CN107451647B - Built-in safety mechanism's special SIM card of barracks - Google Patents
Built-in safety mechanism's special SIM card of barracks Download PDFInfo
- Publication number
- CN107451647B CN107451647B CN201610382275.5A CN201610382275A CN107451647B CN 107451647 B CN107451647 B CN 107451647B CN 201610382275 A CN201610382275 A CN 201610382275A CN 107451647 B CN107451647 B CN 107451647B
- Authority
- CN
- China
- Prior art keywords
- user
- information
- user identity
- safety
- sim card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a special SIM card for a barrage with a built-in safety mechanism, which comprises a communication module, a safety operation module and a safety storage module. The security operation module realizes the functions of identity authentication and communication encryption through command data analysis, transmission interface data transmission, operation on a cipher algorithm chip and access and management logs of each storage unit, and simultaneously has a high-strength operation function and is responsible for decrypting authentication parameters and encrypting authentication results. The safe storage module has the functions of storing application programs, user information, setting information, digital certificates and log files, and data stored in the safe storage module are permanently stored after power failure. According to the special SIM card provided by the invention, the safety operation module and the safety storage module are added to carry out identity authentication and communication encryption, and the user information and the digital certificate are stored, so that the stability and safety of the communication of the SIM card are improved, and the safety protection of the communication in a barrage is realized.
Description
Technical Field
The invention relates to the technical field of smart cards, in particular to a special SIM card for a barrage with a built-in security mechanism.
Background
In the global informatization era, information security has become an important subject, so that the information control right is obtained, the hidden danger of various aspects of information security work in the information security construction of the barrage is faced, the information security protection measures for simply resisting external attack are insufficient to cope with urgent demands of the information security work in the information construction of the barrage, a more advanced omnibearing information security protection system is introduced, and the demands of the information security work in the information construction of the barrage under new situation are satisfied to become the primary work of the information construction of the barrage.
In the daily use process of the conventional SIM card, the mobile phone call and the short message have potential risks, spy, hackers and criminals can clone or crack the SIM card through technical means, and under the condition that a user does not feel, the purposes of monitoring and interception are achieved, and serious consequences of important information loss or leakage are caused.
Disclosure of Invention
In view of the above, the present invention aims to provide a highly secure SIM card with a built-in security mechanism for a camping area.
Based on the above purpose, the SIM card special for the barrage with the built-in safety mechanism comprises a communication module, a safety operation module and a safety storage module.
The security operation module realizes the functions of identity authentication and communication encryption through command data analysis, transmission interface data transmission, operation on a cipher algorithm chip and access and management logs of each storage unit, and simultaneously has a high-strength operation function and is responsible for decrypting authentication parameters and encrypting authentication results.
The safe storage module has the functions of storing application programs, user information, setting information, digital certificates and log files, and data stored in the safe storage module are permanently stored after power failure.
In some embodiments, the secure operation module includes:
the user identity authentication unit is used for authenticating the user identity to ensure that the accessed user is a legal user, and ensuring the safety of the user data and the information by carrying out whole-course encryption transmission on the user data and the identity signaling information.
And the mobile equipment authentication unit is used for ensuring that the accessed mobile equipment is legal by verifying whether the mobile equipment has access authority when the special SIM card is accessed to the mobile equipment.
And a communication encryption unit for automatically prompting the terminal which encryption algorithms can be used, enhancing the security index of the information transmitted in the network by encrypting the communication information, and realizing the whole process encryption from one end to the other end by adopting a switching mechanism taking the switching equipment as a core and an encryption link pointing to the switching equipment.
In some embodiments, the communication encryption unit includes the following sub-units:
and the key establishment unit is used for storing the generated asymmetric key by the key management center, storing public keys generated by other networks, simultaneously generating and storing symmetric session keys for encrypting information, and receiving and distributing the symmetric session keys for other networks for encrypting information.
And a key distribution unit for distributing the session key to nodes in the network.
And the communication security unit uses the asymmetric key to realize data encryption, data source authentication and data integrity protection.
In some embodiments, the user identity authentication unit comprises the following sub-units:
the user identity judging unit is used for receiving the user identity information and judging the user identity type according to the user identity information, wherein the user identity type comprises a temporary user identity and a permanent user identity.
And the temporary user authentication unit authenticates the user identity information when the user identity type is the temporary user identity, and performs single authorization on the temporary user meeting the identity authentication requirement.
And the permanent user authentication unit is used for permanently authorizing the permanent user when the user identity type is the permanent user identity.
In some embodiments, the digital certificate is stored in a secure area of the secure storage module, and the certificate is read after passing through an external interface function of the secure area and through a join authorization.
In some embodiments, the user identity is authenticated by an asymmetric encryption algorithm.
In some embodiments, the user information includes user identity information and user location information.
From the above, it can be seen that the SIM card with built-in security mechanism provided by the present invention improves the stability and security of SIM card communication by adding the security operation module for identity authentication and communication encryption, and further enhances the security protection of SIM card by adding the security storage module for storing user information and digital certificates, thereby further realizing the security protection of the camp communication and the internet.
Drawings
Fig. 1 is a schematic diagram of an embodiment of a SIM card with a built-in security mechanism for camping areas provided by the present invention;
FIG. 2 is a schematic diagram of an embodiment of a security computing module according to the present invention;
FIG. 3 is a schematic diagram of another embodiment of a security computing module according to the present invention;
the system comprises a 1-communication module, a 2-security operation module, a 3-security storage module, a 201-user identity authentication unit, a 202-mobile equipment authentication unit, a 203-communication encryption unit, a 201 a-user identity judgment unit, a 201 b-temporary user authentication unit, a 201 c-permanent user authentication unit, a 203 a-key establishment unit, a 203 b-key distribution unit and a 203 c-communication security unit.
Detailed Description
The present invention will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent.
It should be noted that, in the embodiments of the present invention, all the expressions "first" and "second" are used to distinguish two entities with the same name but different entities or different parameters, and it is noted that the "first" and "second" are only used for convenience of expression, and should not be construed as limiting the embodiments of the present invention, and the following embodiments are not described one by one.
The invention provides a special SIM card with a built-in safety mechanism for a barrage, which comprises a communication module 1, a safety operation module 2 and a safety storage module 3;
the security operation module 2 realizes the functions of identity authentication and communication encryption through command data analysis, transmission interface data transmission, operation on a cipher algorithm chip, access to each storage unit and management log, and has a high-strength operation function and is responsible for decrypting authentication parameters and encrypting authentication results.
The secure storage module 3 has a function of storing an application program, user information, setting information, a digital certificate and a log file, and data stored in the secure storage module is permanently stored after power failure.
The secure storage module 3 can permanently store data, encrypt the stored data, and when the special SIM is separated from the authorized terminal, the key is lost, the stored data cannot be read by other devices, the user information comprises user identity information and user position information, and the user identity information and the user position information are stored in the secure storage module, so that the information security is ensured.
The digital certificate is stored in a safety area of the safety storage module, and is read after an external interface function of the safety area and the connection authorization are passed.
The SIM card with the built-in security mechanism improves the stability and security of SIM card communication by adding the security operation module and carrying out identity authentication and communication encryption, and further realizes the security protection of the barrage communication by the Internet by adding the security storage module and storing user information and digital certificates.
Further, as shown in fig. 2, an embodiment of the structure of the security operation module 2 is shown, where the security operation module 2 includes:
the user identity authentication unit 201 ensures that the accessed user is a legal user by acquiring the user identity and authenticating the user identity, and ensures the safety of the user data and the information by carrying out whole-course encryption transmission on the user data and the identity signaling information.
The authentication of the user identity is performed through an asymmetric encryption algorithm.
The mobile device authentication unit 202 verifies whether the mobile device has access authority when the special SIM card accesses the mobile device, so as to ensure that the accessed mobile device is a legal mobile device.
And a communication encryption unit 203, which automatically prompts the terminal which encryption algorithms can be used, by encrypting the communication message, the security index of the message transmitted in the network is enhanced, and by adopting a switching mechanism with the switching device as a core, the encryption link points to the switching device, and the whole process encryption from one end to the other end is realized.
The information data encryption mechanism is mainly characterized in that the key length is longer, the encryption algorithm negotiation mechanism is established, the transmission of the information in the network is not transmitted in the clear, and in the whole communication system, the data confidentiality mechanism establishes four security features of encryption key negotiation, signaling data encryption, encryption algorithm negotiation and user data encryption.
The built-in security mechanism is used for authenticating the user identity through the user identity authentication unit 201, ensuring that the accessed user is a legal user through an asymmetric encryption algorithm, and ensuring the security of the user data and the information through carrying out whole-course encryption transmission on the user data and the identity signaling information; verifying whether the mobile device has access authority through the mobile device authentication unit 202, and ensuring that the accessed mobile device is legal mobile device; and the communication encryption unit 203 encrypts the communication message, so as to strengthen the security index of the message transmitted in the network; through authentication of the user and the smart card, a bidirectional authentication mechanism and a communication encryption mechanism of authentication of the smart card and the terminal ensure multiple security of network access, a user domain and a network domain, data leakage caused by technical loopholes is avoided, and safety protection of barrage communication is realized.
Further, as shown in fig. 3, another embodiment of the security operation module 2, the security operation module 2 includes: a user identity authentication unit 201 (fig. 2), a mobile device authentication unit 202, and a communication encryption unit 203 (fig. 2).
The user identity authentication unit 201 includes the following sub-units:
the user identity judging unit 201a receives user identity information, and judges a user identity type according to the user identity information, wherein the user identity type comprises: temporary user identity and permanent user identity;
a temporary user authentication unit 201b, which authenticates the user identity information when the user identity type is the temporary user identity, and performs a single authorization for the temporary user meeting the identity authentication requirement;
the temporary identity machine is used for ensuring the safety of user data and information, the user cannot use the same identity port for a long time in communication, the system automatically distributes a temporary identity to the user, and the communication system carries out whole-course encryption transmission on the user data and the identity signaling information.
A permanent user authentication unit 201c, for performing permanent authorization on the permanent user when the user identity type is the permanent user identity.
Further, the communication encryption unit 203 includes the following sub-units:
the key creation unit 203a stores the generated asymmetric key by the key management center and holds public keys generated by other networks, simultaneously generates and stores symmetric session keys for encrypting information, and receives and distributes symmetric session keys for other networks for encrypting information.
The key distribution unit 203b distributes the session key to nodes in the network.
The communication security unit 203c uses the asymmetric key to implement data encryption, data source authentication, and data integrity protection.
In the prior art, signaling and data are transmitted between GSM network entities in a plaintext manner, and exchange information between network entities is unprotected.
From the above, it can be seen that the SIM card with built-in security mechanism provided by the present invention improves the stability and security of SIM card communication by adding the security operation module, adopting the two-way authentication mechanism and the identity authentication function of the asymmetric encryption algorithm, and the communication encryption, and further realizes the security protection of the service area communication and the internet by adding the security storage module to store the user information and the digital certificate.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the idea of the invention, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omission, modification, equivalent replacement, improvement, etc. of the present invention should be included in the scope of the present invention.
Claims (7)
1. The special SIM card for the barracks with the built-in safety mechanism comprises a communication module and is characterized by also comprising a safety operation module and a safety storage module;
the security operation module realizes the functions of identity authentication and communication encryption through command data analysis, transmission interface data transmission, operation on a cipher algorithm chip and access and management logs of each storage unit, and has a high-strength operation function and is responsible for decrypting authentication parameters and encrypting authentication results;
the safety storage module has the functions of storing application programs, user information, setting information, digital certificates and log files, and data stored in the safety storage module are permanently stored after power failure; and the special SIM is also used for encrypting the stored data, and when the special SIM is separated from the authorized terminal, the secret key is lost, so that the stored data cannot be read by other equipment, the user information comprises user identity information and user position information, and the user identity information and the user position information are stored in a safe deposit number module, so that the information safety is ensured.
2. The camping area specific SIM card with the built-in security mechanism of claim 1, wherein the security operation module comprises:
the user identity authentication unit is used for ensuring that an accessed user is a legal user by acquiring the user identity and authenticating the user identity, and ensuring the safety of the user data and the information by carrying out whole-course encryption transmission on the user data and the identity signaling information;
the mobile equipment authentication unit is used for ensuring that the accessed mobile equipment is legal by verifying whether the mobile equipment has access authority when the special SIM card is accessed to the mobile equipment;
and a communication encryption unit for automatically prompting the terminal which encryption algorithms can be used, enhancing the security index of the information transmitted in the network by encrypting the communication information, and realizing the whole process encryption from one end to the other end by adopting a switching mechanism taking the switching equipment as a core and an encryption link pointing to the switching equipment.
3. The camping area specific SIM card with built-in security mechanism of claim 2, wherein the communication encryption unit comprises the following sub-units:
a key establishment unit: storing the generated asymmetric key by a key management center, storing public keys generated by other networks, simultaneously generating and storing symmetric session keys for encrypting information, and receiving and distributing symmetric session keys for other networks for encrypting information;
a key distribution unit: distributing the session key to nodes in a network;
communication security unit: the asymmetric key is used to achieve data encryption, data source authentication and data integrity protection.
4. The camping-specific SIM card with built-in security mechanism of claim 1, wherein the subscriber identity authentication unit comprises the following subunits:
the user identity judging unit is used for receiving the user identity information and judging the user identity type according to the user identity information, wherein the user identity type comprises: temporary user identity and permanent user identity;
a temporary user authentication unit, which authenticates the user identity information when the user identity type is the temporary user identity, and performs single authorization on the temporary user meeting the identity authentication requirement;
and the permanent user authentication unit is used for permanently authorizing the permanent user when the user identity type is the permanent user identity.
5. The barrack-specific SIM card with built-in security mechanism according to claim 1, wherein the digital certificate is stored in a secure area of the secure storage module, and the certificate is read after passing through an external interface function of the secure area and passing through a join authorization.
6. The barrack-dedicated SIM card with built-in security mechanism of claim 2, wherein the user identity is authenticated by an asymmetric encryption algorithm.
7. The camping area specific SIM card with built-in security mechanism of claim 1, wherein the user information includes user identity information and user location information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610382275.5A CN107451647B (en) | 2016-06-01 | 2016-06-01 | Built-in safety mechanism's special SIM card of barracks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610382275.5A CN107451647B (en) | 2016-06-01 | 2016-06-01 | Built-in safety mechanism's special SIM card of barracks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107451647A CN107451647A (en) | 2017-12-08 |
| CN107451647B true CN107451647B (en) | 2023-08-29 |
Family
ID=60486130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610382275.5A Active CN107451647B (en) | 2016-06-01 | 2016-06-01 | Built-in safety mechanism's special SIM card of barracks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107451647B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111400737A (en) * | 2020-03-17 | 2020-07-10 | 中孚信息股份有限公司 | Multi-application physical isolation encrypted SIM card implementation device, method and terminal |
| CN111970120B (en) * | 2020-07-27 | 2024-03-26 | 山东华芯半导体有限公司 | Implementation method of encryption card security application mechanism based on OPENSSL |
| CN114827961B (en) * | 2022-04-12 | 2024-02-06 | 北京中电华大电子设计有限责任公司 | User identification card, intelligent terminal and user identification card application method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674579A (en) * | 2009-08-07 | 2010-03-17 | 厦门敏讯信息技术股份有限公司 | Mobile communication terminal and authentication method of subscriber identity module card |
| CN102547688A (en) * | 2012-02-13 | 2012-07-04 | 江苏博智软件科技有限公司 | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel |
| CN103747443A (en) * | 2013-11-29 | 2014-04-23 | 厦门盛华电子科技有限公司 | Multi-security domain device based on mobile phone user identification card and authentication method thereof |
| WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
-
2016
- 2016-06-01 CN CN201610382275.5A patent/CN107451647B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674579A (en) * | 2009-08-07 | 2010-03-17 | 厦门敏讯信息技术股份有限公司 | Mobile communication terminal and authentication method of subscriber identity module card |
| CN102547688A (en) * | 2012-02-13 | 2012-07-04 | 江苏博智软件科技有限公司 | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel |
| CN103747443A (en) * | 2013-11-29 | 2014-04-23 | 厦门盛华电子科技有限公司 | Multi-security domain device based on mobile phone user identification card and authentication method thereof |
| WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107451647A (en) | 2017-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102572817B (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
| US10243742B2 (en) | Method and system for accessing a device by a user | |
| US8763097B2 (en) | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication | |
| KR100969241B1 (en) | Method and system for managing data on a network | |
| CN103458400B (en) | A kind of key management method in voice encryption communication system | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| Rahman et al. | Security in wireless communication | |
| CN102625294B (en) | Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card | |
| EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
| CN105956496A (en) | Security and secrecy method for sharing storage files | |
| CN101340443A (en) | Session key negotiating method, system and server in communication network | |
| CN104113839A (en) | Mobile data safety protection system and method based on SDN | |
| CN101635924B (en) | CDMA port-to-port encryption communication system and key distribution method thereof | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN110192381A (en) | The transmission method and equipment of key | |
| CN101686127A (en) | Novel USBKey secure calling method and USBKey device | |
| CN105429962B (en) | A kind of general go-between service construction method and system towards encryption data | |
| CN106452770A (en) | Data encryption method and apparatus, data decryption method and apparatus, and system | |
| CN103368735B (en) | Using authentication method, the device and system of access smart card | |
| CN107451647B (en) | Built-in safety mechanism's special SIM card of barracks | |
| CN102404337A (en) | Data encryption method and device | |
| CN104168565A (en) | Method for controlling safe communication of intelligent terminal under undependable wireless network environment | |
| JP2016522637A (en) | Secured data channel authentication that implies a shared secret | |
| CN103595534B (en) | A kind of holding equipment revokes data ciphering and deciphering system and the implementation method of operation | |
| CN103944721A (en) | Method and device for protecting terminal data security on basis of web |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |