CN108390755B - Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip - Google Patents

Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip Download PDF

Info

Publication number
CN108390755B
CN108390755B CN201810022207.7A CN201810022207A CN108390755B CN 108390755 B CN108390755 B CN 108390755B CN 201810022207 A CN201810022207 A CN 201810022207A CN 108390755 B CN108390755 B CN 108390755B
Authority
CN
China
Prior art keywords
information
sender
receiver
ciphertext
sim
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810022207.7A
Other languages
Chinese (zh)
Other versions
CN108390755A (en
Inventor
付高磊
姚明月
罗东平
庞潼川
杨成功
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Core Shield Group Co ltd
Original Assignee
Beijing Core Shield Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Core Shield Group Co ltd filed Critical Beijing Core Shield Group Co ltd
Priority to CN201810022207.7A priority Critical patent/CN108390755B/en
Publication of CN108390755A publication Critical patent/CN108390755A/en
Application granted granted Critical
Publication of CN108390755B publication Critical patent/CN108390755B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/52User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a safety input method of a SIM (subscriber identity Module) film card based on a built-in safety chip, which comprises the following steps of: s1, server registration: the information sender and the information receiver register through the server, and upload the own mobile phone number, the public key generated by the SIM film card and the ID of the SIM film card to the server for storage; s2, key exchange: the method comprises the steps that public keys are exchanged through a server when friends are added to an information sender and an information receiver; s3, sending the encrypted information by the sender: the information sending party encrypts information to be sent to obtain an encrypted data stream, and sends the encrypted data stream to the information receiving party through the server; s4, receiver decryption information: the information receiver decrypts the received encrypted data stream; s5, sender reviewing encrypted information: the information sender decrypts the sent encrypted data stream and reviews the sent information. The safety input method can effectively ensure the safety of input information in the transmission process.

Description

Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip
Technical Field
The invention relates to the technical field of communication, in particular to a secure input method of an SIM (subscriber identity module) film card based on a built-in secure chip.
Background
With the rapid development of mobile internet, instant messaging has become an important communication mode for people, but an intelligent terminal and a transmission channel are not safe, most of the current instant messaging methods adopt a plaintext transmission mode, transmitted information has no safety protection means, and chat information, short message information and e-mail information of people face the possibility of being stolen or intercepted. If some important personal information is intercepted by a malicious third party, the important personal information is likely to cause great loss to people.
Although some communication software or some input methods provide functions of encrypted transmission or encrypted input, the method is implemented in a software encryption and decryption mode and is easily overcome by malicious software. Therefore, it is one of the technical problems that people need to solve to provide a technology for performing hardware encryption/decryption on input information in an input method.
Disclosure of Invention
The invention discloses a safety input method of an SIM film card based on a built-in safety chip, aiming at realizing hardware encryption and decryption in instant messaging and preventing the privacy leakage problem in instant messaging. The input method relies on an SIM film sticking card with a built-in security chip, and the security chip in the film sticking card completes the generation of a secret key and the encryption and decryption of input information. The SIM film card and the safety input method can realize hardware encryption and decryption of information such as characters, voice, pictures, videos, files and the like in instant messaging; meanwhile, the safety input method uses different keys according to different information receiving parties, so that one person can have one secret; a one-time pad can be implemented using a randomly generated key at each session. Based on the three points, the safety input method can effectively guarantee the safety of input information in the transmission process.
To achieve these objects and other advantages in accordance with the present invention, there is provided a secure input method for a SIM stick card based on a built-in security chip, comprising the steps of:
s1, server registration: the information sender and the information receiver are registered through the server, the mobile phone number of the information sender and the public key generated by the SIM film card and the ID of the SIM film card are uploaded to the server for storage during registration, and the private keys of the information sender and the information receiver are stored in the security chip in the SIM film card;
s2, key exchange: when a friend is added to the information sender and the information receiver, public keys are exchanged through the server and the public key of the other party is stored;
s3, sending the encrypted information by the sender: an information sender encrypts information to be sent by using a session key generated by a built-in security chip of an SIM film card, a self public key and a private key generated by the built-in security chip of the SIM film card and a stored public key of a receiver to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through a server;
s4, receiver decryption information: the information receiver uses the own private key and the stored public key of the sender to decrypt the received encrypted data stream;
s5, sender reviewing encrypted information: the information sender uses the private key and the public key of the information sender to decrypt the sent encrypted data stream and review the sent information.
Preferably, the specific method of key exchange in S2 is as follows:
a basic key is preset in the SIM film sticking card, the basic keys of a sender and a receiver are the same, the sender sends a request for adding friends to a server, and the server sends a message for requesting the sender to add friends to the receiver;
when the receiver agrees to add the sender as a friend, the server issues the receiver public key encrypted by the receiver basic key and the SIM film card ID of the receiver to the sender, and issues the sender public key encrypted by the sender basic key and the SIM film card ID of the sender to the receiver;
the receiver and the sender decrypt the basic key respectively to obtain the public key of the other party, so that the exchange of the public keys of the two parties is completed, the friend is successfully added, and the sender and the receiver store the public key of the other party in a safety chip in the SIM film card of the sender and the receiver.
Preferably, the specific method for the sender to send the encrypted information in S3 is as follows:
the information sender adopts a safety chip built in an SIM film card to generate a true random number as a session key to encrypt information to be transmitted to obtain ciphertext information a;
the information sender encrypts the session key by adopting a public key of the information sender to obtain ciphertext information b;
the information sender encrypts the session key by using the public key of the opposite side stored by the information sender to obtain ciphertext information c;
the information sender adopts a private key to encrypt the information hash value to obtain a digital signature;
the information sender combines information such as an information timestamp, a sender mobile phone number, a receiver mobile phone number, a sender cipher text sequence number on the day, a hash value and the like to obtain a cipher text index;
the information sender sorts and encapsulates the ciphertext index, the ciphertext information a, the ciphertext information b, the ciphertext information c and the digital signature to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through the server;
the information sender selects the mobile phone number of the sender, the year, month and day and the cipher text serial number of the sender on the same day from the cipher text indexes, converts the mobile phone number, the year, month and day and the cipher text serial number into Chinese characters or other characters through mapping of a mapping table to serve as simplified cipher text indexes, and sends the simplified cipher text indexes to the information receiver through an instant communication tool.
Preferably, the specific method for decrypting the information by the receiving party in S4 is as follows:
when the receiver decrypts, the received simplified ciphertext index is copied, corresponding real information, namely a sender mobile phone number, an information timestamp and a sender current-day ciphertext sequence number, is found in a mapping table of the server, a corresponding complete ciphertext index is found, and then corresponding complete ciphertext data is found;
the receiver decrypts the digital signature by using the public key of the sender to obtain a digest value H1;
the receiving party decrypts the ciphertext information c by using a private key of the receiving party to obtain a session key;
the receiver decrypts the ciphertext information a by using the session key to obtain plaintext information;
and the receiver performs hash operation on the plaintext information to obtain a new digest value H2, compares the digest value H2 with the digest value H1 obtained by decryption, and displays the decrypted plaintext information when the two digest values are consistent.
Preferably, the specific method for the sender to review the encrypted information in S5 is as follows:
when the sender looks back the encrypted information sent by the sender, the received ciphertext indexes are copied, corresponding real information, namely the sender mobile phone number, the year, month and day and the sender current day ciphertext sequence number, is found in the server mapping table, and corresponding complete ciphertext indexes are found through the real information so as to find corresponding complete ciphertext data;
the sender decrypts the digital signature by using the own public key to obtain a digest value H3;
the sender decrypts the ciphertext information b by using a private key of the sender to obtain a session key;
the sender decrypts the ciphertext information a by using the session key to obtain plaintext information;
and the sender performs hash operation on the plaintext information to obtain a new digest value H4, compares the digest value H4 with the decrypted digest value H3, and displays the decrypted plaintext information when the two digest values are consistent.
Preferably, the specific mapping table content in the mapping process of the mapping table can be replaced according to the requirement.
Preferably, all encryption and decryption processes are completed in a security chip of the SIM film card, the SIM film card is communicated with terminals supporting the SIM card, such as the SIM card and a mobile phone, through an ISO7816 interface, and a user can use the instant messaging encryption and decryption functions only by sticking the film card with the built-in security chip on the surface of the SIM card and installing input method related applications.
The invention has the beneficial effects that: the SIM film card of the invention communicates with SIM cards, mobile phones and other terminals supporting the SIM cards through ISO7816 interfaces. The user only needs to stick the pad pasting card with the built-in security chip on the surface of the SIM card and install the input method related application to use the instant messaging encryption and decryption function. The method has the advantages that hardware encryption of input contents is realized by the security chip in the SIM film card at the information sending end, hardware decryption of the received encrypted contents is realized by the security chip in the SIM film card at the information receiving end, the private key does not go out of the security chip in the whole encryption and decryption process, the private key is guaranteed not to be stolen in the communication process, effective guarantee is provided for safe communication of users, information leakage is effectively prevented in the whole process, and the method has the following three characteristics:
1. safety: hardware encryption and decryption, wherein the encryption and decryption process is completed in a security chip, and a private key does not go out of the security chip, so that information leakage can be effectively prevented; before use, two parties need to exchange keys, one person and one secret; in the process of encrypting the session, the newly generated random number is used as the session key to encrypt the session information once; the encrypted information at each time carries a digital signature, can be used for identity verification, and can ensure the integrity of the information and prevent the information from being tampered by comparing the digest information;
2. convenience: the user does not need to replace the SIM card and the mobile phone terminal of the existing mobile phone, and only needs to stick a film sticking card with a built-in security chip on the surface of the SIM card and install the related application of the input method to use the instant messaging encryption and decryption function;
3. concealment: when the communication is encrypted, the safety input method sends the ciphertext index through the instant communication tool, and sends information such as encrypted text, voice, pictures, videos, documents and the like through the server, so that the requirement of the current user on the instant communication encryption can be well met, and the problem that the information is filtered or the account number is sealed because the encrypted information is frequently sent in the instant communication application to cause concern and doubt can be avoided.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Drawings
FIG. 1 is a schematic flow chart of public key exchange;
fig. 2 is a flow chart of the information encryption and decryption process.
Detailed Description
The present invention is further described in detail below with reference to the attached drawings so that those skilled in the art can implement the invention by referring to the description text.
It will be understood that terms such as "having," "including," and "comprising," as used herein, do not preclude the presence or addition of one or more other elements or groups thereof.
As shown in fig. 1-2, the secure input method of the SIM card with a built-in secure chip includes the following steps:
s1, server registration: each SIM film card can generate a public and private key pair, an information sender and an information receiver register through a server, the own mobile phone number, the public key generated by the SIM film card and the ID of the SIM film card are uploaded to the server for storage during registration, the ID of the SIM film card is bound with the mobile phone number, and the own private keys of the information sender and the information receiver are stored in the security chip of the SIM film card;
s2, key exchange: when a friend is added to the information sender and the information receiver, public keys are exchanged through the server and the public key of the other party is stored;
s3, sending the encrypted information by the sender: an information sender encrypts information to be sent by using a session key generated by a built-in security chip of an SIM film card, a self public key and a private key generated by the built-in security chip of the SIM film card and a stored public key of a receiver to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through a server;
s4, receiver decryption information: the information receiver uses the own private key and the stored public key of the sender to decrypt the received encrypted data stream;
s5, sender reviewing encrypted information: the information sender uses the private key and the public key of the information sender to decrypt the sent encrypted data stream and review the sent information.
The SIM film card of the invention communicates with SIM cards, mobile phones and other terminals supporting the SIM cards through ISO7816 interfaces. The user only needs to stick the pad pasting card with the built-in security chip on the surface of the SIM card and install the input method related application to use the instant messaging encryption and decryption function. The input content is subjected to hardware encryption by the security chip in the SIM film card at the information sending end, the received encrypted content is subjected to hardware decryption by the security chip in the SIM film card at the information receiving end, the private key does not exist in the whole encryption and decryption process, the private key is guaranteed not to be stolen in the communication process, effective guarantee is provided for safe communication of a user, and information leakage is effectively prevented in the whole process. The input method relies on an SIM film sticking card with a built-in security chip, and the security chip in the film sticking card completes the generation of a secret key and the encryption and decryption of input information. The SIM film card and the safety input method can realize hardware encryption and decryption of information such as characters, voice, pictures, videos, files and the like in instant messaging; meanwhile, the safety input method uses different keys according to different information receiving parties, so that one person can have one secret; a one-time pad can be implemented using a randomly generated key at each session. Based on the three points, the safety input method can effectively guarantee the safety of input information in the transmission process.
Further, the specific method of key exchange in S2 is as follows:
a basic key is preset in the SIM film sticking card, the basic keys of a sender and a receiver are the same, the sender sends a request for adding friends to a server, and the server sends a message for requesting the sender to add friends to the receiver;
when the receiver agrees to add the sender as a friend, the server issues the receiver public key encrypted by the receiver basic key and the SIM film card ID of the receiver to the sender, and issues the sender public key encrypted by the sender basic key and the SIM film card ID of the sender to the receiver;
the receiver and the sender decrypt the basic key respectively to obtain the public key of the other party, so that the exchange of the public keys of the two parties is completed, the friend is successfully added, and the sender and the receiver store the public key of the other party in a safety chip in the SIM film card of the sender and the receiver.
Further, the specific method for the sender to send the encrypted information in S3 is as follows:
the information sender adopts a safety chip built in an SIM film card to generate a true random number as a session key to encrypt information to be transmitted to obtain ciphertext information a; before encrypted communication is carried out between two parties, an encrypted contact person is selected firstly, namely a person who needs to receive encrypted information finds out a public key to be used in a security chip according to the selected encrypted contact person, the information to be encrypted is input and encrypted, a session key used by the encrypted information is a true random number generated by the security chip in an SIM film card, and the session key is one-time pad;
the information sender encrypts the session key by adopting a public key of the information sender to obtain ciphertext information b;
the information sender encrypts the session key by using the public key of the opposite side stored by the information sender to obtain ciphertext information c;
the information sender adopts a private key to encrypt the information hash value to obtain a digital signature;
the information sender combines information such as an information timestamp, a sender mobile phone number, a receiver mobile phone number, a sender cipher text sequence number on the day, a hash value and the like to obtain a cipher text index; the ciphertext index is used for searching a corresponding ciphertext in the server, and comprises an information timestamp, a sender mobile phone number, a safety equipment ID number, a receiver mobile phone number, a safety equipment ID number, a sender ciphertext serial number on the same day, an information type (comprising a text, a voice, a picture, a video and a document) and a hash value;
the information sender sorts and encapsulates the ciphertext index, the ciphertext information a, the ciphertext information b, the ciphertext information c and the digital signature to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through the server;
the information sender selects the mobile phone number of the sender, the year, month and day and the cipher text serial number of the sender on the same day from the cipher text indexes, converts the mobile phone number, the year, month and day and the cipher text serial number into Chinese characters or other characters through mapping of a mapping table to serve as simplified cipher text indexes, and sends the simplified cipher text indexes to the information receiver through an instant communication tool.
Further, the specific method for decrypting the information by the receiver in S4 is as follows:
when the receiver decrypts, the received simplified ciphertext index is copied, corresponding real information, namely a sender mobile phone number, an information timestamp and a sender current-day ciphertext sequence number, is found in a mapping table of the server, a corresponding complete ciphertext index is found, and then corresponding complete ciphertext data is found;
the receiver decrypts the digital signature by using the public key of the sender to obtain a digest value H1;
the receiving party decrypts the ciphertext information c by using a private key of the receiving party to obtain a session key;
the receiver decrypts the ciphertext information a by using the session key to obtain plaintext information;
and the receiver performs hash operation on the plaintext information to obtain a new digest value H2, compares the digest value H2 with the digest value H1 obtained by decryption, and displays the decrypted plaintext information when the two digest values are consistent.
Further, the specific method for the sender to review the encrypted information in S5 is as follows:
when the sender looks back the encrypted information sent by the sender, the received ciphertext indexes are copied, corresponding real information, namely the sender mobile phone number, the year, month and day and the sender current day ciphertext sequence number, is found in the server mapping table, and corresponding complete ciphertext indexes are found through the real information so as to find corresponding complete ciphertext data;
the sender decrypts the digital signature by using the own public key to obtain a digest value H3;
the sender decrypts the ciphertext information b by using a private key of the sender to obtain a session key;
the sender decrypts the ciphertext information a by using the session key to obtain plaintext information;
and the sender performs hash operation on the plaintext information to obtain a new digest value H4, compares the digest value H4 with the decrypted digest value H3, and displays the decrypted plaintext information when the two digest values are consistent.
Further, the specific mapping table content in the mapping process of the mapping table can be replaced according to requirements.
Further, all encryption and decryption processes are completed in the security chip of the SIM film card.
The number of apparatuses and the scale of the process described herein are intended to simplify the description of the present invention. Applications, modifications and variations of the secure input method of the SIM sticker card based on a built-in security chip of the present invention will be apparent to those skilled in the art.
While embodiments of the invention have been described above, it is not limited to the applications set forth in the description and the embodiments, which are fully applicable in various fields of endeavor to which the invention pertains, and further modifications may readily be made by those skilled in the art, it being understood that the invention is not limited to the details shown and described herein without departing from the general concept defined by the appended claims and their equivalents.

Claims (4)

1. The safety input method of the SIM film card based on the built-in safety chip is characterized by comprising the following steps:
s1, server registration: the information sender and the information receiver are registered through the server, the mobile phone number of the information sender and the public key generated by the SIM film card and the ID of the SIM film card are uploaded to the server for storage during registration, and the private keys of the information sender and the information receiver are stored in the security chip of the SIM film card;
s2, key exchange: when a friend is added to the information sender and the information receiver, public keys are exchanged through the server and the public key of the other party is stored;
s3, sending the encrypted information by the sender: an information sender encrypts information to be sent by using a session key generated by a built-in security chip of an SIM film card, a self public key and a private key generated by the built-in security chip of the SIM film card and a stored public key of a receiver to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through a server;
s4, receiver decryption information: the information receiver uses the own private key and the stored public key of the sender to decrypt the received encrypted data stream;
s5, sender reviewing encrypted information: the information sender decrypts the sent encrypted data stream by using a private key and a public key of the information sender, and reviews the sent information;
the specific method for the sender to send the encrypted information in S3 is as follows:
the information sender adopts a safety chip built in an SIM film card to generate a true random number as a session key to encrypt information to be transmitted to obtain ciphertext information a;
the information sender encrypts the session key by adopting a public key of the information sender to obtain ciphertext information b;
the information sender encrypts the session key by using the public key of the opposite side stored by the information sender to obtain ciphertext information c;
the information sender adopts a private key to encrypt the information hash value to obtain a digital signature;
the information sender combines the information timestamp, the sender mobile phone number, the receiver mobile phone number, the sender cipher text sequence number on the day and the hash value information to obtain a cipher text index;
the information sender sorts and encapsulates the ciphertext index, the ciphertext information a, the ciphertext information b, the ciphertext information c and the digital signature to obtain an encrypted data stream, and sends the encrypted data stream to the information receiver through the server;
the information sender selects the mobile phone number of the sender, the date of the year and the date of the sender, the cipher text serial number of the sender on the day from the cipher text indexes, converts the mobile phone number, the date of the year and the date of the sender into Chinese characters or other characters through mapping of a mapping table to serve as simplified cipher text indexes, and sends the simplified cipher text indexes to the information receiver through an instant messaging tool;
the specific method for decrypting the information by the receiver in S4 is as follows:
when the receiver decrypts, the received simplified ciphertext index is copied, corresponding real information, namely a sender mobile phone number, an information timestamp and a sender current-day ciphertext sequence number, is found in a mapping table of the server, a corresponding complete ciphertext index is found, and then corresponding complete ciphertext data is found;
the receiver decrypts the digital signature by using the public key of the sender to obtain a digest value H1;
the receiving party decrypts the ciphertext information c by using a private key of the receiving party to obtain a session key;
the receiver decrypts the ciphertext information a by using the session key to obtain plaintext information;
the receiver performs hash operation on the plaintext information to obtain a new digest value H2, compares the digest value H2 with the digest value H1 obtained through decryption, and displays the decrypted plaintext information when the digest value H2 is consistent with the digest value H1;
all encryption and decryption processes are completed in the security chip of the SIM film card.
2. The secure input method of the SIM card with a built-in security chip as claimed in claim 1, wherein the specific method of the key exchange in S2 is:
a basic key is preset in the SIM film sticking card, the basic keys of a sender and a receiver are the same, the sender sends a request for adding friends to a server, and the server sends a message for requesting the sender to add friends to the receiver;
when the receiver agrees to add the sender as a friend, the server issues the receiver public key encrypted by the receiver basic key and the SIM film card ID of the receiver to the sender, and issues the sender public key encrypted by the sender basic key and the SIM film card ID of the sender to the receiver;
the receiver and the sender decrypt the basic key respectively to obtain the public key of the other party, so that the exchange of the public keys of the two parties is completed, the friend is successfully added, and the sender and the receiver store the public key of the other party in a safety chip in the SIM film card of the sender and the receiver.
3. The secure input method of the SIM card with a built-in security chip according to claim 1, wherein the specific method for the sender to review the encrypted information in S5 is:
when the sender looks back the encrypted information sent by the sender, the received ciphertext indexes are copied, corresponding real information, namely the sender mobile phone number, the year, month and day and the sender current day ciphertext sequence number, is found in the server mapping table, and corresponding complete ciphertext indexes are found through the real information so as to find corresponding complete ciphertext data;
the sender decrypts the digital signature by using the own public key to obtain a digest value H3;
the sender decrypts the ciphertext information b by using a private key of the sender to obtain a session key;
the sender decrypts the ciphertext information a by using the session key to obtain plaintext information;
and the sender performs hash operation on the plaintext information to obtain a new digest value H4, compares the digest value H4 with the decrypted digest value H3, and displays the decrypted plaintext information when the two digest values are consistent.
4. The secure input method of the SIM card with built-in security chip as claimed in claim 1, wherein the specific contents of the mapping table in the mapping process of the mapping table can be changed according to the requirement.
CN201810022207.7A 2018-01-10 2018-01-10 Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip Active CN108390755B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810022207.7A CN108390755B (en) 2018-01-10 2018-01-10 Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810022207.7A CN108390755B (en) 2018-01-10 2018-01-10 Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip

Publications (2)

Publication Number Publication Date
CN108390755A CN108390755A (en) 2018-08-10
CN108390755B true CN108390755B (en) 2021-01-12

Family

ID=63076058

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810022207.7A Active CN108390755B (en) 2018-01-10 2018-01-10 Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip

Country Status (1)

Country Link
CN (1) CN108390755B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111162901B (en) * 2019-12-11 2022-05-27 上海邮电设计咨询研究院有限公司 Application shared key obtaining method of non-SIM terminal
CN111131008A (en) * 2020-01-10 2020-05-08 河南芯盾网安科技发展有限公司 Method and device for disguising hidden ciphertext
CN111431710B (en) * 2020-03-24 2021-09-10 数据通信科学技术研究所 Encryption method and device allowing sender to look up and third party to supervise
CN112291196B (en) * 2020-09-28 2023-06-23 北京芯盾集团有限公司 End-to-end encryption method and system suitable for instant messaging

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102831518A (en) * 2011-06-16 2012-12-19 同方股份有限公司 Mobile payment method and system supporting authorization of third party
WO2014136041A1 (en) * 2013-03-04 2014-09-12 Visa International Service Association Cryptographic label for attachment to a communication card
CN107342977A (en) * 2017-05-26 2017-11-10 芯盾网安(北京)科技发展有限公司 Suitable for the information security method of point-to-point instant messaging

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5203594B2 (en) * 2006-11-07 2013-06-05 株式会社東芝 Cryptographic processing circuit and cryptographic processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102831518A (en) * 2011-06-16 2012-12-19 同方股份有限公司 Mobile payment method and system supporting authorization of third party
WO2014136041A1 (en) * 2013-03-04 2014-09-12 Visa International Service Association Cryptographic label for attachment to a communication card
CN107342977A (en) * 2017-05-26 2017-11-10 芯盾网安(北京)科技发展有限公司 Suitable for the information security method of point-to-point instant messaging

Also Published As

Publication number Publication date
CN108390755A (en) 2018-08-10

Similar Documents

Publication Publication Date Title
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
US8543091B2 (en) Secure short message service (SMS) communications
CN108390755B (en) Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip
Cheng Security attack safe mobile and cloud-based one-time password tokens using rubbing encryption algorithm
CN108090370B (en) Instant communication encryption method and system based on index
CN105450395A (en) Information encryption and decryption processing method and system
JPH0823330A (en) Safe data communication
CN104394530A (en) Wechat content encryption system based on smartphone and implementation method of wechat content encryption system
CN105812349B (en) A kind of unsymmetrical key distribution of identity-based information and message encryption method
CN101720071A (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN107579903B (en) Picture message secure transmission method and system based on mobile device
US20140079219A1 (en) System and a method enabling secure transmission of sms
CN105516943A (en) Short message encryption system on the basis of domestic commercial crypto chip and realization method thereof
CN107666395A (en) One population file management method, user terminal, group chat system
CN103973713A (en) Transfer method, extraction method and processing system for electronic mail information
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm
JPH0969831A (en) Cipher communication system
AU753951B2 (en) Voice and data encryption method using a cryptographic key split combiner
CN104243291A (en) Instant messaging method and system thereof capable of guaranteeing safety of user communication content
CN201623859U (en) System for encrypting short messages through mobile phone terminal
CN112054905B (en) Secure communication method and system of mobile terminal
CN103634313B (en) Address list processing method and device, as well as mobile terminal
CN112769783A (en) Data transmission method, cloud server, receiving end and sending end
CN112291196A (en) End-to-end encryption method and system suitable for instant messaging
CN105472584A (en) Short message encryption system based on intelligent mobile phone and realization method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100085 Beijing Haidian District, Northeast Wangxi Road, No. 8 Courtyard, 2nd Floor 217

Applicant after: Beijing Shield Group Co., Ltd.

Address before: 102402 room 4, 4 floor, 2 building, 85 Hong Yuan Road, Fangshan District, Beijing.

Applicant before: Core shield (Beijing) Information Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant