KR20170092372A - Method for encrypting packet using usim in internet network - Google Patents

Method for encrypting packet using usim in internet network Download PDF

Info

Publication number
KR20170092372A
KR20170092372A KR1020160013624A KR20160013624A KR20170092372A KR 20170092372 A KR20170092372 A KR 20170092372A KR 1020160013624 A KR1020160013624 A KR 1020160013624A KR 20160013624 A KR20160013624 A KR 20160013624A KR 20170092372 A KR20170092372 A KR 20170092372A
Authority
KR
South Korea
Prior art keywords
encryption
imsi
key
authentication
sim
Prior art date
Application number
KR1020160013624A
Other languages
Korean (ko)
Inventor
이승열
Original Assignee
이승열
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이승열 filed Critical 이승열
Priority to KR1020160013624A priority Critical patent/KR20170092372A/en
Publication of KR20170092372A publication Critical patent/KR20170092372A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a flexible symmetric key encryption method as an invention of applying a SIM card authentication technique in a mobile communication network to packet encryption in an internet network. The present invention is provided for a packet encryption method in an internet network by using a mobile communication USIM. An encryption/decryption method according to an embodiment of the present invention to achieve the above-mentioned purpose includes a step of providing the same encryption key for both transmission/reception ends in real time in the symmetric encryption method. According to the present invention, the symmetric key encryption method using a mobile communication SIM card authentication technology prevents problems caused by the leakage of an encryption key (same as a decryption key) which is the biggest problem of the symmetric key encryption method since the symmetric key changes every time. An application requests an IMSI to a SIM when executing the application (for example, internet browser) installed in a mobile terminal (ME) and delivers the IMSI received as a response to an internet service provision server (for example, insertion into an http header in a case of http). The internet service provision server delivers an IMSI while requesting an encryption key to a security gateway server. The security gateway server requests authentication information to the AuC of a communication company corresponding to the IMSI since the communication company can be identified by checking the IMSI. The AuC of the communication company transmits a random number (RAND) and an authentication result 1 (RES1) to the security gateway server in response to the authentication information request.

Description

[0001] METHOD FOR ENCRYPTIONING PACKET USING USIM IN INTERNET NETWORK [0002]

The present invention is an invention applying a SIM card authentication technique in a mobile communication network to packet encryption in the Internet network, and it is an invention of a fluid symmetric key encryption scheme.

The SIM (Subscriber Identification Module) in the mobile communication network can be regarded as a microcomputer in which various information such as an authentication key and an IMSI for using a mobile communication service are stored. Therefore, data can be exchanged with each other.

First, IMSI is an abbreviation of International Mobile Subscriber Identity. IMSI is stored in a SIM card and generally can not be changed. IMSI values of all SIM cards in the world are not overlapped.

In the IMSI, the MCC (Mobile Country Code) field is defined as 3 Digits, one for each country in the world, and is generally not correlated with the Country Code used in international calls. Therefore, the MCC of the IMSI allows the user to know which country the SIM is used in.

division MCC CC Korea 450 82 Japan 440 81 China 460 86

The IMSI has a field defined by 2 to 3 digits called MNC (Mobile Network Code) and is used to identify MNO (Mobile Network Operator) of the corresponding country.

division MCC MNC Remarks Korea KT 450 08 08: For KT WCDMA subscribers
02: KT for GSM roaming Korea SKT 450 05 Japan DoCoMo 440 10 Japan Softbank 440 20

The last element of the IMSI, MSIN stands for Mobile Subscriber Identification Number, which is a value used to identify a user.

The terminal authentication and the SIM authentication procedure when the power of the ME equipped with the SIM in the GSM network is turned on will be described below.

If the ME is booted when the power of the ME is first turned on, the ME performs an initial RESET process to transmit and receive data to and from the SIM, and then the ME is ready to communicate with the SIM. After that, the ME requests location registration to the mobile communication network. In order to inform the mobile communication network of the user, the ME requests the location registration using the IMSI read from the SIM

As mentioned earlier, the IMSI is a value assigned to each mobile user, and is unique worldwide and not a duplicate. However, since IMSI can be inquired and changed through SIM Reader / Writer, it can not be confirmed on the mobile communication network whether or not the corresponding customer is a normal customer only by IMSI.

On the other hand, in the mobile communication network, the authentication key stored in the SIM and the authentication center (AuC) of the mobile communication provider is produced / operated in a thorough security, and the authentication key stored in the produced SIM can not be read by the SIM reader / writer It is stored in the security zone of the SIM, and confirms whether or not the SIM is settled by confirming the authentication key. This process is called SIM authentication, and detailed explanation about SIM authentication is as follows.

Referring to FIG. 2, when the ME equipped with the SIM is powered on, the ME initiates communication with the SIM, and communication between the ME and the SIM becomes possible. The ME then requests the SIM to request IMSI to request location registration to the mobile communication network. The SIM reads the IMSI stored therein and transmits it to the ME in response. The ME requests location registration to the MSC (mobile switching center) through the BTS (base station) / BSC (base station control) using the received IMSI.

Since the MSC can not determine whether the customer is normal or not, the MSC transmits an authentication information request to an authentication center (AuC) that holds authentication key information for the corresponding IMSI for SIM authentication.

The authentication center extracts an authentication key matched to the IMSI using the IMSI included in the authentication information request received from the MSC, and generates an arbitrary random number (RAND). The authentication center generates an authentication result (RES) by driving the authentication algorithm with the authentication key and the random number as inputs, and transmits the authentication result (RES) and the random number (RAND) in response to the authentication information request to the MSC.

The MSC carries out authentication for the SIM, including a received random number (RAND), and transmits a request for authentication information to the ME. Upon receiving the authentication information request, the ME sends the received random number (RAND) to the SIM, requesting the authentication information.

The SIM generates an authentication result (RES) by driving the authentication algorithm using the authentication key stored in the security area of the received RAND and SIM, and transfers the authentication result to the ME. In response to the authentication information request, the ME transmits the RES received from the SIM to the MSC. The MSC checks whether the authentication result (RES) value received from the AuC is the same as the authentication result (RES) received from the SIM. If it is the same, the MSC recognizes that the same authentication key is used and handles authentication of the SIM.

With the widespread use of the Internet and smart phones, people have come to use the Internet very easily. A representative web service of the Internet service is communication between a web browser installed on a PC or a smart phone and a web server constructed by a web service provider.

The web browser and the web server are interworked with the Internet. In the process of joining / logging in for using the web service, the personal information of the user and the ID / PWD are exposed by the peepers of the Internet network In order to secure this, encryption technologies such as SSL have been developed. Most of these technologies have a problem that encryption can be easily released due to the structural security weakness of the Internet network.

SSL is the asymmetric encryption method using the private key and the public key through the 3WAY handshake process, which is the most used technology for securing the internet network. Since SSL technology such as SSL STRIP can easily be disabled, a new technology to replace SSL It is necessary situation.

The present invention provides a packet encryption method in an Internet network using a mobile communication USIM.

According to an aspect of the present invention, there is provided an encryption / decryption method including a step of providing the same encryption key in real time on both ends of a transmission / reception in a symmetric key encryption scheme.

According to the present invention, a symmetric key encryption method using a mobile communication SIM card authentication technique changes a symmetric key every time. Therefore, a problem caused by leakage of an encryption key (same as a decryption key), which is the biggest problem of a symmetric key encryption method, It does not occur at all.

1 is a diagram showing a structure of an IMSI.
2 is a view showing a SIM authentication process.
3 is a diagram for explaining an encryption / decryption method according to an embodiment of the present invention.
4 is a diagram for explaining an application example of the present invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. Like reference numerals are used for like elements in describing each drawing.

Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

The definition of encryption is called decryption, in which a plaintext is encoded so that a third party can not read it except for an authorized person, and a ciphertext is referred to as encryption and a cipher text is decrypted as a plaintext. Generally, a secret key is used for encryption and decryption. In the encryption and decryption, a method using the same key is called a symmetric key encryption method, and a method using two different keys is called an asymmetric key encryption method

In the symmetric key scheme, since the encryption key and the decryption key are the same, there is a problem that the security is released 100% when the encryption key is leaked, and a technique of dynamically allocating the encryption key is needed.

The present invention is a symmetric key encryption method using a mobile communication SIM card authentication technique. Since the symmetric key is changed every time, there is no problem caused by leakage of an encryption key (same as a decryption key) which is the biggest problem of the symmetric key encryption method .

That is, in the symmetric key cryptosystem, it can be summarized as a technique of providing the same encryption key in real time to both ends of transmission and reception.

Referring to FIG. 3, when an APP (e.g., Internet browser) installed in the mobile terminal ME is operated, the APP requests the SIM to send an IMSI and transmits the received IMSI in response to the Internet service provider server (e.g., if it is http, insert it in the http header). The Internet service providing server transmits the IMSI while requesting the encryption key to the security gateway server. Since the security gateway server sees the IMSI and can identify the carrier, it requests authentication information from the carrier's AuC corresponding to the IMSI. The AuC of the communication company transmits the random number (RAND) and the authentication result 1 (RES1) to the security gateway server in response to the authentication information request.

The security gateway server transmits the received authentication result 1 (RES1) and the random number (RAND) to the Internet service provider. The Internet service provider encrypts / decrypts the received authentication result 1 (RES1) Key, and transmits the RAND to the mobile terminal. The mobile station transmits a random number (RAND) received by the SIM when receiving a random number (RAND), and the SIM generates an authentication result 2 (RES2) and transmits it to the mobile terminal. The APP temporarily stores the authentication result 2 (RES) received from the SIM as an encryption / decryption key in communication with the Internet service server. If the RES2 temporarily stored by the APP of the mobile terminal and the RES1 stored in the Internet providing server are equal to each other, encryption / decryption is normally performed and the service is provided. If RES1 and RES2 are different from each other, decryption is not performed and the service is not provided .

As for the application example of the present invention (FIG. 4), regarding the Internet bank which has recently been approved for business in the domestic market, in the case of user authentication for the bank transaction in the Internet network, Since the user's information is encrypted and transmitted in a virtually impossible way during the membership subscription process and the service using process, the security vulnerability of the Internet network can be solved and authentication of the user's SIM card is performed. Illegal subscription due to spyware, SMS phishing, etc. can be prevented.

The above-described technical features may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains. Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .

Claims (1)

In the symmetric key cryptosystem, a step of providing the same encryption key in real time on both ends of transmission and reception
/ RTI >
KR1020160013624A 2016-02-03 2016-02-03 Method for encrypting packet using usim in internet network KR20170092372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160013624A KR20170092372A (en) 2016-02-03 2016-02-03 Method for encrypting packet using usim in internet network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160013624A KR20170092372A (en) 2016-02-03 2016-02-03 Method for encrypting packet using usim in internet network

Publications (1)

Publication Number Publication Date
KR20170092372A true KR20170092372A (en) 2017-08-11

Family

ID=59651392

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160013624A KR20170092372A (en) 2016-02-03 2016-02-03 Method for encrypting packet using usim in internet network

Country Status (1)

Country Link
KR (1) KR20170092372A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436703A (en) * 2023-06-13 2023-07-14 广东电网有限责任公司 Financial privacy data management method and system based on smart grid

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436703A (en) * 2023-06-13 2023-07-14 广东电网有限责任公司 Financial privacy data management method and system based on smart grid
CN116436703B (en) * 2023-06-13 2023-09-19 广东电网有限责任公司 Financial privacy data management method and system based on smart grid

Similar Documents

Publication Publication Date Title
JP4898427B2 (en) Mutual authentication method and software program in communication network
US7565142B2 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
US9768961B2 (en) Encrypted indentifiers in a wireless communication system
FI115098B (en) Authentication in data communication
JP4689830B2 (en) Application registration method, apparatus, wireless apparatus and home system for wireless system
JP4263384B2 (en) Improved method for authentication of user subscription identification module
Brown Techniques for privacy and authentication in personal communication systems
JP7139420B2 (en) Method for transmitting an encrypted subscription identifier stored in a security element to a physical or virtual element of a telecommunications network, the corresponding security element, the physical or virtual element and a terminal cooperating with this security element
US20060141987A1 (en) Identification of a terminal with a server
US11778460B2 (en) Device and method for authenticating transport layer security communications
CN103329501A (en) Method for managing content on a secure element connected to an equipment
EP2817987B1 (en) Mobile communication using reconfigurable user identification module
WO2005112344A2 (en) Method of providing a signing key for digitally signing verifying or encrypting data and mobile terminal
KR20140098872A (en) security system and method using trusted service manager and biometric for web service of mobile nfc device
JP2015532809A (en) Smart card initial personalization with local key generation
KR101281099B1 (en) An Authentication method for preventing damages from lost and stolen smart phones
ES2786261T3 (en) Method for an improved installation of a service application related to a secure item on a secure item found in a communication device, system and telecommunications network for an improved installation of a service application related to a secure item on an item secure found on a communication device, program that includes computer-readable program code, and computer program product
CN101483870A (en) Cross-platform mobile communication security system implementing method
CN106302698B (en) The method and system of order business
Vahidian Evolution of the SIM to eSIM
KR20170070379A (en) cryptograpic communication method and system based on USIM card of mobile device
KR20170092372A (en) Method for encrypting packet using usim in internet network
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
KR100330418B1 (en) Authentication Method in Mobile Communication Environment
Pradhan et al. Secure protocol for subscriber identity module