Background technology
In order to cooperate project of "Communication with Every Village", the client of development rural area, China Mobile, CHINAUNICOM have promoted wireless business phone, Public CDMA WLL in the whole country, charge according to the landline telephone expenses standard, because this expenses standard is more cheap than common mobile phone, cause some people to adopt stealing card or and the form of card, the telecom intelligent card of wireless business phone, Public CDMA WLL is placed in the portable terminal as mobile phone one class uses, caused a large amount of telephone expenses to run off, disturbed normal price policy.And in the prior art, wireless network only to telecom intelligent card authenticate, authentication, for above-mentioned robber's card, and card then powerless.
In existing wireless network, for effective identity to the user authenticates, authentication process, guarantee that simultaneously these critical datas can not be had a mind to by other people or obtain unintentionally, information such as user's KI and authentication arithmetic all can not transmit on the net, but it is mutual between telecom intelligent card, terminal and network management device by unique authorizing procedure, thereby finish user's authentication, authentication, and prevent that to greatest extent user profile is stolen.Need based on this, in the prior art wireless network to telecom intelligent card authenticate, method for authenticating is: the user authentication information (comprising KI and authentication arithmetic etc.) of the network terminal is stored in the telecom intelligent card.Network management device sends a random number to terminal, terminal is transmitted to telecom intelligent card with this random number, telecom intelligent card is carried out the corresponding authentication algorithm with the KI of this random number and storage in advance, derive the authentication check word after algorithm is finished, telecom intelligent card sends to network management device with the authentication check word by terminal then.Network management device also uses this random number to carry out identical algorithm simultaneously, then the authentication check word that result and terminal are sent relatively, if identical, the network terminal user respective services that can use Virtual network operator to provide normally then, if inequality, forbid that then the user lands network.Above method for authenticating has been realized mobile network terminal use's authentication, authentication process, uses network to prevent uncommitted telecom intelligent card.But, can't guarantee that unwarranted terminal such as regular handset use the telecom intelligent card of unlimited business telephony, Public CDMA WLL.
Summary of the invention
At above-mentioned the problems of the prior art and deficiency, the objective of the invention is to propose a kind of telecom intelligent card of can avoiding and be moved the telecom intelligent card that terminal usurps arbitrarily and the authentication method of terminal.
In order to address the above problem, the present invention proposes the authentication method of a kind of telecom intelligent card and terminal, is specially:
(1) in the terminal of telecom intelligent card and mandate, is preset with identical algorithm;
(2) after telecom intelligent card resets, to carry out network authentication and cross the Cheng Qian, described telecom intelligent card is modified as false information with the user authentication information of storage;
(3) use the described algorithm of step () to authenticate between telecom intelligent card and the terminal;
(4) if authentication is passed through, described smart card reverts to true information with described user authentication information; If authentification failure, then described telecom intelligent card keeps current false information.
Wherein, described method also comprises: (five) carry out network authentication.
Wherein, described step (three) is specially:
(A) telecom intelligent card sends data to terminal;
(B) described telecom intelligent card uses the described algorithm of step () that described data are calculated; Described terminal is carried out identical calculating to described data;
(C) described terminal sends to described telecom intelligent card with result of calculation;
(D) described telecom intelligent card compares authentication with the result of calculation of described telecom intelligent card and the result of calculation of described terminal.
Wherein, described user authentication information is international mobile subscriber identifier or subscriber authentication key.
Wherein, described user authentication information is international mobile subscriber identifier and subscriber authentication key.
Wherein, described step (A) is specially: described telecom intelligent card sends to described terminal by the Getinput instruction with described data;
Described step (C) is specially: described terminal sends to described telecom intelligent card by Terminal Response instruction with described result of calculation.
Wherein, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: random number, master key and tagged word.
Wherein, described step (B) is specially:
(I) terminal and telecom intelligent card disperse with random number described master key respectively, obtain distributed key;
(II) terminal and telecom intelligent card use described distributed key that described random number is encrypted respectively;
(III) terminal and telecom intelligent card add described tagged word with step (II) gained result respectively.
Wherein, telecom intelligent card described in the described step (A) comprises to the data that terminal sends: plaintext and key.
Wherein, described step (B) is specially:
1. terminal is carried out identical processing to described plaintext respectively with telecom intelligent card
2. terminal and telecom intelligent card use described key that step result is 1. encrypted respectively;
3. terminal and telecom intelligent card respectively with step 2. the enciphered data of gained add expressly.
In the conventional method, do not authenticate between telecom intelligent card and the terminal.The telecom intelligent card that the present invention proposes and the authentication method of terminal, after resetting, each telecom intelligent card all authenticates with terminal, only need in telecom intelligent card and the terminal of licensing this telecom intelligent card, to be preset with identical algorithm, and use this algorithm between telecom intelligent card and terminal, to authenticate, owing to all be not provided with this algorithm in existing common mobile terminal such as the regular handset, thereby make unwarranted portable terminal can't use this telecom intelligent card, can prevent effectively that portable terminal from using the wireless business phone, the telecom intelligent card of Public CDMA WLL causes can't manage the problem that runs off with telephone expenses.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
The preferred embodiment of the present invention may further comprise the steps as shown in Figure 1:
(1) in the terminal of telecom intelligent card and mandate, is preset with identical algorithm;
(2) after telecom intelligent card resets, to carry out network authentication and cross the Cheng Qian, described telecom intelligent card is modified as false information with the user authentication information of storage;
(3) use the described algorithm of step () to authenticate between telecom intelligent card and the terminal;
(4) if authentication is passed through, described smart card reverts to true information with described user authentication information; If authentification failure, then described telecom intelligent card keeps current false information.
Adopt said method, telecommunication intelligent all once authenticates with terminal after being stuck in and resetting at every turn, smart card is with the user authentication information notice terminal of falseness if authentication is not passed through, cause terminal to register at communication network, thereby make unwarranted portable terminal can't use this telecom intelligent card, can prevent effectively that portable terminal from using the telecom intelligent card of wireless business phone, Public CDMA WLL to cause can't to manage and the problem of the loss of telephone expenses.
As preferred version, step in the said method (three) is specially as shown in Figure 2:
(A) telecom intelligent card sends data to terminal;
(B) described telecom intelligent card and described terminal use the described algorithm of step () that described data are calculated respectively; Only need in licensing the terminal of this telecom intelligent card, to be preset with identical algorithm, be not provided with this algorithm in the regular handset, just can easily reach the effect of authentication;
(C) described terminal sends to described telecom intelligent card with result of calculation;
(D) described telecom intelligent card compares authentication with the result of calculation of described telecom intelligent card and the result of calculation of described terminal.
Below in conjunction with example the preferred embodiment of the present invention is described further:
Example 1: with the Public CDMA WLL is example, and processing method of the present invention is as follows:
At first, identifying algorithm is stored on the smart card, and in Public CDMA WLL, also stores identical identifying algorithm;
1, after telecommunication intelligent is stuck in and resets, carry out network authentication and cross the Cheng Qian, (at present user authentication information only comprises: international mobile subscriber identifier International Mobile Subscribler Identity is called for short IMSI, subscriber authentication key KeyInformation and is called for short KI will to carry out the user authentication information of network authentication, the new user authentication information of increase when 3G) is revised as false information, revise user authentication information and can change one of them, preferable, be to change all user authentication informations;
2, telecom intelligent card sends tagged word, random number and master key by the Getinput instruction to terminal;
3, after terminal is received the data of telecom intelligent card transmission, master key is disperseed to obtain distributed key with random number, with this distributed key random number is carried out 3DES and encrypt, after the enciphered data that obtains is added tagged word, return to smart card by Terminal Response instruction; The concrete computational methods of this step include but not limited to this example;
When 4, terminal was calculated, telecom intelligent card also carried out same algorithm computation;
5, telecom intelligent card compares self result calculated with the result that terminal is returned: if two results are consistent, then revise user authentication information (IMSI, KI) once more, these information are revised as true information, step finishes; If more inconsistent, step finishes;
According to existing method for network authorization, the authentication result between terminal and the telecom intelligent card can influence the registering result that telecommunication intelligent is stuck in network management device.If terminal is to authorize the wireless business terminal that can use this intelligence telecommunications card, then the authentication between terminal and the telecom intelligent card is passed through before this, the user authentication information that telecom intelligent card carries out network authentication is true information, then telecom intelligent card can be smoothly in the network management device registration, and telecom intelligent card can land network and normally use.If terminal is a regular handset, the authentification failure between terminal and the telecom intelligent card before this then, the user authentication information that telecom intelligent card carries out network authentication is a false information, then telecom intelligent card can't be registered at network management device, can't use by logging in network.So can prevent unwarranted terminal use telecom intelligent card.
Example 2: with the wireless business phone is example, and processing method of the present invention is as follows:
At first, be stored in smart card on identifying algorithm user's authentication information and in the wireless business phone, also store identical algorithm;
1, after telecommunication intelligent is stuck in and resets, carry out network authentication and cross the Cheng Qian, the user authentication information (international mobile subscriber identifier International Mobile SubscriblerIdentity, subscriber authentication key KI) that will carry out network authentication is revised as false information;
2, smart card sends expressly and key to terminal by the Getinkey instruction;
3, after terminal is received the data that smart card transmits, to expressly carrying out the HASH algorithm, and use key that the result of HASH algorithm is carried out des encryption, after the enciphered data that obtains is added expressly, return to smart card by Terminal Response instruction; The concrete computational methods of this step include but not limited to this example;
When 4, terminal was calculated, smart card also carried out same algorithm computation;
5, smart card compares self result calculated with the result that terminal is returned: if two results are consistent, then revise user authentication information (IMSI, KI) once more, these information are revised as true information, step finishes; If more inconsistent, do not carry out retouching operation;
According to existing method for network authorization, the authentication result between terminal and the telecom intelligent card can influence the registering result that telecommunication intelligent is stuck in network management device.If terminal is to authorize the wireless business terminal that can use this intelligence telecommunications card, then the authentication between terminal and the telecom intelligent card is passed through before this, the user authentication information that telecom intelligent card carries out network authentication is true information, then telecom intelligent card can be smoothly in the network management device registration, and telecom intelligent card can land network and normally use.If terminal is a regular handset, the authentification failure between terminal and the telecom intelligent card before this then, the user authentication information that telecom intelligent card carries out network authentication is a false information, then telecom intelligent card can't be registered at network management device, can't use by logging in network.So can prevent unwarranted terminal use telecom intelligent card.