CN107318103B - Machine switching prevention method and system based on Internet of things SIM card - Google Patents

Machine switching prevention method and system based on Internet of things SIM card Download PDF

Info

Publication number
CN107318103B
CN107318103B CN201710687501.5A CN201710687501A CN107318103B CN 107318103 B CN107318103 B CN 107318103B CN 201710687501 A CN201710687501 A CN 201710687501A CN 107318103 B CN107318103 B CN 107318103B
Authority
CN
China
Prior art keywords
sim card
module
encrypted information
short message
identification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710687501.5A
Other languages
Chinese (zh)
Other versions
CN107318103A (en
Inventor
陈恩志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Xinguodu Tech Co Ltd
Original Assignee
Shenzhen Xinguodu Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Xinguodu Tech Co Ltd filed Critical Shenzhen Xinguodu Tech Co Ltd
Priority to CN201710687501.5A priority Critical patent/CN107318103B/en
Publication of CN107318103A publication Critical patent/CN107318103A/en
Application granted granted Critical
Publication of CN107318103B publication Critical patent/CN107318103B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention relates to an anti-off method and system based on an Internet of things SIM card, wherein the method comprises the steps of obtaining an identification code of the SIM card; encrypting the identification code to obtain an encrypted information packet; writing the encrypted information packet into a short message partition of the SIM card; judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet; if the SIM card is qualified, allowing the SIM card to be registered in a mobile network of an operator; if not, the SIM card is not allowed to be registered in the mobile network of the operator. According to the invention, the data attached to the SIM card is encrypted by adopting the customized secret key information according to the unique identification code attached to the SIM card, so that the financial POS can identify the appointed SIM card, and the IMEI code of the SIM card and the POS is automatically bound when the Internet of things SIM card is used for logging in and registering for the first time, thereby reducing the application economic loss, improving the network access safety of the financial POS and preventing the SIM card flow of an operator from being stolen.

Description

Machine switching prevention method and system based on Internet of things SIM card
Technical Field
The invention relates to an SIM card, in particular to an anti-off method and an anti-off system based on an Internet of things SIM card.
Background
The POS system, i.e., a point-of-sale information system, is a system that directly reads commodity sales information (such as commodity names, unit prices, sales quantities, sales times, sales shops, purchasing customers, etc.) through an automatic reading device (such as a cash register) when selling commodities, and transmits the information to relevant departments through a communication network and a computer system to perform analysis and processing so as to improve the operating efficiency. POS systems were first applied in retail, and later gradually expanded to other service industries such as finance, hotels, etc., with the range of POS systems also extending from within the enterprise to the entire supply chain. The POS terminal is a multifunctional terminal, is installed in special commercial tenants of credit cards and accepting network points to form a network with a computer, can realize automatic electronic fund transfer, has the functions of supporting consumption, pre-authorization, balance inquiry, transfer, printing and the like, and is safe, quick and reliable to use.
With the explosive growth of mobile networks in recent years, mobile traffic charges become cheaper and cheaper, a plurality of financial POS (point of sale) use the mobile networks for transaction, and mobile communication becomes an indispensable function of the financial POS. Due to the special use scenario of the financial POS, the cost of the mobile network used by the financial POS is lower than that of the mobile phone, especially, in recent years, the smart POS has increased explosively, a large number of mobile internet of things SIM cards are also used as an important communication tool of the financial POS, and the mobile network has become an important means for the financial POS communication.
With the use of a large amount of mobile networks in financial POS, the SIM card cutter is easy to occur, and the cutter switches a bank card account bound to a background of the POS machine into another account; the large-flow SIM card flow is stolen, which causes direct economic loss of third-party payment companies, the financial POS is replaced by an unsafe SIM card, and an unsafe network IP is accessed, which causes a series of safety problems and the like.
Therefore, it is necessary to design an anti-switching method based on an internet of things SIM card, so as to prevent the SIM card from being switched, improve the network security of the financial POS, and prevent the SIM card traffic of the operator from being stolen.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an anti-switching method and an anti-switching system based on an Internet of things SIM card.
In order to achieve the purpose, the invention adopts the following technical scheme: an anti-switching method based on an Internet of things SIM card comprises the following steps:
acquiring an identification code of the SIM card;
encrypting the identification code to obtain an encrypted information packet;
writing the encrypted information packet into a short message partition of the SIM card;
judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet;
if the SIM card is qualified, allowing the SIM card to be registered in a mobile network of an operator;
if not, the SIM card is not allowed to be registered in the mobile network of the operator.
The further technical scheme is as follows: the step of encrypting the identification code and acquiring the encrypted information packet comprises the following specific steps:
acquiring data carried by the identification code;
signing the data by using a private key to generate signature information;
acquiring a random number in the signature information;
encrypting the data by using a random number to form encryption information;
and packaging the encrypted information and the signature information to form an encrypted information packet.
The further technical scheme is as follows: the step of writing the encrypted information packet into the short message partition of the SIM card comprises the following specific steps:
judging whether the encrypted information packet exceeds the storage capacity of a short message partition or not;
if yes, splitting the encrypted information packet into a plurality of short messages, and entering the next step; if not, directly entering the next step;
and storing the encrypted information packet in a short message partition of the SIM card.
The further technical scheme is as follows: the step of judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet comprises the following specific steps:
reading short messages of the short message partition of the SIM card;
judging whether the short messages in the short message partition do not accord with the regulations;
if yes, the SIM card is unqualified;
if not, combining the short messages to form an encrypted information packet;
decrypting the encrypted information packet by adopting a public key built in the POS system, and reading data;
acquiring an identification code according to the data;
judging whether the acquired identification code is consistent with the identification code of the originally acquired SIM card;
if the two are consistent, the SIM is clamped with the grids;
if not, the SIM card is unqualified.
The further technical scheme is as follows: the step of allowing the SIM card to register in the mobile network of the operator comprises the following specific steps:
registering a mobile network;
acquiring an equipment IMEI number of the SIM card connecting network;
binding the SIM card to the IMEI number of the financial POS;
and limiting the network IP accessed by the SIM card.
The invention also provides an anti-switching system based on the Internet of things SIM card, which comprises an identification code acquisition unit, an encryption unit, a writing unit, a qualification judgment unit, an allowed registration unit and a rejected registration unit;
the identification code acquisition unit is used for acquiring the identification code of the SIM card;
the encryption unit is used for encrypting the identification code to obtain an encrypted information packet;
the writing unit is used for writing the encrypted information packet into the short message partition of the SIM card;
the qualification judging unit is used for judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet;
the registration permission unit is used for allowing the SIM card to be registered in a mobile network of an operator if the SIM card is qualified;
and the registration rejection unit is used for disallowing the SIM card to be registered in the mobile network of the operator if the SIM card is unqualified.
The further technical scheme is as follows: the encryption unit comprises a data acquisition module, a signature module, a random number acquisition module, a data encryption module and a packaging module;
the data acquisition module is used for acquiring the data carried by the identification code;
the signature module is used for signing the data by using a private key to generate signature information;
the random number acquisition module is used for acquiring a random number in the signature information;
the data encryption module is used for encrypting the data by using a random number to form encryption information;
and the packaging module is used for packaging the encrypted information and the signature information to form an encrypted information package.
The further technical scheme is as follows: the writing unit comprises a size judging module, a splitting module and a storage module;
the size judging module is used for judging whether the encrypted information packet exceeds the storage capacity of a short message partition;
the splitting module is used for splitting the encrypted information packet into a plurality of short messages if the encrypted information packet is received;
and the storage module is used for storing the encrypted information packet in a short message partition of the SIM card.
The further technical scheme is as follows: the qualification judgment unit comprises a short message reading module, a short message judgment module, a combination module, a decryption module, an identification code reading module and a consistency judgment module;
the short message reading module is used for reading short messages of the short message partition of the SIM card;
the short message judgment module is used for judging whether the short messages of the short message partitions do not accord with the regulations, and if so, the SIM card is unqualified;
the combination module is used for combining the short messages to form an encrypted information packet if the short messages are not combined;
the decryption module is used for decrypting the encrypted information packet by adopting a public key built in the POS system and reading data;
the identification code reading module is used for acquiring an identification code according to data;
the consistency judging module is used for judging whether the acquired identification code is consistent with the identification code of the originally acquired SIM card; if the two are consistent, the SIM is clamped with the grids; if not, the SIM card is unqualified.
The further technical scheme is as follows: the registration allowing unit comprises a registration module, an IMEI number acquiring module, a binding module and a limiting module;
the registration module is used for registering a mobile network;
the IMEI number acquisition module is used for acquiring the IMEI number of the equipment of the SIM card connecting network;
the binding module is used for binding the SIM card to the IMEI number of the financial POS;
and the limiting module is used for limiting the network IP accessed by the SIM card.
Compared with the prior art, the invention has the beneficial effects that: the invention discloses an anti-cutting method based on an Internet of things SIM card, which encrypts data attached to the SIM card by using customized secret key information according to a unique identification code attached to the SIM card to form an encrypted information packet so as to ensure that a financial POS can identify a specified SIM card, stores the encrypted information packet according to a specific format, verifies the qualification of the SIM card when the financial POS and the SIM card perform information interaction, rejects a network registration source of the unqualified SIM card, and automatically binds IMEI codes of the SIM card and the financial POS when the qualified SIM card is logged in and registered by using the Internet of things SIM card for the first time by using an Internet of things API (application programming interface) interface provided by an operator, thereby realizing the mutual binding between the SIM card and the financial POS, reducing the economic loss of application, improving the network access security of the financial POS and preventing the flow of the SIM card of the operator from being stolen.
The invention is further described below with reference to the accompanying drawings and specific embodiments.
Drawings
Fig. 1 is a flowchart of an anti-off method based on an internet of things SIM card according to an embodiment of the present invention;
fig. 2 is a flowchart of encrypting the identification code and obtaining an encrypted information packet according to an embodiment of the present invention;
fig. 3 is a flowchart of writing an encrypted packet into a short message partition of an SIM card according to an embodiment of the present invention;
fig. 4 is a flowchart for determining whether the SIM card is qualified according to the embodiment of the present invention;
fig. 5 is a flowchart of allowing a SIM card to register in a mobile network of an operator according to an embodiment of the present invention;
fig. 6 is a table of short message formats according to an embodiment of the present invention;
fig. 7 is a block diagram of a system for preventing a mobile terminal from being disconnected based on an internet of things SIM card according to an embodiment of the present invention;
fig. 8 is a block diagram of the encryption unit according to an embodiment of the present invention;
FIG. 9 is a block diagram of a write unit according to an embodiment of the present invention;
fig. 10 is a block diagram of a qualification determination unit according to an embodiment of the present invention;
fig. 11 is a block diagram of a registration permission unit according to an embodiment of the present invention.
Detailed Description
In order to more fully understand the technical content of the present invention, the technical solution of the present invention will be further described and illustrated with reference to the following specific embodiments, but not limited thereto.
As shown in specific embodiments of fig. 1 to 11, the method for preventing machine switching based on an internet of things SIM card provided in this embodiment can be applied to the fields of finance, commerce, electric power, government affairs, industry and commerce, security and logistics, and can prevent the SIM card from being switched, so as to improve the network security of a financial POS and prevent the SIM card traffic of an operator from being stolen.
As shown in fig. 1, the present embodiment provides an anti-disconnection method based on an internet of things SIM card, including:
s1, acquiring the identification code of the SIM card;
s2, encrypting the identification code to obtain an encrypted information packet;
s3, writing the encrypted information packet into the short message partition of the SIM card;
s4, judging whether the SIM card is qualified according to the short message partition, the identification code of the SIM card and the encrypted information packet;
s5, if qualified, allowing the SIM card to be registered in the mobile network of the operator;
and S6, if the SIM card is not qualified, not allowing the SIM card to be registered in the mobile network of the operator.
For the step S1, each SIM card has a fixed ICCID, which is a unique identification code of the SIM card and is not repeatable, and the identification code of the SIM card is obtained, specifically, the card issuing management system reads the ICCID of the corresponding SIM card through the SIM card reader and records the ICCID into the system database, and the unique identification code of the SIM card is used, so that the occurrence of card theft can be avoided.
Further, the step of encrypting the identification code and acquiring the encrypted information packet in the step of S2 includes the following specific steps:
s21, acquiring data carried by the identification code;
s22, signing the data by using a private key to generate signature information;
s23, acquiring a random number in the signature information;
s24, encrypting the data by using a random number to form encryption information;
and S25, packaging the encrypted information and the signature information to form an encrypted information package.
In the step S21, each SIM card carries data and an ICCID identification code, and the data needs to be encrypted during the transaction to ensure that the data is not stolen.
In the above steps S22 and S23, the data is signed by the private key, and mainly to obtain the signature information, a random number is obtained from the signature information, so that the non-replicability of the whole encrypted information packet is realized, and the problem of cutting is prevented.
In the step S24, the data is encrypted by using the random number, which is hard to copy, so that the encryption degree of the data can be improved, and the data root can be prevented from being switched.
In step S25, the encryption information and the signature information are specifically packed in the format of encryption information + signature information, so as to form an encryption information packet.
After the internet of things SIM card leaves a factory, the customized key information is written in through a card issuing system to ensure that the financial POS can identify the specified SIM card. After the card issuing system records the ICCID identification code into the system database, the ICCID identification code of the SIM card is converted into special data in a self-defined format and sent to the encryption machine, and the encryption machine encrypts the received data to form an encrypted information packet and returns the encrypted information packet to the card issuing system.
Further, the step of S3, writing the encrypted packet into the short message partition of the SIM card, includes the following steps:
s31, judging whether the encrypted information packet exceeds the storage capacity of a short message partition;
s32, if yes, splitting the encrypted information packet into a plurality of short messages, and going to the next step; if not, directly entering the next step;
and S33, storing the encrypted information packet in the short message partition of the SIM card.
Because the SIM card is a universal SIM card, the position of the SIM card which can be used by a user only comprises a short message partition and an address book partition, and the short message partition is selected as the storage position of the encrypted information for convenience of universal use.
For the above step S31, since each short message partition has a limited storage capacity, it is necessary to determine the size of the occupied capacity of the encrypted packet to ensure the number of the storage partitions of the encrypted packet and avoid the loss of part of the information of the encrypted packet.
In the step S32, if the encrypted message packet exceeds the storage capacity of the 1 st short message partition, since the data length is limited in the short message partition, each short message only allows 175 bytes to be stored at most, and if the length of the encrypted message packet is long, the data format is split and combined, the encrypted message needs to be split into multiple short messages, and then written into the short message partition of the SIM card through the SIM card reader-writer, and the storage location starts from the 1 st.
For the above step S33, during storage, the storage format of the encrypted packet is as shown in fig. 6, and the format of each short message is: the first byte is the total storage number, the second byte is the current storage number, the third and fourth bytes are the data length, and the latter bytes are used for writing data in the data splitting storage area. If the data format is 600 bytes and each short message stores 80 bytes, 600/80 ≈ 8 short messages need to be stored, and each short message is stored as follows: item 1, short message: total Num of storage is 8, Current number of storage is 0, Data Length is 80, and Data splitting storage area BCD Data is Data of storage; item 2, short message: total Num of storage is 8, Current number of storage is 1, Data Length is 80, and Data splitting storage area BCD Data is Data of storage; the 3 rd to 7 th short messages are the same as the 2 nd short message; item 8, short message: the Total number of storage, Total Num, is 8, the Current storage number, Current, Data Length, is 40, and the Data splitting storage area, BCD, Data, is storage Data.
Because the format of the short message HEX stored in the short message area must be BCD code, the data must be stored in BCD code, and the storage length is half of the actual storage maximum length.
The storage format of the encrypted information packet is limited, so that after subsequent decryption is facilitated, data in the encrypted information packet cannot be disturbed after the encrypted information packet is extracted.
Further, as for the step S4, the step of determining whether the SIM card is qualified according to the short message partition, the identification code of the SIM card, and the encryption information packet includes the following specific steps:
s41, reading the short messages of the short message partition of the SIM card;
s42, judging whether the short messages in the short message partition do not accord with the regulations;
s43, if yes, the SIM card is unqualified;
s44, if not, combining the short messages to form an encrypted information packet;
s45, decrypting the encrypted information packet by using a public key built in the POS system, and reading data;
s46, acquiring an identification code according to the data;
s47, judging whether the obtained identification code is consistent with the identification code of the original obtained SIM card;
s48, if the two are consistent, the SIM is clamped into the grid; if not, the process proceeds to step S43.
For the step S41, the card issuing system installs the encrypted SIM card to a specific financial POS, and the financial POS detects the SIM card locking legitimacy after starting up, specifically, the POS reads the short message partition of the SIM card to obtain the short message of the short message partition.
The step S42 is specifically to determine whether there is a short message in the short message partition or whether the obtained short message in the short message partition is legal, and if there is no short message in the short message partition or the obtained short message in the short message partition is illegal, the SIM card is not qualified and the network registration is not allowed.
For the above step S44, specifically, the encrypted information packet is divided into a plurality of short messages and stored in the short message partition during storage, so that all the short messages need to be combined in sequence to form the originally stored encrypted information packet.
For the above step S45, the public key is used to unlock the private key, the public key corresponds to the private key one to one, and the encrypted information packet is decrypted only after the POS system is used, so as to obtain the data in the SIM card.
As for the above step S46, the data and the ICCID identification code are in one-to-one correspondence, and therefore, the identification code corresponding thereto can be acquired by the data.
For the above step S47, the identity of the SIM card is determined to be acceptable by comparing the identity of the SIM card and the obtained identity, i.e. comparing the obtained identity with the ICCID identity of the SIM card itself.
And combining the short messages read from the short message partitions into an encrypted message packet, decrypting the message through a public key built in the POS system, recovering an ICCID (integrated circuit identification) code written in the card issuing system from the data, reading the ICCID code of the SIM card, comparing the ICCID code with the SIM card, verifying that the card is illegal and not allowing to register the network if the ICCID code is different, and allowing to register the card in a mobile network of an operator if the ICCID code is the same, so that the financial POS is ensured to only recognize the card sent by the card issuing system and not allow other cards to be used.
Further, the step of allowing the SIM card to register in the mobile network of the operator in step S5 includes the following specific steps:
s51, registering the mobile network;
s52, obtaining the IMEI number of the SIM card connecting network;
s53, binding the SIM card to the IMEI number of the financial POS;
s54, limiting the network IP accessed by the SIM card.
In the step S51, after the financial POS detects that the SIM card is legal, the financial POS registers the mobile network with the SIM card.
In the above step S52, the IMEI is an abbreviation of the international mobile equipment identity code, and the international mobile equipment identification code is an "electronic serial number" composed of 15 digits, which corresponds to each mobile phone one by one, and is unique worldwide. Each mobile telephone, when assembled, is assigned a globally unique set of numbers that are recorded from manufacture to delivery by the manufacturer. After the mobile network registration is completed, the management background can obtain the IMEI number of the equipment currently connected with the network through the SIM card through the API of the operator.
The step S53 is to control the SIM card to be bound to the IMEI number of the financial POS through the API interface by the management back-end, so as to ensure that the SIM card cannot register to the network after being moved to another terminal device, and to achieve mutual binding between the SIM card and the financial POS, so as to reduce the economic loss of the application and improve the security of the financial POS network access.
In the step S54, specifically, the network IP accessed by the SIM card is limited in the API interface provided by the SIM card of the internet of things, so as to improve the network security of the financial POS.
The ICCID is an integrated circuit card identification code, i.e., a SIM card number, which is equivalent to an identification card of a mobile phone number, and is a unique identification number of an IC card, and is composed of 20 digits in total.
According to the method for preventing the machine from being cut based on the Internet of things SIM card, the customized secret key information is adopted to encrypt the data attached to the SIM card according to the unique identification code attached to the SIM card to form an encrypted information packet, so that a financial POS can identify the specified SIM card, the encrypted information packet is stored according to a specific format, when the financial POS and the SIM card perform information interaction, the qualification of the SIM card is verified, the network registration source of the unqualified SIM card is rejected, for the qualified SIM card, the IMEI code of the SIM card and the financial POS is automatically bound by utilizing an API (application programming interface) interface of the Internet of things provided by an operator when the SIM card of the Internet of things is used for login and registration for the first time, the mutual binding between the SIM card and the financial POS is realized, the economic loss of application is reduced, the network access safety of the financial POS is improved, and the flow stealing of the SIM card of the operator is prevented.
Further, as shown in fig. 7, the present embodiment further provides an anti-disconnection system based on an internet of things SIM card, which includes an identification code obtaining unit 1, an encryption unit 2, a writing unit 3, a qualification judgment unit 4, an allowed registration unit 5, and a rejected registration unit 6.
And the identification code acquisition unit 1 is used for acquiring the identification code of the SIM card.
And the encryption unit 2 is used for encrypting the identification code to obtain an encrypted information packet.
And the writing unit 3 is used for writing the encrypted information packet into the short message partition of the SIM card.
And the qualification judgment unit 4 is used for judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet.
And an allowing registration unit 5, configured to allow the SIM card to register in the mobile network of the operator if the SIM card is qualified.
A reject registration unit 6 for not allowing the SIM card to be registered in the mobile network of the operator if it is not qualified.
For the above identification code obtaining unit 1, each SIM card has a fixed ICCID, which is a unique identification code of the SIM card and is not repeatable, and the identification code of the SIM card is obtained.
Further, the encryption unit 2 includes a data obtaining module 21, a signature module 22, a random number obtaining module 23, a data encryption module 24, and a packaging module 25.
And the data acquisition module 21 is configured to acquire data carried by the identification code.
And the signature module 22 is configured to sign the data by using a private key to generate signature information.
And a random number obtaining module 23, configured to obtain a random number in the signature information.
And the data encryption module 24 is used for encrypting the data by using the random number to form encryption information.
And a packaging module 25 for packaging the encrypted information and the signature information to form an encrypted information package.
For the data obtaining module 21, each SIM card carries data and an ICCID identification code, and during the transaction, the data needs to be encrypted to ensure that the data is not stolen.
For the signature module 22 and the random number obtaining module 23, the data is signed by using a private key, and mainly for obtaining signature information, a random number is obtained through the signature information, so that the non-replicability of the whole encrypted information packet is realized, and the phenomenon of cutting is prevented.
The data encryption module 24 specifically encrypts the data by using a random number, which has a property of hard to copy, and can improve the encryption degree of the data and prevent the occurrence of a cutting phenomenon from a data source.
The packaging module 25 integrates and packages the encrypted information and the signature information according to the format of the encrypted information + the signature information, so as to form an encrypted information package.
After the internet of things SIM card leaves a factory, the customized key information is written in through a card issuing system to ensure that the financial POS can identify the specified SIM card. After the card issuing system records the ICCID identification code into the system database, the ICCID identification code of the SIM card is converted into special data in a self-defined format and sent to the encryption machine, and the encryption machine encrypts the received data to form an encrypted information packet and returns the encrypted information packet to the card issuing system.
Furthermore, the writing unit 3 includes a size determining module 31, a splitting module 32, and a storing module 33.
A size determining module 31, configured to determine whether the encrypted packet exceeds the storage capacity of a short message partition.
And the splitting module 32 is used for splitting the encrypted information packet into a plurality of short messages if the encrypted information packet is received.
And the storage module 33 is configured to store the encrypted information packet in a short message partition of the SIM card.
Because the SIM card is a universal SIM card, the position of the SIM card which can be used by a user only comprises a short message partition and an address book partition, and the short message partition is selected as the storage position of the encrypted information for convenience of universal use.
For the size determining module 31, since the storage capacity of each short message partition is limited, the size of the capacity occupied by the encrypted information packet needs to be determined to ensure the number of the storage partitions of the encrypted information packet and avoid the loss of part of information of the encrypted information packet.
For the splitting module 32, if the encrypted message packet exceeds the storage capacity of 1 short message partition, since the data length is limited in the short message partition, each short message only allows to store 175 bytes at most, and if the length of the encrypted message packet is long, the data format is split and combined, the encrypted message packet needs to be split into multiple short messages, and then written into the short message partition of the SIM card through the SIM card reader-writer, and the storage location starts from the 1 st.
For the storage module 33, during storage, the storage format of the encrypted information packet is as shown in fig. 6, and the format of each short message is: the first byte is the total storage number, the second byte is the current storage number, the third and fourth bytes are the data length, and the latter bytes are used for writing data in the data splitting storage area. If the data format is 600 bytes and each short message stores 80 bytes, 600/80 ≈ 8 short messages need to be stored, and each short message is stored as follows: item 1, short message: total Num of storage is 8, Current number of storage is 0, Data Length is 80, and Data splitting storage area BCD Data is Data of storage; item 2, short message: total Num of storage is 8, Current number of storage is 1, Data Length is 80, and Data splitting storage area BCD Data is Data of storage; the 3 rd to 7 th short messages are the same as the 2 nd short message; item 8, short message: the Total number of storage, Total Num, is 8, the Current storage number, Current, Data Length, is 40, and the Data splitting storage area, BCD, Data, is storage Data.
Because the format of the short message HEX stored in the short message area must be BCD code, the data must be stored in BCD code, and the storage length is half of the actual storage maximum length.
The storage format of the encrypted information packet is limited, so that after subsequent decryption is facilitated, data in the encrypted information packet cannot be disturbed after the encrypted information packet is extracted.
Furthermore, the aforementioned qualification determining unit 4 includes a short message reading module 41, a short message determining module 42, a combining module 43, a decrypting module 44, an identification code reading module 45, and a consistency determining module 46.
The short message reading module 41 is configured to read short messages of the short message partition of the SIM card.
And the short message judgment module 42 is used for judging whether the short messages of the short message partitions do not meet the specification, and if so, the SIM card is unqualified.
And the combination module 43 is used for combining the short messages to form an encrypted information packet if the short messages are not combined.
And the decryption module 44 is configured to decrypt the encrypted information packet by using a public key built in the POS system, and read data.
And the identification code reading module 45 is used for acquiring the identification code according to the data.
A consistency judging module 46, configured to judge whether the obtained identification code is consistent with the identification code of the originally obtained SIM card; if the two are consistent, the SIM is clamped with the grids; if not, the SIM card is unqualified.
For the above-mentioned short message reading module 41, the encrypted SIM card is installed to a specific financial POS through the card issuing system, and the financial POS detects the SIM card-locking method after starting up, specifically, the POS reads the short message partition of the SIM card to obtain the short message of the short message partition.
The above-mentioned short message judgment module 42 specifically judges whether there is a short message in the short message partition or whether the obtained short message in the short message partition is legal, and if there is no short message in the short message partition or the obtained short message in the short message partition is illegal, the SIM card is not qualified and the network registration is not allowed.
The above-mentioned combination module 43 is specifically configured to split the encrypted information packet into a plurality of short messages to be stored in the short message partition during storage, so that all the short messages need to be combined in sequence to form the originally stored encrypted information packet.
The decryption module 44 decrypts the private key by using the public key, where the public key corresponds to the private key one to one, and only after the POS system is used, the encrypted information packet is decrypted to obtain the data in the SIM card.
For the above-mentioned identification code reading module 45, the data and the ICCID identification code are in one-to-one correspondence, and therefore, the corresponding identification code can be obtained through the data.
The consistency determining module 46 compares the originally obtained identification code of the SIM card with the obtained identification code, that is, compares the obtained identification code with the ICCID identification code of the SIM card itself, so as to determine whether the SIM card is qualified.
And combining the short messages read from the short message partitions into an encrypted message packet, decrypting the message through a public key built in the POS system, recovering an ICCID (integrated circuit identification) code written in the card issuing system from the data, reading the ICCID code of the SIM card, comparing the ICCID code with the SIM card, verifying that the card is illegal and not allowing to register the network if the ICCID code is different, and allowing to register the card in a mobile network of an operator if the ICCID code is the same, so that the financial POS is ensured to only recognize the card sent by the card issuing system and not allow other cards to be used.
Further, the registration enabling unit 5 includes a registration module 51, an IMEI number acquiring module 52, a binding module 53 and a restriction module 54.
A registration module 51 for registering the mobile network.
An IMEI number obtaining module 52, configured to obtain an IMEI number of the device to which the SIM card is connected.
And the binding module 53 is used for binding the SIM card to the IMEI number of the financial POS.
And a limiting module 54 for limiting the network IP accessed by the SIM card.
The registration module 51 is specifically configured to register the mobile network by using the SIM card after the financial POS detects that the SIM card is legal.
For the above mentioned IMEI number obtaining module 52, the IMEI is an abbreviation of the international mobile equipment identity code, and the international mobile equipment identification code is an "electronic serial number" composed of 15 digits, which corresponds to each mobile phone one by one, and the code is unique worldwide. Each mobile telephone, when assembled, is assigned a globally unique set of numbers that are recorded from manufacture to delivery by the manufacturer. After the mobile network registration is completed, the management background can obtain the IMEI number of the equipment currently connected with the network through the SIM card through the API of the operator.
The binding module 53 specifically controls the SIM card to be bound to the IMEI number of the financial POS through the API interface by the management back-end, so as to ensure that the SIM card cannot register to the network after being moved to another terminal device, thereby achieving mutual binding between the SIM card and the financial POS, reducing the economic loss of application, and improving the security of network access of the financial POS.
As for the limiting module 54, in particular, in the API interface provided by the SIM card of the internet of things, the network IP accessed by the SIM card is limited, so as to improve the network security of the financial POS.
The ICCID is an integrated circuit card identification code, i.e., a SIM card number, which is equivalent to an identification card of a mobile phone number, and is a unique identification number of an IC card, and is composed of 20 digits in total.
According to the anti-cutting system based on the Internet of things SIM card, the customized secret key information is adopted to encrypt the data attached to the SIM card according to the unique identification code attached to the SIM card to form an encrypted information packet, so that a financial POS can identify the specified SIM card, the encrypted information packet is stored according to a specific format, when the financial POS and the SIM card perform information interaction, the qualification of the SIM card is verified, the network registration source of the unqualified SIM card is rejected, and for the qualified SIM card, the IMEI codes of the SIM card and the financial POS are automatically bound when the Internet of things SIM card is used for login and registration for the first time by using an Internet of things API (application programming interface) interface provided by an operator, so that the mutual binding between the SIM card and the financial POS is realized, the economic loss of application is reduced, the network access security of the financial POS is improved, and the flow of the SIM card of the operator is prevented from being stolen.
The technical contents of the present invention are further illustrated by the examples only for the convenience of the reader, but the embodiments of the present invention are not limited thereto, and any technical extension or re-creation based on the present invention is protected by the present invention. The protection scope of the invention is subject to the claims.

Claims (4)

1. An anti-switching method based on an Internet of things SIM card is characterized by comprising the following steps:
acquiring an identification code of the SIM card;
encrypting the identification code to obtain an encrypted information packet;
writing the encrypted information packet into a short message partition of the SIM card;
judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet;
if the SIM card is qualified, allowing the SIM card to be registered in a mobile network of an operator;
if not, not allowing the SIM card to be registered in the mobile network of the operator;
the step of encrypting the identification code and acquiring the encrypted information packet comprises the following specific steps:
acquiring data carried by the identification code;
signing the data by using a private key to generate signature information;
acquiring a random number in the signature information;
encrypting the data by using a random number to form encryption information;
packaging the encrypted information and the signature information to form an encrypted information packet;
the step of writing the encrypted information packet into the short message partition of the SIM card comprises the following specific steps:
judging whether the encrypted information packet exceeds the storage capacity of a short message partition or not;
if yes, splitting the encrypted information packet into a plurality of short messages, and entering the next step; if not, directly entering the next step; splitting the encrypted information into a plurality of short messages, writing the short messages into a short message partition of the SIM card through an SIM card reader-writer, and storing the storage position from the 1 st message;
storing the encrypted information packet in a short message partition of the SIM card, specifically, storing the encrypted information packet in the short message partition of the SIM card by using a BCD code; the format of each short message is as follows: the first byte is the total storage number, the second byte is the current storage number, the third and fourth bytes are the data length, and the later bytes are used for writing data in the data splitting storage area;
the step of judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet comprises the following specific steps:
reading short messages of the short message partition of the SIM card;
judging whether the short messages in the short message partition do not accord with the regulations;
if yes, the SIM card is unqualified;
if not, combining the short messages to form an encrypted information packet;
decrypting the encrypted information packet by adopting a public key built in the POS system, and reading data;
acquiring an identification code according to the data;
judging whether the acquired identification code is consistent with the identification code of the originally acquired SIM card;
if the two are consistent, the SIM is clamped with the grids;
if not, the SIM card is unqualified;
the step of allowing the SIM card to register in the mobile network of the operator comprises the following specific steps:
registering a mobile network;
acquiring an equipment IMEI number of the SIM card connecting network;
binding the SIM card to the IMEI number of the financial POS;
and limiting the network IP accessed by the SIM card.
2. The machine switching prevention system based on the Internet of things SIM card is suitable for the machine switching prevention method based on the Internet of things SIM card in claim 1, and is characterized by comprising an identification code acquisition unit, an encryption unit, a writing unit, a qualification judgment unit, an allowed registration unit and a rejected registration unit;
the identification code acquisition unit is used for acquiring the identification code of the SIM card;
the encryption unit is used for encrypting the identification code to obtain an encrypted information packet;
the writing unit is used for writing the encrypted information packet into the short message partition of the SIM card;
the qualification judging unit is used for judging whether the SIM card is qualified or not according to the short message partition, the identification code of the SIM card and the encrypted information packet;
the registration permission unit is used for allowing the SIM card to be registered in a mobile network of an operator if the SIM card is qualified;
the registration rejection unit is used for not allowing the SIM card to be registered in the mobile network of the operator if the SIM card is unqualified;
the encryption unit comprises a data acquisition module, a signature module, a random number acquisition module, a data encryption module and a packaging module;
the data acquisition module is used for acquiring the data carried by the identification code;
the signature module is used for signing the data by using a private key to generate signature information;
the random number acquisition module is used for acquiring a random number in the signature information;
the data encryption module is used for encrypting the data by using a random number to form encryption information;
the packaging module is used for packaging the encrypted information and the signature information to form an encrypted information package;
the writing unit comprises a size judging module, a splitting module and a storage module;
the size judging module is used for judging whether the encrypted information packet exceeds the storage capacity of a short message partition;
the splitting module is used for splitting the encrypted information packet into a plurality of short messages if the encrypted information packet is received;
the storage module is used for storing the encrypted information packet in a short message partition of the SIM card, and specifically, storing the encrypted information packet in the short message partition of the SIM card by using a BCD code.
3. The machine-cutting prevention system based on the Internet of things SIM card according to claim 2, wherein the qualification judgment unit comprises a short message reading module, a short message judgment module, a combination module, a decryption module, an identification code reading module and a consistency judgment module;
the short message reading module is used for reading short messages of the short message partition of the SIM card;
the short message judgment module is used for judging whether the short messages of the short message partitions do not accord with the regulations, and if so, the SIM card is unqualified;
the combination module is used for combining the short messages to form an encrypted information packet if the short messages are not combined;
the decryption module is used for decrypting the encrypted information packet by adopting a public key built in the POS system and reading data;
the identification code reading module is used for acquiring an identification code according to data;
the consistency judging module is used for judging whether the acquired identification code is consistent with the identification code of the originally acquired SIM card; if the two are consistent, the SIM is clamped with the grids; if not, the SIM card is unqualified.
4. The Internet of things SIM card-based anti-switching system according to claim 3, wherein the registration allowing unit comprises a registration module, an IMEI number acquisition module, a binding module and a restriction module;
the registration module is used for registering a mobile network;
the IMEI number acquisition module is used for acquiring the IMEI number of the equipment of the SIM card connecting network;
the binding module is used for binding the SIM card to the IMEI number of the financial POS;
and the limiting module is used for limiting the network IP accessed by the SIM card.
CN201710687501.5A 2017-08-11 2017-08-11 Machine switching prevention method and system based on Internet of things SIM card Active CN107318103B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710687501.5A CN107318103B (en) 2017-08-11 2017-08-11 Machine switching prevention method and system based on Internet of things SIM card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710687501.5A CN107318103B (en) 2017-08-11 2017-08-11 Machine switching prevention method and system based on Internet of things SIM card

Publications (2)

Publication Number Publication Date
CN107318103A CN107318103A (en) 2017-11-03
CN107318103B true CN107318103B (en) 2020-12-08

Family

ID=60170293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710687501.5A Active CN107318103B (en) 2017-08-11 2017-08-11 Machine switching prevention method and system based on Internet of things SIM card

Country Status (1)

Country Link
CN (1) CN107318103B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616870B (en) * 2018-05-10 2021-09-07 中国联合网络通信集团有限公司 Method and device for identifying terminal customized preferentially
CN109151823B (en) * 2018-09-10 2021-08-31 中国联合网络通信集团有限公司 eSIM card authentication method and system
CN114492682B (en) * 2022-01-11 2023-03-10 无锡宇宁智能科技有限公司 SIM card on-line card issuing circuit, method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1541015A (en) * 2003-10-31 2004-10-27 大唐微电子技术有限公司 Method and system of preventing handset from theft by using international id code of mobile facilities
CN101478748A (en) * 2009-01-24 2009-07-08 深圳华为通信技术有限公司 Method and user equipment for SIM card unlocking prevention method
CN105100415A (en) * 2015-05-28 2015-11-25 努比亚技术有限公司 Login method and mobile terminal
CN106686573A (en) * 2016-12-14 2017-05-17 深圳普创天信科技发展有限公司 Method of interlocking SIM card with device
CN106712963A (en) * 2016-12-27 2017-05-24 艾体威尔电子技术(北京)有限公司 Anti-generator-tripping remote signature system and method of POS machine

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015108453A1 (en) * 2014-01-16 2015-07-23 Telefonaktiebolaget L M Ericsson (Publ) System, methods and apparatuses for providing network access security control

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1541015A (en) * 2003-10-31 2004-10-27 大唐微电子技术有限公司 Method and system of preventing handset from theft by using international id code of mobile facilities
CN101478748A (en) * 2009-01-24 2009-07-08 深圳华为通信技术有限公司 Method and user equipment for SIM card unlocking prevention method
CN105100415A (en) * 2015-05-28 2015-11-25 努比亚技术有限公司 Login method and mobile terminal
CN106686573A (en) * 2016-12-14 2017-05-17 深圳普创天信科技发展有限公司 Method of interlocking SIM card with device
CN106712963A (en) * 2016-12-27 2017-05-24 艾体威尔电子技术(北京)有限公司 Anti-generator-tripping remote signature system and method of POS machine

Also Published As

Publication number Publication date
CN107318103A (en) 2017-11-03

Similar Documents

Publication Publication Date Title
US11605074B2 (en) System and method for secured account numbers in proximily devices
CA2691789C (en) System and method for account identifier obfuscation
Lacmanović et al. Contactless payment systems based on RFID technology
WO2014081073A1 (en) Mobile payment system and mobile payment method using dynamic track 2 information
US20140258134A1 (en) Method of generating one-time code
CN103999107A (en) Payment method using one-time card information
US20050137986A1 (en) Methods and systems for electromagnetic initiation of secure transactions
JP2009507308A5 (en)
CN107318103B (en) Machine switching prevention method and system based on Internet of things SIM card
WO2014081075A1 (en) Method for processing transaction using dynamic pan
CN104240074A (en) Prepaid card online payment system based on identity authentication and payment method of prepaid card online payment system
KR102574524B1 (en) Remote transaction system, method and point of sale terminal
US20130332356A1 (en) Mobile card management method
CN101866411B (en) Security certification and encryption method and system of multi-application noncontact-type CPU card
CN101140649A (en) Method and system for realizing electric commerce by mobile phones integrating RFID chip mobile phones
US20160150401A1 (en) Smart packaging
US11151579B2 (en) Authentication of goods
US20200302426A1 (en) Bluetooth financial card and working method therefor
CN105103180A (en) Method for processing issuance of mobile credit card
KR101670607B1 (en) Apparatus for performing card patment with one time card information
JP2005258885A (en) Ic card settlement system, and ic card settlement method
KR20080079752A (en) Real goods judgment system and the method for real goods judgment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant