CN112867004B - Remote configuration system and user data replacement method - Google Patents

Remote configuration system and user data replacement method Download PDF

Info

Publication number
CN112867004B
CN112867004B CN202011638670.8A CN202011638670A CN112867004B CN 112867004 B CN112867004 B CN 112867004B CN 202011638670 A CN202011638670 A CN 202011638670A CN 112867004 B CN112867004 B CN 112867004B
Authority
CN
China
Prior art keywords
remote configuration
module
terminal
identification card
user identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011638670.8A
Other languages
Chinese (zh)
Other versions
CN112867004A (en
Inventor
闫楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinan Microelectronics Technology Co ltd
Original Assignee
Beijing Xinan Microelectronics Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xinan Microelectronics Technology Co ltd filed Critical Beijing Xinan Microelectronics Technology Co ltd
Priority to CN202011638670.8A priority Critical patent/CN112867004B/en
Publication of CN112867004A publication Critical patent/CN112867004A/en
Application granted granted Critical
Publication of CN112867004B publication Critical patent/CN112867004B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/18578Satellite systems for providing broadband data service to individual earth stations
    • H04B7/18593Arrangements for preventing unauthorised access or for providing user protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Radio Relay Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a remote configuration system and a user data replacement method, which relate to the technical field of satellite communication and comprise the following steps: the terminal module is used for loading a user identification card; the remote configuration module is used for generating user data; the satellite communication module is used for providing satellite communication service for the terminal module; and the verifying end is used for verifying whether the user identification card has the user data. The technical scheme of the invention has the beneficial effects that: the satellite communication terminal user is helped to connect with a satellite communication operator through the Internet, so that the remote configuration of the user identification card is carried out, and the number resource occupation of the user identification card is reduced; and the satellite communication service provider can be replaced by the corresponding Internet terminal through a remote configuration mode according to the service operation requirement, so that the connection between the satellite communication network and the Internet of things terminal is more flexible, and the use cost of a user is also reduced from the side.

Description

Remote configuration system and user data replacement method
Technical Field
The invention relates to the technical field of satellite communication, in particular to a remote configuration system and a user data replacement method.
Background
Satellite communication technology is a technology for realizing communication between two or more earth stations by reflecting or repeating radio signals using repeaters in satellites as relay stations. The satellite communication technology is an advanced communication mode which combines the modern communication technology and the aerospace technology and controls the modern communication technology by a computer, is the most industrialized application direction of the satellite technology at present, and forms the most main component of the satellite industry. Currently, satellite communication systems have become an important part of the world's telecommunications structure, providing telephone, data and video services to countries around the world. The satellite communication technology is widely applied to the fields of international communication, domestic communication, national defense communication, mobile communication, broadcast television and the like, and is particularly suitable for remote areas, rural areas, mountain areas, islands, disaster areas, and areas which are not easily covered by land communication, such as ocean fleets, long-range airplanes and the like.
In the prior art, the security of satellite communication is ensured by means of authentication and encryption; in part of high-security satellite communication, a user identity identification card is used as a unique identity of a satellite communication terminal, bidirectional identity authentication and key agreement are carried out between the terminal and a ground central station in an access satellite communication network through a satellite link, and an internet of things terminal which cannot pass the identity authentication is refused to access the satellite communication network; however, the satellite communication demand is huge, the number resource of the user identification card is limited, and the use of the preset user identification finished card in the terminal of the internet of things causes waste of the number resource. Meanwhile, the satellite communication service provider cannot be replaced in the whole life cycle of the terminal of the internet of things, which is not beneficial to the subsequent operation and development of satellite communication service.
Disclosure of Invention
According to the problems in the prior art, a remote configuration system and a user data replacement method are provided, which aim to reduce the resource waste of a user identification card and reduce the overall operation cost.
The technical scheme specifically comprises the following steps:
a remote configuration system adapted for satellite communications, comprising:
the terminal modules are connected to a remote configuration module through the Internet and used for outputting the identity data of the user identification card to the remote configuration module;
the user identification card is provided with a first public key and a first private key;
the identity data comprises a digital certificate of the user identification card, and the digital certificate of the user identification card is marked with the first public key in a preset manner;
the remote configuration module comprises:
the first verification unit is used for verifying whether the identity data is complete or not and outputting a first verification result;
the first obtaining unit is connected to the first verification unit, prestores a second public key and a second private key of the remote configuration module, and is used for performing key agreement on the second private key and the first public key when the first verification result shows that the identity data is complete, and processing according to the identity data to obtain a session key;
the first storage unit is prestored with matching data which corresponds to the plurality of user identification cards one by one;
the first comparison unit is connected to the first storage unit and used for comparing the identity data with the matching data and outputting a first comparison result;
the first generating unit is connected to the first comparison unit and used for generating user data corresponding to the user identification card when the first comparison result shows that the identity data accords with the matching data;
the first output unit is connected to the first acquisition unit and the first generation unit and used for encrypting the user data according to the session key and transmitting the encrypted user data and the second public key to the terminal module through the internet;
the terminal module carries out key negotiation according to the first private key and the second public key and obtains a session key according to the identity data processing, the terminal module carries out decryption on the identity data according to the session key, the user identification card written in the decrypted user data is used as a configuration user identification card, and the terminal module loaded with the configuration user identification card is used as a configuration terminal module;
the configuration terminal module is allowed to communicate data among a plurality of configuration terminal modules through a satellite communication module;
the satellite communication module is connected to the terminal module through a satellite link and used for providing satellite communication service for the terminal module.
Preferably, the terminal module includes:
the second generation unit is used for generating a random number with a signature and signing the random number according to the first public key;
a second obtaining unit, configured to obtain the digital certificate with the first public key from the subscriber identity card;
a second output unit, connected to the second generating unit and the second obtaining unit, for transmitting the random number with the signature and the digital certificate with the first public key to the remote configuration module through the internet;
the random number and the digital certificate with the first public key constitute the identity data.
Preferably, the terminal module further includes:
the second verification unit is used for verifying whether the digital certificate with the second public key is complete or not and outputting a second verification result;
the first decryption unit is connected to the second verification unit and used for performing key agreement according to the second public key and the first private key when the second verification unit shows that the digital certificate is complete, obtaining a session key by combining the random number processing, and decrypting the digital certificate according to the session key;
and the writing unit is connected to the first decryption unit and used for writing the decrypted user data into the user identification card to obtain the configuration user identification card.
Preferably, the user identification card may include a plurality of user identification data, and the terminal module selects one of the user identification data as the identification data of the user identification card according to a preset selection rule.
Preferably, the testing device further comprises a testing end, and the testing end specifically comprises:
the ground main station is connected to the remote configuration module through the Internet and is connected to the satellite communication module through a satellite link, and is used for transmitting the message sent by the remote configuration module to the terminal module through the satellite communication module;
and the authentication center is connected to the ground central station and is used for identifying whether the subscriber identity module in the terminal module applying for authentication from the verifying terminal through the satellite communication module is the configuration subscriber identity module or not and enabling the corresponding terminal module to be allowed to carry out data communication between the configuration terminal modules through the satellite communication module according to the identification result.
Preferably, the ground station includes:
a receiving unit, connected to the remote configuration module through the internet, for receiving remote configuration information output by the remote configuration module when the remote configuration module configures another satellite communication module for the subscriber identity card, wherein the remote configuration module configures another satellite communication module for the subscriber identity card as a replacement satellite communication module;
the forwarding unit is connected to the receiving unit and used for transmitting the remote configuration information to the terminal module through the replacement satellite communication module;
and the terminal module calls a remote configuration command in the identity identification card according to the remote configuration information and transmits the remote configuration command and the identity data to the remote configuration module so that the user identification card writes the user data again.
Preferably, the authentication center includes:
the second storage unit is connected to the remote configuration module through the Internet and used for storing all the user data generated by the remote configuration module;
the second comparison unit is connected to the second storage unit, is connected to the satellite communication module through a satellite link, and is used for comparing the user data contained in the user identification card in the terminal module with the user data stored in the second storage unit and outputting a second comparison result;
and the authentication unit is connected to the second comparison unit, is connected to the satellite communication module through a satellite link, and is used for authenticating the user identification card as the configuration user identification card and authenticating the terminal module loaded with the configuration user identification card as the configuration terminal module when the second comparison result shows that the user data contained in the user identification card in the terminal module is matched with the user data stored in the second storage unit.
Preferably, the terminal module is allowed to connect with a locally configured terminal via at least one of bluetooth, WIFI, cellular communication, NFC technology.
In the technical scheme, the method further comprises the following steps:
a user data replacement method is applied to the remote configuration system and comprises the following steps:
step S1: a remote configuration server outputting a remote configuration message through a ground station, the ground station transmitting the remote configuration message to a terminal device through an alternate satellite communication network;
step S2: the terminal equipment calls a remote configuration command of a user identification card in the terminal equipment according to the remote configuration message, and transmits the remote configuration command and a digital certificate with a first public key of the user identification card to the remote configuration server through the Internet;
and step S3: the remote configuration server verifies whether the remote configuration command and the digital certificate with the first public key are complete;
if yes, performing step S4;
if not, returning to the step S1;
and step S4: the remote configuration server performs key agreement according to a second private key of the remote configuration server and the first public key to obtain a session key, then generates user data, encrypts the user data according to the session key, and sends the encrypted user data and the second public key to the terminal equipment through the Internet;
step S5: the terminal equipment verifies whether the encrypted user data and the encrypted digital certificate are complete;
if yes, performing step S6;
if not, returning to the step S1;
step S6: and the terminal equipment performs key agreement according to the second public key and the first private key to generate a session key, decrypts the user data according to the session key, and writes the decrypted user data into the user identification card.
The technical scheme of the invention has the beneficial effects that: the satellite communication terminal user is helped to connect with a satellite communication operator through the Internet, so that the remote configuration of the user identification card is carried out, and the number resource occupation of the user identification card is reduced; and the satellite communication service provider can be replaced by the corresponding internet terminal through a remote configuration mode according to the service operation requirement, so that the connection between the satellite communication network and the internet of things terminal is more flexible, and the use cost of a user is reduced from the side.
Drawings
Embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings. The drawings are, however, to be regarded as illustrative and explanatory only and not as restrictive of the scope of the invention.
FIG. 1 is a block diagram of a remote configuration system according to an embodiment of the present invention;
FIG. 2 is a block diagram of a terminal module according to an embodiment of the present invention;
FIG. 3 is an element diagram of a remote configuration module according to an embodiment of the invention;
FIG. 4 is a structural component diagram of a verifying end according to an embodiment of the invention;
FIG. 5 is a block diagram of a ground station according to an embodiment of the present invention;
FIG. 6 is a block diagram of an authentication center according to an embodiment of the present invention;
fig. 7 is a system flowchart of a user data replacing method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The invention is further described with reference to the following drawings and specific examples, which are not intended to be limiting.
The invention provides a remote configuration system, which is suitable for satellite communication, and comprises:
the terminal modules 1 are respectively used for loading a user identification card, and the terminal modules 1 are connected to a remote configuration module 2 through the Internet and used for outputting the identity data of the user identification card to the remote configuration module 2;
the user identification card is provided with a first public key and a first private key;
the identity data comprises a digital certificate of a user identification card, and the digital certificate of the user identification card is marked with a first public key in a preset way;
the remote configuration module 2 includes:
the first verification unit 21 is configured to verify whether the identity data is complete, and output a first verification result;
the first obtaining unit 22 is connected to the first verifying unit 21, pre-stores a second public key and a second private key of the remote configuration module 2, and is configured to perform key agreement on the first public key and the second private key when the first verification result indicates that the identity data is complete, and obtain a session key according to processing of the identity data;
a first storage unit 23 in which matching data corresponding to a plurality of subscriber identity cards one to one is prestored;
the first comparison unit 24 is connected to the first storage unit 23 and the terminal module 1, and is configured to compare the identity data with the matching data and output a first comparison result;
a first generating unit 25, connected to the first comparing unit 24, for generating user data corresponding to the user identification card when the first comparison result indicates that the identity data matches the matching data;
a first output unit 26, connected to the first obtaining unit 22 and the first generating unit 25, for encrypting the user data according to the session key and transmitting the encrypted second public key of the user data to the terminal module 1 through the internet;
the terminal module 1 performs key agreement according to the first private key and the second public key, and obtains a session key according to the identity data processing, the terminal module 1 decrypts the identity data according to the session key, the user identification card written with the decrypted user data is used as a configuration user identification card, and the terminal module loaded with the configuration user identification card is used as a configuration terminal module;
it should be noted that, since the key result obtained by negotiating the first public key with the second private key is the same as the key result obtained by negotiating the second public key with the first private key, the two key results are collectively referred to as a "session key" in the present invention.
The configuration terminal module 2 is allowed to perform data communication among a plurality of configuration terminal modules 2 through a satellite communication module 3;
the satellite communication module 3 is connected to the terminal module 1 through a satellite link, and is used for providing satellite communication service for the terminal module 1.
Specifically, in the production process of the subscriber identity card, a manufacturer applies for a satellite communication operator, the satellite communication operator issues a manufacturer certificate, the manufacturer produces the subscriber identity card in a secure environment, a random key pair is generated inside the subscriber identity card, the key pair comprises a first key and a first public key, and a digital certificate with the first public key is generated according to the key pair.
Specifically, the first generation unit 25 generates the user data of the user identification card from the data template.
Specifically, the terminal module 1 integrates a subscriber identity module card without configured subscriber data, and writes subscriber identity data into the post-stage, so that a large amount of equipment in the stages of testing, inventory, subscriber to-be-activated and the like can be prevented from occupying subscriber identity resources, and the cost pressure of an internet of things enterprise on the subscriber identity data in the stages of testing, inventory and subscriber to-be-activated is eliminated.
Specifically, the terminal module 1 is allowed to connect with a local configuration terminal through at least one of bluetooth, WIFI, cellular communication, and NFC technologies, and the user connects to the remote configuration module 2 through the internet using the local configuration terminal.
Specifically, the local configuration terminal may be a mobile phone.
Specifically, the user identification card may include a plurality of user identification data, and the terminal module 1 selects appropriate user identification data as the identification data of the user identification card according to the service rule.
Specifically, the first output unit 26 encrypts the user data to protect the integrity and confidentiality of the data.
In a preferred embodiment, the terminal module 1 comprises:
a second generating unit 11, configured to generate a random number with a signature, and sign the random number according to the first public key;
a second obtaining unit 12, configured to obtain a digital certificate with a first public key from the subscriber identity card;
a second output unit 13, connected to the second obtaining unit 12 and the second generating unit 11, for transmitting the random number with the signature and the digital certificate with the first public key to the remote configuration module 2 through the internet;
the random number and the digital certificate with the first public key constitute identity data.
In a preferred embodiment, the terminal module 1 further comprises:
the second verifying unit 14 is configured to verify whether the digital certificate with the second public key is complete, and output a second verification result;
the first decryption unit 15 is connected to the second verification unit 14, and configured to perform key agreement according to the second public key and the first key when the second verification unit indicates that the digital certificate is complete, obtain a session key by combining random number processing, and decrypt the digital certificate according to the session key;
and a writing unit 16 connected to the first decryption unit 15, for writing the decrypted user data into the user identification card to obtain the configured user identification card.
In a preferred embodiment, the apparatus further comprises a check end 4, and the check end 4 specifically comprises:
a ground station 41 connected to the remote configuration module 2 via the internet and to the satellite communication module 3 via a satellite link, for transmitting the message sent by the remote configuration module 2 to the terminal module 1 via the satellite communication module 3;
and the authentication center 42 is connected to the ground central station 41 and is used for identifying whether the subscriber identity card in the terminal module 1 applying for authentication from the verifying terminal 4 through the satellite communication module 3 is the configured subscriber identity card or not, and enabling the corresponding terminal module 1 to be allowed to carry out data communication between the configured terminal modules through the satellite communication module 3 according to the identification result.
In a preferred embodiment, the ground station 41 comprises:
a receiving unit 411 connected to the remote configuration module 2 via the internet, for receiving the remote configuration information output by the remote configuration module 2 when the remote configuration module 2 configures another satellite communication module 3 for the subscriber identity card, wherein the another satellite communication module configured for the subscriber identity card by the remote configuration module 2 is used as a replacement satellite communication module;
a forwarding unit 412 connected to the receiving unit 411 for transmitting the remote configuration information to the terminal module 1 by replacing the satellite communication module;
the terminal module 1 calls a remote configuration command in the identity card according to the remote configuration information, and transmits the remote configuration command and the identity data to the remote configuration module 2, so that the user identification card writes the user data again.
In this embodiment, the remote configuration module 2 replaces the satellite communication module 3 for the subscriber identity module, that is, the specific process of replacing the satellite communication operator is as follows:
the remote configuration module 2 outputs a remote configuration message to the receiving unit 411 of the ground central station 41, and the forwarding unit 412 transmits the remote configuration message to the terminal module 1 through the alternate satellite communication module.
Further, the terminal module 1 obtains a remote configuration command from the subscriber identity card according to the remote configuration information, and sends the remote configuration command and the identity data to the remote configuration module 2 through the internet.
Further, the remote configuration module 2 generates user data corresponding to the user identification card again, the user data at this time is user data of the replacement satellite communication module, namely, the replacement satellite communication operator, and the remote configuration module 2 encrypts the user data of the replacement satellite communication module and transmits the encrypted user data to the terminal module 1 through the internet.
Further, the terminal module 1 decrypts the user data of the replacement satellite communication module, and the user identification card writes the user data of the replacement satellite communication module to complete the replacement of the satellite communication operator by the user identification card.
In a preferred embodiment, the authentication center 42 includes:
a second storage unit 421 connected to the remote configuration module 2 through the internet, for storing all the user data generated by the remote configuration module;
a second comparing unit 422, connected to the second storage unit 421 and connected to the satellite communication module 3 through a satellite link, for comparing the user data contained in the user identification card in the terminal module 1 with the user data stored in the second storage unit 421, and outputting a second comparison result;
the authentication unit 423 is connected to the second comparison unit 422 and the satellite communication module 3 through a satellite link, and is configured to authenticate the user identification card as a configuration user identification card and authenticate the terminal module 1 loaded with the configuration user identification card as a configuration terminal module when the second comparison result indicates that the user data included in the user identification card in the terminal module 1 matches the user data stored in the second storage unit 421.
Specifically, the local configuration terminal may be a mobile phone.
In the technical scheme, the method further comprises the following steps:
a user data replacement method is applied to the remote configuration system and comprises the following steps:
step S1: a remote configuration server outputs remote configuration information through a ground station, and the ground station transmits the remote configuration information to a terminal device through an alternative satellite communication network;
step S2: the terminal equipment calls a remote configuration command of a user identification card in the terminal equipment according to the remote configuration message, and transmits the remote configuration command and a digital certificate with a first public key of the user identification card to a remote configuration server through the Internet;
and step S3: the remote configuration server verifies whether the remote configuration command and the digital certificate with the first public key are complete;
if yes, performing step S4;
if not, returning to the step S1;
and step S4: the remote configuration server performs key agreement according to the first public key and the second private key of the remote configuration server to obtain a session key, then generates user data, encrypts the user data according to the session key, and sends the encrypted user data and the second public key to the terminal equipment through the Internet;
step S5: the terminal equipment verifies whether the encrypted user data and the digital certificate with the private key are complete;
if yes, performing step S6;
if not, returning to the step S1;
step S6: and the terminal equipment performs key agreement according to the second public key and the first private key to generate a session key, decrypts the user data according to the session key, and writes the decrypted user data into the user identification card.
The technical scheme of the invention has the beneficial effects that: the satellite communication terminal user is helped to connect with a satellite communication operator through the Internet, so that the remote configuration of the user identification card is carried out, and the number resource occupation of the user identification card is reduced; and the satellite communication service provider can be replaced by the corresponding internet terminal through a remote configuration mode according to the service operation requirement, so that the connection between the satellite communication network and the internet of things terminal is more flexible, and the use cost of a user is reduced from the side.
While the invention has been described with reference to a preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiment, but is intended to cover various modifications, equivalents and obvious changes which may be made therein by those skilled in the art.

Claims (9)

1. A remote configuration system adapted for satellite communications, comprising:
the terminal modules are respectively used for loading a user identification card, are connected to a remote configuration module through the Internet and are used for outputting the identity data of the user identification card to the remote configuration module;
the user identification card is provided with a first public key and a first private key;
the identity data comprises a digital certificate of the user identification card, and the digital certificate is marked with the first public key in a preset way;
the remote configuration module includes:
the first verification unit is used for verifying whether the identity data is complete or not and outputting a first verification result;
the first obtaining unit is connected to the first verification unit, prestores a second public key and a second private key of the remote configuration module, and is used for performing key agreement on the second private key and the first public key when the first verification result shows that the identity data is complete, and processing according to the identity data to obtain a session key;
the first storage unit is prestored with matching data which corresponds to the plurality of user identification cards one by one;
the first comparison unit is connected to the first storage unit and used for comparing the identity data with the matching data and outputting a first comparison result;
the first generating unit is connected to the first comparison unit and used for generating user data corresponding to the user identification card when the first comparison result shows that the identity data accords with the matching data;
the first output unit is connected to the first acquisition unit and the first generation unit and used for encrypting the user data according to the session key and transmitting the encrypted user data and the second public key to the terminal module through the internet;
the terminal module performs key agreement according to the first private key and the second public key, and obtains a session key according to the identity data processing, the terminal module performs decryption of the identity data according to the session key, the user identification card written with the decrypted user data serves as a configuration user identification card, and the terminal module loaded with the configuration user identification card serves as a configuration terminal module; the configuration terminal module is allowed to communicate data among a plurality of configuration terminal modules through a satellite communication module;
the satellite communication module is connected to the terminal module through a satellite link and used for providing satellite communication service for the terminal module.
2. The remote configuration system of claim 1, wherein the terminal module comprises:
a second generating unit, configured to generate a random number with a signature, and to sign the random number according to the first public key;
a second obtaining unit, configured to obtain the digital certificate with the first public key from the subscriber identity card;
a second output unit, connected to the second generating unit and the second obtaining unit, for transmitting the random number with the signature and the digital certificate with the first public key to the remote configuration module through the internet;
the random number and the digital certificate with the first public key constitute the identity data.
3. The remote configuration system of claim 2, wherein the terminal module further comprises:
the second verification unit is used for verifying whether the digital certificate with the second public key is complete or not and outputting a second verification result;
the first decryption unit is connected to the second verification unit and used for performing key agreement according to the second public key and the first private key when the second verification unit shows that the digital certificate is complete, obtaining a session key by combining the random number processing, and decrypting the digital certificate according to the session key;
and the writing unit is connected to the first decryption unit and used for writing the decrypted user data into the user identification card to obtain the configuration user identification card.
4. The remote configuration system of claim 1, wherein the subscriber identity card comprises a plurality of subscriber identity data, and the terminal module selects one of the subscriber identity data as the identity data of the subscriber identity card according to a predetermined selection rule.
5. The remote configuration system of claim 1, further comprising a verification end, the verification end comprising:
the ground main station is connected to the remote configuration module through the Internet and is connected to the satellite communication module through a satellite link, and is used for transmitting the message sent by the remote configuration module to the terminal module through the satellite communication module;
and the authentication center is connected to the ground main station and used for identifying whether the user identification card in the terminal module applying for authentication to the verifying terminal through the satellite communication module is the configuration user identification card or not and enabling the corresponding terminal module to be allowed to carry out data communication among the configuration terminal modules through the satellite communication module according to an identification result.
6. The remote configuration system of claim 5, wherein the ground station comprises:
a receiving unit, connected to the remote configuration module through the internet, for receiving remote configuration information output by the remote configuration module when the remote configuration module configures another satellite communication module for the subscriber identity card, wherein the remote configuration module configures another satellite communication module for the subscriber identity card as a replacement satellite communication module;
the forwarding unit is connected to the receiving unit and used for transmitting the remote configuration information to the terminal module through the replacement satellite communication module;
and the terminal module calls a remote configuration command in the identity identification card according to the remote configuration information and transmits the remote configuration command and the identity data to the remote configuration module so that the user identification card writes the user data again.
7. The remote configuration system according to claim 5, wherein the authentication center comprises:
the second storage unit is connected to the remote configuration module through the Internet and used for storing all the user data generated by the remote configuration module;
the second comparison unit is connected to the second storage unit, is connected to the satellite communication module through a satellite link, and is used for comparing the user data contained in the user identification card in the terminal module with the user data stored in the second storage unit and outputting a second comparison result;
and the authentication unit is connected to the second comparison unit, is connected to the satellite communication module through a satellite link, and is used for authenticating the user identification card as the configuration user identification card and authenticating the terminal module loaded with the configuration user identification card as the configuration terminal module when the second comparison result shows that the user data contained in the user identification card in the terminal module is matched with the user data stored in the second storage unit.
8. The remote configuration system of claim 5, wherein the terminal module is enabled to connect with a local configuration terminal via at least one of Bluetooth, WIFI, cellular communication, NFC technology.
9. A user data exchange method applied to the remote configuration system according to claim 5 or 6, comprising:
step S1: a remote configuration server outputs a remote configuration message through a ground station, and the ground station transmits the remote configuration message to a terminal device through an alternative satellite communication network;
step S2: the terminal equipment calls a remote configuration command of a user identification card in the terminal equipment according to the remote configuration message, and transmits the remote configuration command and a digital certificate with a first public key of the user identification card to the remote configuration server through the Internet;
and step S3: the remote configuration server verifies whether the remote configuration command and the digital certificate with the first public key are complete;
if yes, performing step S4;
if not, returning to the step S1;
and step S4: the remote configuration server performs key agreement according to a second private key of the remote configuration server and the first public key to obtain a session key, then generates user data, encrypts the user data according to the session key, and sends the encrypted user data and the second public key to the terminal equipment through the Internet;
step S5: the terminal equipment verifies whether the encrypted user data and the encrypted digital certificate are complete;
if yes, performing step S6;
if not, returning to the step S1;
step S6: and the terminal equipment performs key agreement according to the second public key and the first private key to generate a session key, decrypts the user data according to the session key, and writes the decrypted user data into the user identification card.
CN202011638670.8A 2020-12-31 2020-12-31 Remote configuration system and user data replacement method Active CN112867004B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011638670.8A CN112867004B (en) 2020-12-31 2020-12-31 Remote configuration system and user data replacement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011638670.8A CN112867004B (en) 2020-12-31 2020-12-31 Remote configuration system and user data replacement method

Publications (2)

Publication Number Publication Date
CN112867004A CN112867004A (en) 2021-05-28
CN112867004B true CN112867004B (en) 2022-10-14

Family

ID=76000440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011638670.8A Active CN112867004B (en) 2020-12-31 2020-12-31 Remote configuration system and user data replacement method

Country Status (1)

Country Link
CN (1) CN112867004B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103686803A (en) * 2012-09-21 2014-03-26 成都林海电子有限责任公司 Satellite mobile communication terminal user identification and authentication function test method
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111132165A (en) * 2019-12-30 2020-05-08 全链通有限公司 5G communication card-free access method, equipment and storage medium based on block chain
CN111314056A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Heaven and earth integrated network anonymous access authentication method based on identity encryption system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3140764A1 (en) * 2011-12-14 2017-03-15 Vilmos, András Method and internet terminal for remotely performing operations on a secure element connected to a communication device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103686803A (en) * 2012-09-21 2014-03-26 成都林海电子有限责任公司 Satellite mobile communication terminal user identification and authentication function test method
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111132165A (en) * 2019-12-30 2020-05-08 全链通有限公司 5G communication card-free access method, equipment and storage medium based on block chain
CN111314056A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Heaven and earth integrated network anonymous access authentication method based on identity encryption system

Also Published As

Publication number Publication date
CN112867004A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
CN101777978B (en) Method and system based on wireless terminal for applying digital certificate and wireless terminal
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN102202307B (en) Mobile terminal identity authentication system and method based on digital certificate
CN111246477B (en) Access method, terminal, micro base station and access system
CN111083670A (en) Vehicle using method and device based on intelligent key
CN111212426B (en) Terminal access method, terminal, micro base station and access system
CN101340443A (en) Session key negotiating method, system and server in communication network
JPH10336756A (en) Direct cipher communication device between two terminals of mobile radio network, corresponding base station and terminal device
US20080170699A1 (en) Method and device for managing a wireless resource
CN106102062B (en) Public wireless network access method and device
CN109274684B (en) Internet of things terminal system based on integration of eSIM communication and navigation service and implementation method thereof
CN105635062A (en) Network access equipment verification method and device
CN111083697A (en) Access method, terminal, micro base station and access system
CN111212425B (en) Access method, server and terminal
WO2021120924A1 (en) Method and device for certificate application
JP2008535427A (en) Secure communication between data processing device and security module
JPH10145354A (en) Remote function changing method
CN101527714A (en) Method, device and system for accreditation
CN104660567A (en) D2D terminal access authentication method as well as D2D terminal and server
CN114390524B (en) Method and device for realizing one-key login service
CN115334508A (en) Satellite short message communication method integrating authentication and encryption
CN111770494B (en) Beidou RDSS user identity authentication and fire wire registration method and device based on mobile phone number
CN112867004B (en) Remote configuration system and user data replacement method
CN102547686B (en) M2M (Machine-to-Machine) terminal security access method and terminal and management platform
CN114158046B (en) Method and device for realizing one-key login service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant