CN110493785B - Login method of mobile client, SIM card and system - Google Patents
Login method of mobile client, SIM card and system Download PDFInfo
- Publication number
- CN110493785B CN110493785B CN201910905973.2A CN201910905973A CN110493785B CN 110493785 B CN110493785 B CN 110493785B CN 201910905973 A CN201910905973 A CN 201910905973A CN 110493785 B CN110493785 B CN 110493785B
- Authority
- CN
- China
- Prior art keywords
- login
- imei
- mobile terminal
- client
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the application discloses a login method of a mobile client, an SIM card and a system, wherein the method comprises the following steps: an industry APP safety management application is embedded in the SIM card; the method is executed by an industry APP security management application, and comprises the following steps: obtaining the IMEI of a first mobile terminal in the starting process of a client; receiving a login request, wherein the login request carries the IMEI of the second mobile terminal; judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal; if yes, returning the login result of successful login. According to the login method of the mobile client, whether login and starting operations of the client are executed on the same terminal is judged by verifying whether the IMEI carried in the login request is consistent with the IMEI stored in the starting process, so that the using safety and confidentiality of the mobile client are guaranteed, and the problem that the existing login method of the mobile client is not safe enough is solved. The scheme has the advantages of high safety, high convenience, strong universality and the like.
Description
Technical Field
The present application relates to the field of login technologies of mobile clients, and in particular, to a login method, an SIM card and a system for a mobile client.
Background
With the rapid development and wide application of the mobile internet technology, a large number of mobile terminal device clients serve people's lives, and user information security becomes a great hidden danger. Therefore, it is a technical problem to be solved by those skilled in the art to realize secure login of a mobile client, thereby ensuring security and confidentiality of client usage.
Disclosure of Invention
The embodiment of the application provides a login method of a mobile client, an SIM card and a system, and solves the problem that the existing login method of the mobile client is not safe enough.
In view of this, a first aspect of the present application provides a login method for a mobile client, where an industry APP security management application is embedded in an SIM card;
the login method is executed by an industry APP security management application and comprises the following steps:
obtaining the IMEI of a first mobile terminal in the starting process of a client;
receiving a login request, wherein the login request carries the IMEI of the second mobile terminal;
judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal;
if yes, returning the login result of successful login.
Preferably, the login request also carries data to be displayed, security level information and data to be encrypted;
if yes, the specific steps of returning the login result of successful login are as follows:
if yes, displaying the data to be displayed to the user, and judging whether the PIN needs to be input or not according to the security level information;
if so, acquiring a PIN input by a user;
in response to the confirmation information clicked by the user, encrypting the PIN and the data to be encrypted respectively by using a protection key to obtain a PIN ciphertext and a data ciphertext to be encrypted;
returning the PIN ciphertext, the data ciphertext to be encrypted and a login result of successful login;
if the returned data cipher text to be encrypted fails to be verified, updating the login result into login failure;
and if the returned PIN ciphertext fails to be verified, updating the login result into login failure.
Preferably, the client initiation process includes:
judging whether the first Mobile terminal supports an Open Mobile API (application program interface), if so, responding to a selection request through the Open Mobile API, responding to a password generation command, and returning a generated random password;
receiving ciphertext data obtained by encrypting the random password through a public key, and decrypting the ciphertext data by using a corresponding private key;
and comparing the decrypted result with the random password, returning a comparison result, if the comparison is successful, allowing the client to start, and if the comparison is unsuccessful, forbidding the client to start.
Preferably, the client initiation process includes:
judging whether a first Mobile terminal supports an Open Mobile API (application program interface), if not, receiving a starting request, wherein the starting request comprises data to be signed;
and returning a signature result after performing signature operation on the data to be signed by using a private key, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successful, forbidding the client to be started.
Preferably, before the client starts the process, the method further includes:
obtaining an IMEI of a first mobile terminal;
if the IMEI of the first mobile terminal is different from the stored IMEI or the state of the industry APP security management application is unregistered, sending a registration request, wherein the registration request comprises the IMEI and an SIM card identifier of the first mobile terminal;
and responding to the returned registered registration result, saving the IMEI of the first mobile terminal and marking the state as registered.
Preferably, after the IMEI of the first mobile terminal is saved and the status is marked as registered, the method further includes:
updating the private key and the protection key in response to the key updating request;
the obtaining of the IMEI of the first mobile terminal specifically includes:
and monitoring the STATUS command sent by the first mobile terminal, and acquiring the IMEI of the first mobile terminal when receiving the first preset STATUS command.
A second aspect of the present application provides a SIM card embedded with an industry APP security management application; the industry APP security management application comprises:
the login unit is used for acquiring the IMEI of the first mobile terminal in the starting process of the client; receiving a login request, wherein the login request carries the IMEI of the second mobile terminal; judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal; if yes, returning the login result of successful login.
Preferably, the industry APP security management application further includes:
the first starting unit is used for judging whether the first Mobile terminal supports an Open Mobile API (application program interface), if so, responding to a selection request through the Open Mobile API, responding to a password generation command, and returning a generated random password; receiving ciphertext data obtained by encrypting the random password through a public key, and decrypting the ciphertext data by using a corresponding private key; and comparing the decrypted result with the random password, returning a comparison result, if the comparison is successful, allowing the client to start, and if the comparison is unsuccessful, forbidding the client to start.
Preferably, the industry APP security management application further includes:
the second starting unit is used for judging whether the first Mobile terminal supports an Open Mobile API (application program interface), and if not, receiving a starting request, wherein the starting request comprises data to be signed; and returning a signature result after performing signature operation on the data to be signed by using a private key, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successful, forbidding the client to be started.
Preferably, the industry APP security management application further includes:
the registration unit is used for acquiring the IMEI of the first mobile terminal; if the IMEI of the first mobile terminal is different from the stored IMEI or the state of the industry APP security management application is unregistered, sending a registration request, wherein the registration request comprises the IMEI and an SIM card identifier of the first mobile terminal; and responding to the returned registered registration result, saving the IMEI of the first mobile terminal and marking the state as registered.
A third aspect of the present application provides a login system for a mobile client, including:
a mobile terminal, a service platform, an SIM plus platform and an SIM card which are internally provided with a client side;
the service platform is used for IMEI identification of the mobile terminal, public key storage, data encryption and signature verification operation of signature data;
the SIM plus platform is used for interacting with an SIM card and has the functions of generating and updating a secret key and encrypting and decrypting data; the system is also used for being connected with a service platform in a butt joint mode, and has the functions of issuing a public key and identifying the login identity of a user;
and the client is embedded with a security component for interacting with the SIM card and the service platform to realize the starting of the client.
According to the technical scheme, the embodiment of the application has the following advantages:
in the embodiment of the application, a login method, an SIM card and a system of a mobile client are provided, wherein the method comprises the following steps: an industry APP safety management application is embedded in the SIM card; the login method is executed by an industry APP security management application and comprises the following steps: obtaining the IMEI of a first mobile terminal in the starting process of a client; receiving a login request, wherein the login request carries the IMEI of the second mobile terminal; judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal; if yes, returning the login result of successful login.
According to the login method of the mobile client, whether login and starting operations of the client are executed on the same terminal is judged by verifying whether the IMEI carried in the login request is consistent with the IMEI stored in the starting process, so that the using safety and confidentiality of the mobile client are guaranteed, and the problem that the existing login method of the mobile client is not safe enough is solved. The scheme has the advantages of high safety, high convenience, strong universality and the like.
Drawings
FIG. 1 is an architecture diagram of a login system of a mobile client in an embodiment of the present application;
fig. 2 is a flowchart illustrating a method of logging on a mobile client according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of a method for logging on a mobile client according to another embodiment of the present application;
FIG. 4 is a signaling diagram of a registration portion in an embodiment of the present application;
FIG. 5 is a signaling diagram of an initiating part in an embodiment of the present application;
FIG. 6 is a signaling diagram of another initiation portion in an embodiment of the present application;
FIG. 7 is a signaling diagram of a login portion in an embodiment of the present application;
FIG. 8 is a schematic diagram of an internal structure of a SIM card according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an industry APP security management application in an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be understood that, the present application is applied to a login system of a mobile client, please refer to fig. 1, fig. 1 is a login system architecture diagram of a mobile client in an embodiment of the present application, as shown in fig. 1, fig. 1 includes a SIM card (internal industry APP security management application), a mobile terminal, a mobile client APP (including security component), a service platform, and a SIM plus platform. The following is a functional description of the components in the system:
SIM card: meanwhile, the system has the functions of operator personal identification and a security module, and the security module is used for storing keys, signing data and encrypting and decrypting data.
A safety component: the control embedded in the mobile client APP realizes the management functions of starting authorization, safety check and the like of the client APP through a safety strategy between the control and the SIM card.
A service platform: the method is used for identifying IMEI (international mobile equipment identity) information, storing a public key, encrypting data and performing signature verification operation on the signed data.
SIM plus platform: the method is mainly used for managing the SIM card of the mobile phone, interacts with the SIM card through a data short message channel, has the functions of generating and updating a secret key, encrypting and decrypting data and the like, is in butt joint with a service platform, and completes issuing of a public key of a security component and user login identity identification.
The application designs a login method of a mobile client.
For easy understanding, please refer to fig. 2, where fig. 2 is a flowchart of a method of a login method of a mobile client in an embodiment of the present application, executed by an industry APP security management application, and specifically includes:
In order to ensure the safety and confidentiality of the mobile client, the industry APP security management application needs to record the IMEI of the mobile terminal when the client is started so as to ensure that the mobile client can successfully log in by using the same terminal when logging in and starting.
And 102, receiving a login request, wherein the login request carries the IMEI of the second mobile terminal.
Before logging in, the IMEI needs to be verified, so that a login request carrying the IMEI of the mobile terminal needs to be received.
After receiving the IMEI of the second mobile terminal, it is determined whether the IMEI is consistent with the IMEI of the first terminal stored in the starting process in step 101, so as to determine whether the login and starting operations of the client are executed on the same terminal.
And step 104, returning a login result of successful login.
If the first mobile terminal and the second mobile terminal are consistent, the second mobile terminal is the first mobile terminal, and the client uses the same terminal for login and startup, so the login is allowed.
On the contrary, if the two terminals are not the same, the client refuses to log in because the client is not the same terminal used for logging in and starting.
According to the login method of the mobile client, whether login and starting operations of the client are executed on the same terminal is judged by verifying whether the IMEI carried in the login request is consistent with the IMEI stored in the starting process, so that the using safety and confidentiality of the mobile client are guaranteed, and the problem that the existing login method of the mobile client is not safe enough is solved. The scheme has the advantages of high safety, high convenience, strong universality and the like.
Referring to fig. 3, fig. 3 is a flowchart illustrating a method for logging in a mobile client according to another embodiment of the present application.
The embodiment of the application is divided into a registration part, a starting part and a login part and is executed by an industry APP security management application.
Referring to fig. 4, the registration part includes:
The industry APP safety management application monitors a STATUS command sent by the mobile terminal, and when an Nth (set according to actual conditions, the recommended value is 10 but is not fixed to 10) STATUS command is received, IMEI INFORMATION of the mobile terminal is obtained through a PROVIDE LOCAL INFORMATION active command.
If the obtained IMEI data is the same as the IMEI data stored in the application and the application state is registered, the registration process is ended, otherwise, the registration is carried out.
The industry APP safety management application sends IMEI and SIM card identifier (empty card serial number, ICCID or IMSI) data to the SIM plus platform through an automatic registration request message; the SIM plus platform stores related registration information (data such as IMEI (international mobile equipment identity), mobile phone number and the like) through an SIM card identifier, and sends a registration result to an industry APP (application) security management application through an automatic registration response message.
And the industry APP safety management application marks the application state as registered according to the registration result, and stores the IMEI data.
The SIM plus platform generates a corresponding asymmetric key pair (RSA, SM 2) and a protection key (optional) according to the IMEI, and sends a private key of the asymmetric key and the protection key (optional) to the industry APP security management application through a first key update request. When the secret key is issued, the secret key is used as sensitive data and needs to be encrypted by using a protection secret key in the card;
after receiving the first key updating request message, the industry APP security management application decrypts the key ciphertext by using the in-card protection key to obtain plaintext data, then stores the private key and the protection key data, and sends a key updating result to the SIM plus platform through a first key updating response message;
in addition, the SIM plus platform sends the IMEI and the public key of the asymmetric key to the service platform for subsequent service use through a second key updating request message;
and after receiving the second key updating request message, the service platform stores the IMEI data and the public key information and sends a key updating result to the SIM plus platform through a second key updating response message.
Referring to fig. 5 and 6, the start-up portion includes:
When the client is started, the security component calls class. The Mobile client starts a service process because whether the Mobile terminal supports an Open Mobile API interface is also different, the following two cases are respectively introduced:
when the Mobile terminal supports an Open Mobile API (application program interface):
and step 206, responding to the selection request through the Open Mobile API interface, responding to a password generation command, and returning the generated random password.
The safety component selects industry APP safety management application through an Open Mobile API interface;
the industry APP safety management application responds FCI Information (File Control Information) to the safety component;
the security component sends a Get Challenge command to an industry APP security management application;
the industry APP security management application generates a random number and responds to the security component.
And step 207, receiving the ciphertext data obtained by encrypting the random password through the public key, and decrypting the ciphertext data by using the corresponding private key.
The security component acquires an IMEI (International Mobile equipment identity) of the mobile terminal, packs the IMEI with random number information and sends the information to the service platform;
the service platform searches a public key (RSA/SM 2) of a corresponding asymmetric key in a platform registration information table through an IMEI message, encrypts a random number by using the public key to obtain ciphertext information, and responds the ciphertext information to the security component;
after the security component obtains the ciphertext information, the ciphertext information is sent to an industry APP security management application through an External Auth command;
and after receiving the ciphertext information, the industry APP safety management application decrypts the ciphertext information by using a private key corresponding to the public key of the encrypted random number to obtain plaintext data.
And step 208, comparing the decrypted result with the random password, returning a comparison result, if the comparison is successful, allowing the client to start, and if the comparison is unsuccessful, forbidding the client to start.
Comparing the plaintext data with the random number generated in step 206, and responding the comparison result as an authentication result to the security component;
the security component judges the authentication result of the External Auth command:
if the authentication is successful, the mobile client is allowed to start;
and if the authentication fails, the mobile client is prohibited from starting.
When the Mobile terminal does not support an Open Mobile API (application program interface):
step 209 receives a start request, where the start request includes data to be signed.
The security component acquires IMEI information of the mobile terminal and sends the IMEI information to the service platform through a first client starting request message;
the service platform sends the IMEI and the data information to be signed to the SIM plus platform through a second client starting request message;
the SIM plus platform searches a corresponding mobile phone number in a platform registration information table through a message IMEI, and sends the data to be signed to the APP safety management application of the SIM card industry corresponding to the mobile phone number through a third client starting request message.
And step 210, performing signature operation on the data to be signed by using a private key, returning a signature result, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successfully verified, forbidding the client to be started.
After receiving the third client starting request message, the industry APP security management application performs signature operation on data to be signed by using a private key, and sends a signature result to the SIM plus platform through a third client starting response message;
the SIM plus platform sends the signature result to the service platform through a second client starting response message
The service platform uses a public key corresponding to the IMEI to perform signature verification operation on the response signature result and the data to be signed, and generates a signature verification result;
the service platform starts a response message to send the signature verification result to the security component through the first client;
the safety component judges the received label checking result:
if the signature verification is successful, the mobile client is allowed to start;
and if the signature verification fails, the mobile client is prohibited from starting.
Referring to fig. 7, the entry part includes:
In order to ensure the security of data transmission, the received IMEI and the data to be displayed may be encrypted, specifically:
when a client logs in, a security component acquires an IMEI (international mobile equipment identity) of a mobile terminal and sends the IMEI to a service platform through a first login request message;
the service platform sends the IMEI, the data to be displayed and the security level information to the SIM plus platform through a second login request message;
the SIM plus platform searches a corresponding protection key and a mobile phone number in a platform registration information table through IMEI in a message, encrypts IMEI and data to be displayed respectively by using the protection key to obtain an IMEI ciphertext and a data to be displayed ciphertext, and sends security level information to industry APP security management application of an SIM card corresponding to the searched mobile phone number through a third client login request message together with the data to be encrypted.
after receiving a third client login request message, the industry APP security management application decrypts the IMEI ciphertext and the data ciphertext to be displayed by using the in-card protection key to obtain plaintext data, and compares whether the decrypted IMEI and the IMEI data stored in the application are the same or not.
And step 213, displaying the data to be displayed to the user, and judging whether the PIN needs to be input according to the security level information.
If the IMEI is the same, the login is successful, and then whether the PIN of the user needs to be checked is judged according to the security level information.
When the PIN needs to be verified: the data to be displayed is displayed to a user through a Get Input active command, prompt information should be contained in the data to be displayed to prompt the user to Input a PIN, and the user can click a 'confirm' button or directly click a 'cancel' button after inputting the PIN. After the user clicks "confirm", in order to ensure security, the PIN data may be encrypted using the protection key to obtain a PIN ciphertext.
When the PIN does not need to be verified: the data to be displayed is displayed to a user through a Display Text active command, the content of the data to be displayed is client-side use terms and the like, and the user can click a 'confirm' button or a 'cancel' button after checking.
The data to be displayed can be an input interface of the PIN, and can also comprise client use criteria, terms and the like.
And after the user clicks and confirms, setting the login result as successful, and encrypting the data to be encrypted by using the protection key to obtain the ciphertext of the data to be encrypted.
And step 216, returning the PIN, the data cipher text to be encrypted and the login result of successful login.
And the industry APP security management application sends the login result, the PIN (the PIN ciphertext exists when the login result is successful) and the data ciphertext to be encrypted (the PIN ciphertext exists when the login result is successful) to the SIM plus platform through a third client login response message.
And step 217, if the returned data cipher text to be encrypted fails to be verified, updating the login result to be login failure.
And after the SIM plus platform receives the login response message of the third client, if the login result is successful, the PIN ciphertext and the data ciphertext to be encrypted are decrypted by using the protection key to obtain plaintext data, and the login result is reset by checking the correctness of the data to be encrypted. And if the verification of the data cipher text to be encrypted fails, updating the login result into login failure.
In step 218, if the returned PIN fails to be verified, the login result is updated to be the login failure.
The SIM plus platform sends the login result and PIN (ciphertext) data (existing when the login result is successful) to the service platform through a second client login response message;
and after receiving the login response message of the second client, the service platform verifies the correctness of the PIN data and resets the login result according to the verification result. And if the PIN verification fails, updating the login result to be login failure.
In step 219, the login result is login failure.
Finally, the service platform sends the login result to the security component through a first client login response message; the security component determines a received login result:
if the login result is successful, allowing the mobile client to login;
if the login result is 'failure' or 'cancel', the mobile client is prohibited from logging in, and the user is prompted about login failure information according to the login result.
According to the login method of the mobile client, the mobile client is provided with the security component, and management functions of starting authorization, safe login and the like of the mobile client are achieved through a security policy between the security component and the SIM card. The scheme establishes a trusted security channel between the SIM card and the SIM plus platform by using an encrypted data short message technology, and ensures the confidentiality and integrity of starting and logging data information issued by a service platform and the credibility of a data source. The scheme utilizes the SIM card STK technology to realize a human-computer interaction channel with higher security level and realize the security and the interchangeability of starting and logging in the control system.
In addition, the method provided by the embodiment of the application can realize the self-selection of the mobile client starting process authentication: and automatically selecting an authentication mode of a machine card channel or a data short message channel according to whether the Mobile terminal supports an Open Mobile API (application program interface). The symmetric algorithm in the scheme supports the international 3DES algorithm and the SM4 cryptographic algorithm, but is not limited to the international 3DES algorithm and the SM4 cryptographic algorithm; the asymmetric algorithm in the scheme supports the international RSA algorithm and the international SM2 algorithm, but is not limited to the algorithm. As long as the SIM card conforms to international communication standards (GSM 11.11, GSM11.14 and GSM 03.48), the scheme of the invention is supported, and is not related to the SIM card forms (2 FF, 3FF, 4FF and the like) and other communication technologies (Bluetooth SIM card, SWP-SIM card and eSIM card).
A second aspect of the present application provides a SIM card.
Referring to fig. 8 and 9, fig. 8 is a schematic diagram of an internal architecture of a SIM card according to an embodiment of the present application, and fig. 9 is a schematic diagram of a structure of an industrial APP security management application according to the embodiment of the present application.
According to the SIM card built-in industry APP safety management application provided by the embodiment of the application, the industry APP safety management application can be Java application or Native application according to the difference that an embedded platform is JavaCard or Native card, and the application itself is Toolkit application conforming to GSM11.11 and GSM 11.14. Other applications (Other applets) within the SIM card may be self-configurable according to user or operator requirements. Also in the SIM card is a smart card underlying operating system (COS). Industry APP safety management uses include:
a login unit 301, configured to obtain an IMEI of the first mobile terminal during a client startup process; receiving a login request, wherein the login request carries the IMEI of the second mobile terminal; judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal; if yes, returning the login result of successful login.
Further comprising:
a first starting unit 302, configured to determine whether the first Mobile terminal supports an Open Mobile API interface, and if so, respond to a selection request through the Open Mobile API interface, then respond to a password generation command, and return a generated random password; receiving ciphertext data obtained by encrypting the random password through the public key, and decrypting the ciphertext data by using a corresponding private key; and comparing the decrypted result with the random password, returning the comparison result, allowing the client to start if the comparison is successful, and forbidding the client to start if the comparison is unsuccessful.
Further comprising:
a second starting unit 303, configured to determine whether the first Mobile terminal supports an Open Mobile API interface, and if not, receive a starting request, where the starting request includes data to be signed; and returning a signature result after performing signature operation on the data to be signed by using the private key, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successful, forbidding the client to be started.
Further comprising:
a registering unit 304, configured to obtain an IMEI of the first mobile terminal; if the IMEI of the first mobile terminal is different from the stored IMEI or the state of the industry APP security management application is unregistered, sending a registration request, wherein the registration request comprises the IMEI and an SIM card identifier of the first mobile terminal; and responding to the returned registered registration result, saving the IMEI of the first mobile terminal and marking the state as registered.
A third aspect of the present application provides a login system for a mobile client, including:
a mobile terminal with a built-in client, a service platform, an SIM plus platform and the SIM card provided by the second aspect;
the service platform is used for IMEI identification of the mobile terminal, public key storage, data encryption and signature verification operation of signature data;
the SIM plus platform is used for interacting with an SIM card and has the functions of generating and updating a secret key and encrypting and decrypting data; the system is also used for being connected with a service platform in a butt joint mode, and has the functions of issuing a public key and identifying the login identity of a user;
the client is embedded with a security component for interacting with the SIM card and the service platform to realize the starting of the client.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A login method of a mobile client is characterized in that an industry APP security management application is embedded in an SIM card;
the login method is executed by an industry APP security management application and comprises the following steps:
obtaining the IMEI of a first mobile terminal in the starting process of a client;
receiving a login request, wherein the login request carries the IMEI of the second mobile terminal;
judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal;
if yes, returning the login result of successful login.
2. The login method of the mobile client according to claim 1, wherein the login request further carries data to be displayed, security level information and data to be encrypted;
if yes, the specific steps of returning the login result of successful login are as follows:
if yes, displaying the data to be displayed to the user, and judging whether the PIN needs to be input or not according to the security level information;
if so, acquiring a PIN input by a user;
in response to the confirmation information clicked by the user, encrypting the PIN and the data to be encrypted respectively by using a protection key to obtain a PIN ciphertext and a data ciphertext to be encrypted;
returning the PIN ciphertext, the data ciphertext to be encrypted and a login result of successful login;
if the returned data cipher text to be encrypted fails to be verified, updating the login result into login failure;
and if the returned PIN ciphertext fails to be verified, updating the login result into login failure.
3. The login method of the mobile client according to claim 1, wherein the client initiation procedure comprises:
judging whether the first Mobile terminal supports an Open Mobile API (application program interface), if so, responding to a selection request through the Open Mobile API, responding to a password generation command, and returning a generated random password;
receiving ciphertext data obtained by encrypting the random password through a public key, and decrypting the ciphertext data by using a corresponding private key;
and comparing the decrypted result with the random password, returning a comparison result, if the comparison is successful, allowing the client to start, and if the comparison is unsuccessful, forbidding the client to start.
4. The login method of the mobile client according to claim 1, wherein the client initiation procedure comprises:
judging whether a first Mobile terminal supports an Open Mobile API (application program interface), if not, receiving a starting request, wherein the starting request comprises data to be signed;
and returning a signature result after performing signature operation on the data to be signed by using a private key, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successful, forbidding the client to be started.
5. The login method of the mobile client according to claim 3 or 4, further comprising, before the client starts the process:
obtaining an IMEI of a first mobile terminal;
if the IMEI of the first mobile terminal is different from the stored IMEI or the state of the industry APP security management application is unregistered, sending a registration request, wherein the registration request comprises the IMEI and an SIM card identifier of the first mobile terminal;
responding to the returned registered registration result, saving the IMEI of the first mobile terminal and marking the state as registered;
updating the private key and the protection key in response to the key updating request;
the obtaining of the IMEI of the first mobile terminal specifically includes:
and monitoring the STATUS command sent by the first mobile terminal, and acquiring the IMEI of the first mobile terminal when receiving the first preset STATUS command.
6. The SIM card is characterized in that an industry APP safety management application is embedded in the SIM card; the industry APP security management application comprises:
the login unit is used for acquiring the IMEI of the first mobile terminal in the starting process of the client; receiving a login request, wherein the login request carries the IMEI of the second mobile terminal; judging whether the IMEI of the second mobile terminal is consistent with the IMEI of the first mobile terminal; if yes, returning the login result of successful login.
7. The SIM card of claim 6, wherein the industry APP Security management application further comprises:
the first starting unit is used for judging whether the first Mobile terminal supports an Open Mobile API (application program interface), if so, responding to a selection request through the Open Mobile API, responding to a password generation command, and returning a generated random password; receiving ciphertext data obtained by encrypting the random password through a public key, and decrypting the ciphertext data by using a corresponding private key; and comparing the decrypted result with the random password, returning a comparison result, if the comparison is successful, allowing the client to start, and if the comparison is unsuccessful, forbidding the client to start.
8. The SIM card of claim 6, wherein the industry APP Security management application further comprises:
the second starting unit is used for judging whether the first Mobile terminal supports an Open Mobile API (application program interface), and if not, receiving a starting request, wherein the starting request comprises data to be signed; and returning a signature result after performing signature operation on the data to be signed by using a private key, if the signature result verified by the public key is successfully verified, allowing the client to be started, and if the signature result verified by the public key is not successful, forbidding the client to be started.
9. The SIM card of claim 6, wherein the industry APP Security management application further comprises:
the registration unit is used for acquiring the IMEI of the first mobile terminal; if the IMEI of the first mobile terminal is different from the stored IMEI or the state of the industry APP security management application is unregistered, sending a registration request, wherein the registration request comprises the IMEI and an SIM card identifier of the first mobile terminal; and responding to the returned registered registration result, saving the IMEI of the first mobile terminal and marking the state as registered.
10. A login system for a mobile client, comprising:
a mobile terminal with a built-in client, a service platform, a SIM plus platform and a SIM card according to any one of claims 6 to 9;
the service platform is used for IMEI identification of the mobile terminal, public key storage, data encryption and signature verification operation of signature data;
the SIM plus platform is used for interacting with an SIM card and has the functions of generating and updating a secret key and encrypting and decrypting data; the system is also used for being connected with a service platform in a butt joint mode, and has the functions of issuing a public key and identifying the login identity of a user;
and the client is embedded with a security component for interacting with the SIM card and the service platform to realize the starting of the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910905973.2A CN110493785B (en) | 2019-09-24 | 2019-09-24 | Login method of mobile client, SIM card and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910905973.2A CN110493785B (en) | 2019-09-24 | 2019-09-24 | Login method of mobile client, SIM card and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110493785A CN110493785A (en) | 2019-11-22 |
| CN110493785B true CN110493785B (en) | 2022-01-07 |
Family
ID=68557551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910905973.2A Active CN110493785B (en) | 2019-09-24 | 2019-09-24 | Login method of mobile client, SIM card and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110493785B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114297597B (en) * | 2021-12-29 | 2023-03-24 | 渔翁信息技术股份有限公司 | Account management method, system, equipment and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750713A (en) * | 2005-10-20 | 2006-03-22 | 中国移动通信集团公司 | Method of automatically registering service |
| CN102946381A (en) * | 2012-10-23 | 2013-02-27 | 深圳市中兴移动通信有限公司 | Application authentication loading method and apparatus based on WEBOS (web-based operating system) |
| CN103248489A (en) * | 2013-05-17 | 2013-08-14 | 刘琦 | Method for realizing client login through intelligent terminal, server and intelligent terminal |
| CN107404488A (en) * | 2017-08-07 | 2017-11-28 | 上海斐讯数据通信技术有限公司 | A kind of same application multi-terminal equipment mutual exclusion method and device |
| CN109168165A (en) * | 2018-11-12 | 2019-01-08 | 北京云狐时代科技有限公司 | Mobile terminal application login method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8443059B2 (en) * | 2009-10-08 | 2013-05-14 | F-Secure Oyj | Configuring a client application |
-
2019
- 2019-09-24 CN CN201910905973.2A patent/CN110493785B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750713A (en) * | 2005-10-20 | 2006-03-22 | 中国移动通信集团公司 | Method of automatically registering service |
| CN102946381A (en) * | 2012-10-23 | 2013-02-27 | 深圳市中兴移动通信有限公司 | Application authentication loading method and apparatus based on WEBOS (web-based operating system) |
| CN103248489A (en) * | 2013-05-17 | 2013-08-14 | 刘琦 | Method for realizing client login through intelligent terminal, server and intelligent terminal |
| CN107404488A (en) * | 2017-08-07 | 2017-11-28 | 上海斐讯数据通信技术有限公司 | A kind of same application multi-terminal equipment mutual exclusion method and device |
| CN109168165A (en) * | 2018-11-12 | 2019-01-08 | 北京云狐时代科技有限公司 | Mobile terminal application login method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110493785A (en) | 2019-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10223520B2 (en) | System and method for integrating two-factor authentication in a device | |
| KR102712361B1 (en) | First factor contactless card authentication system and method | |
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| CN111246539B (en) | Networking binding method of intelligent household appliance, intelligent household appliance and user terminal | |
| CN106657152B (en) | Authentication method, server and access control device | |
| JP5189066B2 (en) | User authentication method, authentication system, terminal device and authentication device in terminal device | |
| US9548984B2 (en) | Authorizing a user by means of a portable communications terminal | |
| CN103597799B (en) | service access authentication method and system | |
| US20090119754A1 (en) | System, an Arrangement and a Method for End User Authentication | |
| US8607050B2 (en) | Method and system for activation | |
| EP2579220A1 (en) | Entrance guard control method and system thereof | |
| CN102739642A (en) | Permitting access to a network | |
| EP1530315A1 (en) | System and method for authentication of applications in a non-trusted network environment | |
| KR20170124953A (en) | Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone | |
| CN105577619B (en) | Client login method, client and system | |
| CN111901303A (en) | Device authentication method and apparatus, storage medium, and electronic apparatus | |
| KR20180021838A (en) | A method for replacing at least one authentication parameter for authenticating a secure element, | |
| CN108476400B (en) | Profile processing method, device and system | |
| KR20210011577A (en) | Apparatus and Method for Personal authentication using Sim Toolkit and Applet | |
| CN110493785B (en) | Login method of mobile client, SIM card and system | |
| CN103476025A (en) | Progress management method, progress management system and mobile terminal | |
| EP2985712B1 (en) | Application encryption processing method, apparatus, and terminal | |
| CN115242536A (en) | Identity authentication method and device | |
| CN112084485A (en) | Data acquisition method, device, equipment and computer storage medium | |
| KR20130106611A (en) | Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |