CN106060788A - Short message-based security TF card issuing method applicable to circuit domain encrypted communication - Google Patents

Short message-based security TF card issuing method applicable to circuit domain encrypted communication Download PDF

Info

Publication number
CN106060788A
CN106060788A CN201610348079.6A CN201610348079A CN106060788A CN 106060788 A CN106060788 A CN 106060788A CN 201610348079 A CN201610348079 A CN 201610348079A CN 106060788 A CN106060788 A CN 106060788A
Authority
CN
China
Prior art keywords
key
umc
card
pki
note
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610348079.6A
Other languages
Chinese (zh)
Other versions
CN106060788B (en
Inventor
周卫华
单旭
李�远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201610348079.6A priority Critical patent/CN106060788B/en
Publication of CN106060788A publication Critical patent/CN106060788A/en
Application granted granted Critical
Publication of CN106060788B publication Critical patent/CN106060788B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a short message-based security TF card issuing method applicable to circuit domain encrypted communication. The method comprises the following steps: (1) a key management center KMC sends initial public and private keys, a UMC (User Management Center) short message number and a UMC public key to a security TF card of a client, and records the corresponding relation between UID and the initial public and private keys, and the security TF card generates an initial signature certificate thereof; (2) the client generates a registration short message with use of the initial signature certificate and sends the registration short message to a UMC, the UMC queries a corresponding initial public key according to the UID in the registration short message to verify the registration short message, and after verification, the UMC generates a short message containing key and identity information and sends the short message to the client; (3) the client sends a phone number, an identity information group and a key to the security TF card after receiving the short message containing key and identity information, and the security TF card generates a report short message and sends the report short message to the UMC; and (4) the UMC records the completion status of card issuing according to the report short message.

Description

A kind of safe TF card note hair fastener method being applicable to circuit domain coded communication
Technical field
The invention belongs to Network Communicate Security technical field, relate to a kind of in circuit domain encryption based on safe TF card lead to Note hair fastener method in letter.
Background technology
Developing rapidly and extensively applying of mobile communication technology makes people further pay attention to its safety problem.Existing coded communication Technology is the most expanded, and hardware based mobile phone cipher communication mode is used by more people.For based on hardware security TF The encryption mobile phone of card, when number of users increases, common off-line hair fastener means can not meet needs.To this end, we design A kind of note hair fastener scheme, can make efficient and safe the carrying out safe TF card hair fastener by note and grasp of Android phone user Make.
Coded communication to be realized, it is necessary first to carry out authentication and key agreement.Existing identification authentication mode is main Based on digital certificate.User, before coded communication, need to register and obtain the digital certificate of oneself for certification at associated mechanisms. In coded communication based on safe TF card, certificate can be brushed in card in advance with offline mode, or when user uses with Line mode writes.For offline mode, owing to the generation of certificate needs safe TF card indispensable with phone number, user Need to carry TF card and become the lowest with mobile phone to off-line hair fastener center operations, this mode efficiency when user increases.For Line mode, the present invention proposes a kind of note hair fastener scheme being specifically designed to circuit domain coded communication, it is ensured that before safe enough Put, carry out online hair fastener with the least cost, improve hair fastener efficiency and the experience of user.
Use note is a kind of method of high-efficient simple as carrier transmission secure identity information, and form is changeable, permissible Other secure communication scenes are adapted it to by suitably modified.Coded communication at present still do not has a kind of peace for safe TF card Complete efficient note hair fastener scheme.
Summary of the invention
The present invention proposes a kind of for circuit domain coded communication note hair fastener method based on safe TF card.The method is led to Cross digital envelope protection selling information, it is possible to reach enough safeties.
The technical scheme is that
A kind of safe TF card note hair fastener method being applicable to circuit domain coded communication, the steps include:
1) initial public and private key, UMC note number, UMC PKI are sent the safety to client by KMC KMC In TF card, and record UID and the corresponding relation of initial public and private key;Safe TF card generates the initial signing certificate of self;Wherein, UID is safe TF card ID;
2) client utilizes initial signing certificate generation one registration short message sending to UMC, and then UMC is according to this registration note In UID corresponding initial this registration note of public key verifications of inquiry, generate containing key and the note of identity information after being verified It is sent to this client;
3) after this client receives this note containing key and identity information, by telephone number, this identity information group with And key is sent to safe TF card;The safest TF card produces one and reports for work note, this client by this report for work short message sending to UMC;
4) UMC is according to this note record hair fastener completion status of reporting for work.
Further, initial signing certificate includes: UID and the signature of initial private key PKI initial to UID+.
Further, the registration note using initial signing certificate to produce includes: note identification field, status code fields and Initial signing certificate field.
Further, the note containing key and identity information includes: cleartext information, cipher-text information, and wherein, this is believed in plain text Breath includes: note mark, telephone number, PKI identity information and UMC signature value;This cipher-text information includes: UID, master control key, Encryption key, signature key, PKI key and PKI parameter;UMC signature value is the private key signature to ciphertext that UMC utilizes oneself.
Further, generating the method containing key and the note of identity information is: UMC reads electricity from this registration note Words number also obtains the PKI identity information corresponding with this telephone number, master control key, encryption key, signature key, PKI from KMC Key;Then use the initial PKI of safe TF card close to UID, master control key, signature key, encryption key, PKI at UMC end Key is encrypted, and uses UMC private key to sign;Then UMC is according to this telephone number, PKI identity information, and to UID, Ciphertext after the encryption of master control key, signature key, encryption key, PKI key generates containing key and the note of identity information.
Further, step 3) in, this note containing key and identity information is verified by this client, and checking is logical Later by this telephone number and this PKI identity information, and this master control key, encryption key, signature key, PKI key, PKI Parameter passes to safe TF card;Safe TF card utilizes initial private key to be decrypted preservation.
Further, telephone number, PKI identity information composition command forms are passed to safe TF card by this client;Will be main Control key, encryption key, signature key, PKI key, PKI parameter group are bundled into command forms and pass to safe TF card;When order energy When success returns, safe TF card produces this note of reporting for work.
Main contents of the present invention include:
1. certificate and messaging format
The authentication procedures of the coded communication related in the present invention, based on certificate, is stored in safe TF card.Safe TF Card factory state is 0x0055.During initialization, KMC (KMC) issues initial public and private key, UMC (in user's management The heart) note number, in UMC PKI to TF card, and record UID and the corresponding relation of initial public and private key.Safe TF card generates certainly Body uniquely initial signing certificate, such as table 1.
The table 1 safe TF initial signing certificate of card
UID From signature (the initial PKI of UID+)
32B 64B
The most every implication is as follows:
◆ UID: safe TF card ID;
◆ from signature: the signature of initial private key PKI initial to UID+;
The registration messaging format using above initial signing certificate to produce is as follows:
Note registered by table 2
Note identifies Conditional code Initial signing certificate
8B 2B 96B
The most every implication is as follows:
◆ note identifies: be 0086+ phone number+0 (binary-coded decimal, 8B);
◆ conditional code: be herein 0x0700, identify SMS;
◆ initial signing certificate: be the safe initial signing certificate of TF card in table 1;
Registration note is issued UMC, and then UMC is according to initial PKI corresponding to UID inquiry, and with initial public key verifications label Name, after UMC is verified, issues the note containing key, length totally 452 bytes, and form is as follows:
Table 3 delivering key note
UMC utilizes the private key of oneself that the information of cipher text part is carried out signature to obtain UMC signature value.Because when initializing The PKI of UMC has been written in safe TF card, so client can be verified after receiving note.
The most every implication is as follows:
Note identifies: FEFE0001, represents that this note is identity information note;
PN: telephone number;
PKI identity information: information contained includes version (1B), algorithm race (1B), serial number (4B), PKI (64B) is right The signature (64B) of " PKI+telephone number " and reserved place (2B), message overall length 136 byte;
UID: safe TF card ID;
Master control key: retain portion in cell-phone customer terminal local datastore, UMC server;
Encryption key: encrypt for ID authentication system (IPA system);
Signature key: for data signature;
PKI key: for authentication, key exchange, note encryption and decryption etc., PKI is in PKI identity information;
PKI parameter: increase length after encryption.
2. note hair fastener flow process
1) client start detects safe TF card state is init state (0x0055), then mandatory modification PIN code, write IMSI number, call generation registration short message interface, TF card produce register note, client by short message sending to UMC.
2) after UMC judges that the note received is as registration note, then from server database list, UID is found out corresponding The signature of initial public key verifications registration note, is verified this registration note of proof legal.
3) UMC provides corresponding telephone number parameter (telephone number by reading in registration note) and calls the interface of KMC The PKI identity information corresponding with this telephone number, master control key, encryption key, signature key, PKI key is obtained from KMC, and UID, master control key, signature key, encryption key, PKI key are added by the initial PKI using safe TF card at UMC end Close, and use UMC private key to sign.
4) UMC is by PN in plain text, PKI identity information plaintext, UID, master control key, signature key, encryption key, PKI key Ciphertext after group bag issues together;
5), after client receives delivering key note, verification UMC signature value is the most legal, reports an error if not conforming to rule, no Carry out subsequent step.
6), after client validation UMC signature value is legal, PN and PKI identity information composition command forms is passed to TF card;I.e. Master control key, encryption key, signature key, PKI key, PKI parameter group being bundled into command forms and pass to TF card, TF card utilizes Initial private key deciphering, extracts content and is saved in chip.
7) when order can successfully return, it is believed that hair fastener completes, TF card generation is reported for work note (state value is 0x0088), visitor Family end is sent to UMC, prompts the user with initialization and completes.
8) check state value after UMC receives note and record hair fastener and complete.
Compared with prior art, the positive effect of the present invention is:
The present invention uses note as carrier transmission secure identity information, and high-efficient simple and form are changeable, can be by suitable When amendment adapts it to other secure communication scenes, substantially increase hair fastener efficiency.
Accompanying drawing explanation
Fig. 1 is the note hair fastener flow chart of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings the present invention is described more fully: case study on implementation is premised on technical solution of the present invention Under implement, give detailed embodiment and concrete operating process, but protection scope of the present invention be not limited to following Embodiment.
Application example:
User obtains initialized safe TF card, and now TF card state is factory state (0x0055), includes it initial Signing certificate.User starts shooting and detects TF card state is init state, mandatory modification PIN code, and TF card produces registration note, and will Short message sending is to UMC.UMC judges after receiving note that it is registration note, finds out UID corresponding from server database list Initial PKI, and be verified proof this registration note legal.PKI identity is obtained according to the telephone number parameter that note provides Information, and use the initial PKI of TF card that it is encrypted, use UMC private key that it is signed, issue after group bag.User After receiving note, after checking UMC signature value is legal, identity information is passed to TF card.TF card utilizes initial private key to decipher, in extracting Hold and be saved in chip.Meanwhile, TF card generation is reported for work note, is sent to UMC, and prompts the user with initialization and complete.Server Check after receiving note that state value record hair fastener completes.Hair fastener terminates.
In sum, the invention discloses and be applicable to the note hair fastener scheme of circuit domain coded communication.
Description of the invention is given for example with for the sake of describing, and is not exhaustively or by the present invention It is limited to disclosed form.Obviously, those of ordinary skill in the art can carry out various change and change to the example of the present invention Shape is without deviating from the spirit and principles in the present invention.Selecting and describing embodiment is in order to the principle of the present invention and reality are more preferably described Application, and make those of ordinary skill in the art it will be appreciated that the present invention thus design be suitable to repairing with various of special-purpose The various embodiments changed.

Claims (7)

1. it is applicable to a safe TF card note hair fastener method for circuit domain coded communication, the steps include:
1) initial public and private key, UMC note number, UMC PKI are sent the safe TF card to client by KMC KMC In, and record UID and the corresponding relation of initial public and private key;Safe TF card generates the initial signing certificate of self;Wherein, UID For safe TF card ID;
2) client utilizes initial signing certificate generation one registration short message sending to UMC, and then UMC is according in this registration note Corresponding initial this registration note of public key verifications of UID inquiry, generates containing key and the short message sending of identity information after being verified To this client;
3) after this client receives this note containing key and identity information, by telephone number, this identity information group and close Key is sent to safe TF card;The safest TF card produces one and reports for work note, this client by this short message sending of reporting for work to UMC;
4) UMC is according to this note record hair fastener completion status of reporting for work.
2. the method for claim 1, it is characterised in that initial signing certificate includes: UID and initial private key are at the beginning of UID+ The signature of beginning PKI.
3. method as claimed in claim 2, it is characterised in that the registration note using initial signing certificate to produce includes: short Letter identification field, status code fields and initial signing certificate field.
4. method as claimed in claim 3, it is characterised in that the note containing key and identity information includes: cleartext information, Cipher-text information, wherein, this cleartext information includes: note mark, telephone number, PKI identity information and UMC signature value;This ciphertext Information includes: UID, master control key, encryption key, signature key, PKI key and PKI parameter;UMC signature value is that UMC utilizes The private key of oneself signature to ciphertext.
Method the most as claimed in claim 1 or 2 or 3 or 4, it is characterised in that generate containing key and the note of identity information Method be: UMC reads telephone number from this registration note and obtains the PKI identity corresponding with this telephone number from KMC and believe Breath, master control key, encryption key, signature key, PKI key;Then UMC end use safe TF card initial PKI to UID, Master control key, signature key, encryption key, PKI key are encrypted, and use UMC private key to sign;Then UMC according to This telephone number, PKI identity information, and to UID, master control key, signature key, encryption key, PKI key encryption after close Literary composition generates containing key and the note of identity information.
6. method as claimed in claim 5, it is characterised in that step 3) in, this is contained key and identity letter by this client The note of breath is verified, by this telephone number and this PKI identity information after being verified, and this master control key, encrypt close Key, signature key, PKI key, PKI parameter pass to safe TF card;Safe TF card utilizes initial private key to be decrypted preservation.
7. method as claimed in claim 6, it is characterised in that this client is by telephone number, the composition order of PKI identity information Form passes to safe TF card;Master control key, encryption key, signature key, PKI key, PKI parameter group are bundled into command forms Pass to safe TF card;When order can successfully return, safe TF card produces this note of reporting for work.
CN201610348079.6A 2016-05-24 2016-05-24 A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication Expired - Fee Related CN106060788B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610348079.6A CN106060788B (en) 2016-05-24 2016-05-24 A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610348079.6A CN106060788B (en) 2016-05-24 2016-05-24 A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication

Publications (2)

Publication Number Publication Date
CN106060788A true CN106060788A (en) 2016-10-26
CN106060788B CN106060788B (en) 2019-06-11

Family

ID=57174345

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610348079.6A Expired - Fee Related CN106060788B (en) 2016-05-24 2016-05-24 A kind of safe TF card short message hair fastener method suitable for circuit domain coded communication

Country Status (1)

Country Link
CN (1) CN106060788B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209318A (en) * 2011-05-18 2011-10-05 武汉天喻信息产业股份有限公司 Real-time mobile phone encrypted conversation method and device based on intelligent TF (Transflash) card
CN102361481A (en) * 2011-07-07 2012-02-22 上海凯卓信息科技有限公司 Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card
CN103530553A (en) * 2013-10-22 2014-01-22 山东神思电子技术股份有限公司 Mobile terminal with authorization card and authorization method
CN103873241A (en) * 2012-12-11 2014-06-18 中国银联股份有限公司 Safety shield, and digital-certificate management system and method
CN104091272A (en) * 2014-07-09 2014-10-08 北京信长城技术研究院 Identifying and tracing system with unique identity and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209318A (en) * 2011-05-18 2011-10-05 武汉天喻信息产业股份有限公司 Real-time mobile phone encrypted conversation method and device based on intelligent TF (Transflash) card
CN102361481A (en) * 2011-07-07 2012-02-22 上海凯卓信息科技有限公司 Method for binding hardware encryption trans-flash (TF) card with mobile phone subscriber identity module (SIM) card
CN103873241A (en) * 2012-12-11 2014-06-18 中国银联股份有限公司 Safety shield, and digital-certificate management system and method
CN103530553A (en) * 2013-10-22 2014-01-22 山东神思电子技术股份有限公司 Mobile terminal with authorization card and authorization method
CN104091272A (en) * 2014-07-09 2014-10-08 北京信长城技术研究院 Identifying and tracing system with unique identity and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
关磊: "安全TF卡设计及其在移动支付中的应用", 《中国优秀硕士学位论文全文数据库》 *
李远: "一种电路域加密通信方案", 《信息网络安全》 *

Also Published As

Publication number Publication date
CN106060788B (en) 2019-06-11

Similar Documents

Publication Publication Date Title
CN107579819B (en) A kind of SM9 digital signature generation method and system
CN101789865B (en) Dedicated server used for encryption and encryption method
CN103440444B (en) The signing method of electronic contract
ES2779750T3 (en) Electronic signature system for an electronic document that uses a third-party authentication circuit
CN106100850B (en) Intelligent and safe chip signing messages transmission method and system based on two dimensional code
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
CN109617675B (en) Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal
CN104202170B (en) A kind of identity authorization system and method based on mark
CN110401615A (en) A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing
CN108924147A (en) Method, server and the communication terminal that communication terminal digital certificate is signed and issued
CN103138938A (en) SM2 certificate application method based on cryptographic service provider (CSP)
CN104662941A (en) Supporting the use of a secret key
CN103117862B (en) By the method for the X.509 digital certificate authentication Java certificate of openssl
CN105376064B (en) A kind of anonymity message authentication system and its message signing method
CN113824551B (en) Quantum key distribution method applied to secure storage system
CN100495964C (en) A light access authentication method
CN107241184A (en) Personal identification number generation and management method based on improvement AES
CN1316405C (en) Method for obtaining digital siguature and realizing data safety
CN115442047A (en) Electronic signature method and system for business management file
CN103368831A (en) Anonymous instant messaging system based on frequent visitor recognition
CN103051459A (en) Management method and device of traction secrete key of safety card
CN108768650A (en) A kind of short-message verification system based on biological characteristic
CN109005187A (en) A kind of communication information guard method and device
CN105490814A (en) Ticket real name authentication method and system based on three-dimensional code
CN107104888A (en) A kind of safe instant communicating method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190611

Termination date: 20210524