KR20170092372A - Method for encrypting packet using usim in internet network - Google Patents
Method for encrypting packet using usim in internet network Download PDFInfo
- Publication number
- KR20170092372A KR20170092372A KR1020160013624A KR20160013624A KR20170092372A KR 20170092372 A KR20170092372 A KR 20170092372A KR 1020160013624 A KR1020160013624 A KR 1020160013624A KR 20160013624 A KR20160013624 A KR 20160013624A KR 20170092372 A KR20170092372 A KR 20170092372A
- Authority
- KR
- South Korea
- Prior art keywords
- encryption
- imsi
- key
- authentication
- sim
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
The present invention is an invention applying a SIM card authentication technique in a mobile communication network to packet encryption in the Internet network, and it is an invention of a fluid symmetric key encryption scheme.
The SIM (Subscriber Identification Module) in the mobile communication network can be regarded as a microcomputer in which various information such as an authentication key and an IMSI for using a mobile communication service are stored. Therefore, data can be exchanged with each other.
First, IMSI is an abbreviation of International Mobile Subscriber Identity. IMSI is stored in a SIM card and generally can not be changed. IMSI values of all SIM cards in the world are not overlapped.
In the IMSI, the MCC (Mobile Country Code) field is defined as 3 Digits, one for each country in the world, and is generally not correlated with the Country Code used in international calls. Therefore, the MCC of the IMSI allows the user to know which country the SIM is used in.
The IMSI has a field defined by 2 to 3 digits called MNC (Mobile Network Code) and is used to identify MNO (Mobile Network Operator) of the corresponding country.
02: KT for GSM roaming
The last element of the IMSI, MSIN stands for Mobile Subscriber Identification Number, which is a value used to identify a user.
The terminal authentication and the SIM authentication procedure when the power of the ME equipped with the SIM in the GSM network is turned on will be described below.
If the ME is booted when the power of the ME is first turned on, the ME performs an initial RESET process to transmit and receive data to and from the SIM, and then the ME is ready to communicate with the SIM. After that, the ME requests location registration to the mobile communication network. In order to inform the mobile communication network of the user, the ME requests the location registration using the IMSI read from the SIM
As mentioned earlier, the IMSI is a value assigned to each mobile user, and is unique worldwide and not a duplicate. However, since IMSI can be inquired and changed through SIM Reader / Writer, it can not be confirmed on the mobile communication network whether or not the corresponding customer is a normal customer only by IMSI.
On the other hand, in the mobile communication network, the authentication key stored in the SIM and the authentication center (AuC) of the mobile communication provider is produced / operated in a thorough security, and the authentication key stored in the produced SIM can not be read by the SIM reader / writer It is stored in the security zone of the SIM, and confirms whether or not the SIM is settled by confirming the authentication key. This process is called SIM authentication, and detailed explanation about SIM authentication is as follows.
Referring to FIG. 2, when the ME equipped with the SIM is powered on, the ME initiates communication with the SIM, and communication between the ME and the SIM becomes possible. The ME then requests the SIM to request IMSI to request location registration to the mobile communication network. The SIM reads the IMSI stored therein and transmits it to the ME in response. The ME requests location registration to the MSC (mobile switching center) through the BTS (base station) / BSC (base station control) using the received IMSI.
Since the MSC can not determine whether the customer is normal or not, the MSC transmits an authentication information request to an authentication center (AuC) that holds authentication key information for the corresponding IMSI for SIM authentication.
The authentication center extracts an authentication key matched to the IMSI using the IMSI included in the authentication information request received from the MSC, and generates an arbitrary random number (RAND). The authentication center generates an authentication result (RES) by driving the authentication algorithm with the authentication key and the random number as inputs, and transmits the authentication result (RES) and the random number (RAND) in response to the authentication information request to the MSC.
The MSC carries out authentication for the SIM, including a received random number (RAND), and transmits a request for authentication information to the ME. Upon receiving the authentication information request, the ME sends the received random number (RAND) to the SIM, requesting the authentication information.
The SIM generates an authentication result (RES) by driving the authentication algorithm using the authentication key stored in the security area of the received RAND and SIM, and transfers the authentication result to the ME. In response to the authentication information request, the ME transmits the RES received from the SIM to the MSC. The MSC checks whether the authentication result (RES) value received from the AuC is the same as the authentication result (RES) received from the SIM. If it is the same, the MSC recognizes that the same authentication key is used and handles authentication of the SIM.
With the widespread use of the Internet and smart phones, people have come to use the Internet very easily. A representative web service of the Internet service is communication between a web browser installed on a PC or a smart phone and a web server constructed by a web service provider.
The web browser and the web server are interworked with the Internet. In the process of joining / logging in for using the web service, the personal information of the user and the ID / PWD are exposed by the peepers of the Internet network In order to secure this, encryption technologies such as SSL have been developed. Most of these technologies have a problem that encryption can be easily released due to the structural security weakness of the Internet network.
SSL is the asymmetric encryption method using the private key and the public key through the 3WAY handshake process, which is the most used technology for securing the internet network. Since SSL technology such as SSL STRIP can easily be disabled, a new technology to replace SSL It is necessary situation.
The present invention provides a packet encryption method in an Internet network using a mobile communication USIM.
According to an aspect of the present invention, there is provided an encryption / decryption method including a step of providing the same encryption key in real time on both ends of a transmission / reception in a symmetric key encryption scheme.
According to the present invention, a symmetric key encryption method using a mobile communication SIM card authentication technique changes a symmetric key every time. Therefore, a problem caused by leakage of an encryption key (same as a decryption key), which is the biggest problem of a symmetric key encryption method, It does not occur at all.
1 is a diagram showing a structure of an IMSI.
2 is a view showing a SIM authentication process.
3 is a diagram for explaining an encryption / decryption method according to an embodiment of the present invention.
4 is a diagram for explaining an application example of the present invention.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. Like reference numerals are used for like elements in describing each drawing.
Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings.
The definition of encryption is called decryption, in which a plaintext is encoded so that a third party can not read it except for an authorized person, and a ciphertext is referred to as encryption and a cipher text is decrypted as a plaintext. Generally, a secret key is used for encryption and decryption. In the encryption and decryption, a method using the same key is called a symmetric key encryption method, and a method using two different keys is called an asymmetric key encryption method
In the symmetric key scheme, since the encryption key and the decryption key are the same, there is a problem that the security is released 100% when the encryption key is leaked, and a technique of dynamically allocating the encryption key is needed.
The present invention is a symmetric key encryption method using a mobile communication SIM card authentication technique. Since the symmetric key is changed every time, there is no problem caused by leakage of an encryption key (same as a decryption key) which is the biggest problem of the symmetric key encryption method .
That is, in the symmetric key cryptosystem, it can be summarized as a technique of providing the same encryption key in real time to both ends of transmission and reception.
Referring to FIG. 3, when an APP (e.g., Internet browser) installed in the mobile terminal ME is operated, the APP requests the SIM to send an IMSI and transmits the received IMSI in response to the Internet service provider server (e.g., if it is http, insert it in the http header). The Internet service providing server transmits the IMSI while requesting the encryption key to the security gateway server. Since the security gateway server sees the IMSI and can identify the carrier, it requests authentication information from the carrier's AuC corresponding to the IMSI. The AuC of the communication company transmits the random number (RAND) and the authentication result 1 (RES1) to the security gateway server in response to the authentication information request.
The security gateway server transmits the received authentication result 1 (RES1) and the random number (RAND) to the Internet service provider. The Internet service provider encrypts / decrypts the received authentication result 1 (RES1) Key, and transmits the RAND to the mobile terminal. The mobile station transmits a random number (RAND) received by the SIM when receiving a random number (RAND), and the SIM generates an authentication result 2 (RES2) and transmits it to the mobile terminal. The APP temporarily stores the authentication result 2 (RES) received from the SIM as an encryption / decryption key in communication with the Internet service server. If the RES2 temporarily stored by the APP of the mobile terminal and the RES1 stored in the Internet providing server are equal to each other, encryption / decryption is normally performed and the service is provided. If RES1 and RES2 are different from each other, decryption is not performed and the service is not provided .
As for the application example of the present invention (FIG. 4), regarding the Internet bank which has recently been approved for business in the domestic market, in the case of user authentication for the bank transaction in the Internet network, Since the user's information is encrypted and transmitted in a virtually impossible way during the membership subscription process and the service using process, the security vulnerability of the Internet network can be solved and authentication of the user's SIM card is performed. Illegal subscription due to spyware, SMS phishing, etc. can be prevented.
The above-described technical features may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.
As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains. Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .
Claims (1)
/ RTI >
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160013624A KR20170092372A (en) | 2016-02-03 | 2016-02-03 | Method for encrypting packet using usim in internet network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160013624A KR20170092372A (en) | 2016-02-03 | 2016-02-03 | Method for encrypting packet using usim in internet network |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170092372A true KR20170092372A (en) | 2017-08-11 |
Family
ID=59651392
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160013624A KR20170092372A (en) | 2016-02-03 | 2016-02-03 | Method for encrypting packet using usim in internet network |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170092372A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116436703A (en) * | 2023-06-13 | 2023-07-14 | 广东电网有限责任公司 | Financial privacy data management method and system based on smart grid |
-
2016
- 2016-02-03 KR KR1020160013624A patent/KR20170092372A/en unknown
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116436703A (en) * | 2023-06-13 | 2023-07-14 | 广东电网有限责任公司 | Financial privacy data management method and system based on smart grid |
CN116436703B (en) * | 2023-06-13 | 2023-09-19 | 广东电网有限责任公司 | Financial privacy data management method and system based on smart grid |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4898427B2 (en) | Mutual authentication method and software program in communication network | |
US7565142B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
US9768961B2 (en) | Encrypted indentifiers in a wireless communication system | |
FI115098B (en) | Authentication in data communication | |
JP4689830B2 (en) | Application registration method, apparatus, wireless apparatus and home system for wireless system | |
JP4263384B2 (en) | Improved method for authentication of user subscription identification module | |
Brown | Techniques for privacy and authentication in personal communication systems | |
JP7139420B2 (en) | Method for transmitting an encrypted subscription identifier stored in a security element to a physical or virtual element of a telecommunications network, the corresponding security element, the physical or virtual element and a terminal cooperating with this security element | |
US20060141987A1 (en) | Identification of a terminal with a server | |
US11778460B2 (en) | Device and method for authenticating transport layer security communications | |
CN103329501A (en) | Method for managing content on a secure element connected to an equipment | |
EP2817987B1 (en) | Mobile communication using reconfigurable user identification module | |
WO2005112344A2 (en) | Method of providing a signing key for digitally signing verifying or encrypting data and mobile terminal | |
KR20140098872A (en) | security system and method using trusted service manager and biometric for web service of mobile nfc device | |
JP2015532809A (en) | Smart card initial personalization with local key generation | |
KR101281099B1 (en) | An Authentication method for preventing damages from lost and stolen smart phones | |
ES2786261T3 (en) | Method for an improved installation of a service application related to a secure item on a secure item found in a communication device, system and telecommunications network for an improved installation of a service application related to a secure item on an item secure found on a communication device, program that includes computer-readable program code, and computer program product | |
CN101483870A (en) | Cross-platform mobile communication security system implementing method | |
CN106302698B (en) | The method and system of order business | |
Vahidian | Evolution of the SIM to eSIM | |
KR20170070379A (en) | cryptograpic communication method and system based on USIM card of mobile device | |
KR20170092372A (en) | Method for encrypting packet using usim in internet network | |
KR101329789B1 (en) | Encryption Method of Database of Mobile Communication Device | |
KR100330418B1 (en) | Authentication Method in Mobile Communication Environment | |
Pradhan et al. | Secure protocol for subscriber identity module |