CN110958598A

CN110958598A - Binding authentication method and device for mobile terminal and SIM card

Info

Publication number: CN110958598A
Application number: CN201811121989.6A
Authority: CN
Inventors: 张艳; 彭华熹
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Priority date: 2018-09-26
Filing date: 2018-09-26
Publication date: 2020-04-03
Anticipated expiration: 2038-09-26
Also published as: CN110958598B

Abstract

The present invention relates to the field of communications, and in particular, to a method and an apparatus for binding authentication between a mobile terminal and an SIM card. The method is used for solving the problem that other users steal the SIM card information, and comprises the following steps: the binding authentication system receives an identity registration network access request sent by a target mobile terminal, determines a preset binding relationship and an effective period, judges whether each parameter accords with the preset binding relationship when the identity registration network access request is correct, binds the target mobile terminal and a corresponding SIM card if the identity registration network access request accords with the preset binding relationship, and locks the SIM card if the identity registration network access request does not accord with the preset binding relationship. Therefore, through the binding authentication of the mobile terminal and the corresponding SIM card, the mobile terminal and the SIM card are prevented from being used separately, other users are prevented from stealing the information of the SIM card, and the confidentiality and the safety of the information of the mobile terminal are further improved. In addition, the broadcast message is verified through the public key, the network access random number is prevented from being tampered privately, and the integrity of the binding authentication process is guaranteed through mutual verification states.

Description

Binding authentication method and device for mobile terminal and SIM card

Technical Field

The present invention relates to the field of communications, and in particular, to a method and an apparatus for binding authentication between a mobile terminal and an SIM card.

Background

With the rapid development of mobile terminal technology, the number of networking applications carried on a mobile terminal is increasing, and in order to improve the networking service quality of the mobile terminal and discover networking applications with illegal and illegal properties in time, various large terminal manufacturers, card merchants and operators research a plurality of mobile terminal and Subscriber Identity Module (SIM) card machine-card binding schemes for application scenarios such as child watch machine-card binding and home gateway machine-card binding, so as to prevent the safety and benefit loss caused by the separate use of the mobile terminal and a specified SIM card.

At present, in an engine card binding scheme, a binding relationship between an SIM card and a first mobile terminal is first determined, when the SIM card is inserted into a second mobile terminal, and the second mobile terminal is powered on, the SIM card judges whether the second mobile terminal is the first mobile terminal based on the binding relationship of the first mobile terminal, if so, the SIM card performs user authentication according to an authentication key Ki in a first storage file of the SIM card, otherwise, the SIM card cannot perform user authentication, and returns a network access failure message.

However, the above-mentioned machine-card binding scheme only judges whether the current mobile terminal is the mobile terminal bound by the SIM card, so as to achieve the machine-card binding purpose, and is a single-point machine-card binding verification method.

Therefore, a new binding authentication method of a mobile terminal and a SIM card needs to be designed to solve the above problems.

Disclosure of Invention

The invention aims to provide a binding authentication method and a binding authentication device for a mobile terminal and an SIM card, so as to prevent other users from stealing SIM card information.

A binding authentication method of a mobile terminal and an SIM card comprises the following steps:

the binding authentication system receives an identity registration network access request sent by a target mobile terminal, determines the binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and sets the effective period of a binding authentication process;

the binding authentication system acquires the terminal information of the target mobile terminal from the identity registration network access request, and judges whether all parameters contained in the terminal information of the target mobile terminal accord with a preset binding relationship or not when the identity registration network access request is determined to be correct;

if so, the binding authentication system indicates the accessed mobile terminal to calculate the access random number of the target mobile terminal in the effective period, wherein the access random number is generated by joint calculation based on the terminal information of the accessed mobile terminal and the terminal information of the target mobile terminal and signing through a private key of the accessed mobile terminal;

when the binding authentication system determines that the network access random number of the target mobile terminal is correct, the target mobile terminal is bound with the corresponding SIM card;

otherwise, the binding authentication system determines that the target mobile terminal fails to access the network, and locks the SIM card corresponding to the target mobile terminal.

Optionally, the binding authentication system receives an identity registration network access request sent by a target mobile terminal, determines a binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and sets a valid period of a binding authentication process, which specifically includes:

the binding authentication system receives an identity registration network access request which is sent by a target mobile terminal and contains a product serial number SN of the target mobile terminal, an international mobile equipment identifier IMEI and an international mobile subscriber identity IMSI;

the binding authentication system determines a preset binding relationship between the target mobile terminal and the corresponding SIM card based on the SN, the IMEI and the IMSI;

the binding authentication system activates a binding authentication channel and sets the effective period of the binding authentication process.

Optionally, the binding authentication system obtains the terminal information of the target mobile terminal from the identity registration network access request, and determines that the identity registration network access request is correct, specifically including:

the binding authentication system acquires SN, IMEI and IMSI information of the target mobile terminal from the identity registration network access request, acquires a preset public key and a preset private key of the target mobile terminal, and signs the identity registration network access request by adopting the private key;

and when the binding authentication system adopts the public key of the target mobile terminal to verify the correctness of the signature of the identity registration network access request, determining that the identity registration network access request is correct.

Optionally, under a contention calculation mechanism, the binding authentication system indicates the mobile terminal that has accessed the network to calculate the network access random number of the target mobile terminal in the valid period, and specifically includes:

when the binding authentication system indicates that the mobile terminal which has accessed the network verifies that the broadcast information signature is correct by adopting a public key of the binding authentication system, the binding authentication system indicates that the mobile terminal which has accessed the network performs hash operation based on the own network access random number Rrm, SN, IMEI, IMSI and current timestamp Tm of the target mobile terminal to obtain a network access intermediate random number Rt of the target mobile terminal, and the network access intermediate random number Rr is encrypted by using the own private key and then serves as the network access random number Rr of the target mobile terminal;

and the binding authentication system adopts the network access intermediate random number to verify that the network access random number of the target mobile terminal is correctly calculated, and when the network access random number is the first correctly calculated network access random number, the first correctly calculated network access random number is used as the network access random number of the target mobile terminal.

Optionally, under the end-responsible mechanism, the binding authentication system indicates the mobile terminal that has accessed the network to calculate the network access random number of the target mobile terminal in the valid period, and specifically includes:

the binding authentication system indicates the accessed mobile terminal to verify that the broadcast information signature is correct by adopting a public key of the binding authentication system, and determines that the access random number of the accessed mobile terminal is the same as the appointed access random number Rlrm, and indicates the accessed mobile terminal with the appointed access random number Rlrm to carry out hash operation based on the own access random number Rrm, SN, IMEI, IMSI of the target mobile terminal and the current timestamp Tm to obtain an access intermediate random number Rt of the target mobile terminal, and the access intermediate random number Rt is encrypted by using a private key of the mobile terminal and then serves as the access random number Rr of the target mobile terminal;

and when the binding authentication system adopts the network access intermediate random number calculated by the network-accessed mobile terminal with the appointed network access random number Rlrm to verify that the network access random number of the target mobile terminal is correctly calculated, the correctly calculated network access random number is used as the network access random number of the target mobile terminal.

Optionally, further comprising:

the binding authentication system sends the terminal information of the accessed mobile terminal and the broadcast message of the accessed random number, which comprise the calculated network access random number of the target mobile terminal, to the target mobile terminal and the accessed mobile terminal.

A binding authentication method for a mobile terminal and a Subscriber Identity Module (SIM) card optionally includes:

the method comprises the steps that a mobile terminal which has accessed the network receives an instruction of a binding authentication system, and generates a network access random number of a target mobile terminal when the signature of the instruction is determined to be correct, wherein the network access random number is generated after joint calculation based on terminal information of the mobile terminal which has accessed the network and terminal information of the target mobile terminal and signature is carried out through a private key of the mobile terminal which has accessed the network;

and the mobile terminal which has accessed the network sends a network access random number response message of the target mobile terminal to a binding authentication system, and the binding authentication system is triggered to bind the target mobile terminal and the corresponding SIM card when determining that the network access random number of the target mobile terminal is correct.

Optionally, under a contention mechanism, the network-accessed mobile terminal receives an instruction of a binding authentication system, and generates a network-access random number of the target mobile terminal when determining that a signature of the instruction is correct, specifically including:

the mobile terminal which has accessed the network receives the broadcast message sent by the binding authentication system and calculates the access random number of the target mobile terminal in an effective period;

and when the accessed mobile terminal adopts the public key of the binding authentication system to verify that the signature of the broadcast information is correct, carrying out hash operation based on the accessed random numbers Rrm, SN, IMEI and IMSI of the mobile terminal and the SN, IMEI, IMSI and current time stamp Tm of the target mobile terminal to obtain the accessed intermediate random number Rt of the target mobile terminal, and using the encrypted random number Rr as the accessed random number Rr of the target mobile terminal after being encrypted by the private key of the mobile terminal.

Optionally, under a contention mechanism, the network-accessed mobile terminal sends the network-access random number response message of the target mobile terminal to a binding authentication system, which specifically includes:

the mobile terminal which has accessed the network generates a response message of the access random number to send to the binding authentication system after signing the own access random number Rrm, the access intermediate random number Rt of the target mobile terminal, the access random number Rr of the target mobile terminal and the time stamp Tm by the own private key.

Optionally, under the end-responsible mechanism, the network-accessed mobile terminal receives an instruction of the binding authentication system, and generates the network-access random number of the target mobile terminal when determining that the signature of the instruction is correct, specifically including:

the mobile terminal which has accessed the network receives the broadcast message sent by the binding authentication system, and the mobile terminal which has accessed the network and has the appointed access random number Rlrm calculates the access random number of the target mobile terminal in an effective period;

the mobile terminal which has accessed the network adopts a public key of a binding authentication system to verify that the signature of the broadcast information is correct, and the mobile terminal which has accessed the network determines that the own access random number is the same as the appointed access random number Rlrm, then the mobile terminal which has accessed the network and is provided with the appointed access random number Rlrm carries out hash operation based on the own access random number Rrm, SN, IMEI, IMSI of the target mobile terminal and the current timestamp Tm to obtain the access intermediate random number Rt of the target mobile terminal, and the access intermediate random number Rt is encrypted by the private key of the mobile terminal and then is used as the access random number Rr of the target mobile terminal.

Optionally, under the mechanism responsible for the end, the network-accessed mobile terminal sends the network-access random number response message of the target mobile terminal to the binding authentication system, which specifically includes:

the mobile terminal which has accessed the network and has appointed access random number generates an access random number response message and sends the response message to the binding authentication system after signing the own access random number Rrm, the access intermediate random number Rt of the target mobile terminal, the access random number Rr of the target mobile terminal and the time stamp Tm by the own private key.

Optionally, further comprising:

the accessed mobile terminal stores the terminal information of the accessed mobile terminal and the access random number for calculating the access random number of the target mobile terminal, and is used for backing up and authenticating the terminal information of the accessed mobile terminal;

and after the mobile terminal which has accessed the network determines that the binding authentication system binds the target mobile terminal and the corresponding SIM card, and when the network access random number of the target mobile terminal is determined to be correct, the states of other mobile terminals which have accessed the network except the mobile terminal itself are verified.

A binding authentication device for a mobile terminal and a subscriber identity module SIM card, optionally comprising:

the system comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving an identity registration network access request sent by a target mobile terminal, determining the binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and setting the effective period of a binding authentication process;

the processing unit is used for acquiring the terminal information of the target mobile terminal from the identity registration network access request, and judging whether all parameters contained in the terminal information of the target mobile terminal accord with a preset binding relationship or not when the identity registration network access request is determined to be correct;

if so, indicating the accessed mobile terminal to calculate the access random number of the target mobile terminal in the effective period, wherein the access random number is generated after the access random number is calculated based on the terminal information of the accessed mobile terminal and the terminal information of the target mobile terminal in a combined manner and is signed by a private key of the accessed mobile terminal;

otherwise, when the network access random number of the target mobile terminal is determined to be correct, binding the target mobile terminal with the corresponding SIM card;

and the SIM card locking device is used for determining that the target mobile terminal fails to access the network and locking the SIM card corresponding to the target mobile terminal.

Optionally, the method includes receiving an identity registration network access request sent by a target mobile terminal, determining a binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and setting an effective period of a binding authentication procedure, where the receiving unit is specifically configured to:

receiving an identity registration network access request which is sent by a target mobile terminal and contains a product serial number SN of the target mobile terminal, an international mobile equipment identity IMEI and an international mobile subscriber identity IMSI;

determining a preset binding relationship between the target mobile terminal and the corresponding SIM card based on the SN, the IMEI and the IMSI;

and activating the binding authentication channel and setting the effective period of the binding authentication process.

Optionally, the terminal information of the target mobile terminal is obtained from the identity registration network access request, and it is determined that the identity registration network access request is correct, where the processing unit is specifically configured to:

acquiring SN, IMEI and IMSI information of the target mobile terminal from the identity registration network access request, acquiring a preset public key and a preset private key of the target mobile terminal, and signing the identity registration network access request by adopting the private key;

and when the public key of the target mobile terminal is adopted to verify the correctness of the signature of the identity registration network access request, determining that the identity registration network access request is correct.

Optionally, under a contention calculation mechanism, the processing unit is specifically configured to instruct the mobile terminal that has accessed the network to calculate the network access random number of the target mobile terminal in the effective period, and the processing unit is configured to:

when the mobile terminal which is instructed to access the network verifies that the broadcast information signature is correct by adopting a public key of a binding authentication system, the mobile terminal which is instructed to access the network performs hash operation based on the own access random number Rrm, SN, IMEI, IMSI of the target mobile terminal and the current timestamp Tm to obtain an access intermediate random number Rt of the target mobile terminal, and the access intermediate random number Rt is encrypted by using the own private key and then is used as an access random number Rr of the target mobile terminal;

and verifying that the network access random number of the target mobile terminal is correctly calculated by adopting the network access intermediate random number, and taking the first correctly calculated network access random number as the network access random number of the target mobile terminal when the first correctly calculated network access random number is the first correctly calculated network access random number.

Optionally, under the end-responsible mechanism, the mobile terminal that has accessed the network is instructed to calculate the network access random number of the target mobile terminal in the valid period, and the processing unit is specifically configured to:

the method comprises the steps that a mobile terminal which is accessed to the network is indicated to verify that a broadcast information signature is correct by adopting a public key of a binding authentication system, and the mobile terminal which is accessed to the network is indicated to carry out hash operation based on the own access random number Rrm, SN, IMEI, IMSI of a target mobile terminal and the current timestamp Tm of the target mobile terminal when the access random number of the mobile terminal which is accessed to the network is determined to be the same as the appointed access random number Rlrm, so that an access intermediate random number Rt of the target mobile terminal is obtained and is encrypted by a private key of the mobile terminal to be used as an access random number Rr of the target mobile terminal;

and when the network access intermediate random number calculated by the network-accessed mobile terminal with the appointed network access random number Rlrm is adopted to verify that the network access random number of the target mobile terminal is correctly calculated, taking the correctly calculated network access random number as the network access random number of the target mobile terminal.

Optionally, the processing unit is further configured to:

A storage medium, optionally storing a program for implementing a method for binding authentication of a mobile terminal and a subscriber identity module, SIM, card, the program, when executed by a processor, performing the steps of:

receiving an identity registration network access request sent by a target mobile terminal, determining a binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and setting an effective period of a binding authentication process;

acquiring the terminal information of the target mobile terminal from the identity registration network access request, and judging whether all parameters contained in the terminal information of the target mobile terminal accord with a preset binding relationship or not when the identity registration network access request is determined to be correct;

when the network access random number of the target mobile terminal is determined to be correct, binding the target mobile terminal with a corresponding SIM card;

otherwise, determining that the target mobile terminal fails to access the network, and locking the SIM card corresponding to the target mobile terminal.

A communications apparatus, optionally, comprising one or more processors; and one or more computer-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the method of any of the above.

the generation unit is used for receiving an instruction of a binding authentication system, and generating a network access random number of the target mobile terminal when the signature of the instruction is determined to be correct, wherein the network access random number is generated after joint calculation based on terminal information of a network-accessed mobile terminal and terminal information of the target mobile terminal and signature is carried out through a private key of the network-accessed mobile terminal;

and the sending unit is used for sending the network access random number response message of the target mobile terminal to a binding authentication system, and binding the target mobile terminal with the corresponding SIM card when the binding authentication system is triggered to determine that the network access random number of the target mobile terminal is correct.

Optionally, under a contention mechanism, receiving an instruction of a binding authentication system, and generating a network access random number of the target mobile terminal when determining that a signature of the instruction is correct, where the generating unit is specifically configured to:

receiving a broadcast message sent by a binding authentication system, and calculating the network access random number of the target mobile terminal in an effective period;

and when the public key of the binding authentication system is adopted to verify that the signature of the broadcast information is correct, carrying out hash operation based on the own network access random number Rrm, SN, IMEI and IMSI, the SN, IMEI and IMSI of the target mobile terminal and the current timestamp Tm to obtain a network access intermediate random number Rt of the target mobile terminal, and using the encrypted network access intermediate random number Rr as the network access random number Rr of the target mobile terminal after being encrypted by the private key of the target mobile terminal.

Optionally, under a contention mechanism, the network access random number response message of the target mobile terminal is sent to a binding authentication system, where the sending unit is specifically configured to:

and after signing the own network access random number Rrm, the network access intermediate random number Rt of the target mobile terminal, the network access random number Rr of the target mobile terminal and the time stamp Tm by using the own private key, generating a network access random number response message and sending the network access random number response message to the binding authentication system.

Optionally, under the mechanism responsible for the end, receiving an instruction of a binding authentication system, and generating a network access random number of the target mobile terminal when determining that the signature of the instruction is correct, where the generating unit is specifically configured to:

receiving a broadcast message sent by a binding authentication system, and calculating the network access random number of the target mobile terminal by the network-accessed mobile terminal with the appointed network access random number Rlrm in an effective period;

and verifying that the signature of the broadcast information is correct by adopting a public key of a binding authentication system, and if the mobile terminal which has accessed the network determines that the own network access random number is the same as the appointed network access random number Rlrm, carrying out hash operation on the mobile terminal which has accessed the network and is provided with the appointed network access random number Rlrm based on the own network access random number Rrm, SN, IMEI, IMSI and the SN, IMEI, IMSI and current timestamp Tm of the target mobile terminal to obtain a network access intermediate random number Rt of the target mobile terminal, and using the random number Rr as the network access random number of the target mobile terminal after being encrypted by a private key of the mobile terminal.

Optionally, under a mechanism responsible for ending, sending a network access random number response message of the target mobile terminal to a binding authentication system, where the sending unit with the specified network access random number is specifically configured to:

Optionally, the sending unit is further configured to:

receiving an instruction of a binding authentication system, and generating a network access random number of the target mobile terminal when the signature of the instruction is determined to be correct, wherein the network access random number is generated after joint calculation based on terminal information of a network-accessed mobile terminal and terminal information of the target mobile terminal and signature is performed through a private key of the network-accessed mobile terminal;

and sending the network access random number response message of the target mobile terminal to a binding authentication system, and binding the target mobile terminal and the corresponding SIM card when triggering the binding authentication system to determine that the network access random number of the target mobile terminal is correct.

Drawings

Fig. 1 is a flowchart illustrating a binding authentication between a mobile terminal and an SIM card according to an embodiment of the present invention;

fig. 2 is a flowchart illustrating binding authentication between a mobile terminal and an SIM card based on a contention mechanism according to an embodiment of the present invention;

fig. 3 is a flowchart of binding authentication between a mobile terminal and an SIM card based on a tail responsibility mechanism in an embodiment of the present invention;

fig. 4 is a schematic diagram illustrating a status authentication process of a mobile terminal that has accessed a network according to an embodiment of the present invention;

FIG. 5 is a functional block diagram of a binding authentication system according to an embodiment of the present invention;

fig. 6 is a functional structure diagram of a mobile terminal that has accessed a network in an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, in the embodiment of the present invention, a detailed procedure for performing binding authentication on a mobile terminal and a SIM card is as follows:

step 101: and the binding authentication system receives an identity registration network access request sent by the target mobile terminal.

Specifically, in the embodiment of the present invention, after the target Mobile terminal is started, the binding authentication system receives an Identity registration network access request sent by the target Mobile terminal, where the Identity registration network access request includes information such as a product Serial Number (SN), an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI) and the like of the target Mobile terminal.

Step 102: and the binding authentication system determines the binding relationship between the target mobile terminal and the corresponding SIM card and sets the effective period of the binding authentication process.

Specifically, in the embodiment of the present invention, the binding authentication system determines the binding relationship between the target mobile terminal and the corresponding SIM card based on the identity registration network access request, that is, the binding authentication system determines the preset binding relationship between the target mobile terminal and the corresponding SIM card, activates the binding authentication channel, and sets the valid period of the binding authentication process, that is, the binding authentication process needs to perform the binding authentication between the mobile terminal and the corresponding SIM card within the valid period.

Step 103: and the binding authentication system acquires the terminal information of the target mobile terminal from the identity registration network access request.

Specifically, in the embodiment of the present invention, the binding authentication system obtains information such as SN, IMEI, IMSI, and the like of the target mobile terminal from the identity registration network access request, obtains a preset public key and a preset private key of the target mobile terminal, and signs the identity registration network access request by using the private key.

Step 104: and when the binding authentication system determines that the identity registration network access request is correct, judging whether all parameters contained in the terminal information of the target mobile conform to a preset binding relationship, if so, executing a step 105, otherwise, executing a step 111.

Specifically, in the embodiment of the present invention, a public key and a private key of a target mobile terminal are preset in a secure storage area before the target mobile terminal leaves a factory, a binding authentication system determines correctness of a signature of an identity registration network access request of the target mobile terminal based on the public key of the target mobile terminal, if the public key of the target mobile terminal is used to verify a mistake of the signature of the identity registration network access request, the target mobile terminal is illegal, and subsequent processing is not performed on the target mobile terminal, and if the public key of the target mobile terminal is used to verify correctness of the signature of the identity registration network access request, the target mobile terminal is a legal mobile terminal, and subsequent processing needs to be performed on the target mobile terminal, that is, whether parameters included in terminal information of the target mobile terminal conform to a preset binding relationship is further determined.

For example, referring to table 1, in the device binding table, the same binding Identifier (ID) corresponds to information records of SN, IMEI, and IMSI of a binding relationship, first, the binding authentication system determines SN of a target mobile terminal in an identity registration network access request, then, the binding authentication system determines the binding ID based on the SN, further, the binding authentication system searches for IMEI and IMSI corresponding to the binding ID, if the terminal information of the target mobile terminal obtained by the binding authentication system is SN _1, IMEI _3, and IMSI _4, and if the binding relationship corresponding to the ID found by SN _1 in the binding relationship table is SN _1, IMEI _1, and IMSI _1, the binding authentication system determines that SN _1, IMEI _3, and IMSI _4 included in the terminal information of the target mobile terminal do not conform to a preset binding relationship, and if the terminal information of the target mobile terminal obtained by the binding authentication system is SN _1, SN _2, IMEI _2, and IMSI _2, and if the binding relationship found out from SN _2 in the binding relationship table is SN _2, IMEI _2, and IMSI _2, the binding authentication system determines that SN _2, IMEI _2, and IMSI _2 included in the terminal information of the target mobile terminal conform to the preset binding relationship.

TABLE 1

Binding identifier	Binding relationships
		1	SN_1、IMEI_1、IMSI_1
2	SN_2、IMEI_2、IMSI_2
		3	SN_3、IMEI_3、IMSI_3
4	SN_4、IMEI_4、IMSI_4

Step 105: and the binding authentication system indicates the mobile terminal which has accessed the network to calculate the network access random number of the target mobile terminal in the effective period.

Specifically, in the embodiment of the present invention, when the binding authentication system determines that each parameter included in the terminal information of the target mobile terminal conforms to the preset binding relationship, a broadcast message is sent to the mobile terminal that has accessed the network in the whole network, and the mobile terminal that has accessed the network is instructed to calculate the network access random number of the target mobile terminal in an effective period, wherein the broadcast message is signed by a private key of the binding authentication system, so as to prevent an attack of an illegal service.

Specifically, the network access random number is calculated jointly based on the terminal information of the mobile terminal which has accessed the network and the terminal information of the target mobile terminal, and then a response message of the network access random number is generated after signature is performed through a private key of the mobile terminal which has accessed the network, wherein the terminal information of the mobile terminal which has accessed the network comprises the network access random numbers Rrm, SN, IMEI, IMSI of the mobile terminal which has accessed the network, and the terminal information of the target mobile terminal comprises SN, IMEI, IMSI, and current timestamp Tm of the target mobile terminal.

Step 106: and when the mobile terminal which has accessed the network determines that the broadcast message is correct, calculating to obtain the network access random number of the target mobile terminal, and sending the network access random number of the target mobile terminal to the binding authentication system.

Specifically, in the embodiment of the present invention, when the mobile terminal that has accessed the network verifies that the signature of the broadcast information is correct by using the public key of the binding authentication system, hash operation may be performed on the basis of the own network access random number Rrm, SN, IMEI, IMSI, and current timestamp Tm of the target mobile terminal, to obtain the network access intermediate random number Rt of the target mobile terminal, and the network access intermediate random number Rt is encrypted by using the own private key and then used as the network access random number Rr of the target mobile terminal, and then the own network access random number Rrm, the network access intermediate random number Rt of the target mobile terminal, the network access random number Rr of the target mobile terminal, and the timestamp Tm are signed by using the own private key to generate the network access random number response message, and then the network access random number response message is sent to the binding authentication system by the mobile terminal that has accessed the network.

Step 107: and when the binding authentication system determines that the network access random number of the target mobile terminal is correct, binding the target mobile terminal with the corresponding SIM card.

Specifically, in the embodiment of the present invention, the mobile terminal that has accessed the network sends the response message of the network access random number to the binding authentication system, and when the binding authentication system verifies that the network access random number Rr of the target mobile terminal is correct by using the network access intermediate random number Rt of the target mobile terminal, further, the binding authentication system performs a hash operation by using the SN, IMEI, and IMSI of the mobile terminal that has accessed the network, the SN, IMEI, and IMSI of the target mobile terminal, and the Tm in the response message of the network access random number, and when the binding authentication system determines that the network access random number Rr of the target mobile terminal is correct, the target mobile terminal is bound with the corresponding SIM card.

Step 108: the binding authentication system sends the terminal information of the accessed mobile terminal and the broadcast message of the access random number to the target mobile terminal and the accessed mobile terminal, wherein the terminal information of the accessed mobile terminal and the access random number are used for calculating the access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, the binding authentication system signs the information of the Rrm, SN, IMEI, IMSI of the networked mobile terminal, which calculates the network access random number of the target mobile terminal, and the SN, IMEI, IMSI, Tm, network access intermediate random number Rt, network access random number Rr, etc. of the target mobile terminal with the private key of the binding authentication system, and then sends the signed information to the target mobile terminal, and sends the broadcast message to the networked mobile terminals in the whole network.

Step 109: and when the target mobile terminal determines that the broadcast information signature is correct, storing the terminal information of the accessed mobile terminal and the access random number for calculating the access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, the target mobile terminal uses the public key of the binding authentication system to verify the correctness of the broadcast information signature, if the broadcast information signature is incorrect, the target mobile terminal resubmits the identity registration network access request, and if the broadcast information signature is correct, the target mobile terminal stores the information of Rrm, SN, IMEI, IMSI, timestamp Tm, network access intermediate random number Rt, network access random number Rr, and the like of the network-accessed mobile terminal, which calculates the network access random number of the target mobile terminal, in the local secure storage area.

Step 110: and when the mobile terminal which has accessed the network in the whole network determines that the broadcast information signature is correct, storing the terminal information of the mobile terminal which has accessed the network, the terminal information of the target mobile terminal and the access random number for calculating the access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, the mobile terminal that has accessed the network through the whole network verifies the correctness of the signature of the broadcast information by using the public key of the binding authentication system, if the signature is incorrect, the signature is not processed, and if the signature is correct, the mobile terminal that has accessed the network through the whole network stores the information of Rrm, SN, IMEI, IMSI of the network access random number of the target mobile terminal, SN, IMEI, IMSI, Tm of the target mobile terminal, the network access intermediate random number Rt, the network access random number Rr, and the like, which are used for backing up and verifying the identity information of the mobile terminal that has accessed the network, in a local secure storage area.

Step 111: and the binding authentication system determines that the target mobile terminal fails to access the network and locks the SIM card corresponding to the target mobile terminal.

Specifically, in the embodiment of the present invention, when the binding authentication system determines that each parameter included in the terminal information of the target mobile terminal does not conform to the preset binding relationship, the binding authentication system determines that the target mobile terminal fails to access the network, returns a message indicating that the identity registration network access request fails, and locks the SIM card corresponding to the target mobile terminal, and in addition, if the mobile terminal that has accessed the network does not return a calculation result of the network access random number in an effective period, the binding authentication system also determines that the target mobile terminal fails to access the network, and locks the SIM card corresponding to the target mobile terminal.

Referring to fig. 2, under the contention resolution, the detailed implementation of steps 106 and 107 is as follows:

step 200: the mobile terminal which has accessed the network receives the broadcast information sent by the binding authentication system.

Specifically, in the embodiment of the present invention, the mobile terminal that has accessed the network receives the broadcast message sent by the binding authentication system, and the mobile terminal that has accessed the network calculates the network access random number of the target mobile terminal in an effective period, wherein the broadcast message is signed by a private key of the binding authentication system, so as to prevent an attack of an illegal service.

Step 210: and when the accessed mobile terminal determines that the signature of the broadcast message is correct, generating a network access intermediate random number and a network access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, when the mobile terminal that has accessed the network verifies that the signature of the broadcast information is correct by using the public key of the binding authentication system, a hash operation is performed based on the own access random number Rrm, SN, IMEI, IMSI and SN, IMEI, IMSI of the target mobile terminal, and the current timestamp Tm of the target mobile terminal, so as to obtain the access intermediate random number Rt of the target mobile terminal, and the access intermediate random number Rt is encrypted by using the own private key and then used as the access random number Rr of the target mobile terminal, and then the own access random number Rrm, the access intermediate random number Rt of the target mobile terminal, the access random number Rr of the target mobile terminal, and the timestamp Tm are signed by using the own private key, so as to generate the access random number response message.

Step 220: and the accessed mobile terminal sends an accessed random number response message carrying the accessed intermediate random number and the accessed random number to the binding authentication system.

That is, the networked mobile terminal transmits a network access random number response message signed by its own private key to the binding authentication system, wherein the network access random number response message includes the network access random number Rrm of the networked mobile terminal signed by the private key of the networked mobile terminal, the network access intermediate random number Rt of the target mobile terminal, the network access random number Rr of the target mobile terminal, and the timestamp Tm.

Step 230: and the binding authentication system adopts the network access intermediate random number to verify the network access random number of the target mobile terminal, and if the calculation is correct and the first calculation is correct, the network access random number is used as the network access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, for the network access random number response message received in the valid period, the binding authentication system sorts each network access random number according to the timestamp Tm in the network access random number response message to form a network access random number candidate sequence of the target mobile terminal, and sequentially verifies the correctness of the network access random numbers in the sequence until finding the first network access random number Rr with correct calculation, and using Rr as the network access random number of the target mobile terminal.

Specifically, in performing step 230, the binding authentication system may perform the following operations:

A. and the binding authentication system judges the correctness of the signature of the network access random number response message.

Specifically, in the embodiment of the present invention, the binding authentication system uses the public key of the accessed mobile terminal to determine the correctness of the signature of the accessed random number response message, and if the signature is incorrect, the binding authentication system determines that the accessed mobile terminal is illegal or the calculation result has been tampered, wherein if the accessed mobile terminal is illegal and does not indicate that the result is calculated by the specified accessed mobile terminal, the binding authentication system discards the accessed random number of the target mobile terminal sent by the accessed mobile terminal, continues to verify the next accessed random number in the accessed random number candidate sequence, and if the signature is correct, the binding authentication system responds to the accessed random number Rrm of the accessed other terminals, the network access intermediate random number Rt of the target mobile terminal, the accessed random number Rr of the target mobile terminal, and the timestamp Tm in the accessed random number response message, to verify the correctness of the network access random number Rr of the target mobile terminal in the network access random number response message.

B. And the binding authentication system judges the correctness of the network access random number of the target mobile terminal.

The binding authentication system adopts a public key of the accessed mobile terminal, verifies the correctness of the access random number Rr of the target mobile terminal based on the access intermediate random number Rt of the target mobile terminal, if the verification result is wrong, the binding authentication system determines that the identity of the accessed mobile terminal is illegal, discards the access random number of the target mobile terminal sent by the accessed mobile terminal, continuously verifies the next access random number in the access random number candidate sequence, and if the verification result is correct, the binding authentication system determines that the identity of the accessed mobile terminal is legal and continuously performs subsequent verification.

C. And the binding authentication system judges the correctness of the network access intermediate random number of the target mobile terminal and takes the calculated correct network access random number Rr as the network access random number of the target mobile terminal.

The binding authentication system obtains SN, IMEI, IMSI of the accessed mobile terminal according to Rrm in the response message of the accessed random number, performs hash operation to combine the SN, IMEI, IMSI of the target mobile terminal and the time stamp Tm in the response message of the accessed random number, obtains the accessed intermediate random number Rt of the target mobile terminal, compares the accessed intermediate random number Rt of the target mobile terminal with the accessed intermediate random number Rt of the target mobile terminal in the response message of the accessed random number, if the result is not the same, the binding authentication system determines that the accessed intermediate random number Rt of the target mobile terminal is in error, discards the accessed random number of the target mobile terminal sent by the accessed mobile terminal, continuously verifies the next accessed random number in the sequence of the accessed random number to be selected, if the result is correct, the binding authentication system determines that the accessed intermediate random number Rt and the accessed random number Rr of the target mobile terminal both meet the requirements, and taking Rr as the network access random number of the target mobile terminal.

Referring to fig. 3, under the last responsibility mechanism, the detailed implementation of step 106 and step 107 is as follows:

step 300: the mobile terminal which has accessed the network receives the broadcast information sent by the binding authentication system, and the mobile terminal which has accessed the network and has appointed the random number of accessing the network calculates the random number of accessing the network.

Specifically, in the embodiment of the present invention, the mobile terminal that has accessed the network receives the broadcast message sent from the binding authentication system, and the mobile terminal that has accessed the network and has the designated network access random number Rlrm calculates the network access random number of the target mobile terminal in an effective period, where the broadcast message is signed by a private key of the binding authentication system, so as to prevent an attack of an illegal service.

Step 310: and when the mobile terminal which has accessed the network determines that the signature of the broadcast message is correct and determines that the own access random number is the same as the designated access random number, generating the access intermediate random number and the access random number of the target mobile terminal.

Specifically, in the embodiment of the present invention, when the mobile terminal that has accessed the network verifies that the signature of the broadcast information is correct by using the public key of the binding authentication system, the mobile terminal that has accessed the network determines its own access random number and the specified access random number Rlrm, and if the own access random number is not the same as the specified access random number Rlrm, the mobile terminal that has accessed the network does not calculate the access random number of the target mobile terminal this time, that is, the mobile terminal that has accessed the network does not take charge of the access random number calculation task of this time, and if the own access random number is the same as the specified access random number Rlrm, the mobile terminal that has accessed the network takes charge of calculating the access random number of the target mobile terminal this time, and then, based on the own access random number Rrm, SN, IMEI, IMSI of the mobile terminal, and SN, IMEI, IMSI of the target mobile terminal, the current timestamp Tm, the intermediate access random number Rt of the target mobile terminal is obtained, and the encrypted network access random number Rr is used as the network access random number Rr of the target mobile terminal, and then the network access random number Rrm, the network access intermediate random number Rt of the target mobile terminal, the network access random number Rr of the target mobile terminal and the time stamp Tm are signed by the private key of the user to generate the network access random number response message.

Step 320: and the accessed mobile terminal sends an accessed random number response message carrying the accessed intermediate random number and the accessed random number to the binding authentication system.

Step 330: and when the binding authentication system determines that the response message signature of the network access random number is correct by adopting the public key of the network access mobile terminal corresponding to the specified network access random number, the network access random number of the target mobile terminal is verified by adopting the network access intermediate random number.

Specifically, in the embodiment of the present invention, the binding authentication system uses the public key of the mobile terminal that has accessed the network corresponding to the specified network access random number Rlrm, authenticating the signature of the network access random number response message, if the authentication result is incorrect, determining that the mobile terminal which has accessed the network is illegal or the calculation result is tampered by the binding authentication system, wherein the accessed mobile terminal is not a result of calculation by the specified accessed mobile terminal, the binding authentication system discards the network access random number of the target mobile terminal sent by the network-accessed mobile terminal, if the verification result is correct, the correctness of the access random number Rr of the target mobile terminal in the access random number response message is verified through the access random number Rrm of the other terminal which has accessed the network, the access intermediate random number Rt of the target mobile terminal, the access random number Rr of the target mobile terminal and the time stamp Tm in the access random number response message. Specifically, in performing step 330, the binding authentication system may perform the following operations:

A. the binding authentication system judges the correctness of the network access random number of the mobile terminal which has accessed the network.

The binding authentication system judges whether the network access random number Rrm of the network access mobile terminal in the network access random number response message is consistent with the specified network access random number Rlrm, if the result is inconsistent, the binding authentication system determines that the network access random number Rrm is not the result calculated by the specified network access mobile terminal, discards the result, and if the result is consistent, the binding authentication system determines that the network access random number Rrm is the result calculated by the specified network access mobile terminal, and continues the subsequent operation.

B. And the binding authentication system judges the correctness of the network access random number of the target mobile terminal by adopting the network access intermediate random number.

The binding authentication system verifies the correctness of the network access random number Rr of the target mobile terminal by using the public key of the network-accessed mobile terminal and the network access intermediate random number Rt of the target mobile terminal, if the result is wrong, the binding authentication system determines that the identity of the network-accessed mobile terminal is illegal, discards the network access random number of the target mobile terminal sent by the network-accessed mobile terminal, sends a broadcast message to the network-accessed mobile terminal of the whole network again, requests the network-accessed mobile terminal with the network access random number Rlrm to calculate the network access random number of the target mobile terminal, and returns the calculation result in an effective period, if the result is correct, the binding authentication system determines that the identity of the network-accessed mobile terminal is legal, and continues to carry out subsequent verification.

D. And when the binding authentication system does not receive the correct network access random number response message in the effective period, the binding authentication system sends the broadcast message to the mobile terminal which has accessed the network in the whole network again.

If the binding authentication system does not receive the correct response message of the network access random number in the effective period, the binding authentication system will send the broadcast message to the mobile terminals which have accessed the network in the whole network again, request the mobile terminals which have accessed the network and have the network access random number Rlrm to calculate the network access random number of the target mobile terminal, and return the calculation result in the effective period.

Referring to fig. 4, in the embodiment of the present invention, a mobile terminal that has accessed a network may periodically verify the states of other mobile terminals that have accessed the network except for the mobile terminal itself through a binding authentication system, and the following takes three mobile terminals that have accessed the network as an example to describe in detail the verification process, which are respectively referred to as a mobile terminal 1, a mobile terminal 2, and a mobile terminal 3.

Step 400: the mobile terminal 1, the mobile terminal 2, and the mobile terminal 3 receive a broadcast message transmitted from the binding authentication system.

Specifically, in the embodiment of the present invention, the mobile terminal 1, the mobile terminal 2, and the mobile terminal 3 will receive the broadcast message sent by the binding authentication system at regular intervals, and the mobile terminal 1, the mobile terminal 2, and the mobile terminal 3 mutually verify their respective current legal states in a certain period, where the broadcast message is signed by a private key of the binding authentication system, so as to prevent an attack of an illegal service.

Step 410: and when the mobile terminal 1 determines that the broadcast message signature is correct, the terminal information of the accessed mobile terminal, the network access random number and the network access intermediate random number which are used for calculating the network access random number for the first time are sent to the mobile terminal 2, the mobile terminal 3 and the binding authentication system.

Specifically, in the embodiment of the present invention, first, the mobile terminal 1 verifies the correctness of the broadcast information signature by using the public key of the binding authentication system, if the result is incorrect, no operation is performed, and if the result is correct, the mobile terminal 1 sends the broadcast information to the mobile terminal 2, the mobile terminal 3, and the binding authentication system, where the broadcast information includes: the mobile terminal 1 calculates the relevant information Rrm, SN, IMEI, IMSI and Tm of the mobile terminal 2, and the SN, IMEI, IMSI, network access intermediate random number Rt, network access random number Rr and other information of the mobile terminal 1 when performing binding authentication for the first time, and then the mobile terminal 1 signs these information together with the current timestamp Ts by using the private key of the mobile terminal 1 to form broadcast information.

Step 420: and when the mobile terminal 2 determines that the network access random number is correct, the network access intermediate random number of the mobile terminal 1 is further verified.

Specifically, in the embodiment of the present invention, after receiving the broadcast information of the mobile terminal 1, the mobile terminal 2 verifies the correctness and timeliness of the broadcast information of the mobile terminal 1 through the public key of D1, if not, the verification is abandoned, if correct, the correctness of the network access random number Rr of the mobile terminal 1 is verified through the public key of the mobile terminal 21 and the network access intermediate random number Rt of the mobile terminal 1, if incorrect, the verification is abandoned, if correct, the correctness of the network access intermediate random number Rt of the mobile terminal 1 is verified through the relevant information Rrm, SN, IMEI, IMSI and Tm of the mobile terminal 2 and the relevant information SN, IMEI and IMSI of the mobile terminal 1, if incorrect, the verification is abandoned, and if correct, the network access mobile terminal Dn determines that the mobile terminal 1 passes the authentication of the binding authentication system.

Step 430: the mobile terminal 2 broadcasts the message passing the binding authentication of the mobile terminal 1 and the current timestamp Tr after signing by the private key of the mobile terminal with the private key of the mobile terminal.

Step 440: when the binding authentication system determines that the broadcast information is correct, the state of the mobile terminal 2 is verified.

Specifically, in the embodiment of the present invention, the binding authentication system uses the public key 2 to verify the correctness and timeliness of the broadcast information 2, if the broadcast information is incorrect, the verification and the subsequent operation are abandoned, if the broadcast information is correct, the binding authentication system determines that the mobile terminal 1 has passed through the mobile terminal state updating process of the binding authentication system, if the binding authentication system determines that the mobile terminal 2 is performing the authentication on the mobile terminal 1 state updating process, the process is terminated immediately, and the state updating information of the mobile terminal 1 on the verification chain is updated.

Step 450: when the mobile terminal 1 and the mobile terminal 3 determine that the broadcast information is correct, the state of the mobile terminal 2 is verified.

Specifically, in the embodiment of the present invention, the mobile terminal 1 and the mobile terminal 3 verify the correctness and timeliness of the broadcast information of 2 by using the public key of 2, if not correct, the verification and the subsequent operation are abandoned, if correct, the mobile terminal 1 and the mobile terminal 3 determine that the mobile terminal 1 has passed the mobile terminal state updating process of the binding authentication system, if the mobile terminal 1 and the mobile terminal 3 determine that the mobile terminal 2 having accessed the network is performing the authentication on the mobile terminal 1 state updating process, the process is terminated immediately, and the state updating information of the mobile terminal 1 on the verification chain is updated.

Step 460: and the binding authentication system carries out the mobile terminal state updating process of the binding authentication of the mobile terminal and the SIM card on the mobile terminal which does not carry out the state updating within the appointed time limit.

Specifically, in the embodiment of the present invention, the binding authentication system performs a mobile terminal state updating process of performing mobile terminal and SIM card binding authentication on the network-accessed mobile terminal which does not perform state updating within a specified time limit, and the operation details refer to step 410 and step 440 described above, where if the mobile terminal cannot pass the authentication of the binding authentication system within the specified time limit, the binding authentication system locks the SIM card of the mobile terminal, and broadcasts the state authentication result of the network-accessed mobile terminal which does not pass the authentication of the binding authentication system to the network-accessed mobile terminal.

Based on the foregoing embodiments, as shown in fig. 5, in an embodiment of the present invention, the binding authentication system at least includes: a receiving unit 101 and a processing unit 102, wherein,

a receiving unit 101, configured to receive an identity registration network access request sent by a target mobile terminal, determine, based on the identity registration network access request, a binding relationship between the target mobile terminal and a corresponding SIM card, and set an effective period of a binding authentication procedure;

the processing unit 102 is configured to obtain the terminal information of the target mobile terminal from the identity registration network access request, and determine whether each parameter included in the terminal information of the target mobile terminal conforms to a preset binding relationship when the identity registration network access request is determined to be correct;

Optionally, the receiving unit 101 is specifically configured to receive an identity registration network access request sent by a target mobile terminal, determine a binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and set an effective period of a binding authentication procedure, where:

Optionally, the terminal information of the target mobile terminal is obtained from the identity registration network access request, and it is determined that the identity registration network access request is correct, where the processing unit 102 is specifically configured to:

Optionally, under a contention calculation mechanism, the processing unit 102 is configured to instruct the mobile terminal that has accessed the network to calculate the network access random number of the target mobile terminal in the effective period, and specifically:

Optionally, under the end responsible mechanism, the processing unit 102 is configured to instruct the mobile terminal that has accessed the network to calculate the network access random number of the target mobile terminal in the valid period, and specifically:

Optionally, the processing unit 102 is further configured to:

Based on the same inventive concept, an embodiment of the present invention provides a storage medium storing a program for implementing a method for binding authentication between a mobile terminal and a subscriber identity module SIM card, where the program, when executed by a processor, performs the following steps:

Based on the same inventive concept, the embodiment of the invention provides a communication device, which comprises one or more processors; and one or more computer-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the method of any of the above.

Based on the foregoing embodiment, referring to fig. 6, in an embodiment of the present invention, a mobile terminal that has accessed a network at least includes: a generating unit 103 and a transmitting unit 104, wherein,

a generating unit 103, configured to receive an instruction of a binding authentication system, and generate a network access random number of the target mobile terminal when it is determined that a signature of the instruction is correct, where the network access random number is generated after performing joint calculation based on terminal information of a mobile terminal that has accessed a network and terminal information of the target mobile terminal and performing signature by using a private key of the mobile terminal that has accessed the network;

a sending unit 104, configured to send the network access random number response message of the target mobile terminal to a binding authentication system, and trigger the binding authentication system to bind the target mobile terminal and the corresponding SIM card when the binding authentication system determines that the network access random number of the target mobile terminal is correct.

Optionally, under a contention mechanism, receiving an instruction of a binding authentication system, and when it is determined that the signature of the instruction is correct, generating a network access random number of the target mobile terminal, where the generating unit 103 is specifically configured to:

Optionally, under a contention mechanism, the network access random number response message of the target mobile terminal is sent to a binding authentication system, where the sending unit 104 is specifically configured to:

Optionally, under the mechanism responsible for the end, receiving an instruction of a binding authentication system, and generating a network access random number of the target mobile terminal when determining that the signature of the instruction is correct, where the generating unit 103 is specifically configured to:

Optionally, under a mechanism responsible for ending, the network access random number response message of the target mobile terminal is sent to a binding authentication system, and the sending unit 104 with the specified network access random number is specifically configured to:

Optionally, the sending unit 104 is further configured to:

To sum up, in the embodiments of the present invention, first, a binding authentication system receives an identity registration network access request sent by a target mobile terminal, determines a binding relationship between the target mobile terminal and a corresponding SIM card, and sets a valid period of a binding authentication procedure, then, the binding authentication system obtains terminal information of the target mobile terminal, determines whether each parameter included in the terminal information of the target mobile terminal meets a preset binding relationship when the identity registration network access request is correct, if yes, the binding authentication system instructs the mobile terminal that has accessed the network to calculate a network access random number of the target mobile terminal in the valid period, and further, when the network access random number of the target mobile terminal is determined to be correct, the target mobile terminal is bound with the corresponding SIM card, otherwise, it is determined that the target mobile terminal fails to access the network, and locking the SIM card corresponding to the target mobile terminal. Therefore, the binding authentication system can bind and authenticate the mobile terminal and the SIM card corresponding to the mobile terminal, so that the mobile terminal and the SIM card are prevented from being used separately, other users are effectively prevented from stealing the information of the SIM card after the mobile terminal is lost, the user can also be prevented from taking out the SIM card corresponding to the mobile terminal for other use, in addition, the network access random number adopts the private key of the mobile terminal which is accessed to the network for signature, the attack of other services can be prevented, the accuracy of the verification information of the binding authentication system is ensured, and the confidentiality and the safety of the information of the mobile terminal are further improved.

In addition, the binding authentication system can adopt the public key of the accessed mobile terminal to verify the broadcast message containing the accessed random number, so that the private tampering of the accessed random number by a user is effectively prevented, the reliability of the authentication result is improved, moreover, the accessed mobile terminal can calculate the accessed random number based on a competition mechanism and a tail responsible mechanism, when the completion of the binding authentication process is determined and the access random number of the target mobile terminal is determined to be correct, each accessed mobile terminal verifies the states of other accessed mobile terminals except the mobile terminal, the integrity of the binding authentication process is ensured, and the correctness of the binding authentication result is improved.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.

It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.

Claims

1. A binding authentication method for a mobile terminal and a Subscriber Identity Module (SIM) card is characterized by comprising the following steps:

2. The method of claim 1, wherein the binding authentication system receives an identity registration network access request sent by a target mobile terminal, determines a binding relationship between the target mobile terminal and a corresponding SIM card based on the identity registration network access request, and sets a valid period of a binding authentication process, specifically comprising:

3. The method as claimed in claim 2, wherein the binding authentication system obtains the terminal information of the target mobile terminal from the identity registration network access request, and determines that the identity registration network access request is correct, specifically comprising:

4. The method according to claim 1, 2 or 3, wherein under a contention calculation mechanism, the binding authentication system instructs the mobile terminal that has accessed the network to calculate the access random number of the target mobile terminal within the validity period, specifically comprising:

5. The method according to claim 1, 2 or 3, wherein under a tail responsibility mechanism, the binding authentication system instructs the network-accessed mobile terminal to calculate the network-access random number of the target mobile terminal within the validity period, specifically comprising:

6. The method of claim 1, 2, or 3, further comprising:

7. A binding authentication method for a mobile terminal and a Subscriber Identity Module (SIM) card is characterized by comprising the following steps:

8. The method according to claim 7, wherein under the contention mechanism, the mobile terminal that has accessed the network receives an indication of a binding authentication system, and generates the access random number of the target mobile terminal when determining that the signature of the indication is correct, specifically comprising:

9. The method according to claim 7 or 8, wherein the network-accessed mobile terminal sends the network-access random number response message of the target mobile terminal to a binding authentication system under a contention mechanism, specifically comprising:

10. The method according to claim 7, wherein under a tail responsibility mechanism, the mobile terminal that has accessed the network receives an indication of a binding authentication system, and generates the access random number of the target mobile terminal when determining that the signature of the indication is correct, specifically comprising:

11. The method according to claim 7 or 10, wherein, under a mechanism in charge of end, the network-connected mobile terminal sends the network-connected random number response message of the target mobile terminal to a binding authentication system, which specifically includes:

12. The method of claim 7 or 10, further comprising:

13. A binding authentication device for a mobile terminal and a Subscriber Identity Module (SIM) card is characterized by comprising:

14. A storage medium storing a program for implementing a method for binding authentication of a mobile terminal and a subscriber identity module, SIM, card, the program, when executed by a processor, performing the steps of:

15. A communications apparatus comprising one or more processors; and one or more computer-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of any of claims 1-6.

16. A binding authentication device for a mobile terminal and a Subscriber Identity Module (SIM) card is characterized by comprising:

17. A storage medium storing a program for implementing a method for binding authentication of a mobile terminal and a subscriber identity module, SIM, card, the program, when executed by a processor, performing the steps of:

18. A communications apparatus comprising one or more processors; and one or more computer-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of any of claims 7-12.