CN1946229A - Indentifying method for telecommunication smart card and terminal - Google Patents
Indentifying method for telecommunication smart card and terminal Download PDFInfo
- Publication number
- CN1946229A CN1946229A CNA2006100572383A CN200610057238A CN1946229A CN 1946229 A CN1946229 A CN 1946229A CN A2006100572383 A CNA2006100572383 A CN A2006100572383A CN 200610057238 A CN200610057238 A CN 200610057238A CN 1946229 A CN1946229 A CN 1946229A
- Authority
- CN
- China
- Prior art keywords
- terminal
- intelligent card
- telecom intelligent
- authentication
- telecom
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
This invention discloses an authentication method for telecommunication intelligent cards and terminals including: 1, presetting a same algorithm in the intelligent card and an authorized terminal, 2, said card modifies the stored user authentication information to false information after the card is restored and before network authentication, 3, the card and the terminal use the algorithm in step 1, 4, if the authentication is passed, the card recovers the user authentication information to true information, if it fails, the card keeps the current false information.
Description
Technical field
The present invention relates to the data security field, relate in particular to the authentication method of a kind of telecom intelligent card and terminal.
Background technology
In order to cooperate project of "Communication with Every Village", the client of development rural area, China Mobile, CHINAUNICOM have promoted wireless business phone, Public CDMA WLL in the whole country, charge according to the landline telephone expenses standard, because this expenses standard is more cheap than common mobile phone, cause some people to adopt stealing card or and the form of card, the telecom intelligent card of wireless business phone, Public CDMA WLL is placed in the portable terminal as mobile phone one class uses, caused a large amount of telephone expenses to run off, disturbed normal price policy.And in the prior art, wireless network only to telecom intelligent card authenticate, authentication, for above-mentioned robber's card, and card then powerless.
In existing wireless network, for effective identity to the user authenticates, authentication process, guarantee that simultaneously these critical datas can not be had a mind to by other people or obtain unintentionally, information such as user's KI and authentication arithmetic all can not transmit on the net, but it is mutual between telecom intelligent card, terminal and network management device by unique authorizing procedure, thereby finish user's authentication, authentication, and prevent that to greatest extent user profile is stolen.Need based on this, in the prior art wireless network to telecom intelligent card authenticate, method for authenticating is: the user authentication information (comprising KI and authentication arithmetic etc.) of the network terminal is stored in the telecom intelligent card.Network management device sends a random number to terminal, terminal is transmitted to telecom intelligent card with this random number, telecom intelligent card is carried out the corresponding authentication algorithm with the KI of this random number and storage in advance, derive the authentication check word after algorithm is finished, telecom intelligent card sends to network management device with the authentication check word by terminal then.Network management device also uses this random number to carry out identical algorithm simultaneously, then the authentication check word that result and terminal are sent relatively, if identical, the network terminal user respective services that can use Virtual network operator to provide normally then, if inequality, forbid that then the user lands network.Above method for authenticating has been realized mobile network terminal use's authentication, authentication process, uses network to prevent uncommitted telecom intelligent card.But, can't guarantee that unwarranted terminal such as regular handset use the telecom intelligent card of unlimited business telephony, Public CDMA WLL.
Summary of the invention
At above-mentioned the problems of the prior art and deficiency, the objective of the invention is to propose a kind of telecom intelligent card of can avoiding and be moved the telecom intelligent card that terminal usurps arbitrarily and the authentication method of terminal.
In order to address the above problem, the present invention proposes the authentication method of a kind of telecom intelligent card and terminal, is specially:
(1) in the terminal of telecom intelligent card and mandate, is preset with identical algorithm;
(2) after telecom intelligent card resets, to carry out network authentication and cross the Cheng Qian, described telecom intelligent card is modified as false information with the user authentication information of storage;
(3) use the described algorithm of step () to authenticate between telecom intelligent card and the terminal;
(4) if authentication is passed through, described smart card reverts to true information with described user authentication information; If authentification failure, then described telecom intelligent card keeps current false information.
Wherein, described method also comprises: (five) carry out network authentication.
Wherein, described step (three) is specially:
(A) telecom intelligent card sends data to terminal;
(B) described telecom intelligent card uses the described algorithm of step () that described data are calculated; Described terminal is carried out identical calculating to described data;
(C) described terminal sends to described telecom intelligent card with result of calculation;
(D) described telecom intelligent card compares authentication with the result of calculation of described telecom intelligent card and the result of calculation of described terminal.
Wherein, described user authentication information is international mobile subscriber identifier or subscriber authentication key.
Wherein, described user authentication information is international mobile subscriber identifier and subscriber authentication key.
Wherein, described step (A) is specially: described telecom intelligent card sends to described terminal by the Getinput instruction with described data;
Described step (C) is specially: described terminal sends to described telecom intelligent card by Terminal Response instruction with described result of calculation.
Wherein, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: random number, master key and tagged word.
Wherein, described step (B) is specially:
(I) terminal and telecom intelligent card disperse with random number described master key respectively, obtain distributed key;
(II) terminal and telecom intelligent card use described distributed key that described random number is encrypted respectively;
(III) terminal and telecom intelligent card add described tagged word with step (II) gained result respectively.
Wherein, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: plaintext and key.
Wherein, described step (B) is specially:
1. terminal is carried out identical processing to described plaintext respectively with telecom intelligent card
2. terminal and telecom intelligent card use described key that step result is 1. encrypted respectively;
3. terminal and telecom intelligent card respectively with step 2. the enciphered data of gained add expressly.
In the conventional method, do not authenticate between telecom intelligent card and the terminal.The telecom intelligent card that the present invention proposes and the authentication method of terminal, after resetting, each telecom intelligent card all authenticates with terminal, only need in telecom intelligent card and the terminal of licensing this telecom intelligent card, to be preset with identical algorithm, and use this algorithm between telecom intelligent card and terminal, to authenticate, owing to all be not provided with this algorithm in existing common mobile terminal such as the regular handset, thereby make unwarranted portable terminal can't use this telecom intelligent card, can prevent effectively that portable terminal from using the wireless business phone, the telecom intelligent card of Public CDMA WLL causes can't manage the problem that runs off with telephone expenses.
Description of drawings
Fig. 1 is a preferred embodiment of the present invention flow chart;
Fig. 2 is telecom intelligent card and a terminal authentication flow chart in the preferred embodiment of the present invention.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
The preferred embodiment of the present invention may further comprise the steps as shown in Figure 1:
(1) in the terminal of telecom intelligent card and mandate, is preset with identical algorithm;
(2) after telecom intelligent card resets, to carry out network authentication and cross the Cheng Qian, described telecom intelligent card is modified as false information with the user authentication information of storage;
(3) use the described algorithm of step () to authenticate between telecom intelligent card and the terminal;
(4) if authentication is passed through, described smart card reverts to true information with described user authentication information; If authentification failure, then described telecom intelligent card keeps current false information.
Adopt said method, telecommunication intelligent all once authenticates with terminal after being stuck in and resetting at every turn, smart card is with the user authentication information notice terminal of falseness if authentication is not passed through, cause terminal to register at communication network, thereby make unwarranted portable terminal can't use this telecom intelligent card, can prevent effectively that portable terminal from using the telecom intelligent card of wireless business phone, Public CDMA WLL to cause can't to manage and the problem of the loss of telephone expenses.
As preferred version, step in the said method (three) is specially as shown in Figure 2:
(A) telecom intelligent card sends data to terminal;
(B) described telecom intelligent card and described terminal use the described algorithm of step () that described data are calculated respectively; Only need in licensing the terminal of this telecom intelligent card, to be preset with identical algorithm, be not provided with this algorithm in the regular handset, just can easily reach the effect of authentication;
(C) described terminal sends to described telecom intelligent card with result of calculation;
(D) described telecom intelligent card compares authentication with the result of calculation of described telecom intelligent card and the result of calculation of described terminal.
Below in conjunction with example the preferred embodiment of the present invention is described further:
Example 1: with the Public CDMA WLL is example, and processing method of the present invention is as follows:
At first, identifying algorithm is stored on the smart card, and in Public CDMA WLL, also stores identical identifying algorithm;
1, after telecommunication intelligent is stuck in and resets, carry out network authentication and cross the Cheng Qian, (at present user authentication information only comprises: international mobile subscriber identifier International Mobile Subscribler Identity is called for short IMSI, subscriber authentication key KeyInformation and is called for short KI will to carry out the user authentication information of network authentication, the new user authentication information of increase when 3G) is revised as false information, revise user authentication information and can change one of them, preferable, be to change all user authentication informations;
2, telecom intelligent card sends tagged word, random number and master key by the Getinput instruction to terminal;
3, after terminal is received the data of telecom intelligent card transmission, master key is disperseed to obtain distributed key with random number, with this distributed key random number is carried out 3DES and encrypt, after the enciphered data that obtains is added tagged word, return to smart card by Terminal Response instruction; The concrete computational methods of this step include but not limited to this example;
When 4, terminal was calculated, telecom intelligent card also carried out same algorithm computation;
5, telecom intelligent card compares self result calculated with the result that terminal is returned: if two results are consistent, then revise user authentication information (IMSI, KI) once more, these information are revised as true information, step finishes; If more inconsistent, step finishes;
According to existing method for network authorization, the authentication result between terminal and the telecom intelligent card can influence the registering result that telecommunication intelligent is stuck in network management device.If terminal is to authorize the wireless business terminal that can use this intelligence telecommunications card, then the authentication between terminal and the telecom intelligent card is passed through before this, the user authentication information that telecom intelligent card carries out network authentication is true information, then telecom intelligent card can be smoothly in the network management device registration, and telecom intelligent card can land network and normally use.If terminal is a regular handset, the authentification failure between terminal and the telecom intelligent card before this then, the user authentication information that telecom intelligent card carries out network authentication is a false information, then telecom intelligent card can't be registered at network management device, can't use by logging in network.So can prevent unwarranted terminal use telecom intelligent card.
Example 2: with the wireless business phone is example, and processing method of the present invention is as follows:
At first, be stored in smart card on identifying algorithm user's authentication information and in the wireless business phone, also store identical algorithm;
1, after telecommunication intelligent is stuck in and resets, carry out network authentication and cross the Cheng Qian, the user authentication information (international mobile subscriber identifier International Mobile SubscriblerIdentity, subscriber authentication key KI) that will carry out network authentication is revised as false information;
2, smart card sends expressly and key to terminal by the Getinkey instruction;
3, after terminal is received the data that smart card transmits, to expressly carrying out the HASH algorithm, and use key that the result of HASH algorithm is carried out des encryption, after the enciphered data that obtains is added expressly, return to smart card by Terminal Response instruction; The concrete computational methods of this step include but not limited to this example;
When 4, terminal was calculated, smart card also carried out same algorithm computation;
5, smart card compares self result calculated with the result that terminal is returned: if two results are consistent, then revise user authentication information (IMSI, KI) once more, these information are revised as true information, step finishes; If more inconsistent, do not carry out retouching operation;
According to existing method for network authorization, the authentication result between terminal and the telecom intelligent card can influence the registering result that telecommunication intelligent is stuck in network management device.If terminal is to authorize the wireless business terminal that can use this intelligence telecommunications card, then the authentication between terminal and the telecom intelligent card is passed through before this, the user authentication information that telecom intelligent card carries out network authentication is true information, then telecom intelligent card can be smoothly in the network management device registration, and telecom intelligent card can land network and normally use.If terminal is a regular handset, the authentification failure between terminal and the telecom intelligent card before this then, the user authentication information that telecom intelligent card carries out network authentication is a false information, then telecom intelligent card can't be registered at network management device, can't use by logging in network.So can prevent unwarranted terminal use telecom intelligent card.
Claims (10)
1, the authentication method of a kind of telecom intelligent card and terminal is specially:
(1) in the terminal of telecom intelligent card and mandate, is preset with identical algorithm;
(2) after telecom intelligent card resets, to carry out network authentication and cross the Cheng Qian, described telecom intelligent card is modified as false information with the user authentication information of storage;
(3) use the described algorithm of step () to authenticate between telecom intelligent card and the terminal;
(4) if authentication is passed through, described smart card reverts to true information with described user authentication information; If authentification failure, then described telecom intelligent card keeps current false information.
2, the authentication method of telecom intelligent card according to claim 1 and terminal is characterized in that, also comprises:
(5) carry out network authentication.
3, the authentication method of telecom intelligent card according to claim 1 and terminal is characterized in that, described step (three) be specially:
(A) telecom intelligent card sends data to terminal;
(B) described telecom intelligent card and described terminal use the described algorithm of step () that described data are calculated respectively;
(C) described terminal sends to described telecom intelligent card with result of calculation;
(D) described telecom intelligent card compares authentication with the result of calculation of described telecom intelligent card and the result of calculation of described terminal.
4, the authentication method of telecom intelligent card according to claim 1 and terminal is characterized in that, described user authentication information is international mobile subscriber identifier or subscriber authentication key.
5, the authentication method of telecom intelligent card according to claim 1 and terminal is characterized in that, described user authentication information is international mobile subscriber identifier and subscriber authentication key.
6, the authentication method of telecom intelligent card according to claim 3 and terminal is characterized in that,
Described step (A) is specially: described telecom intelligent card sends to described terminal by the Getinput instruction with described data;
Described step (C) is specially: described terminal sends to described telecom intelligent card by Terminal Response instruction with described result of calculation.
7, the authentication method of telecom intelligent card according to claim 6 and terminal is characterized in that, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: random number, master key and tagged word.
8, the authentication method of telecom intelligent card according to claim 7 and terminal is characterized in that, wherein, described step (B) is specially:
(I) terminal and telecom intelligent card disperse with random number described master key respectively, obtain distributed key;
(II) terminal and telecom intelligent card use described distributed key that described random number is encrypted respectively;
(III) terminal and telecom intelligent card add described tagged word with step (II) gained result respectively.
According to the authentication method of telecom intelligent card according to claim 6 and terminal, it is characterized in that 9, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: plaintext and key.
According to the authentication method of telecom intelligent card according to claim 9 and terminal, it is characterized in that 10, described step (B) is specially:
1. terminal is carried out identical processing to described plaintext respectively with telecom intelligent card;
2. terminal and telecom intelligent card use described key that step result is 1. encrypted respectively;
3. terminal and telecom intelligent card respectively with step 2. the enciphered data of gained add expressly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100572383A CN100429957C (en) | 2006-03-09 | 2006-03-09 | Indentifying method for telecommunication smart card and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100572383A CN100429957C (en) | 2006-03-09 | 2006-03-09 | Indentifying method for telecommunication smart card and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1946229A true CN1946229A (en) | 2007-04-11 |
| CN100429957C CN100429957C (en) | 2008-10-29 |
Family
ID=38045389
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100572383A Expired - Fee Related CN100429957C (en) | 2006-03-09 | 2006-03-09 | Indentifying method for telecommunication smart card and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100429957C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101835153A (en) * | 2010-04-27 | 2010-09-15 | 中兴通讯股份有限公司 | Public telephone card and method of interlocking public telephone card with mobile terminal |
| CN101521886B (en) * | 2009-01-21 | 2011-04-20 | 北京握奇数据系统有限公司 | Method and device for authenticating terminal and telecommunication smart card |
| CN101656958B (en) * | 2009-08-13 | 2012-07-25 | 北京握奇数据系统有限公司 | Telecommunication intelligent card in Code Division Multiple Access (CDMA) network and authentication method thereof |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NO313480B1 (en) * | 2001-01-24 | 2002-10-07 | Telenor Asa | Procedure for opening all or part of a smart card |
| US7162736B2 (en) * | 2001-08-20 | 2007-01-09 | Schlumberger Omnes, Inc. | Remote unblocking with a security agent |
| KR20040104778A (en) * | 2003-06-04 | 2004-12-13 | 삼성전자주식회사 | Method for setting up home domain by device authentication using smart card, and smart card for the same |
| FI116654B (en) * | 2003-10-23 | 2006-01-13 | Siltanet Ltd | A method for user authentication |
| KR100511317B1 (en) * | 2003-10-31 | 2005-08-31 | 엘지전자 주식회사 | Fraud protection method and apparatus for contactless card in mobile communication terminal |
-
2006
- 2006-03-09 CN CNB2006100572383A patent/CN100429957C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521886B (en) * | 2009-01-21 | 2011-04-20 | 北京握奇数据系统有限公司 | Method and device for authenticating terminal and telecommunication smart card |
| CN101656958B (en) * | 2009-08-13 | 2012-07-25 | 北京握奇数据系统有限公司 | Telecommunication intelligent card in Code Division Multiple Access (CDMA) network and authentication method thereof |
| CN101835153A (en) * | 2010-04-27 | 2010-09-15 | 中兴通讯股份有限公司 | Public telephone card and method of interlocking public telephone card with mobile terminal |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100429957C (en) | 2008-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1302407C (en) | Equipment identifying system | |
| CN1262137C (en) | Method for guaranteeing mobile communication terminal safety | |
| CN101051908A (en) | Dynamic cipher certifying system and method | |
| CN1921390A (en) | User identification identifying method and system | |
| CN1875653A (en) | Method for managing the security of applications with a security module | |
| CN1968471A (en) | Mobile communication terminal having an enhanced data management function | |
| CN1295774A (en) | System and method for authenticating cellular subscriber at registration | |
| CN1874595A (en) | Control system and control method for terminal to use network | |
| WO2018010480A1 (en) | Network locking method for esim card, terminal, and network locking authentication server | |
| CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN101034985A (en) | Method and system for the anti-counterfeit of the mobile phone with the dynamic code | |
| CN1980459A (en) | Method for realizing information destroying at network side | |
| CN1750462A (en) | Method for realizing identity identification by mobile terminal | |
| CN1684411A (en) | Method for verifying user's legitimate of mobile terminal | |
| CN1946229A (en) | Indentifying method for telecommunication smart card and terminal | |
| CN1290349C (en) | Mobile telecommunicating system and method with digital copyright protection and authentication | |
| CN1606326A (en) | Security management method for mobile phone | |
| CN1317903C (en) | Method for sharing mobile terminal by multi-user | |
| CN1274169C (en) | Method for limiting illegal mobile telephone | |
| CN1779704A (en) | Credit data inquiry system and method | |
| CN2638376Y (en) | Locking device using radio communication device | |
| CN116233847A (en) | Login method, login device, computer equipment and storage medium | |
| CN1585331A (en) | User centrificating apparatus and method for fixed network terminal | |
| CN110084329A (en) | The set code method of centre letter code | |
| CN1747384A (en) | Authenticated key set |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Patent of Beijing grip Data Co.,Ltd. The person in charge Document name: payment instructions |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081029 |