CN205864753U - A kind of encryption guard system of terminal unit - Google Patents
A kind of encryption guard system of terminal unit Download PDFInfo
- Publication number
- CN205864753U CN205864753U CN201620605572.7U CN201620605572U CN205864753U CN 205864753 U CN205864753 U CN 205864753U CN 201620605572 U CN201620605572 U CN 201620605572U CN 205864753 U CN205864753 U CN 205864753U
- Authority
- CN
- China
- Prior art keywords
- terminal unit
- sim
- information
- gps information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
This utility model provides the encryption guard system of a kind of terminal unit, including: terminal unit, certificate server and the network equipment;The described network equipment obtains the SIM ciphering sequence information of described terminal unit to be certified, and judge whether the SIM ciphering sequence information obtained has stored in its internal memory, if, then described SIM ciphering sequence information is sent to certificate server by the network equipment, the GPS information corresponding to described SIM ciphering sequence information is obtained from certificate server, and the GPS information when aforementioned terminal unit is compared with the GPS information that certificate server returns, if it is identical, then by described terminal equipment access network, thus realize combining SIM card information and the GPS information of terminal unit, strengthen the preventing mechanism of terminal unit, prevent terminal unit stolen, or SIM is replicated, the information loss that the possible situation such as transplanting causes.
Description
Technical field
This utility model relates to field of information security technology, and the encryption protection of a kind of terminal unit is
System.
Background technology
Wireless terminal device network insertion in the market relies on equipment of the core network certification, and equipment reads SIM after running
Card information, then connects equipment of the core network and is authenticated registration, and after succeeding in registration, equipment proceeds by business transmission.
If current way equipment is stolen, the equipment replacement place being stolen restarts, and equipment equally registers net
Network;If current device is replicated SIM by people, utilize the SIM replicated equally to be registered to network, invade wireless network,
Terminal device information the most of the prior art cannot well be protected, and there is certain potential safety hazard.
Therefore, prior art awaits further improving.
Summary of the invention
In view of above-mentioned weak point of the prior art, the purpose of this utility model is that providing the user a kind of terminal sets
Standby encryption guard system, overcomes terminal unit in prior art to be prone to be broken into, and in terminal unit, the information of storage exists one
Determine the defect of potential safety hazard.
The technical scheme that this utility model solution technical problem is used is as follows:
A kind of encryption guard system of terminal unit, wherein, including: terminal unit, certificate server and the network equipment;
Described terminal unit includes:
For the SIM card information of terminal unit is encrypted according to predetermined cryptographic algorithm, the SIM generated after being encrypted
The SIM card information encrypting module of card encryption sequence code and for accessing the wireless module of wireless network;
Described certificate server includes: for storing SIM ciphering sequence information and the storage of GPS information of terminal unit
Module;
The described network equipment includes:
For judging that the SIM ciphering sequence information asking registering terminal equipment has prestored in the network device
SIM card information correction verification module;
For obtaining the GPS information of its storage from certificate server side, obtain its current GPS letter from terminal unit side simultaneously
Breath, and by the GPS information stored and current GPS information phase comparison, it may be judged whether consistent GPS information correction verification module;
Described terminal unit, after SIM ciphering sequence information and GPS information certification, completes registration, and access network sets
The standby wireless network set up.
The encryption guard system of described terminal unit, wherein, described terminal unit also includes:
Local password authentication module, is used for storing local log-on password, and judges that this locality that user inputs logs in password and is
No consistent with the local log-on password of storage, if unanimously, then local log-on success.
The encryption guard system of described terminal unit, wherein, described terminal unit also includes:
FWSM, for when authentification of message module authentication is by before, and equipment of closing a terminal receives the network equipment and leads to
The upstream Interface of letter data, forbids that terminal unit accesses wireless network;After authentification of message module authentication is passed through, open terminal and set
The standby upstream Interface receiving network device communications data, it is achieved access wireless network.
The encryption guard system of described terminal unit, wherein, described terminal unit also includes:
GPS information acquiring unit, is used for the GPS chip utilizing terminal unit built-in, obtains the current institute of described terminal unit
GPS information in position.
The encryption guard system of described terminal unit, wherein, the described network equipment also includes:
SIM card information correction verification module, for obtaining the SIM card information of terminal unit, and judges described SIM the most
Storage or registration.
The encryption guard system of described terminal unit, wherein, described wireless network is WIFI wireless network or TD-LTE
Wireless network.
Beneficial effect, this utility model provides the encryption guard system of a kind of terminal unit, including: terminal unit, recognizes
Card server and the network equipment;The described network equipment obtains the SIM ciphering sequence information of described terminal unit to be certified, and judges
Whether the SIM ciphering sequence information obtained has stored in its internal memory, the most then the network equipment is by described SIM ciphering sequence
Information is sent to certificate server, obtains the GPS information corresponding to described SIM ciphering sequence information from certificate server, and will
When the GPS information of aforementioned terminal unit is compared with the GPS information that certificate server returns, if identical, then by described terminal
Equipment access network, thus realize combining SIM card information and the GPS information of terminal unit, strengthen the protection of terminal unit
Mechanism, prevents terminal unit stolen or SIM is replicated, transplanting etc. may the information loss that causes of situation.
Accompanying drawing explanation
Fig. 1 is the structure principle chart of the encryption guard system of a kind of terminal unit of the present utility model.
Fig. 2 is the structural representation of the specific embodiment of the encryption guard system of a kind of terminal unit of the present utility model.
Detailed description of the invention
For making the purpose of this utility model, technical scheme and advantage clearer, clear and definite, develop simultaneously enforcement referring to the drawings
This utility model is further described by example.Should be appreciated that specific embodiment described herein is used only for explaining this reality
With novel, it is not used to limit this utility model.
This utility model provides the encryption guard system of a kind of terminal unit, as it is shown in figure 1, described system includes: eventually
End equipment 1, certificate server 2 and the network equipment 3;
Described terminal unit 1 includes:
For the SIM card information of terminal unit is encrypted according to predetermined cryptographic algorithm, the SIM generated after being encrypted
The SIM card information encrypting module 11 of card encryption sequence code and for accessing the wireless module 12 of wireless network;Described wireless network
For WIFI wireless network or TD-LTE wireless network.
Described certificate server includes 2: for storing the SIM ciphering sequence information of terminal unit and depositing of GPS information
Storage module 21;
The described network equipment 3 includes:
For judging that the SIM ciphering sequence information asking registering terminal equipment has prestored in the network device
SIM card information correction verification module 31;
For obtaining the GPS information of its storage from certificate server 2 side, obtain its current GPS from terminal unit 1 side simultaneously
Information, and by the GPS information stored and current GPS information phase comparison, it may be judged whether consistent GPS information correction verification module 32;
Described terminal unit 1, after SIM ciphering sequence information and GPS information certification, completes registration, and access network sets
Standby 3 wireless networks set up.
In conjunction with Fig. 1 and Fig. 2, said system is described in detail:
At every station terminal equipment in a pre-installation, the equipment manager of user encryption software is used to set on the terminal device
The information of the standby SIM used, including IMSI number, KI value, OPC information, is compiled as an independent data file, then makes
With md5 encryption algorithm to data file encryption, the SIM ciphering sequence information that the MD5 value that encryption generates configures as equipment.If
During standby installation and debugging, ciphering sequence code is configured into equipment at equipment manager scene.
It is envisioned that when carrying out the encryption of SIM card information, can select multiple encryption algorithms that it is added
Close, or select two kinds or more of AES that SIM card information is encrypted, it is ensured that the SIM ciphering sequence letter obtained
The uniqueness of breath, thus prevent the stolen possibility of information.
After the network equipment receives the authentication registration solicited message of terminal equipment access network, then obtain this transmission request
The SIM ciphering sequence information of information terminal apparatus, and the SIM ciphering sequence information got was protected before the network equipment
The SIM ciphering sequence information phase comparison deposited, it is judged that whether the SIM ciphering sequence information sending requesting terminal equipment is saved in
In its internal memory, the most then illustrate that this terminal unit is legitimate device, then agree to that this terminal unit is registered.
After the terminal unit judging to send authentication registration request is legitimate device, in addition it is also necessary to described terminal unit
Whether position changes judges, concrete, first stores the GPS information of legal terminal equipment in certificate server,
When needing the GPS information of terminal unit is authenticated, then obtain the GPS information that terminal unit is current, by current GPS letter
The GPS information phase comparison that breath is previously stored in certificate server, if identical, then illustrates the position of this legal terminal equipment not
Change, this terminal equipment access network otherwise can be forbidden its access network.
It is envisioned that described network can be cable network or wireless network, it is preferred that in the present embodiment,
Select to use wireless network to connect to network, due to terminal unit shift position its still can be with access network, therefore this practicality is newly
Type is particularly suited for protecting the safety of terminal unit in wireless network.
It is also preferred that the left in order to realize protection effect more preferable to terminal unit, also include in described terminal unit:
Local password authentication module, is used for storing local log-on password, and judges that this locality that user inputs logs in password and is
No consistent with the local log-on password of storage, if unanimously, then local log-on success.
Being provided with the certification of one local log-on password in terminal unit, the use for equipment has safely provided first
Defence line, sequentially passes through the verification verification of SIM ciphering sequence information and GPS information the most again, thus realizes terminal unit and access
Network needs, through above-mentioned three lines of defence, to improve the safety of terminal device information access network.
In order to realize after terminal unit succeeds in registration in the wireless network, before not carrying out GPS information verification, it is impossible to
Accessing wireless network, described terminal unit also includes:
FWSM, for when authentification of message module authentication is by before, and equipment of closing a terminal receives the network equipment and leads to
The upstream Interface of letter data, forbids that terminal unit accesses wireless network;After authentification of message module authentication is passed through, open terminal and set
The standby upstream Interface receiving network device communications data, it is achieved access wireless network.
In a particular embodiment, described FWSM, it is arranged on the wireless uplink interface of terminal unit, is used for controlling
Information transmission between terminal unit processed and wireless network.
In order to realize obtaining faster the GPS information of terminal unit, described terminal unit also includes:
GPS information acquiring unit, is used for the GPS chip utilizing terminal unit built-in, obtains the current institute of described terminal unit
GPS information in position.
It is also preferred that the left in order to realize quickly being identified the most stolen of terminal unit, the described network equipment also includes:
SIM card information correction verification module, for obtaining the SIM card information of terminal unit, and judges described SIM the most
Storage or registration.
The encryption guard system of disclosed a kind of terminal unit described in the utility model, this utility model utilizes SIM to believe
Breath, GPS position information and terminal unit local log-on encrypted message associated wireless network core net equipment and backstage protection certification
Server forms a set of comprehensive encryption preventing mechanism, can effectively prevent wireless terminal device stolen or SIM is replicated,
Transplant, be then utilized to carry out Web Grafiti intrusion.
Use the said system of offer described in the utility model, when the SIM of terminal unit is replicated or is transplanted to additionally
The equipment of one same encryption mechanism, owing to SIM ciphering sequence information cannot be verified by this locality, equipment cannot register net
Network, or when SIM is replicated or is transplanted to the other equipment not having encryption mechanism, due to SIM ciphering sequence information
Cannot verify and be verified by core net, equipment cannot registered network, or be stolen when equipment, be arranged on other positions, due to
Equipment GPS verification cannot pass through, equipment cannot access network, therefore can obtain good message protection effect.
The function encrypting the comprised module of guard system disclosed in this utility model all can be achieved by the prior art, than
: as described in memory module can by be built in system storage chip realize, described SIM card information correction verification module, Ke Yitong
Crossing a control chip to realize, the network equipment is also the nucleus equipment of wireless network, and this utility model only protects described terminal to set
The architectural feature of standby encryption guard system.
Beneficial effect, this utility model provides the encryption guard system of a kind of terminal unit, waits to recognize by working as to receive
When demonstrate,proving the application for registration of terminal unit, the network equipment obtains the SIM ciphering sequence information of described terminal unit to be certified, and judges
Whether the SIM ciphering sequence information obtained has stored in its internal memory, the most then the network equipment is by described SIM ciphering sequence
Information is sent to certificate server, obtains the GPS information corresponding to described SIM ciphering sequence information from certificate server, and will
When the GPS information of aforementioned terminal unit is compared with the GPS information that certificate server returns, if identical, then by described terminal
Equipment access network, thus realize combining SIM card information and the GPS information of terminal unit, strengthen the protection of terminal unit
Mechanism, prevents terminal unit stolen or SIM is replicated, transplanting etc. may the information loss that causes of situation.
It is understood that for those of ordinary skills, can according to the technical solution of the utility model and
Its utility model conceives in addition equivalent or change, and all these change or replace all should belong to appended by this utility model
Scope of the claims.
Claims (6)
1. the encryption guard system of a terminal unit, it is characterised in that including: terminal unit, certificate server and network set
Standby;
Described terminal unit includes:
For being encrypted the SIM card information of terminal unit according to predetermined cryptographic algorithm, the SIM generated after being encrypted adds
The SIM card information encrypting module of close sequence code and for accessing the wireless module of wireless network;
Described certificate server includes: for storing SIM ciphering sequence information and the storage mould of GPS information of terminal unit
Block;
The described network equipment includes:
For judging that the SIM ciphering sequence information asking registering terminal equipment has prestored in the network device
SIM card information correction verification module;
For obtaining the GPS information of its storage from certificate server side, obtain its current GPS information from terminal unit side simultaneously,
And by the GPS information stored and current GPS information phase comparison, it may be judged whether consistent GPS information correction verification module;
Described terminal unit, after SIM ciphering sequence information and GPS information certification, completes registration, access network device group
The wireless network built.
The encryption guard system of terminal unit the most according to claim 1, it is characterised in that described terminal unit also includes:
Local password authentication module, is used for storing local log-on password, and judge this locality that user inputs log in password whether with
The local log-on password of storage is consistent, if unanimously, then and local log-on success.
The encryption guard system of terminal unit the most according to claim 2, it is characterised in that described terminal unit also includes:
FWSM, for when authentification of message module authentication is by before, and equipment of closing a terminal receives network device communications number
According to upstream Interface, forbid terminal unit access wireless network;After authentification of message module authentication is passed through, opening terminal apparatus connects
Receive the upstream Interface of network device communications data, it is achieved access wireless network.
The encryption guard system of terminal unit the most according to claim 2, it is characterised in that described terminal unit also includes:
GPS information acquiring unit, is used for the GPS chip utilizing terminal unit built-in, obtains described terminal unit and be currently located position
The GPS information put.
The encryption guard system of terminal unit the most according to claim 1, it is characterised in that the described network equipment also includes:
SIM card information correction verification module, for obtaining the SIM card information of terminal unit, and judges that described SIM is the most stored
Or registration.
6. according to the encryption guard system of the arbitrary described terminal unit of claim 1-5, it is characterised in that described wireless network is
WIFI wireless network or TD-LTE wireless network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201620605572.7U CN205864753U (en) | 2016-06-21 | 2016-06-21 | A kind of encryption guard system of terminal unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201620605572.7U CN205864753U (en) | 2016-06-21 | 2016-06-21 | A kind of encryption guard system of terminal unit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN205864753U true CN205864753U (en) | 2017-01-04 |
Family
ID=57636402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201620605572.7U Active CN205864753U (en) | 2016-06-21 | 2016-06-21 | A kind of encryption guard system of terminal unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN205864753U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106162630A (en) * | 2016-06-21 | 2016-11-23 | 贵州电网有限责任公司电力调度控制中心 | The encryption guard system of a kind of terminal unit and method |
-
2016
- 2016-06-21 CN CN201620605572.7U patent/CN205864753U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106162630A (en) * | 2016-06-21 | 2016-11-23 | 贵州电网有限责任公司电力调度控制中心 | The encryption guard system of a kind of terminal unit and method |
| CN106162630B (en) * | 2016-06-21 | 2023-03-10 | 贵州电网有限责任公司电力调度控制中心 | Encryption protection method for terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107770182B (en) | Data storage method of home gateway and home gateway | |
| US10462667B2 (en) | Method of providing mobile communication provider information and device for performing the same | |
| EP3099090B1 (en) | Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media | |
| CN101378582B (en) | User recognizing module, authentication center, authentication method and system | |
| CN101437067B (en) | Mobile terminal and method for implementing network and card locking | |
| CN102833712A (en) | Method, device, server and system for preventing information leakage and equipment | |
| CN101986598B (en) | Authentication method, server and system | |
| CN104185179A (en) | Control apparatus and method for subscriber identity module, and subscriber identity module | |
| CN103974248A (en) | Terminal security protection method, device and system in ability open system | |
| WO2018010480A1 (en) | Network locking method for esim card, terminal, and network locking authentication server | |
| CN104767713A (en) | Account binding method, server and account binding system | |
| CN102833066A (en) | Three-party authentication method and device as well as intelligent card supporting two-way authentication | |
| CN105813072A (en) | Terminal authentication method, system and cloud server | |
| CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
| CN101841814B (en) | Terminal authentication method and system | |
| CN101990201B (en) | Method, system and device for generating general bootstrapping architecture (GBA) secret key | |
| CN105763517A (en) | Router security access and control method and system | |
| CN106465109A (en) | Cellular network authentication | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN109218334A (en) | Data processing method, device, access control equipment, certificate server and system | |
| EP3673675B1 (en) | Registering user equipment with a visited public land mobile network | |
| EP3518491A1 (en) | Registering or authenticating user equipment to a visited public land mobile network | |
| CN104902480A (en) | Smartphone WIFI grading management method | |
| CN205864753U (en) | A kind of encryption guard system of terminal unit | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210104 Address after: 550000 No. 17 Binhe Road, Nanming District, Guiyang City, Guizhou Province Patentee after: GUIZHOU POWER GRID Corp. Address before: 550002 Jiefang Road, Nanming District, Guiyang, Guizhou Province, No. 32 Patentee before: ELECTRIC POWER SCHEDULING CONTROL CENTER OF GUIZHOU POWER GRID Co.,Ltd. Patentee before: TAIKE COMMUNICATION BRANCH, SHENZHEN SDG INFORMATION Co.,Ltd. |