKI is in PKI identity information;
PKI parameter: increase length after encryption.
2. note hair fastener flow process
1) client start detects safe TF card state is init state (0x0055), then mandatory modification PIN code, write
IMSI number, call generation registration short message interface, TF card produce register note, client by short message sending to UMC.
2) after UMC judges that the note received is as registration note, then from server database list, UID is found out corresponding
The signature of initial public key verifications registration note, is verified this registration note of proof legal.
3) UMC provides corresponding telephone number parameter (telephone number by reading in registration note) and calls the interface of KMC
The PKI identity information corresponding with this telephone number, master control key, encryption key, signature key, PKI key is obtained from KMC, and
UID, master control key, signature key, encryption key, PKI key are added by the initial PKI using safe TF card at UMC end
Close, and use UMC private key to sign.
4) UMC is by PN in plain text, PKI identity information plaintext, UID, master control key, signature key, encryption key, PKI key
Ciphertext after group bag issues together;
5), after client receives delivering key note, verification UMC signature value is the most legal, reports an error if not conforming to rule, no
Carry out subsequent step.
6), after client validation UMC signature value is legal, PN and PKI identity information composition command forms is passed to TF card;I.e.
Master control key, encryption key, signature key, PKI key, PKI parameter group being bundled into command forms and pass to TF card, TF card utilizes
Initial private key deciphering, extracts content and is saved in chip.
7) when order can successfully return, it is believed that hair fastener completes, TF card generation is reported for work note (state value is 0x0088), visitor
Family end is sent to UMC, prompts the user with initialization and completes.
8) check state value after UMC receives note and record hair fastener and complete.
Compared with prior art, the positive effect of the present invention is:
The present invention uses note as carrier transmission secure identity information, and high-efficient simple and form are changeable, can be by suitable
When amendment adapts it to other secure communication scenes, substantially increase hair fastener efficiency.
Accompanying drawing explanation
Fig. 1 is the note hair fastener flow chart of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings the present invention is described more fully: case study on implementation is premised on technical solution of the present invention
Under implement, give detailed embodiment and concrete operating process, but protection scope of the present invention be not limited to following
Embodiment.
Application example:
User obtains initialized safe TF card, and now TF card state is factory state (0x0055), includes it initial
Signing certificate.User starts shooting and detects TF card state is init state, mandatory modification PIN code, and TF card produces registration note, and will
Short message sending is to UMC.UMC judges after receiving note that it is registration note, finds out UID corresponding from server database list
Initial PKI, and be verified proof this registration note legal.PKI identity is obtained according to the telephone number parameter that note provides
Information, and use the initial PKI of TF card that it is encrypted, use UMC private key that it is signed, issue after group bag.User
After receiving note, after checking UMC signature value is legal, identity information is passed to TF card.TF card utilizes initial private key to decipher, in extracting
Hold and be saved in chip.Meanwhile, TF card generation is reported for work note, is sent to UMC, and prompts the user with initialization and complete.Server
Check after receiving note that state value record hair fastener completes.Hair fastener terminates.
In sum, the invention discloses and be applicable to the note hair fastener scheme of circuit domain coded communication.
Description of the invention is given for example with for the sake of describing, and is not exhaustively or by the present invention
It is limited to disclosed form.Obviously, those of ordinary skill in the art can carry out various change and change to the example of the present invention
Shape is without deviating from the spirit and principles in the present invention.Selecting and describing embodiment is in order to the principle of the present invention and reality are more preferably described
Application, and make those of ordinary skill in the art it will be appreciated that the present invention thus design be suitable to repairing with various of special-purpose
The various embodiments changed.
Claims (7)
1. it is applicable to a safe TF card note hair fastener method for circuit domain coded communication, the steps include:
1) initial public and private key, UMC note number, UMC PKI are sent the safe TF card to client by KMC KMC
In, and record UID and the corresponding relation of initial public and private key;Safe TF card generates the initial signing certificate of self;Wherein, UID
For safe TF card ID;
2) client utilizes initial signing certificate generation one registration short message sending to UMC, and then UMC is according in this registration note
Corresponding initial this registration note of public key verifications of UID inquiry, generates containing key and the short message sending of identity information after being verified
To this client;
3) after this client receives this note containing key and identity information, by telephone number, this identity information group and close
Key is sent to safe TF card;The safest TF card produces one and reports for work note, this client by this short message sending of reporting for work to UMC;
4) UMC is according to this note record hair fastener completion status of reporting for work.
2. the method for claim 1, it is characterised in that initial signing certificate includes: UID and initial private key are at the beginning of UID+
The signature of beginning PKI.
3. method as claimed in claim 2, it is characterised in that the registration note using initial signing certificate to produce includes: short
Letter identification field, status code fields and initial signing certificate field.
4. method as claimed in claim 3, it is characterised in that the note containing key and identity information includes: cleartext information,
Cipher-text information, wherein, this cleartext information includes: note mark, telephone number, PKI identity information and UMC signature value;This ciphertext
Information includes: UID, master control key, encryption key, signature key, PKI key and PKI parameter;UMC signature value is that UMC utilizes
The private key of oneself signature to ciphertext.
Method the most as claimed in claim 1 or 2 or 3 or 4, it is characterised in that generate containing key and the note of identity information
Method be: UMC reads telephone number from this registration note and obtains the PKI identity corresponding with this telephone number from KMC and believe
Breath, master control key, encryption key, signature key, PKI key;Then UMC end use safe TF card initial PKI to UID,
Master control key, signature key, encryption key, PKI key are encrypted, and use UMC private key to sign;Then UMC according to
This telephone number, PKI identity information, and to UID, master control key, signature key, encryption key, PKI key encryption after close
Literary composition generates containing key and the note of identity information.
6. method as claimed in claim 5, it is characterised in that step 3) in, this is contained key and identity letter by this client
The note of breath is verified, by this telephone number and this PKI identity information after being verified, and this master control key, encrypt close
Key, signature key, PKI key, PKI parameter pass to safe TF card;Safe TF card utilizes initial private key to be decrypted preservation.
7. method as claimed in claim 6, it is characterised in that this client is by telephone number, the composition order of PKI identity information
Form passes to safe TF card;Master control key, encryption key, signature key, PKI key, PKI parameter group are bundled into command forms
Pass to safe TF card;When order can successfully return, safe TF card produces this note of reporting for work.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610348079.6A CN106060788B (en) | 2016-05-24 | 2016-05-24 | A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610348079.6A CN106060788B (en) | 2016-05-24 | 2016-05-24 | A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106060788A true CN106060788A (en) | 2016-10-26 |
CN106060788B CN106060788B (en) | 2019-06-11 |
Family
ID=57174345
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610348079.6A Expired - Fee Related CN106060788B (en) | 2016-05-24 | 2016-05-24 | A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106060788B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102209318A (en) * | 2011-05-18 | 2011-10-05 | 武汉天喻信息产业股份有限公司 | Real-time mobile phone encrypted conversation method and device based on intelligent TF (Transflash) card |
CN102361481A (en) * | 2011-07-07 | 2012-02-22 | 上海凯卓信息科技有限公司 | Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card |
CN103530553A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Mobile terminal with authorization card and authorization method |
CN103873241A (en) * | 2012-12-11 | 2014-06-18 | 中国银联股份有限公司 | Safety shield, and digital-certificate management system and method |
CN104091272A (en) * | 2014-07-09 | 2014-10-08 | 北京信长城技术研究院 | Identifying and tracing system with unique identity and method |
-
2016
- 2016-05-24 CN CN201610348079.6A patent/CN106060788B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102209318A (en) * | 2011-05-18 | 2011-10-05 | 武汉天喻信息产业股份有限公司 | Real-time mobile phone encrypted conversation method and device based on intelligent TF (Transflash) card |
CN102361481A (en) * | 2011-07-07 | 2012-02-22 | 上海凯卓信息科技有限公司 | Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card |
CN103873241A (en) * | 2012-12-11 | 2014-06-18 | 中国银联股份有限公司 | Safety shield, and digital-certificate management system and method |
CN103530553A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Mobile terminal with authorization card and authorization method |
CN104091272A (en) * | 2014-07-09 | 2014-10-08 | 北京信长城技术研究院 | Identifying and tracing system with unique identity and method |
Non-Patent Citations (2)
Title |
---|
关磊: "安全TF卡设计及其在移动支付中的应用", 《中国优秀硕士学位论文全文数据库》 * |
李远: "一种电路域加密通信方案", 《信息网络安全》 * |
Also Published As
Publication number | Publication date |
---|---|
CN106060788B (en) | 2019-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
CN101789865B (en) | Dedicated server used for encryption and encryption method | |
CN103440444B (en) | The signing method of electronic contract | |
ES2779750T3 (en) | Electronic signature system for an electronic document that uses a third-party authentication circuit | |
CN106100850B (en) | Intelligent and safe chip signing messages transmission method and system based on two dimensional code | |
CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
CN109617675B (en) | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal | |
CN104202170B (en) | A kind of identity authorization system and method based on mark | |
CN110401615A (en) | A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing | |
CN108924147A (en) | Method, server and the communication terminal that communication terminal digital certificate is signed and issued | |
CN103138938A (en) | SM2 certificate application method based on cryptographic service provider (CSP) | |
CN104662941A (en) | Supporting the use of a secret key | |
CN103117862B (en) | By the method for the X.509 digital certificate authentication Java certificate of openssl | |
CN105376064B (en) | A kind of anonymity message authentication system and its message signing method | |
CN113824551B (en) | Quantum key distribution method applied to secure storage system | |
CN100495964C (en) | A light access authentication method | |
CN107241184A (en) | Personal identification number generation and management method based on improvement AES | |
CN1316405C (en) | Method for obtaining digital siguature and realizing data safety | |
CN115442047A (en) | Electronic signature method and system for business management file | |
CN103368831A (en) | Anonymous instant messaging system based on frequent visitor recognition | |
CN103051459A (en) | Management method and device of traction secrete key of safety card | |
CN108768650A (en) | A kind of short-message verification system based on biological characteristic | |
CN109005187A (en) | A kind of communication information guard method and device | |
CN105490814A (en) | Ticket real name authentication method and system based on three-dimensional code | |
CN107104888A (en) | A kind of safe instant communicating method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190611 Termination date: 20210524 |