CN112637855B - Machine-card binding method and server based on block chain - Google Patents

Abstract

The application provides a machine-card binding method and a server based on a block chain. The method comprises the following steps: after acquiring a binding request sent by a terminal, a server determines a first signature message of an SIM card and a first identity public key of the terminal corresponding to the binding request according to the binding request. The first signature message of the SIM card may be generated according to the SIM card information and a first preset hash algorithm. The first identity public key of the terminal can be generated by the terminal feature code through an asymmetric encryption algorithm. And the server generates a new SIM card block by taking the first signature message of the SIM card as the data block identifier and the first identity public key of the terminal as the data block identifier. The server inserts the new SIM card block into the SIM card block chain. The method improves the safety of the machine-card binding information and avoids the problem that the machine-card binding information is tampered.

Description

Machine-card binding method and server based on block chain

technical field

The present application relates to the field of communication technology, and in particular to a blockchain-based machine-card binding method and server.

Background technique

In the use of the terminal and the SIM card, the connection is usually unstable, the terminal can replace the SIM card, and the SIM card can also replace the terminal. Therefore, in some scenarios that require a unique binding between the SIM card and the terminal, such as the use of customer premise equipment (Customer Premise Equipment, CPE), the connection mode between the SIM card and the terminal is not safe.

In view of this situation, in the prior art, the binding of the SIM card and the terminal can be realized by means of machine-card binding. At present, the commonly used machine-card binding method is usually realized by sending active commands from the SIM card to the terminal. After receiving the proactive command sent by the SIM card, the terminal sends binding information to the SIM card, thereby realizing the binding of the SIM card and the terminal.

However, this binding method has the problems of being easily tampered and having low security.

Contents of the invention

The present application provides a block chain-based machine-card binding method and server to solve the problems that the binding methods in the prior art are easy to be tampered with and have low security.

In the first aspect, the present application provides a blockchain-based machine-card binding method, including:

Obtain the first signature message of the SIM card and the first identity public key of the terminal;

According to the first signature message of the SIM card and the first identity public key of the terminal, a new block of the SIM card is generated, the new block of the SIM card includes a data block identifier and data block data, and the first signature message of the SIM card is the The data block identifier, the terminal first identity public key is the data block data;

Insert the new block of the SIM card into the SIM card block chain.

Optionally, the method also includes:

Obtain the first signature message of the terminal and the first identity public key of the SIM card;

According to the first signature message of the terminal and the first identity public key of the SIM card, a new block of the terminal is generated, the new block of the terminal includes a data block identifier and data block data, and the first signature message of the terminal is the data block Identification, the first identity public key of the SIM card is the data block data;

inserting said terminal new block into the terminal blockchain;

Optionally, the method includes:

Generate the private key of the first identity of the SIM card and the public key of the first identity of the SIM card according to the characteristic code of the SIM card;

According to the SIM card information and the first preset hash algorithm, generate a first SIM card signature message, where the SIM card first signature message is obtained by encrypting the SIM card information through the first preset hash algorithm.

Optionally, the method includes:

Generate terminal first identity private key and terminal first identity public key according to terminal characteristic code;

According to the terminal information and the second preset hash algorithm, a first terminal signature message is generated, where the terminal first signature message is obtained by encrypting the terminal information through the second preset hash algorithm.

Optionally, after the machine-card binding is completed, the method includes:

Obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified, and the terminal second signature message, the second SIM card signature message is the SIM card information of the SIM card to be verified through The first preset hash algorithm is encrypted, the terminal second signature message is obtained by encrypting the terminal information of the terminal to be verified through the second preset hash algorithm, and the terminal second identity private key is obtained according to generating a terminal characteristic code of the terminal to be verified;

Report the terminal digital signature of the terminal to be verified, the second signature message of the terminal, and the second signature message of the SIM card to the SIM card block chain, and the digital signature of the terminal is registered to the terminal through the second identity private key of the terminal. The second signature message is digitally signed to obtain;

The data block identification of all SIM card block chains is matched with the second signature message of the SIM card to determine the SIM card block of the SIM card to be verified;

Verifying the digital signature of the terminal according to the first identity public key of the terminal in the SIM card block of the SIM card to be verified and the second signature message of the terminal, and determining a verification result.

Optionally, after the machine-card binding is completed, the method includes:

Obtain the second signature message of the SIM card of the SIM card to be verified, the second identity private key of the SIM card, and the second signature message of the terminal of the terminal to be verified, and the second signature message of the SIM card is the SIM card of the SIM card to be verified. The card information is encrypted by the first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is the terminal information Encrypted by the second preset hash algorithm;

Report the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card, and the second signature message of the terminal to the terminal block chain, and the digital signature of the SIM card passes the second identity private key pair of the SIM card The second signature message of the SIM card is digitally signed to obtain;

Matching the data block identifiers of all terminal block chains with the second signature message of the terminal to determine the terminal block of the terminal to be verified;

Verify the SIM card digital signature according to the SIM card first identity public key in the terminal block of the terminal to be verified and the SIM card second signature message, and determine the verification result;

Optionally, the method also includes:

According to the verification result, it is judged whether machine-card separation occurs;

When the device-card is separated, restrict network access to the terminal to be verified or the SIM card to be verified.

In a second aspect, the present application provides a blockchain-based machine-card binding device, including:

The first obtaining module is used to obtain the first signature message of the SIM card and the first identity public key of the terminal;

The first generation module is used to generate a new block of the SIM card according to the first signature message of the SIM card and the first identity public key of the terminal, and the new block of the SIM card includes a data block identifier and a data block data, and the SIM card The card's first signature message is the data block identifier, and the terminal's first identity public key is the data block data;

The first inserting module is used for inserting the new block of the SIM card into the block chain of the SIM card.

Optionally, the device also includes:

The second obtaining module is used to obtain the first signature message of the terminal and the first identity public key of the SIM card;

The second generating module is configured to generate a new terminal block according to the first signature message of the terminal and the first identity public key of the SIM card, the new block of the terminal includes a data block identifier and data block data, and the terminal first The signature message is the data block identifier, and the SIM card first identity public key is the data block data;

The second inserting module is used to insert the terminal new block into the terminal block chain;

Optionally, the generating process of the SIM card data may include: according to the SIM card feature code, generating the SIM card first identity private key and the SIM card first identity public key; according to the SIM card information and the first preset hash algorithm, generating A first SIM card signature message, where the SIM card first signature message is obtained by encrypting the SIM card information through the first preset hash algorithm.

Optionally, the generating process of the terminal data may include: generating the terminal first identity private key and the terminal first identity public key according to the terminal characteristic code; generating the terminal first signature message according to the terminal information and the second preset hash algorithm , the terminal first signature message is obtained by encrypting the terminal information through the second preset hash algorithm.

Optionally, after the machine-card binding is completed, the device includes:

The third obtaining module is used to obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified and the terminal second signature message, and the second signature message of the SIM card is the second signature message of the SIM card to be verified The SIM card information of the SIM card is obtained by encrypting the first preset hash algorithm, and the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified by the second preset hash algorithm, and the The terminal second identity private key is generated according to the terminal feature code of the terminal to be verified;

The first reporting module is used to report the terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to the SIM card block chain, and the terminal digital signature is passed through the terminal The second identity private key is obtained by digitally signing the second signature message of the terminal;

The first determining module is used to match the data block identifiers of all SIM card block chains with the second signature message of the SIM card, and determine the SIM card block of the SIM card to be verified;

The first verification module is configured to verify the terminal digital signature according to the terminal first identity public key in the SIM card block of the SIM card to be verified and the terminal second signature message, and determine a verification result.

Optionally, after the machine-card binding is completed, the device includes:

The fourth obtaining module is used to obtain the second signed message of the SIM card of the SIM card to be verified, the second identity private key of the SIM card and the second signed message of the terminal of the terminal to be verified, and the second signed message of the SIM card is the second signed message of the terminal to be verified. The SIM card information for verifying the SIM card is obtained by encrypting the first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the terminal second The signature message is obtained by encrypting the terminal information through the second preset hash algorithm;

The second reporting module is used to report the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card and the second signature message of the terminal to the terminal block chain, and the digital signature of the SIM card is passed through the SIM The private key of the second identity of the card is obtained by digitally signing the second signature message of the SIM card;

The second determination module is used to match the data block identifiers of all terminal block chains with the second signature message of the terminal, and determine the terminal block of the terminal to be verified;

The second verification module is used to verify the digital signature of the SIM card according to the first identity public key of the SIM card in the terminal block of the terminal to be verified and the second signature message of the SIM card, and determine the verification result;

Optionally, the device also includes:

A judging module, configured to judge whether machine-card separation occurs according to the verification result;

A restriction module, configured to restrict network access of the terminal to be verified or the SIM card to be verified when the machine card is separated.

In a third aspect, the present application provides a server, including: a memory, a processor, the memory is used to store computer programs, and the processor is used to realize the first aspect and the second aspect according to the computer program stored in the memory. On the one hand, any possible design of the machine-card binding method based on blockchain.

In a fourth aspect, the present application provides a readable storage medium in which an execution instruction is stored. When at least one processor of the server executes the execution instruction, the server executes any one of the first aspect and the first aspect. The blockchain-based machine-card binding method in the design of .

In the fifth aspect, the present application provides a computer program product. The computer program product includes a computer program. When the computer program is executed by a processor, it realizes the first aspect and the blockchain-based machine in any possible design of the first aspect. Card binding method.

The block chain-based machine-card binding method and server provided by this application determine the corresponding SIM card first signature message and terminal first identity public key according to the binding request after obtaining the binding request sent by the terminal ; Wherein, the first signature message of the SIM card can be generated according to the SIM card information and the first preset hash algorithm; wherein, the first identity public key of the terminal can be generated by the terminal feature code through an asymmetric encryption algorithm; the first signature of the SIM card The message is the data block identification, and the first identity public key of the terminal is used as the data block data to generate a new block of the SIM card; the method of inserting the new block of the SIM card into the block chain of the SIM card realizes the improvement of the binding information of the machine card Security, to avoid the problem of tampering with the card binding information of the machine.

Description of drawings

In order to more clearly illustrate the technical solutions in this application or the prior art, the accompanying drawings that need to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are the present For some embodiments of the application, those of ordinary skill in the art can also obtain other drawings based on these drawings without any creative effort.

FIG. 1 is a schematic diagram of a blockchain-based machine-card binding scenario provided by an embodiment of the present application;

Fig. 2 is a flow chart of a blockchain-based machine-card binding method provided by an embodiment of the present application;

Fig. 3 is a schematic structural diagram of a new block of a SIM card provided by an embodiment of the present application;

FIG. 4 is a schematic structural diagram of a block chain provided by an embodiment of the present application;

Fig. 5 is a flow chart of another blockchain-based machine-card binding method provided by an embodiment of the present application;

FIG. 6 is a schematic structural diagram of a terminal new block provided by an embodiment of the present application;

Fig. 7 is a flow chart of another block chain-based machine-card binding method provided by an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a blockchain-based machine-card binding device provided by an embodiment of the present application;

FIG. 9 is a schematic structural diagram of another blockchain-based machine-card binding device provided by an embodiment of the present application;

FIG. 10 is a schematic structural diagram of a blockchain-based machine-card binding system provided by an embodiment of the present application;

FIG. 11 is a schematic diagram of a hardware structure of a server provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of this application clearer, the technical solutions in this application will be clearly and completely described below in conjunction with the accompanying drawings in this application. Obviously, the described embodiments are part of the embodiments of this application , but not all examples. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

In the use of the terminal and the SIM card, the connection is usually unstable, the terminal can replace the SIM card, and the SIM card can also replace the terminal. Therefore, in some scenarios where the unique binding between the SIM card and the terminal is required, the connection mode between the SIM card and the terminal is not safe. For example, with the advent of the 5G era, private networks for government and enterprise industries are booming, and more and more government and enterprise industry products choose 5G wireless access. Customer Premise Equipment (CPE) is one of the important access devices. CPE is a device that needs to ensure that the SIM card is uniquely bound to the terminal. Since the 5G government-enterprise private network package is cheaper than the traditional package, it is easy for the user to pull out the SIM card in the CPE and continue to use it in the mobile phone. At the same time, since the 5G government-enterprise private network signs a long-term contract, CPE can usually be used for free, but during the use period, users may change SIM cards of other operators midway. Therefore, in order to ensure the unique binding between the CPE and its SIM, it is necessary to use a machine-card binding method to ensure that the CPE uses its bound SIM card, or that the SIM card is used in its bound CPE.

At present, the commonly used machine-card binding method is usually realized by sending active commands from the SIM card to the terminal. After receiving the proactive command sent by the SIM card, the terminal sends binding information to the SIM card, thereby realizing the binding of the SIM card and the terminal. However, this machine-card binding method needs to send active commands through the SIM card. To realize that the SIM card sends active commands, it is necessary to design a machine-card binding device of the mobile terminal on the SIM card chip. The setting of the machine card binding device has the problem of high requirements for the production and development of the SIM card system. Secondly, the machine-card binding method based on active commands usually needs to design a special machine-card interaction protocol signaling process to ensure the correct interaction and binding of the machine-card. The setting of the signaling process of the machine-card interaction protocol easily leads to additional signaling overhead. Again, the binding direction in this phone-card binding method is one-way, and the terminal can only be bound to the SIM card. That is, the SIM card can only be used in the terminal after binding, but when the terminal replaces the SIM card, the terminal can use a new SIM card.

In view of the above problems, this application proposes a block chain-based machine-card binding method. In consideration of binding security and stability, this application uses blockchain as the storage method of machine-card binding information. This application uses blockchain-based public key storage to make the public key non-tamperable, improve the security of the public key, and improve the legitimacy of verification at the same time. In order to ensure the unique binding between the terminal and the SIM card and avoid the situation that the SIM card is bound to the terminal but the terminal is not bound to the SIM card, this application proposes a two-way binding method of the machine card. In this application, the server uses the first signature message of the SIM card as the data block identifier, and the terminal's first identity public key generates a new block of the SIM card for the data block data, and inserts it into the SIM card block chain. The server also uses the terminal's first signature message as the data block identifier, and the SIM card's first identity public key generates a new terminal block for the data block data, and inserts it into the terminal block chain. Furthermore, when starting up later, the terminal and the SIM card can realize two-way verification through the SIM card blockchain or the terminal blockchain. Moreover, since in this application, the registration and verification processes are all implemented on the server, the requirements for the SIM card system are not high, and no additional machine-card signaling interaction process is required.

In addition, the block chain-based machine-card binding method used in this application can not only be used for machine-card binding and its verification, but also can be used for machine-card separation detection.

The technical solution of the present application will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments.

Fig. 1 shows a schematic diagram of a blockchain-based machine-card binding scenario provided by an embodiment of the present application. As shown in FIG. 1 , the machine-card binding scenario includes a terminal and a server in which a SIM card is inserted. When a new SIM card is inserted into the terminal, or after the SIM card is inserted into a new terminal, the terminal starts up and sends a binding request to the server. According to the binding request between the terminal and the SIM card, the server generates the terminal first identity private key, the terminal first identity public key and the terminal first signature message, as well as the SIM card first identity private key, the SIM card first identity public key and the SIM Card first signature message. The server generates the SIM card block and the terminal block according to the above information. The server uploads the SIM card block and the terminal block to the SIM card block chain and the terminal block chain respectively. When the terminal is turned on again, the terminal sends a verification request to the server. According to the verification request of the terminal and the SIM card, the server generates the terminal second identity private key, the terminal second signature message and the terminal digital signature, and the SIM card second identity private key, the SIM card second signature message and the SIM card digital signature. The server matches the SIM card block from the SIM card blockchain according to the second signature message of the SIM card. After the SIM card block is matched, the server verifies the digital signature of the terminal according to the terminal's first identity public key and the terminal's second signature message. If the digital signature is verified, it means that the terminal where the SIM card is currently inserted is the original terminal. Alternatively, the server matches the terminal block from the terminal block chain according to the second signature message of the terminal. When the terminal block is matched, the server verifies the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card. If the digital signature is verified, it indicates that the SIM card used by the terminal is the original SIM card.

In this application, the server is used as the execution subject to execute the sentence pattern editing method in the following embodiments. Specifically, the execution subject may be a hardware device of a server, or a software application implementing the following embodiments in the server, or a computer-readable storage medium installed with a software application implementing the following embodiments.

Fig. 2 shows a flow chart of a blockchain-based machine-card binding method provided by an embodiment of the present application. On the basis of the embodiment shown in Figure 1, as shown in Figure 2, with the server as the execution subject, the method of this embodiment may include the following steps:

S101. Obtain the first signature message of the SIM card and the first identity public key of the terminal.

In this embodiment, after obtaining the binding request sent by the terminal, the server determines the corresponding first signature message of the SIM card and the first identity public key of the terminal according to the binding request.

Wherein, the binding request may be sent by the terminal to the server when the terminal is turned on for the first time or when the SIM card applies for network access for the first time.

Wherein, the first signature message of the SIM card and the first identity public key of the terminal may be acquired by the server from the binding request.

Alternatively, the first signature message of the SIM card and the first identity public key of the terminal may also be obtained by the server from memory. When the first signature message of the SIM card and the first terminal identity public key are obtained by the server from the memory, the server may determine the SIM card feature code and the terminal feature code according to the binding request. According to the SIM card feature code and the terminal feature code, the server obtains the pre-stored first signature message of the SIM card and the first terminal identity public key from the storage device of the server. Wherein, the SIM card feature code and the terminal feature code are used to uniquely identify the SIM card and the terminal. Wherein, the characteristic code of the SIM card includes but not limited to IMSI, MSISDN, ICCID, serial number SN and so on. Wherein, the terminal characteristic encoding includes but not limited to IMEI, MEID, ESN and so on.

Alternatively, the first signature message of the SIM card and the first terminal identity public key may also be generated by the server according to the SIM card feature code and SIM card information as well as the terminal feature code and terminal information. Wherein, the SIM card feature code and SIM card information as well as the terminal feature code and terminal information can be acquired by the server according to the binding request. Or the server acquires it from the storage device after determining the SIM card feature code and the terminal feature code according to the binding request. Wherein, the server generates the SIM card first signature message and the terminal first identity public key according to the SIM card feature code and SIM card information and the terminal feature code and terminal information, which can be implemented through the following example.

In an example, the generation process of the SIM card parameters may include:

Step 1. After obtaining the SIM card feature code, the server can generate the SIM card first identity private key and the SIM card first identity public key according to the SIM card feature code.

In this step, the server can generate the private key of the first identity of the SIM card according to the feature code of the SIM card based on the asymmetric encryption algorithm. Furthermore, based on the asymmetric encryption algorithm, the server generates the first public key of the SIM card identity according to the private key of the first identity of the SIM card. Wherein, the asymmetric encryption algorithm may include existing algorithms such as RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), and the asymmetric encryption algorithm may also be an improved algorithm.

Step 2. After obtaining the SIM card information, the server can generate the first signature message of the SIM card according to the SIM card information and the first preset hash algorithm. The first signature message of the SIM card is that the SIM card information passes the first preset hash algorithm. Algorithm encrypted.

In this step, the SIM card information includes but not limited to IMSI, MSISDN, ICCID, serial number SN and so on. The first preset hash algorithm may be an existing algorithm such as MD5, HMAC, SHA1, SHA256, etc., and the Hash algorithm may also be an improved algorithm.

In another example, the step of generating the terminal parameters may include:

Step 1. After obtaining the terminal characteristic code, the server can generate a terminal first identity private key and a terminal first identity public key according to the terminal characteristic code.

In this step, the server may generate the terminal first identity private key based on the asymmetric encryption algorithm and the terminal characteristic code. Furthermore, based on the asymmetric encryption algorithm, the server generates the terminal first identity public key according to the terminal first identity private key. Wherein, the asymmetric encryption algorithm may include existing algorithms such as RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), and the asymmetric encryption algorithm may also be an improved algorithm.

Step 2: Generate a first terminal signature message according to the terminal information and the second preset hash algorithm, where the terminal first signature message is obtained by encrypting the terminal information through the second preset hash algorithm.

In this step, the terminal information includes but not limited to IMEI, MEID, ESN and so on. The second preset hash algorithm may be existing algorithms such as MD5, HMAC, SHA1, SHA256, etc., and the Hash algorithm may also be an improved algorithm. Wherein, the second preset hash algorithm and the first preset hash algorithm may be the same hash algorithm, or the second preset hash algorithm and the first preset hash algorithm may be different hash algorithms, This application is not limited to this.

S102. Generate a new block of the SIM card according to the first signature message of the SIM card and the first identity public key of the terminal. The new block of the SIM card includes the data block identifier and the data block data. The first signature message of the SIM card is the data block identifier, and the terminal first The identity public key is data block data.

In this embodiment, the server generates a new block of the SIM card, and the new block of the SIM card may be as shown in FIG. 3 . The new block of the SIM card includes the data block identifier and the data block data. Wherein, the content of the data block identification is the first signature message of the SIM card. Wherein, the data content of the data block is the terminal first identity public key.

S103. Insert the SIM card block into the SIM card block chain.

In this embodiment, the SIM card block chain can be shown in FIG. 4 , and each block includes five parts: index, time stamp, data block, hash value and previous block hash value. Wherein, the index is used to uniquely identify the blocks in the SIM card blockchain. Wherein, the timestamp is the time when the block is inserted into the blockchain. Wherein, the content stored in the data block is the content of the SIM card block in S102, that is, the content of the data block with the first signature message of the SIM card as the data block identifier and the terminal first identity public key as the data block data. Wherein, the hash value of the previous block is the hash value of the previous block of the block in the SIM card blockchain, and the hash value of the previous block of the first block is 0.

When a new block of the SIM card is inserted into the block chain of the SIM card, the new block of the SIM card is inserted into the end of the block chain of the SIM card using the tail insertion method. The server determines the time stamp of the new block of the SIM card as the insertion time of the new block of the SIM card. The server determines the index of the new block of the SIM card according to the index of the SIM card blockchain. The server determines the hash value of the previous block according to the previous block of the new block of the SIM card in the SIM card blockchain.

Wherein, the SIM card blockchain can be stored on the server, or the SIM card blockchain can also be stored in the blockchain server. When the SIM card blockchain is stored in the blockchain server, the operation of the blockchain is realized through the blockchain system.

In the blockchain-based machine-card binding method provided by this application, after obtaining the binding request sent by the terminal, the server determines the corresponding first signature message of the SIM card and the first identity public key of the terminal according to the binding request. Wherein, the first signature message of the SIM card may be generated according to the information of the SIM card and the first preset hash algorithm. Wherein, the terminal first identity public key may be generated from the terminal feature code through an asymmetric encryption algorithm. The server uses the first signature message of the SIM card as the data block identifier, and uses the terminal's first identity public key as the data block data to generate a new block of the SIM card. The server inserts the new block of the SIM card into the SIM card blockchain. In this application, by generating the SIM card block, the binding of the SIM card and the terminal is realized, and by inserting the SIM card block into the SIM card block chain, the security of the card binding information of the machine is improved, and the terminal is prevented from The card binding information has been tampered with.

Fig. 5 shows a flow chart of another blockchain-based machine-card binding method provided by an embodiment of the present application. On the basis of the embodiments shown in FIG. 1 to FIG. 4 , in this embodiment, not only the SIM card can be bound to the terminal, but also the terminal can be bound to the SIM card, so as to achieve the effect of two-way binding. As shown in Figure 5, with the server as the execution subject, the method of this embodiment may include the following steps:

S201. Obtain a first signature message of a terminal and a first identity public key of a SIM card.

In this embodiment, after obtaining the binding request sent by the terminal, the server determines the corresponding first signature message of the SIM card and the first identity public key of the terminal according to the binding request.

Wherein, the binding request may be sent by the terminal to the server when the terminal is turned on for the first time or when the SIM card applies for network access for the first time.

Wherein, the first signature message of the terminal and the first identity public key of the SIM card may be acquired by the server from the binding request.

Alternatively, the first signed message of the terminal and the first identity public key of the SIM card may also be acquired by the server from memory.

Alternatively, the first signature message of the terminal and the first identity public key of the SIM card may also be generated by the server according to the SIM card feature code and SIM card information as well as the terminal feature code and terminal information. Wherein, the generation process of the first signature message of the terminal and the first identity public key of the SIM card is similar to that of step S101 in the embodiment of FIG. 2 , and will not be repeated here in this embodiment.

S202. Generate a new block for the terminal according to the first signature message of the terminal and the first identity public key of the SIM card. The new block of the terminal includes a data block identifier and data block data. The first signature message of the terminal is the data block identifier, and the first identity public key of the SIM card The key is the block data.

In this embodiment, the server generates a new terminal block, and the new terminal block may be as shown in FIG. 6 . The terminal new block includes a data block identifier and data block data. Wherein, the content of the data block identification is the terminal's first signature message. Wherein, the data content of the data block is the first identity public key of the SIM card.

S203. Insert the terminal new block into the terminal blockchain.

The terminal blockchain can be shown in Figure 4. When a terminal new block is inserted into the terminal blockchain, the terminal new block is inserted at the end of the terminal blockchain using the tail insertion method. The server determines the time stamp of the new block of the terminal as the insertion time of the new block of the terminal. The server determines the index of the new block of the terminal according to the index of the terminal blockchain. The server determines the hash value of the previous block according to the previous block of the new block of the terminal in the terminal blockchain.

In the blockchain-based machine-card binding method provided by this application, after the server obtains the binding request sent by the terminal, it determines the corresponding first signature message of the terminal and the first identity public key of the SIM card according to the binding request. Wherein, the terminal first signature message may be generated according to terminal information and a second preset hash algorithm. Wherein, the first identity public key of the SIM card can be generated from the feature code of the SIM card through an asymmetric encryption algorithm. The server uses the terminal's first signature message as the data block identifier and the SIM card's first identity public key as the data block data to generate a new terminal block. The server inserts the terminal new block into the terminal blockchain. In this application, the SIM card block is generated to realize the binding of the SIM card and the terminal, and by inserting the SIM card block into the SIM card block chain, the security of the machine card binding information is improved, and the machine card is avoided. The binding information has been tampered with. At the same time, this application also realizes two-way binding through the SIM card blockchain and the terminal blockchain, which can better ensure the unique binding effect between the SIM card and the terminal.

For example, in the use of 5G CPE, since the 5G government-enterprise private network package is cheaper than the traditional package, in actual use, it is easy for the user to pull out the SIM card in the CPE and continue to use it in the mobile phone. In order to avoid this situation, the present application realizes the binding of the SIM card and the terminal through the embodiment shown in FIG. 2 . In subsequent use, the server can determine whether the SIM card has been embezzled by querying the terminal bound to the SIM card and comparing whether the current terminal is consistent with the bound terminal. At the same time, since the CPE is free to use after signing a long-term contract for the 5G government-enterprise private network, it is easy for users to replace the SIM card in the CPE with a SIM card of another operator in actual use. In order to avoid this situation, the present application realizes the binding of the terminal and the SIM card through the embodiment shown in FIG. 5 . In subsequent use, the server may determine whether the SIM card has been replaced by querying the SIM card bound to the terminal and comparing whether the current SIM card is consistent with the bound SIM card.

Fig. 7 shows a flow chart of another block chain-based machine-card binding method provided by an embodiment of the present application. On the basis of the embodiments shown in Figures 1 to 6, in addition to machine-card binding, this embodiment can also implement machine-card verification, so as to determine whether the SIM card is the initial bound SIM card of the terminal, or whether the terminal is The initial binding terminal of the SIM card. As shown in Figure 7, with the server as the execution subject, the method of this embodiment may include the following steps:

S301. Obtain the first signature message of the SIM card and the first identity public key of the terminal.

S302. Generate a new block of the SIM card according to the first signature message of the SIM card and the first identity public key of the terminal. The new block of the SIM card includes the data block identifier and the data block data. The first signature message of the SIM card is the data block identifier, and the terminal first The identity public key is data block data.

S303. Insert the new block of the SIM card into the block chain of the SIM card.

Wherein, steps S301 to S303 are implemented in a manner similar to that of steps S101 to S103 in the embodiment of FIG. 2 , which will not be repeated here in this embodiment.

S304. Obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified, and the terminal second signature message. The SIM card second signature message is the SIM card information of the SIM card to be verified through the first The second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through the second preset hash algorithm, and the second identity private key of the terminal is generated according to the terminal characteristic code of the terminal to be verified.

In this embodiment, after obtaining the verification request sent by the terminal to be verified, the server determines the corresponding SIM card second signature message, terminal second identity private key, and terminal second signature message according to the verification request.

Wherein, the verification request may be sent by the terminal to be verified to the server when the terminal is turned on again or when applying for network access again.

Wherein, the second signature message of the SIM card of the terminal to be verified, the second identity private key of the terminal, and the second signature message of the terminal may be acquired by the server from the verification request.

Alternatively, the second signature message of the SIM card, the second identity private key of the terminal, and the second signature message of the terminal may also be obtained by the server from memory. At this time, the verification request includes the SIM card feature code of the SIM card to be verified and the terminal feature code of the terminal to be verified. The server obtains directly from the memory of the server according to the SIM card feature code and the terminal feature code.

Or, the second SIM card signature message, the terminal second identity private key, and the terminal second signature message can also be the server's SIM card feature code and SIM card information of the SIM card to be verified and the terminal feature code and terminal feature code of the terminal to be verified. Information generation. Wherein, the generation process is similar to the implementation of step S101 in the embodiment of FIG. 2 , and will not be repeated here in this embodiment.

S305. Report the terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to the SIM card blockchain, and the terminal digital signature is obtained by digitally signing the terminal second signature message with the terminal second identity private key .

In this embodiment, after obtaining the terminal's second identity private key and the terminal's second signature message, the server uses the terminal's second identity private key to digitally sign the terminal's second signature message to obtain the terminal's digital signature. The server reports the terminal digital signature, the terminal second signature message and the SIM card second signature message to the SIM card block chain together.

S306. Match the data block identifiers of all SIM card block chains with the second signature message of the SIM card, and determine the SIM card block of the SIM card to be verified.

In this embodiment, the blockchain matches the corresponding SIM card block of the SIM card to be verified in the SIM card blockchain according to the second signature message of the SIM card reported by the server. Specifically, the server obtains the data block identifier of each SIM card block in the SIM card blockchain. By matching the data block identifier and the second SIM card signature message, the server determines the SIM card block in the SIM card blockchain that is identical to the data block identifier and the SIM card second signature message. The server determines that the SIM card block is the SIM card block of the SIM card to be verified.

S307. Verify the terminal digital signature according to the terminal's first identity public key in the SIM card block of the SIM card to be verified and the terminal's second signature message, and determine a verification result.

In this embodiment, after determining the SIM card block of the SIM card to be verified, the server obtains the data block data of the SIM card block. The data block data is the terminal first identity public key of the original matching terminal of the SIM card to be verified. The server verifies the digital signature of the terminal according to the terminal's first identity public key of the originally matched terminal and the terminal's second signature message. If the verification is successful, it means that the terminal to be verified is the same terminal as the original matching terminal. If the verification fails, it means that the terminal to be verified is different from the original matching terminal.

S308. Obtain the first signature message of the terminal and the first identity public key of the SIM card.

S309. Generate a new block for the terminal according to the first signature message of the terminal and the first identity public key of the SIM card. The new block of the terminal includes the data block identifier and the data block data. The first signature message of the terminal is the data block identifier, and the first identity public key of the SIM card The key is the block data.

S310. Insert the terminal new block into the terminal blockchain.

Wherein, steps S308 to S310 are implemented in a manner similar to steps S201 to S203 in the embodiment of FIG. 5 , and details are not repeated here in this embodiment.

S311. Obtain the second signature message of the SIM card of the SIM card to be verified, the second identity private key of the SIM card, and the second signature message of the terminal of the terminal to be verified. The second signature message of the SIM card is the SIM card information of the SIM card to be verified through the second It is encrypted by a preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is terminal information encrypted by the second preset hash algorithm.

In this embodiment, after obtaining the verification request sent by the terminal to be verified, the server determines the corresponding SIM card second signature message, SIM card second identity private key, and terminal second signature message according to the verification request.

Wherein, the verification request may be sent by the terminal to be verified to the server when the terminal is turned on again or when applying for network access again.

Wherein, the second signature message of the SIM card of the terminal to be verified, the second identity private key of the SIM card, and the second signature message of the terminal may be acquired by the server from the verification request.

Alternatively, the second signature message of the SIM card, the second identity private key of the SIM card, and the second signature message of the terminal may also be acquired by the server from memory. At this time, the verification request includes the SIM card feature code of the SIM card to be verified and the terminal feature code of the terminal to be verified. The server obtains directly from the memory of the server according to the SIM card feature code and the terminal feature code.

Or, the second signature message of the SIM card, the second identity private key of the SIM card, and the second signature message of the terminal can also be used by the server according to the SIM card feature code and SIM card information of the SIM card to be verified and the terminal feature code and the terminal feature code of the terminal to be verified. Generate terminal information. Wherein, the generation process is similar to the implementation of step S101 in the embodiment of FIG. 2 , and will not be repeated here in this embodiment.

S312. Report the SIM card digital signature of the SIM card to be verified, the second SIM card signature message and the terminal second signature message to the terminal block chain, and the SIM card digital signature uses the SIM card second identity private key to the SIM card second signature message Get digitally signed.

In this embodiment, after obtaining the private key of the second identity of the SIM card and the second signature message of the SIM card, the server uses the private key of the second identity of the SIM card to digitally sign the second signature message of the SIM card to obtain the digital signature of the SIM card. The server reports the digital signature of the SIM card, the second signature message of the SIM card and the second signature message of the terminal to the terminal block chain together.

S313. Match the data block identifiers of all terminal block chains with the second signature message of the terminal to determine the terminal block of the terminal to be verified.

In this embodiment, the block chain matches the corresponding terminal block of the terminal to be verified in the terminal block chain according to the second signature message of the terminal reported by the server. Specifically, the server obtains the data block identifier of each terminal block in the terminal blockchain. By matching the data block identifier and the terminal second signature message, the server determines the terminal block in the terminal block chain that is identical to the data block identifier and the terminal second signature message. The server determines that the terminal block is the terminal block of the terminal to be verified.

S314. Verify the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card in the terminal block of the terminal to be verified, and determine the verification result.

In this embodiment, after determining the terminal block of the terminal to be verified, the server obtains the data block data of the terminal block. The data block data is the first identity public key of the SIM card that originally matches the SIM card of the terminal to be verified. The server verifies the digital signature of the SIM card according to the first public key of the SIM card identity and the second signature message of the SIM card originally matched with the SIM card. If the verification is successful, it means that the SIM card to be verified and the original matching SIM card are the same SIM card. If the verification fails, it means that the SIM card to be verified is different from the original matched SIM card.

S315. According to the verification result, it is judged whether the machine-card separation occurs.

In this embodiment, the server acquires the verification result determined in S307 or S308. The server determines whether the SIM card to be verified and the terminal to be verified are the original matching SIM card and terminal according to the verification result. If the SIM card to be verified and the terminal to be verified are the original matching SIM card and terminal, there is no machine-card separation. If the SIM card to be verified and the terminal to be verified are not consistent with the original matching SIM card and terminal, the device-card separation occurs.

S316. When the device card is separated, restrict network access of the terminal to be verified or the SIM card to be verified.

In this embodiment, when the device-card separation occurs, the server restricts the terminal to be verified or the SIM card to be verified from accessing the network, so as to ensure the validity of the device-card binding.

In the block chain-based machine-card binding method provided by this application, the server realizes the two-way binding between the SIM card and the terminal by saving the binding information of the SIM card and the terminal to the SIM card block chain and the terminal block chain respectively. At the same time, the server determines whether the machine-card separation occurs by verifying whether the bound terminal of the SIM to be verified is consistent with the terminal to be verified, and whether the bound SIM card of the terminal to be verified is consistent with the SIM card to be verified. When the server determines that the device-card separation occurs, the server restricts the terminal to be verified or the SIM card to be verified from accessing the network. In this application, through two-way verification of the terminal to be verified or the SIM card to be verified, the uniqueness of the binding between the SIM card and the terminal is ensured, the reliability of the binding is improved, and in the scenario where the unique binding between the SIM card and the terminal is required , realizing the effectiveness of machine-card binding.

On the basis of the above embodiments, it should be noted that the machine-card binding method based on the digital signature mechanism used in this application is not limited to generating SIM card blocks and terminal blocks, and storing them in the corresponding block chain . The machine-card binding method can also generate a SIM card data table and a terminal data table, and store the data table in a corresponding large data table or in a corresponding database.

Fig. 8 shows a schematic structural diagram of a blockchain-based machine-card binding device provided by an embodiment of the present application. As shown in Fig. 8, the blockchain-based machine-card binding device 10 of this embodiment uses In order to realize the operation corresponding to the server in any of the above method embodiments, the blockchain-based machine-card binding device 400 of this embodiment also includes:

The first acquiring module 401 is configured to acquire the first signature message of the SIM card and the first identity public key of the terminal.

The first generation module 402 is used to generate a new block of the SIM card according to the first signature message of the SIM card and the first identity public key of the terminal, the new block of the SIM card includes a data block identifier and data block data, and the first signature message of the SIM card is data The block identifier, the terminal first identity public key is the data block data.

The first insertion module 403 is configured to insert the new block of the SIM card into the block chain of the SIM card.

In an example, the generating process of the SIM card data may include: generating the private key of the first identity of the SIM card and the public key of the first identity of the SIM card according to the characteristic code of the SIM card. According to the SIM card information and the first preset hash algorithm, a first signature message of the SIM card is generated, and the first signature message of the SIM card is obtained by encrypting the SIM card information through the first preset hash algorithm.

In another example, the generating process of the terminal data may include: generating the terminal first identity private key and the terminal first identity public key according to the terminal characteristic code. According to the terminal information and the second preset hash algorithm, a first terminal signature message is generated, and the terminal first signature message is obtained by encrypting the terminal information through the second preset hash algorithm.

The block chain-based machine-card binding device 10 provided in the embodiment of the present application can execute the above-mentioned method embodiment. For its specific implementation principles and technical effects, please refer to the above-mentioned method embodiment, and this embodiment will not repeat it here.

Fig. 9 shows a schematic structural diagram of another blockchain-based machine-card binding device provided by an embodiment of the present application. As shown in Fig. 9, the blockchain-based machine-card binding device 10 of this embodiment To implement the operation corresponding to the server in any of the above method embodiments, the blockchain-based machine-card binding device 10 of this embodiment also includes:

The second acquiring module 404 is configured to acquire the first signed message of the terminal and the first identity public key of the SIM card.

The second generation module 405 is used to generate a new terminal block according to the first signature message of the terminal and the first identity public key of the SIM card, the new block of the terminal includes a data block identifier and data block data, and the first signature message of the terminal is a data block identifier, The first identity public key of the SIM card is data block data.

The second insertion module 406 is used for inserting the terminal new block into the terminal block chain.

The third obtaining module 407 is used to obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified and the terminal second signature message, the second signature message of the SIM card is the SIM card to be verified The SIM card information is obtained by encrypting the first preset hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified by the second preset hash algorithm, and the second identity private key of the terminal is obtained according to the terminal characteristics of the terminal to be verified code generation.

The first reporting module 408 is used to report the terminal digital signature of the terminal to be verified, the terminal second signature message, and the SIM card second signature message to the SIM card block chain, and the terminal digital signature is used for the terminal second identity through the terminal second identity private key. The signed message is digitally signed.

The first determining module 409 is configured to match the data block identifiers of all SIM card block chains with the second signature message of the SIM card, and determine the SIM card block of the SIM card to be verified.

The first verification module 410 is configured to verify the digital signature of the terminal according to the terminal's first identity public key in the SIM card block of the SIM card to be verified and the terminal's second signature message, and determine the verification result.

The fourth obtaining module 411 is used to obtain the second signature message of the SIM card of the SIM card to be verified, the second identity private key of the SIM card and the second signature message of the terminal of the terminal to be verified, and the second signature message of the SIM card is the SIM card to be verified The SIM card information is encrypted by the first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information by the second preset hash algorithm .

The second reporting module 412 is used to report the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card and the second signature message of the terminal to the terminal block chain, and the digital signature of the SIM card passes through the second identity private key pair of the SIM card The second signature message of the SIM card is obtained by performing a digital signature.

The second determining module 413 is configured to match the data block identifiers of all terminal block chains with the second signature message of the terminal, and determine the terminal block of the terminal to be verified.

The second verification module 414 is configured to verify the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card in the terminal block of the terminal to be verified, and determine the verification result.

The judging module 415 is configured to judge whether the machine-card separation occurs according to the verification result.

The restriction module 416 is configured to restrict network access of the terminal to be verified or the SIM card to be verified when the device card is separated.

The block chain-based machine-card binding device 10 provided in the embodiment of the present application can execute the above-mentioned method embodiment. For its specific implementation principles and technical effects, please refer to the above-mentioned method embodiment, and this embodiment will not repeat it here.

Fig. 10 shows a schematic structural diagram of a blockchain-based machine-card binding system provided by an embodiment of the present application. As shown in FIG. 10 , the blockchain-based machine-card binding system 20 is used to implement the above-mentioned blockchain-based machine-card binding method, and the blockchain-based machine-card binding system 20 of this embodiment can It includes: a registration unit 21 , a verification unit 22 and an execution unit 23 .

The registration unit 21 is configured to generate a SIM card block or a terminal block when the terminal is turned on for the first time or the SIM card is bound for the first time. Wherein, the SIM card block uses the first signature message of the SIM card as the data block identifier, and uses the terminal first identity public key as the data block data. Wherein, the terminal block uses the terminal's first signature message as the data block identifier, and the SIM card's first identity public key is the data block data. The server inserts the SIM block into the SIM blockchain and the terminal block into the terminal blockchain.

The verification unit 22 is configured to send the terminal to be verified and whether the SIM card to be verified inserted into the terminal to be verified matches to the server when the terminal is powered on again or requests network access again. According to the second signature message of the SIM card, the server retrieves the same block of the data block identification and the second signature message of the SIM card in the SIM card block chain, and determines that the SIM card block is the SIM card block corresponding to the SIM card to be verified . The server acquires the terminal's first identity public key in the SIM card block, and verifies the terminal's digital signature in combination with the reported terminal's second signature message. The server can also retrieve the block whose data block identifier is the same as the terminal's second signature message in the terminal block chain according to the interrupted second signature message, and determine that the terminal block is the terminal block of the terminal to be verified. The server acquires the first identity public key of the SIM card in the terminal block, and verifies the digital signature of the SIM card in combination with the reported second signature message of the SIM card. The verification unit sends the verification result to the execution unit.

Executing unit 23, when the terminal to be verified is separated from the SIM card to be verified, the server performs a network access restriction operation on the terminal to be verified or the SIM card to be verified.

Units can be integrated together or separated in different devices. For example, the registration unit 21, the verification unit 22 and the execution unit 23 are all functional units in the server. Alternatively, the registration unit 21 and the verification unit 22 are integrated in the server, and the execution unit 23 is a unit in a network device, such as a router.

The block chain-based machine-card binding device 10 provided in the embodiment of the present application can execute the above-mentioned method embodiment. For its specific implementation principles and technical effects, please refer to the above-mentioned method embodiment, and this embodiment will not repeat it here.

FIG. 11 shows a schematic diagram of a hardware structure of a server provided by an embodiment of the present application. As shown in FIG. 11 , the server 30 is configured to implement operations corresponding to the server in any of the above method embodiments, and the server 30 in this embodiment may include: a memory 31 and a processor 32 .

The memory 31 is used for storing computer programs. The memory 31 may include a high-speed random access memory (Random Access Memory, RAM), and may also include a non-volatile storage (Non-Volatile Memory, NVM), such as at least one disk storage, and may also be a U disk or a mobile hard disk. , read-only memory, disk or CD-ROM, etc.

The processor 32 is used to implement the block chain-based machine-card binding method in the above-mentioned embodiment according to the computer program stored in the memory. For details, refer to the related descriptions in the foregoing method embodiments.

Optionally, the memory 31 can be independent or integrated with the processor 32 .

When the memory 31 is a device independent of the processor 32, the server 30 may also include:

The bus 33 is used to connect the memory 31 and the processor 32 . Wherein, the bus 33 may be an Industry Standard Architecture (Industry Standard Architecture, ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, the buses in the drawings of the present application are not limited to only one bus or one type of bus.

Optionally, the server 30 may also include a communication interface 34 . The communication interface 34 can be connected with the processor 32 through the bus 33 . The processor 32 can control the communication interface 34 to implement information interaction between the server 30 and the terminal.

The server provided in this embodiment can be used to execute the above-mentioned block chain-based machine-card binding method, and its implementation method and technical effect are similar, so this embodiment will not repeat them here.

The present application also provides a computer-readable storage medium. A computer program is stored in the computer-readable storage medium. When the computer program is executed by a processor, the computer program is used to implement the methods provided by the above-mentioned various implementations.

The present application also provides a program product, the program product includes execution instructions, and the execution instructions are stored in a computer-readable storage medium. At least one processor of the device may read the execution instruction from the computer-readable storage medium, and the at least one processor executes the execution instruction so that the device implements the methods provided in the foregoing various implementations.

In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of modules is only a logical function division. In actual implementation, there may be other division methods. For example, multiple modules can be combined or integrated into another A system, or some feature, can be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or modules may be in electrical, mechanical or other forms.

A module described as a separate component may or may not be physically separated, and a component shown as a module may or may not be a physical unit, that is, it may be located in one place, or may also be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional module in each embodiment of the present application may be integrated into one processing unit, each module may exist separately physically, or two or more modules may be integrated into one unit. The units formed by the above modules can be implemented in the form of hardware, or in the form of hardware plus software functional units.

The above-mentioned integrated modules implemented in the form of software function modules can be stored in a computer-readable storage medium. The above-mentioned software function modules are stored in a storage medium, and include several instructions to enable a computer device (which may be a personal computer, server, or network device, etc.) or a processor to execute some steps of the methods in various embodiments of the present application.

Those of ordinary skill in the art can understand that all or part of the steps for implementing the above method embodiments can be completed by program instructions and related hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the steps including the above-mentioned method embodiments are executed. The aforementioned storage medium includes various media capable of storing program codes such as ROM, RAM, magnetic disk or optical disk.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present application, rather than to limit it. Although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: they can still modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features . However, these modifications or replacements do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (9)

1. A block chain-based machine-card binding method, characterized in that, the method includes: Obtain the first signature message of the SIM card and the first identity public key of the terminal; According to the first signature message of the SIM card and the first identity public key of the terminal, a new block of the SIM card is generated, the new block of the SIM card includes a data block identifier and data block data, and the first signature message of the SIM card is the The data block identifier, the terminal first identity public key is the data block data; Insert the new block of the SIM card into the SIM card block chain; After the machine-card binding is completed, the method further includes: Obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified, and the terminal second signature message, the second SIM card signature message is the SIM card information of the SIM card to be verified through The second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through the second preset hash algorithm, and the second identity private key of the terminal is obtained according to the Terminal characteristic code generation of the terminal; Report the terminal digital signature of the terminal to be verified, the second signature message of the terminal and the second signature message of the SIM card to the SIM card block chain, and the digital signature of the terminal is paired with the second identity private key of the terminal. The second signature message of the terminal is digitally signed to obtain; The data block identification of all SIM card block chains is matched with the second signature message of the SIM card to determine the SIM card block of the SIM card to be verified; Verifying the digital signature of the terminal according to the first identity public key of the terminal in the SIM card block of the SIM card to be verified and the second signature message of the terminal, and determining a verification result. 2. The method according to claim 1, characterized in that, the method further comprises: Obtain the first signature message of the terminal and the first identity public key of the SIM card; According to the first signature message of the terminal and the first identity public key of the SIM card, a new block of the terminal is generated, the new block of the terminal includes a data block identifier and data block data, and the first signature message of the terminal is the data block Identification, the first identity public key of the SIM card is the data block data; Inserting said terminal new block into the terminal blockchain. 3. The method according to claim 1 or 2, characterized in that, the method comprises: Generate the private key of the first identity of the SIM card and the public key of the first identity of the SIM card according to the characteristic code of the SIM card; According to the SIM card information and the first preset hash algorithm, generate a first SIM card signature message, where the SIM card first signature message is obtained by encrypting the SIM card information through the first preset hash algorithm. 4. The method according to claim 1 or 2, characterized in that, the method comprises: Generate terminal first identity private key and terminal first identity public key according to terminal characteristic code; According to the terminal information and the second preset hash algorithm, a first terminal signature message is generated, where the terminal first signature message is obtained by encrypting the terminal information through the second preset hash algorithm. 5. The method according to claim 2, characterized in that, after the machine-card binding is completed, the method comprises: Obtain the second signature message of the SIM card of the SIM card to be verified, the second identity private key of the SIM card and the second signature message of the terminal of the terminal to be verified, and the second signature message of the SIM card is the SIM card information of the SIM card to be verified Encrypted by the first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is terminal information through the second preset hash algorithm Encrypted to get; Report the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card, and the second signature message of the terminal to the terminal block chain, and the digital signature of the SIM card passes the second identity private key pair of the SIM card The second signature message of the SIM card is digitally signed to obtain; Matching the data block identifiers of all terminal block chains with the second signature message of the terminal to determine the terminal block of the terminal to be verified; Verifying the digital signature of the SIM card according to the first identity public key of the SIM card in the terminal block of the terminal to be verified and the second signature message of the SIM card, and determining a verification result. 6. The method according to claim 1 or 5, wherein the method further comprises: According to the verification result, it is judged whether machine-card separation occurs; When the device-card is separated, restrict network access to the terminal to be verified or the SIM card to be verified. 7. A blockchain-based machine-card binding device, characterized in that the device includes: The first obtaining module is used to obtain the first signature message of the SIM card and the first identity public key of the terminal; The first generation module is used to generate a new block of the SIM card according to the first signature message of the SIM card and the first identity public key of the terminal, and the new block of the SIM card includes a data block identifier and a data block data, and the SIM card The card's first signature message is the data block identifier, and the terminal's first identity public key is the data block data; The first insertion module is used to insert the new block of the SIM card into the SIM card block chain; The second obtaining module is used to obtain the SIM card second signature message of the SIM card to be verified, the terminal second identity private key of the terminal to be verified and the terminal second signature message, and the second signature message of the SIM card is the second signature message of the SIM card to be verified The SIM card information of the SIM card is obtained by encrypting through a first preset hash algorithm, and the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through a second preset hash algorithm, and the second identity of the terminal The private key is generated according to the terminal feature code of the terminal to be verified; The first reporting module is used to report the terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to the SIM card block chain, and the terminal digital signature is passed through the terminal The second identity private key is obtained by digitally signing the second signature message of the terminal; The first determining module is used to match the data block identifiers of all SIM card block chains with the second signature message of the SIM card, and determine the SIM card block of the SIM card to be verified; The first verification module is configured to verify the digital signature of the terminal according to the terminal's first identity public key in the SIM card block of the SIM card to be verified and the terminal's second signature message, and determine a verification result. 8. A server, characterized in that, the server includes: a memory, a processor, the memory is used to store computer programs, and the processor is used to implement the computer program according to the claim according to the computer program stored in the memory The blockchain-based machine-card binding method described in any one of requirements 1 to 6. 9. A computer-readable storage medium, characterized in that, computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to implement any one of claims 1 to 5 when executed by a processor The block chain-based machine-card binding method.

Images