CN111246477B - Access method, terminal, micro base station and access system - Google Patents

Access method, terminal, micro base station and access system Download PDF

Info

Publication number
CN111246477B
CN111246477B CN202010029373.7A CN202010029373A CN111246477B CN 111246477 B CN111246477 B CN 111246477B CN 202010029373 A CN202010029373 A CN 202010029373A CN 111246477 B CN111246477 B CN 111246477B
Authority
CN
China
Prior art keywords
card terminal
encryption result
result
base station
operator server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010029373.7A
Other languages
Chinese (zh)
Other versions
CN111246477A (en
Inventor
田新雪
肖征荣
马书惠
杨子文
董慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010029373.7A priority Critical patent/CN111246477B/en
Publication of CN111246477A publication Critical patent/CN111246477A/en
Application granted granted Critical
Publication of CN111246477B publication Critical patent/CN111246477B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an access method, a terminal, a micro base station and an access system, wherein the method comprises the following steps: generating and sending a connection request to a block chain network according to an identification code shared by a main card terminal and an auxiliary card terminal, an auxiliary card identity of the auxiliary card terminal and a block chain identity of the auxiliary card terminal; generating and sending a verification request to the micro base station according to the identification code, the identity identifier of the auxiliary card and a first encryption result obtained from the block chain network, wherein the first encryption result is obtained by calculating according to a first pre-stored customer service password and first information sent by an operator server by the main card terminal; and receiving an access response returned by the micro base station, wherein the access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result and the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.

Description

Access method, terminal, micro base station and access system
Technical Field
The invention relates to the technical field of communication, in particular to an access method, a terminal, a micro base station and an access system.
Background
With the development of mobile communication, the number of network access devices is explosively increased, the number of network access devices per unit area may be increased to thousands of times as before, and even if the bandwidth of the base station is increased again, the number of network access devices per unit area cannot be supported by the macro base station coverage mode as before. For example, the former macro base station covers 1000 internet access users, the users equally divide the rate resource of the base station, and after 5G, the requirement of the users on the internet access rate becomes higher and higher, the resource of one base station is far from enough, only more base stations can be arranged, and the base station is designed in a miniaturized manner, so that the density of the micro base stations is increased, the radiation power spectrum of the micro base stations is reduced in order to avoid the mutual interference of the frequency spectrums between the micro base stations, and meanwhile, the radiation power of the mobile phone is also reduced. At the terminal side, the one-number multi-terminal service starts to enter a practical stage. The one-number multi-terminal service means that a main card in a user mobile phone is bound with an auxiliary card in the attached intelligent equipment, the main card and the auxiliary card share the same number of telephone charge and flow package, and the main card and the auxiliary card present the same number to the outside no matter a calling party or a called party.
Although the micro base station can solve a large amount of complex communication, when the micro base station authenticates the secondary card terminal, the micro base station firstly determines that the balance of the main card terminal corresponding to the secondary card terminal is enough to pay the service cost for using the micro base station, but privacy information such as the balance of a user is exposed, and the safety of user information cannot be guaranteed.
Disclosure of Invention
Therefore, the invention provides an access method and terminal, a micro base station and an access system, and aims to solve the problem that in the prior art, when the micro base station performs access authentication on a sub-card terminal with one number and multiple cards, privacy information of a user is easily exposed, so that the safety of user information cannot be guaranteed.
In order to achieve the above object, a first aspect of the present invention provides an access method, including: generating and sending a connection request to a block chain network according to an identification code shared by a main card terminal and an auxiliary card terminal, an auxiliary card identity of the auxiliary card terminal and a block chain identity of the auxiliary card terminal, so that the main card terminal receives the connection request; generating and sending a verification request to the micro base station according to the identification code, the identity identifier of the auxiliary card and a first encryption result obtained from the block chain network, wherein the first encryption result is obtained by calculating according to a first pre-stored customer service password and first information sent by an operator server by the main card terminal; and receiving an access response returned by the micro base station, wherein the access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result and the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.
In some embodiments, generating and sending a connection request to a blockchain network according to an identification code shared by the primary card terminal and the secondary card terminal, a secondary card id of the secondary card terminal, and a blockchain id of the secondary card terminal includes: generating a connection request according to the identification code, the identity identifier of the auxiliary card and the block chain identifier of the auxiliary card terminal; and signing the connection request by using a private key of the auxiliary card terminal, and sending the signed connection request to the block chain network.
In some embodiments, generating and sending a verification request to the micro base station according to the identification code, the secondary card identity and the first encryption result obtained from the blockchain network includes: acquiring a first encryption result sent by a main card terminal from a block chain network; generating a verification request according to the identification code, the identity of the auxiliary card and the first encryption result; and sending a verification request to the micro base station through the mobile switching network.
In some embodiments, the first information comprises a first random number and a first timestamp generated by the operator server.
In order to achieve the above object, a second aspect of the present invention provides an access method, including: responding to a verification request sent by a secondary card terminal, and acquiring a first encryption result and an identification code shared by a main card terminal and the secondary card terminal, wherein the first encryption result is obtained by the main card terminal according to a first pre-stored customer service password and first information sent by an operator server; generating and sending a broadcast message to a block chain network according to the first encryption result, the block chain identifier and the identification code of the micro base station, so that an operator server obtains the broadcast message; obtaining a verification result sent by the operator server from the blockchain network, wherein the verification result is obtained by comparing the first encryption result with the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information according to a predetermined algorithm by the operator server; and generating and sending an access response to the auxiliary card terminal according to the verification result.
In some embodiments, generating and sending an access response to the secondary card terminal according to the verification result includes: if the verification result is that the first encryption result is the same as the second encryption result, determining that the access response is that the auxiliary card terminal is allowed to be accessed into the micro base station; otherwise, determining the access response as refusing the access of the secondary card terminal to the micro base station; and sending the access response to the auxiliary card terminal through the mobile switching network.
In some embodiments, the second information comprises: the identification code, a second random number generated by the operator server, and a second timestamp.
In order to achieve the above object, a third aspect of the present invention provides a terminal comprising: the first generation module is used for generating a connection request according to the identification code shared by the main card terminal and the auxiliary card terminal, the auxiliary card identity identification of the auxiliary card terminal and the block chain identification of the auxiliary card terminal; the first sending module is used for sending a connection request to the block chain network so that the main card terminal receives the connection request; the second generation module is used for generating a verification request according to the identification code, the identity of the auxiliary card and a first encryption result acquired from the block chain network; the second sending module is used for sending a verification request to the micro base station, and the first encryption result is a result obtained by calculation of the main card terminal according to a first pre-stored customer service password and first information sent by the operator server; and the receiving module is used for receiving an access response returned by the micro base station, wherein the access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result with the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.
In order to achieve the above object, a fourth aspect of the present invention provides a micro base station, comprising: the first obtaining module is used for responding to a verification request sent by the auxiliary card terminal and obtaining a first encryption result and an identification code shared by the main card terminal and the auxiliary card terminal, wherein the first encryption result is a result obtained by the main card terminal through calculation according to a first pre-stored customer service password and first information sent by an operator server, and the main card terminal and the auxiliary card terminal share the identification code; the broadcast generating module is used for generating a broadcast message according to the first encryption result, the block chain identifier and the identification code of the micro base station; the broadcast sending module is used for sending a broadcast message to the block chain network so that an operator server can obtain the broadcast message; the second obtaining module is used for obtaining a verification result sent by the operator server from the block chain network, wherein the verification result is obtained by comparing the first encryption result with the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information according to a predetermined algorithm by the operator server; the access response generating module is used for generating an access response according to the verification result; and the access response sending module is used for sending the access response to the auxiliary card terminal.
In order to achieve the above object, a fifth aspect of the present invention provides an access system, including: the system comprises a micro base station, a main card terminal, a sub card terminal and an operator server which are connected through a block chain network; the secondary card terminal is used for executing the access method in the first aspect; the main card terminal is used for generating and storing a first encryption result according to the acquired first customer service password, the first random number and the first timestamp sent by the operator server; acquiring a connection request sent by an auxiliary card terminal from a block chain network, wherein the connection request comprises an identification code, an auxiliary card identity identifier of the auxiliary card terminal and a block chain identifier of the auxiliary card terminal, and the identification code is a shared identifier of a main card terminal and the auxiliary card terminal; sending the first encryption result to a block chain network so that the auxiliary card terminal can obtain the first encryption result; the micro base station is used for executing the access method in the second aspect; the operator server is used for acquiring a broadcast message sent by the micro base station from the block chain network, wherein the broadcast message comprises a first encryption result, a block chain identifier and an identification code of the micro base station; generating a second encryption result according to the identification code, a second random number stored in advance and a second timestamp; and comparing the first encryption result with the second encryption result, obtaining and sending a verification result to the block chain network so that the micro base station can obtain the verification result, and generating and sending an access response to the secondary card terminal according to the verification result.
The invention has the following advantages: a connection request is sent to a block chain network through an auxiliary card terminal in the first multi-card service, a main card terminal in the first multi-card service can acquire an identification code shared by two terminals carried in the connection request and an auxiliary card identity of the auxiliary card terminal, and then a first encryption result is fed back to the auxiliary card terminal; and after the sub-card terminal acquires the first encryption result, generating and sending a verification request to the micro base station according to the first encryption result, and after receiving an access response returned by the micro base station, determining the result of accessing the micro base station. The information of the main card terminal and the auxiliary card terminal can be protected, the problem that the privacy information of the terminals is revealed is avoided, and the safety of user information is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of an access method according to a first embodiment of the present invention;
fig. 2 is a flowchart of an access method according to a second embodiment of the present invention;
fig. 3 is a block diagram of a terminal according to a third embodiment of the present invention;
fig. 4 is a block diagram of a micro base station according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of an access system according to a fifth embodiment of the present invention.
In the drawings:
301: the first generation module 302: first sending module
303: the second generation module 304: second sending module
305: the receiving module 401: first acquisition module
402: the broadcast generation module 403: broadcast sending module
404: the second obtaining module 405: access response generation module
406: access response sending module 501: main card terminal
502: the sub-card terminal 503: micro base station
504: operator server
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
A first embodiment of the present invention relates to an access method. The method and the device are used for protecting the privacy information of the terminal and improving the safety of the user information.
The implementation details of the access method in the present embodiment are specifically described below, and the following is only for facilitating understanding of the implementation details of the present solution, and is not necessary for implementing the present solution.
Fig. 1 is a flowchart of an access method in this embodiment, where the method is applicable to a secondary card terminal, where the secondary card terminal is a terminal in a one-card-multiple-number service that does not store an operator customer service password. The method may include the following steps.
In step 101, a connection request is generated and sent to the blockchain network according to the identification code shared by the main card terminal and the sub card terminal, the sub card id of the sub card terminal, and the blockchain id of the sub card terminal.
In some embodiments, the connection request is generated according to the identification code, the identity identifier of the secondary card and the block chain identifier of the secondary card terminal; and signing the connection request by using a private key of the auxiliary card terminal, and sending the signed connection request to the block chain network.
In particular implementation, the connection request may include the cell phone number 18612344321 (i.e., identification code) shared by the primary card terminal and the secondary card terminal, the blockchain identifier of the secondary card terminal, and the secondary card id of the secondary card terminal.
In step 102, a verification request is generated and sent to the micro base station according to the identification code, the secondary card identity and the first encryption result obtained from the block chain network.
The first encryption result is obtained by the main card terminal according to a first pre-stored customer service password and first information sent by an operator server through calculation.
It should be noted that, when receiving a connection request sent by the secondary card terminal through the blockchain network, the primary card terminal verifies a private key signature of the connection request, and if the connection request passes the verification, encrypts the first encryption result Q1 using a public key of the secondary card terminal according to a predetermined algorithm, then signs the encrypted first encryption result Q1 using the private key of the primary card terminal, and sends the signature to the blockchain network, so that the secondary card terminal obtains the first encryption result Q1.
In some embodiments, the first information comprises a first random number generated by the operator server and a first timestamp. Where the first timestamp is the time at which the operator server sent the first random number, and the first random number is randomly generated by the operator server, e.g., the first random number is "123456". The operator server transmits first information to the blockchain network every time a fixed time interval elapses, so that the master card terminal can receive the first information.
In some embodiments, a first encryption result sent by a main card terminal is obtained from a block chain network; generating a verification request according to the identification code, the identity of the auxiliary card and the first encryption result; and sending a verification request to the micro base station through the mobile switching network.
The Mobile switching network may be a third Generation Mobile communication network (3G), a fourth Generation Mobile communication network (4G), a fifth Generation Mobile communication network (5G), or other Mobile communication Networks. The above description is only for the example of the mobile switching network, and the specific implementation may be according to actual settings, and is not limited to the above description, and other non-exemplified mobile switching networks are also within the protection scope of the present invention, and are not described herein again.
In step 103, an access response returned by the micro base station is received.
The access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result and the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.
It should be noted that the second information may include a second random number and a second time stamp, where the second random number is also randomly generated by the operator server, and the second time stamp is also the time when the operator server transmits the second random number. Since the first random number and the second random number are both changed every time a fixed time interval elapses, and the first time stamp and the second time stamp are also not fixed; however, the first timestamp and the second timestamp are within the same preset time range, for example, the preset time is 10 seconds, both the first timestamp and the second timestamp are within the 10 seconds, and the operator server only generates one random number within the 10 seconds, so that if the operator server receives a first encryption result sent by the master card terminal within the preset time, the first encryption result can be compared with a second encryption result generated according to second information and valid within the preset time to obtain a verification result, wherein the first encryption result is generated according to a first customer service password and first information which are stored in advance.
Moreover, even if the third party device intercepts the first encryption result, the third party device cannot acquire the first customer service password KEY1, and therefore, the third party device cannot decrypt the first encryption result Q1, and the security of the message is ensured. Meanwhile, the first random number and the first timestamp are invalid after a period of time, so that the data acquired by the third party is invalid when the time is out, and the data acquired by the third party is invalid.
In this embodiment, a connection request is sent to a blockchain network by a secondary card terminal in a first multi-card service, and a primary card terminal in the first multi-card service can obtain an identification code shared by two terminals carried in the connection request and a secondary card identity of the secondary card terminal, so as to feed back a first encryption result to the secondary card terminal; and after the sub-card terminal acquires the first encryption result, generating and sending a verification request to the micro base station according to the first encryption result, and after receiving an access response returned by the micro base station, determining a result of accessing the micro base station. The information of the main card terminal and the auxiliary card terminal can be protected, the problem that the privacy information of the terminals is revealed is avoided, and the safety of user information is improved.
A second embodiment of the present invention relates to an access method. Fig. 2 is a flowchart of an access method in this embodiment, which can be used for a micro base station. The method may include the following steps.
In step 201, in response to the verification request sent by the secondary card terminal, a first encryption result and an identification code shared by the primary card terminal and the secondary card terminal are obtained.
It should be noted that the first encryption result is a result obtained by the master card terminal through calculation according to the first customer service password stored in advance and the first information sent by the operator server. Specifically, the master card terminal periodically receives a first random number sent by an operator server to which the master card terminal belongs in the blockchain network. The main card terminal calculates a first random number, a first timestamp, and a first client password (e.g., a first client password KEY1 corresponding to the mobile phone number 18612344321) corresponding to the common identification code of the main card terminal and the sub card terminal according to a predetermined algorithm, obtains a first encryption result Q1, stores the first encryption result Q1 for standby, and is used when the main card terminal or the sub card terminal wants to connect to a micro base station.
In step 202, a broadcast message is generated and sent to the blockchain network according to the first encryption result, the blockchain identifier of the micro base station and the identification code.
Specifically, after receiving a verification request sent by a secondary card terminal, the micro base station obtains an identification code (for example, a cell phone number 18612344321) and a first encryption result Q1 in the verification request; and then generating a broadcast message according to the first encryption result Q1, the block chain identifier of the micro base station and the mobile phone number 18612344321, signing the broadcast message by using a private key of the micro base station, and sending the signed broadcast message to a block chain network, so that an operator server receives the broadcast message and the security of the broadcast message is ensured.
In step 203, the verification result sent by the operator server is obtained from the blockchain network.
It should be noted that the verification result is a result obtained by comparing the first encryption result and the second encryption result with the operator server, and the second encryption result is a result obtained by calculating, by the operator server according to a predetermined algorithm, the identification code and the second information stored in advance.
Specifically, if the operator server to which the mobile phone number 18612344321 belongs checks that the secondary card terminal corresponding to the mobile phone number 18612344321 is within the management range of the operator server, the operator server calculates the second information according to a predetermined algorithm, and obtains a second encryption result Q2; for example, the second information includes the identification code, the second random number generated by the operator server, and the second timestamp, and the operator server calculates the mobile phone number 18612344321, the second random number issued by the operator server in the time slot of the current time, and the second timestamp according to a pre-agreed algorithm, so as to obtain a second encryption result Q2.
And comparing the first encryption result Q1 with the second encryption result Q2 to obtain a verification result, encrypting the verification result by using a public key of the micro base station according to a predetermined algorithm, and sending the verification result to the block chain network after signing by using a private key of the operator server so that the micro base station obtains the verification result.
In step 204, an access response is generated and sent to the secondary card terminal according to the verification result.
It should be noted that, after receiving the verification result fed back by the operator server, the micro base station firstly queries a block chain account book to obtain a public key of the operator server; and then, verifying the private key signature of the verification result fed back by the operator server, and if the verification is passed, decrypting the public key encryption part by using the private key of the micro base station according to a predetermined algorithm to obtain the original verification result.
In some embodiments, if the verification result is that the first encryption result and the second encryption result are the same, determining that the access response is to allow the secondary card terminal to access the micro base station; otherwise, determining the access response as refusing the access of the secondary card terminal to the micro base station; and sending an access response to the auxiliary card terminal through the mobile switching network.
For example, if the verification result is that the first encryption result Q1 is equal to the second encryption result Q2, it indicates that the micro base station passes verification of the sub-card terminal and the corresponding mobile phone number; the micro base station allows the access of the auxiliary card terminal; otherwise, if the comparison result is that the first encryption result Q1 is not equal to the second encryption result Q2, it indicates that the verification of the sub-card terminal and the corresponding mobile phone number by the micro base station is not passed; and the micro base station refuses the access of the secondary card terminal. And then, sending an access response to the auxiliary card terminal through a mobile communication network such as a 3G, 4G, 5G network and the like so that the auxiliary card terminal can acquire an access result.
In the embodiment, a broadcast message is generated and sent to a blockchain network by the micro base station according to the obtained first encryption result, the blockchain identifier of the micro base station and the identification code shared by the main card terminal and the auxiliary card terminal, so that an operator server can obtain the first encryption result from the blockchain network, further compare the first encryption result with the second encryption result to obtain a verification result, and send the verification result to the blockchain network, so that when the micro base station obtains the verification result, whether the auxiliary card terminal passes the verification is judged according to the verification result, the security of terminal information is improved, meanwhile, the micro base station can directly verify the auxiliary card terminal, the complexity of the authentication process is avoided, and the authentication efficiency of the micro base station to the auxiliary card terminal is improved.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
The third embodiment of the present invention relates to a terminal, and the specific implementation of the terminal may refer to the related description of the first embodiment, and repeated descriptions are omitted. It should be noted that, the specific implementation of the terminal in this embodiment may also refer to the related description of the second embodiment, but is not limited to the above two embodiments, and other non-illustrated embodiments are also within the protection scope of the terminal.
As shown in fig. 3, the terminal mainly includes: the first generation module 301 is configured to generate a connection request according to an identification code shared by the main card terminal and the secondary card terminal, a secondary card identity identifier of the secondary card terminal, and a block chain identifier of the secondary card terminal; the first sending module 302 is configured to send a connection request to the blockchain network, so that the main card terminal receives the connection request; the second generating module 303 is configured to generate a verification request according to the identification code, the secondary card identity, and the first encryption result obtained from the blockchain network; the second sending module 304 is configured to send a verification request to the micro base station, where the first encryption result is a result obtained by the main card terminal through calculation according to a first pre-stored customer service password and the first information sent by the operator server; the receiving module 305 is configured to receive an access response returned by the micro base station, where the access response is determined based on a verification result returned by the operator server, the verification result is a result obtained by comparing the first encryption result and the second encryption result with the operator server, and the second encryption result is a result obtained by calculating the identification code and the pre-stored second information according to a pre-agreed algorithm by the operator server.
A fourth embodiment of the present invention relates to a micro base station, and specific implementation of the micro base station may refer to the related description of the first embodiment, and repeated details are not repeated. It should be noted that, in the present embodiment, reference may also be made to the related description of the second embodiment for specific implementation of the micro base station, but the implementation is not limited to the above two embodiments, and other undescribed embodiments are also within the protection scope of the present micro base station.
As shown in fig. 4, the micro base station mainly includes: the first obtaining module 401 is configured to obtain, in response to a verification request sent by the secondary card terminal, a first encryption result and an identification code shared by the primary card terminal and the secondary card terminal, where the first encryption result is obtained by the primary card terminal through calculation according to a first pre-stored customer service password and first information sent by an operator server; the broadcast generating module 402 is configured to generate a broadcast message according to the first encryption result, the block chain identifier and the identification code of the micro base station; the broadcast sending module 403 is configured to send a broadcast message to the blockchain network, so that an operator server obtains the broadcast message; the second obtaining module 404 is configured to obtain a verification result sent by the operator server from the blockchain network, where the verification result is a result obtained by comparing the first encryption result and the second encryption result with the operator server, and the second encryption result is a result obtained by calculating, by the operator server according to a predetermined algorithm, the identification code and second information stored in advance; the access response generation module 405 is configured to generate an access response according to the verification result; the access response sending module 406 is configured to send an access response to the secondary card terminal.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, a unit which is less closely related to solving the technical problem proposed by the present invention is not introduced in the present embodiment, but it does not indicate that no other unit exists in the present embodiment.
A fifth embodiment of the present invention relates to an access system, as shown in fig. 5, specifically including: a micro base station 503, a main card terminal 501, a sub card terminal 502 and an operator server 504 connected by a blockchain network.
The sub-card terminal 502 is configured to execute the access method in the first embodiment; the main card terminal 501 is configured to generate and store a first encryption result according to the acquired first customer service password, the first random number and the first timestamp sent by the operator server 504; acquiring a connection request sent by the auxiliary card terminal 502 from a block chain network, wherein the connection request comprises an identification code, an auxiliary card identity of the auxiliary card terminal 502 and a block chain identity of the auxiliary card terminal 502, and the identification code is a common identity of the main card terminal 501 and the auxiliary card terminal 502; sending the first encryption result to the blockchain network, so that the sub-card terminal 502 obtains the first encryption result; the micro base station 503 is configured to perform the access method in the second embodiment; the operator server 504 is configured to obtain a broadcast message sent by the micro base station 503 from the blockchain network, where the broadcast message includes the first encryption result, the blockchain identifier of the micro base station 503, and the identification code; generating a second encryption result according to the identification code, a second random number stored in advance and a second timestamp; comparing the first encryption result with the second encryption result, obtaining and sending a verification result to the blockchain network, so that the micro base station 503 obtains the verification result, and generates and sends an access response to the sub-card terminal 502 according to the verification result.
In the access system, the communication between the network elements may specifically include the following steps.
In step 601, the operator server 504 transmits the first information into the blockchain network every time a fixed time interval elapses, so that the master card terminal 501 can receive the first information.
Wherein, the first information is the information sent after being signed by the operator server 504 by using a private key; the first information includes a first timestamp and a first random number randomly generated by the operator server 504, e.g., the first random number is "123456". Note that the first timestamp indicates the time when the operator server 504 transmits the first random number.
In step 602, the master card terminal 501 periodically receives the first random number transmitted from the operator server 504 to which it belongs in the blockchain network. The main card terminal 501 calculates a first random number, a first timestamp, and a first service password KEY1 corresponding to the mobile phone number 18612344321 in the main card terminal 501 according to a predetermined algorithm, obtains a first encryption result Q1, stores the first encryption result Q1 for later use, and uses the first random number, the first timestamp, and the first service password KEY when the main card terminal 501 or the corresponding sub-card terminal 502 wants to connect to a micro base station.
It should be noted that, since the first random number is changed every time a fixed time interval elapses and the first timestamp is not fixed, even if the third-party device intercepts the message, the first customer service password KEY1 cannot be known, and therefore, the first encryption result Q1 cannot be decrypted, and the security of the message is ensured. Meanwhile, the first random number and the first timestamp are invalid after a period of time elapses, so that the data acquired by the third party is invalid when the data is overtime, so that the data acquired by the third party is invalid.
In step 603, when the sub-card terminal 502 finds that there is one micro base station 503 within its connectable range by searching, the sub-card terminal 502 sends a connection request to the blockchain network so that the main card terminal 501 can receive the connection request.
It should be noted that the secondary card terminal 502 does not store the first service password KEY 1; moreover, before sending the connection request, the sub-card terminal 502 needs to use the private key of the sub-card terminal 502 to sign, and then sends the signed connection request to the blockchain network. The connection request includes the cell phone number 18612344321 common to the main card terminal 501 and the sub-card terminal 502, the blockchain identifier of the sub-card terminal 502, and the sub-card identification of the sub-card terminal 502.
In step 604, when the main card terminal 501 receives the connection request sent by the secondary card terminal through the blockchain network, the private key signature of the connection request is verified first, and if the connection request passes the verification, the public key of the secondary card terminal 502 is used to encrypt the first encryption result Q1 according to a predetermined algorithm, and then the private key of the main card terminal 501 is used to sign the encrypted first encryption result Q1, and then the first encryption result Q1 is sent to the blockchain network, so that the secondary card terminal can obtain all the first encryption results Q1.
In step 605, the sub-card terminal 502 receives, through the blockchain network, the encrypted first encryption result Q1 that is fed back by the main card terminal 501 and is signed by the main card terminal private key. The private key signature of the message is verified first, and if the message passes the verification, the encrypted first encryption result Q1 is decrypted by using the private key of the secondary card terminal 502 according to a predetermined algorithm, so that a first encryption result Q1 is obtained.
In step 606, the sub-card terminal 502 generates an authentication request according to the first encryption result Q1, the mobile phone number 18612344321, and the sub-card id of the sub-card terminal 502, and sends the authentication request to the micro base station 503 through a mobile switching network (e.g., a mobile communication network such as a 3G, 4G, or 5G network).
In step 607, after receiving the verification request, the micro base station 503 obtains the cell phone number 18612344321 and the first encryption result Q1 in the verification request; and then generates and transmits a broadcast message to the blockchain network according to the first encryption result Q1, the blockchain identification of the micro base station 503 and the cell phone number 18612344321, so that the operator server 504 receives the broadcast message.
It should be noted that before sending the broadcast message, the broadcast message needs to be signed by using the private key of the micro base station 503 to ensure the security of the broadcast message.
In step 608, if the operator server 504 to which the mobile phone number 18612344321 belongs sees that the sub-card terminal 502 corresponding to the mobile phone number 18612344321 is within its own management range, the operator server 504 calculates the mobile phone number 18612344321, and the second random number and the second timestamp issued by the operator server 504 in the time period of the current time according to a pre-agreed algorithm, so as to obtain a second encryption result Q2.
Then, the first encryption result Q1 and the second encryption result Q2 are compared to obtain a comparison result, then the comparison result is encrypted by using the public key of the micro base station 503 according to a predetermined algorithm, and then the comparison result is signed by using the private key of the operator server 504 and then sent to the block chain network, so that the micro base station 503 obtains the comparison result.
It should be noted that the operator server 504 does not need to distinguish the main card terminal 501 from the sub-card terminal 502, and only needs to obtain the first encryption result Q1 and the second encryption result Q2, compare the first encryption result Q1 with the second encryption result Q2, and feed back the comparison result to the micro base station 503.
In step 609, the micro base station 503 receives the comparison result fed back by the operator server 504, firstly, queries the block chain ledger, and obtains the public key of the operator server 504; and then, the private key signature of the comparison result fed back by the operator server 504 is verified, and if the verification is passed, the private key of the micro base station 503 is used for decrypting the encrypted part of the public key therein according to a predetermined algorithm, so as to obtain the original comparison result. If the comparison result is that the first encryption result Q1 is equal to the second encryption result Q2, it indicates that the micro base station 503 verifies that the sub-card terminal 502 and the corresponding mobile phone number pass; the micro base station 503 allows the access of the secondary card terminal 502; otherwise, if the comparison result is that the first encryption result Q1 is not equal to the second encryption result Q2, it indicates that the verification of the sub-card terminal 502 and the corresponding mobile phone number by the micro base station 503 is not passed; the micro base station 503 denies the access of the secondary card terminal 502.
In step 610, micro base station 503 generates an access response according to the verification passing message or the verification failing message in step 609, and feeds back the access response to sub-card terminal 502, so that sub-card terminal 502 knows the access result.
In this embodiment, a connection request is sent to a blockchain network through a secondary card terminal in the first multi-card service, and a primary card terminal in the first multi-card service can acquire an identification code shared by two terminals carried in the connection request and a secondary card identity of the secondary card terminal, and then feed back a first encryption result to the secondary card terminal; and after the sub-card terminal acquires the first encryption result, generating and sending a verification request to the micro base station according to the first encryption result, and after receiving an access response returned by the micro base station, determining the result of accessing the micro base station. The information of the main card terminal and the information of the auxiliary card terminal can be protected, the problem that the privacy information of the terminals is revealed is avoided, and the safety of user information is improved.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (10)

1. An access method, applied to a secondary card terminal, the method comprising:
generating and sending a connection request to a block chain network according to an identification code shared by a main card terminal and an auxiliary card terminal, an auxiliary card identity of the auxiliary card terminal and a block chain identity of the auxiliary card terminal, so that the main card terminal receives the connection request;
generating and sending a verification request to a micro base station according to the identification code, the identity identifier of the auxiliary card and a first encryption result obtained from a block chain network, wherein the first encryption result is obtained by calculating according to a first pre-stored customer service password and first information sent by an operator server by the main card terminal;
and receiving an access response returned by the micro base station, wherein the access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result and the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.
2. The method according to claim 1, wherein the generating and sending a connection request to a blockchain network according to an identification code shared by the primary card terminal and the secondary card terminal, a secondary card id of the secondary card terminal, and a blockchain id of the secondary card terminal comprises:
generating a connection request according to the identification code, the identity identifier of the auxiliary card and the block chain identifier of the auxiliary card terminal;
and signing the connection request by using a private key of the auxiliary card terminal, and sending the signed connection request to the block chain network.
3. The method of claim 1, wherein generating and sending a verification request to a micro base station according to the identification code, the secondary card identity and a first encryption result obtained from a blockchain network comprises:
acquiring a first encryption result sent by the main card terminal from a block chain network;
generating the verification request according to the identification code, the identity of the auxiliary card and the first encryption result;
and sending the verification request to the micro base station through a mobile switching network.
4. The method according to any one of claims 1 to 3, wherein the first information comprises: a first random number and a first timestamp generated by the operator server.
5. An access method applied to a micro base station, the method comprising:
responding to a verification request sent by a secondary card terminal, and acquiring a first encryption result and an identification code shared by a main card terminal and the secondary card terminal, wherein the first encryption result is obtained by the main card terminal according to a first pre-stored customer service password and first information sent by an operator server;
generating and sending a broadcast message to a block chain network according to the first encryption result, the block chain identifier of the micro base station and the identification code, so that the operator server can obtain the broadcast message;
obtaining a verification result sent by the operator server from a block chain network, wherein the verification result is obtained by comparing the first encryption result with a second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and second information stored in advance by the operator server according to a predetermined algorithm;
and generating and sending an access response to the auxiliary card terminal according to the verification result.
6. The method according to claim 5, wherein the generating and sending an access response to the secondary card terminal according to the verification result comprises:
if the verification result is that the first encryption result is the same as the second encryption result, determining that the access response is to allow the auxiliary card terminal to access the micro base station;
otherwise, determining the access response as refusing the access of the secondary card terminal to the micro base station;
and sending the access response to the auxiliary card terminal through a mobile switching network.
7. The method according to claim 5 or 6, wherein the second information comprises:
the identification code, a second random number generated by the operator server, and a second timestamp.
8. A terminal, applied to a secondary card terminal, comprising:
the first generation module is used for generating a connection request according to an identification code shared by a main card terminal and an auxiliary card terminal, an auxiliary card identity of the auxiliary card terminal and a block chain identity of the auxiliary card terminal;
a first sending module, configured to send the connection request to a blockchain network, so that the main card terminal receives the connection request;
the second generation module is used for generating a verification request according to the identification code, the identity of the auxiliary card and a first encryption result acquired from a block chain network;
the second sending module is used for sending the verification request to the micro base station, and the first encryption result is obtained by calculating according to a first pre-stored customer service password and first information sent by an operator server by the main card terminal;
the receiving module is used for receiving an access response returned by the micro base station, wherein the access response is determined based on a verification result returned by the operator server, the verification result is obtained by comparing the first encryption result and the second encryption result by the operator server, and the second encryption result is obtained by calculating the identification code and the prestored second information by the operator server according to a predetermined algorithm.
9. A micro base station, comprising:
the system comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for responding to a verification request sent by a secondary card terminal and obtaining a first encryption result and an identification code shared by a main card terminal and the secondary card terminal, and the first encryption result is obtained by the main card terminal through calculation according to a first pre-stored customer service password and first information sent by an operator server;
a broadcast generating module, configured to generate a broadcast message according to the first encryption result, the blockchain identifier of the micro base station, and the identifier;
a broadcast sending module, configured to send the broadcast message to a block chain network, so that the operator server obtains the broadcast message;
a second obtaining module, configured to obtain, from a blockchain network, a verification result sent by the operator server, where the verification result is a result obtained by comparing the first encryption result and a second encryption result with the operator server, and the second encryption result is a result obtained by calculating, by the operator server according to a predetermined algorithm, the second information according to the identification code and pre-stored second information;
an access response generation module for generating an access response according to the verification result;
and the access response sending module is used for sending the access response to the auxiliary card terminal.
10. An access system, comprising: the system comprises a micro base station, a main card terminal, a secondary card terminal and an operator server which are connected through a block chain network;
the secondary card terminal is used for executing the access method according to any one of claims 1 to 4;
the main card terminal is used for generating and storing a first encryption result according to the acquired first customer service password, the first random number and the first timestamp sent by the operator server; acquiring a connection request sent by the auxiliary card terminal from a block chain network, wherein the connection request comprises an identification code, an auxiliary card identity of the auxiliary card terminal and a block chain identity of the auxiliary card terminal, and the identification code is an identity shared by a main card terminal and the auxiliary card terminal; sending the first encryption result to a block chain network so that the auxiliary card terminal can obtain the first encryption result;
the micro base station is used for executing the access method of any one of claims 5 to 7;
the operator server is used for acquiring a broadcast message sent by the micro base station from a block chain network, wherein the broadcast message comprises a first encryption result, a block chain identifier and an identification code of the micro base station; generating a second encryption result according to the identification code, a second random number stored in advance and a second time stamp; and comparing the first encryption result with the second encryption result, obtaining and sending a verification result to a block chain network so that the micro base station acquires the verification result, and generating and sending an access response to the auxiliary card terminal according to the verification result.
CN202010029373.7A 2020-01-10 2020-01-10 Access method, terminal, micro base station and access system Active CN111246477B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010029373.7A CN111246477B (en) 2020-01-10 2020-01-10 Access method, terminal, micro base station and access system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010029373.7A CN111246477B (en) 2020-01-10 2020-01-10 Access method, terminal, micro base station and access system

Publications (2)

Publication Number Publication Date
CN111246477A CN111246477A (en) 2020-06-05
CN111246477B true CN111246477B (en) 2022-07-19

Family

ID=70877780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010029373.7A Active CN111246477B (en) 2020-01-10 2020-01-10 Access method, terminal, micro base station and access system

Country Status (1)

Country Link
CN (1) CN111246477B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111757310B (en) * 2020-06-23 2023-06-02 中国联合网络通信集团有限公司 Method for generating health code, server and base station
CN111885600B (en) * 2020-09-02 2023-04-07 中国联合网络通信集团有限公司 Access method of dual-card terminal, terminal and server
CN111918292B (en) * 2020-09-02 2022-08-16 中国联合网络通信集团有限公司 Access method and device
CN111918291B (en) * 2020-09-02 2022-08-12 中国联合网络通信集团有限公司 Access method and device
CN111988777B (en) * 2020-09-02 2023-04-07 中国联合网络通信集团有限公司 Method for processing one number double-terminal service, core network equipment and server
CN112272376B (en) * 2020-10-22 2022-07-29 中国联合网络通信集团有限公司 Reward method and device
CN112491893B (en) * 2020-11-26 2022-09-27 秦丽霞 Block chain terminal equipment network access method, device, server and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2073432A1 (en) * 2006-09-25 2009-06-24 Huawei Technologies Co., Ltd. The access terminal, and the method for binding the access terminal and the operator
CN110166948A (en) * 2019-07-02 2019-08-23 中国联合网络通信集团有限公司 A kind of vice card terminal monitoring method, management server and block chain network system
CN110602691A (en) * 2019-10-18 2019-12-20 中国联合网络通信集团有限公司 Mobile communication method and device based on block chain network
CN110611911A (en) * 2019-10-18 2019-12-24 中国联合网络通信集团有限公司 Mobile communication method and device
CN110611914A (en) * 2019-10-18 2019-12-24 中国联合网络通信集团有限公司 Communication method and device based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2073432A1 (en) * 2006-09-25 2009-06-24 Huawei Technologies Co., Ltd. The access terminal, and the method for binding the access terminal and the operator
CN110166948A (en) * 2019-07-02 2019-08-23 中国联合网络通信集团有限公司 A kind of vice card terminal monitoring method, management server and block chain network system
CN110602691A (en) * 2019-10-18 2019-12-20 中国联合网络通信集团有限公司 Mobile communication method and device based on block chain network
CN110611911A (en) * 2019-10-18 2019-12-24 中国联合网络通信集团有限公司 Mobile communication method and device
CN110611914A (en) * 2019-10-18 2019-12-24 中国联合网络通信集团有限公司 Communication method and device based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于移动终端的可信消息传输方案设计;梁颖升等;《信息网络安全》;20150910(第09期);全文 *

Also Published As

Publication number Publication date
CN111246477A (en) 2020-06-05

Similar Documents

Publication Publication Date Title
CN111246477B (en) Access method, terminal, micro base station and access system
CN111083697B (en) Access method, terminal, micro base station and access system
KR0181566B1 (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
US7734280B2 (en) Method and apparatus for authentication of mobile devices
CN111212426B (en) Terminal access method, terminal, micro base station and access system
KR101438243B1 (en) Sim based authentication
CN111246471B (en) Terminal access method and device
CN111194034B (en) Authentication method and device
WO2002052784A1 (en) Authentication in data communication
KR20130049726A (en) Method for creating trust relationship and embedded uicc
CN107094127B (en) Processing method and device, and obtaining method and device of security information
CN111212425B (en) Access method, server and terminal
CN111182545B (en) Micro base station authentication method and terminal
IL162011A (en) Use of a public key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners
CN111263361B (en) Connection authentication method and device based on block chain network and micro base station
Lee et al. An efficient authentication protocol for mobile communications
CN111988777B (en) Method for processing one number double-terminal service, core network equipment and server
CN111194066B (en) Base station alliance method and device
KR20080093449A (en) Gsm authentication in a cdma network
CN111918292B (en) Access method and device
CN111885600B (en) Access method of dual-card terminal, terminal and server
CN111800791B (en) Authentication method, core network equipment and terminal
CN111918291B (en) Access method and device
CN113316141B (en) Wireless network access method, sharing server and wireless access point
CN101742507A (en) System and method for accessing Web application site for WAPI terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant