1373951 六、發明說明: 【發明所屬之技術領域】 本案關於一種產生認證密鑰的方法,尤指,一種由行 動電話晶片卡自行產生認證密鑰的方法。 【先前技術】 隨著通訊科技越來越發達,行動電話所帶來的高度便 利性如今已無庸置疑,人們對於行動電話的依賴性也隨之 而迅速增加,行動電話甚至可以說,已經成為現今人類所 不可或缺的生活必需品之一。加上世界經濟日趨國際化, 國際間的商務旅行日趨頻繁,使得國際漫遊已成為商務旅 客連絡公事的重要媒介,更讓世界變得「無國界」。 雖然國際漫遊提供了高度便利性的優點,但其所伴隨 的高額通話費卻是讓人無法忽略。因此,有些人為了降低 其國際漫遊的通話費,甚至在不同的國家申辦當地的行動 電話號碼。雖然這對於需要長期停留於國外的人來說已相 當方便,但對於只是停留3〜5天的觀光客來說,卻是不 切實際。為了因應觀光客這方面的需求,有些國際機場提 供「預付卡」的服務,讓觀光客可以在有限的通話費下使 用。然而,預付卡除了需要花費時間填寫申請表格之外, 個人資料也可能遭到非法濫用。並且當預付卡金額不足 時,便需要加值,但加值後,又有可能使用不完,而有餘 額,造成浪費。此外,當使用者把原本的S I Μ卡從行動 電話中取出,並改以預付卡插入時,則原本的S I Μ卡將 1373951 無法繼續接收到來電或簡訊,而有機會錯失重要的訊息。 因此,預付卡亦相當不便。 為了克服上述問題,美國專利第6,6 2 3,3 0 5 號揭露一種具有雙S I Μ卡槽的行動電話,使用者可以同 時將兩張S I Μ卡放入到同一個行動電話中。然而,以上 述預付卡為例,雖然行動電話中可以同時容納原來的S I Μ卡及新增的預付卡,讓使用者不需要將S I Μ卡取出才 能置入預付卡,但使用時,卻只有其中一張卡能夠通話並 接收來電,兩者無法同時使用。此外,倘若僅為了短暫的 出國旅遊,而特別購買一個具有雙S I Μ卡槽的行動電 話,著實過於浪費且不實用。 有鑑於上述習知技藝的缺失,本案遂而提出一種晶片 卡可以產生認證密鑰的方法,使其具有當地行動電話號 碼,進而達到節省國際漫遊的通話費之目的。 【發明内容】 本發明的主要目的為提供一種晶片卡可以產生認證 密鑰的方法,使其具有當地行動電話號碼,進而節省國際 漫遊的通話費。 為達上述目的,本案提供一種產生認證密鑰的方法, 該認證密鑰用以啟動當地行動電話號碼,包括下列步驟: 提供一晶片卡,該晶片卡具有一第一識別碼資訊及一第二 識別碼資訊;將該第一識別碼資訊提供給一中介平台,該 中介平台儲存有該第二識別碼資訊;將該第一識別碼資訊 1373951 • 加密;將該加密後的第一識別碼資訊傳輸到一當地認證中 心;產生對應於該第一識別碼資訊的一識別檔案;藉由該 當地認證中心將該當地行動電話號碼的一第三識別碼資 訊加密;將該識別檔案及該加密後的第三識別碼資訊傳送 到該中介平台;從該當地認證中心取得一公鑰;利用該公 鑰將該加密後的第三識別碼資訊解密;將該解密後的第三 識別碼資訊及該識別檔案傳輸到該晶片卡;該中介平台與 該晶片卡同時藉由一演算法利用該第二識別碼資訊及該 • 識別榨案進行分散運算來產生該認證密鑰;及藉由該中介 平台將該認證密鑰輸出到該當地認證中心,以啟動該當地 行動電話號碼。 根據本案之構想,該識別檔案包括一分散因子。該分 散因子包括日期、時間、次數、頻率或週期。 根據本案之構想,該第一識別碼資訊及該第三識別碼 資訊包括臨時行動用戶識別碼(T M S I )、國際行動用 戶識別碼(I M S I )、國際行動設備識別碼(I ME I .)、 •使用者身份模組識別碼(U I Μ I D)、電子序號(E S Ν )、或I C卡識別碼(I C C I D)。 根據本案之構想’該晶片卡包括用戶識別模組(S I Μ)卡、通用用戶識別模組(U S I Μ)卡、使用者識別 模組(U I Μ)卡、或可移動使用者識別模組(R U I Μ) 卡。 根據本案之構想,該晶片卡可與用戶識別模組(S I Μ)卡、通用用戶識別模組(U S I Μ)卡、使用者識別 ^73951 ,、且(U I Μ )卡、或可移動使用者識別模組(R u I M ) 卡結合。 根據本案之構想,該識別檔案為一數位簽章。 根據本案之構想,該解密後的第三識別碼資訊及該識 別檔案藉由簡訊、網路、無線傳輸、智慧卡讀卡機、或〇 TA(0ver_the — aii>)的方式從該中介平台 傳輸到該晶片卡。 根據本案之構想,該中介平台及該當地認證中心藉由 RSA、DI FF I E-HELLMAN、ELGAMA L、橢圓曲線密碼、D SA、FORTEZZA、DES、1373951 VI. Description of the invention: [Technical field to which the invention pertains] The present invention relates to a method for generating an authentication key, and more particularly to a method for generating an authentication key by a mobile phone chip card. [Prior Art] With the development of communication technology, the high convenience brought by mobile phones is now unquestionable, and the dependence on mobile phones has increased rapidly. Mobile phones can even be said to be nowadays. One of the essential necessities of human beings. Coupled with the increasing internationalization of the world economy, international business travel has become more frequent, making international roaming an important medium for business travellers to contact the public, and to make the world "no borders." Although international roaming offers the advantage of high convenience, the high cost of the call is not negligible. Therefore, some people even bid for local mobile phone numbers in different countries in order to reduce their international roaming charges. Although this is quite convenient for people who need to stay abroad for a long time, it is unrealistic for tourists who only stay for 3 to 5 days. In order to meet the needs of tourists, some international airports offer “prepaid card” services, allowing tourists to use the limited call charges. However, in addition to the time it takes for the prepaid card to fill out the application form, personal data may be illegally abused. And when the amount of the prepaid card is insufficient, it needs to be added. However, after the added value, it may be used up, but there is a surplus, which is wasteful. In addition, when the user removes the original S I Leica from the mobile phone and inserts it into the prepaid card, the original S I Leica will be unable to continue receiving incoming calls or text messages, and will have the opportunity to miss important messages. Therefore, prepaid cards are also quite inconvenient. In order to overcome the above problems, U.S. Patent No. 6,6 2 3,305 discloses a mobile phone having a dual S I card slot, and the user can simultaneously put two S I cards into the same mobile phone. However, taking the prepaid card as an example, although the mobile phone can accommodate the original SI card and the newly added prepaid card at the same time, the user does not need to take out the SI card to put the prepaid card, but when used, only One of the cards can talk and receive calls, and the two cannot be used at the same time. In addition, it is too wasteful and impractical to purchase a mobile phone with a dual S I card slot for a short trip abroad. In view of the above-mentioned shortcomings of the prior art, the present invention proposes a method for generating an authentication key for a wafer card, so that it has a local mobile phone number, thereby achieving the purpose of saving international roaming call charges. SUMMARY OF THE INVENTION A primary object of the present invention is to provide a method for a wafer card to generate an authentication key, which has a local mobile phone number, thereby saving the cost of international roaming calls. In order to achieve the above object, the present invention provides a method for generating an authentication key, which is used to activate a local mobile phone number, and includes the following steps: providing a chip card having a first identification code information and a second Identification code information; providing the first identification code information to an intermediary platform, the intermediary platform storing the second identification code information; encrypting the first identification code information 1373951; and encrypting the first identification code information Transmitting to a local authentication center; generating an identification file corresponding to the first identification code information; encrypting a third identification code information of the local mobile phone number by the local authentication center; and identifying the identification file and the encrypted file The third identification code information is transmitted to the intermediary platform; a public key is obtained from the local authentication center; the encrypted third identification code information is decrypted by using the public key; and the decrypted third identification code information and the Transmitting an identification file to the chip card; the mediation platform and the chip card simultaneously utilizing the second identification code information and the identification by an algorithm Case dispersed operations to generate the authentication key; and by the intermediary platform outputs the authentication key to the local certification center, to start the local mobile phone number. According to the concept of the present case, the identification file includes a dispersion factor. The disaggregation factor includes date, time, number of times, frequency, or period. According to the concept of the present invention, the first identification code information and the third identification code information include a Temporary Mobile Subscriber Identity (TMSI), an International Mobile Subscriber Identity (IMSI), an International Mobile Equipment Identity (I ME I.), User identity module identification code (UI Μ ID), electronic serial number (ES Ν ), or IC card identification code (ICCID). According to the concept of the present invention, the chip card includes a user identification module (SI Μ) card, a universal user identification module (USI Μ) card, a user identification module (UI Μ) card, or a removable user identification module ( RUI Μ) card. According to the concept of the present case, the chip card can be combined with a user identification module (SI Μ) card, a universal user identification module (USI Μ) card, a user identification ^73951, and a (UI Μ ) card, or a mobile user. Identification module (R u IM ) card combination. According to the concept of the case, the identification file is a digital signature. According to the concept of the present case, the decrypted third identification code information and the identification file are transmitted from the intermediary platform by means of a short message, a network, a wireless transmission, a smart card reader, or a UI (0ver_the — aii>). Go to the wafer card. According to the concept of the case, the intermediary platform and the local certification center are RSA, DI FF I E-HELLMAN, ELGAMA L, elliptic curve cryptography, D SA, FORTEZZA, DES,
TRIPLE DES、AES、RC2、RC4、或 I DEA的方式加密。 本發明另一目的為提供一種中介平台,其提供一晶片 卡用以啟動當地行動電話號碼的一認證密鑰。該中介平台 包括.一處理器,用以取得該晶片卡的一第一識別碼資 訊,並從一當地認證中心取得一公鑰;一記憶體,用以儲 存該晶片卡的一第二識別碼資訊;一加密裝置,用以將該 第一識別碼資訊加密;一傳輸器,用以將該加密後的第一 識別碼資訊傳輸到該當地認證中心;一接收器,用以接收 對應於該第一識別碼資訊並由該當地認證中心所產生的 一識別檔案,及由該當地認證中心所加密的一第三識別碼 資訊;一解密裝置’利用該公鑰將該加密後的第三識別碼 資訊解密;及一計算器,藉由一演算法利用該第二識別碼 資訊及該識別檔案進行分散運算來產生該認證密錄;其中 1373951 • 該傳輸器將該解密後的第三識別碼資訊及該識別檔案傳 輸到該晶片卡,使得該晶片卡也可以藉由該演算法產生該 認證密鑰,並且該傳輸器也將該認證密鑰傳輸到該當地認 證中心,以讓該當地行動電話號碼啟動。 根據本案之構想,該傳輸器藉由簡訊、網路、無線傳 輸、智慧卡讀卡機、或〇TA (ove r — the — a i r)的方式將解密後的第三識別碼資訊及該識別檔案傳輸 到該晶片卡。Encryption of TRIPLE DES, AES, RC2, RC4, or I DEA. Another object of the present invention is to provide an intermediary platform that provides an authentication key for a chip card to activate a local mobile phone number. The mediation platform includes: a processor for obtaining a first identification code information of the chip card, and obtaining a public key from a local authentication center; and a memory for storing a second identification code of the chip card Information, an encryption device for encrypting the first identification code information, a transmitter for transmitting the encrypted first identification code information to the local authentication center, and a receiver for receiving the corresponding information a first identification code information and an identification file generated by the local certification center, and a third identification code information encrypted by the local authentication center; a decryption device 'using the public key to encrypt the third identification Decoding the code information; and a calculator, using the second identification code information and the identification file to perform a decentralized operation to generate the authentication secret record; wherein 1373951 • the transmitter decrypts the decrypted third identification code Transmitting information and the identification file to the wafer card, so that the chip card can also generate the authentication key by the algorithm, and the transmitter also transmits the authentication key to the Certification center, to allow the local mobile phone number to start. According to the concept of the present case, the transmitter transmits the decrypted third identification code information and the identification file by way of SMS, network, wireless transmission, smart card reader, or 〇TA (ove r — the — air). Transfer to the wafer card.
• 根據本案之構想,該加密裝置藉由R S A、D I F F I E — Η E L L MA N、ELGAMAL、橢圓曲線密 碼、DSA、F〇RTEZZA、DES、TRIPLE DES、AES、RC2、RC4、或 IDE A 的方式加 密。 本發明再另一目的為提供一種晶片卡,其具有用以啟 動當地行動電話號碼的一認證密錄。該晶片卡包括:一記 憶體,用以儲存一第一識別碼資訊及一第二識別碼資訊; •一傳輸器,用以將該第一識別碼資訊傳輸到一中介平台, 其中該第一識別碼資訊藉由該中介平台加密並傳輸到一 當地認證中心;一接收器,用以接收對應於該第一識別碼 資訊並由該當地認證中心所產生的一識別檔案,及由該中 介平台利用從該當地認證中心取得的一公鑰所解密的一 第三識別碼資訊,其中該第三識別碼資訊由該當地認證中 心所加密;及一計算器,藉由一演算法利用該第二識別碼 資訊及該識別檔案進行分散運算來產生該認證密鑰,其中 1373951 =地認證中4由該認證密料啟動該當地行動電話 根據本案之構想,該接收器藉由簡訊、網路、益線傳 輸、智.慧卡讀卡機、或〇TA (〇Ver_the — ai r)的方式從該中介平台接收到該第三識別碼資訊及二識 別檔案。 本案得藉由下列圖式與實施例說明,俾得一更清楚之 【實施方式】• According to the concept of the present case, the encryption device is encrypted by means of R S A, D I F F I E — Η E L L MA N, ELGAMAL, elliptic curve password, DSA, F〇RTEZZA, DES, TRIPLE DES, AES, RC2, RC4, or IDE A. It is still another object of the present invention to provide a wafer card having an authentication secret record for initiating a local mobile telephone number. The chip card includes: a memory for storing a first identification code information and a second identification code information; and a transmitter for transmitting the first identification code information to an intermediary platform, wherein the first The identification code information is encrypted by the intermediary platform and transmitted to a local authentication center; a receiver is configured to receive an identification file corresponding to the first identification code information and generated by the local authentication center, and the intermediary platform a third identification code information decrypted by a public key obtained from the local authentication center, wherein the third identification code information is encrypted by the local authentication center; and a calculator that utilizes the second by an algorithm The identification code information and the identification file are distributed to generate the authentication key, wherein 1373951=the local authentication 4 is activated by the authentication secret. According to the concept of the present case, the receiver is provided by the short message, the network, and the benefit The third identification code information and the second identification file are received from the intermediary platform by means of a line transmission, a smart card reader, or a UI (〇Ver_the — ai r). The present invention can be clearly explained by the following figures and examples. [Embodiment]
本案為-種可以讓晶片卡不需要從外部冑入的方式 ▲(例如:網路下載、無線傳輸、内建安裝)便可自行產生 認證密錄的方法。當制者出國時,倘若能夠取得當地的 行動電話號碼,便可於當地以境内通話的方式進行撥打, 進而節省高額的國際漫遊通話#。以下將詳細說明其實現 方法。雖然本實施例將以G s M通訊系統作說明,然,熟 悉此技藝者應知並不限於此,树明亦可應ffi;^、pR S、3 G、CDMA、WCDMA等通訊系統。 首先,請參閱第1圖,其揭示本案晶片卡及中介平台 的主要構成要件(實線框)並示意其所包含的内部資訊/ 疋件(虛線框)。如圖所示,晶片卡i Q包含記憶體工Q 1、計算器1 0 2、傳輸器103、接收器中介 平台20包含處理器2 0 1、加密裝置2〇2、解密裝置 2 0 3、傳輸器204、接收器205、計算器206、 51 記憶體2 〇 7。 在第1圖中,除了揭示本案晶片卡1〇及中介平 往=,/Γ示一當地認證中心3 〇 ’其為使用者所欲前 提=即:當地)的當地認證單位(發卡單位),用來 钕供仃動電話號碼及通訊服務。由於不同的國 的當地認證中心,因此,中介平a 9 η盔ν a 同 心… ,千口20為一個整合各國當 ::中心的平台,讓使用者免除為了申請一個當地行動 電話戒碼所需的繁雜手續與精神耗費。透過中介平二2 〇 ’使用者可於出國前’制簡單的程序 : ,家的當地行動電話號碼,而不需在人生地不:的= 的當地認證中心辦理。—般受限於行動電話號碼 讀(K i )無法透過簡訊、網路下載、無線傳輸、 智慧卡讀卡機、或OTA Uve卜the — a i 的方式進行载人到晶片卡+,使得現行晶4卡無法達到載 入新行動電話號碼的功能。因此’本發明藉由讓晶片卡工 0與中介平台2 G同時自行產生相同的認證密鑰,再由中 介平台2 Q將所產生_證絲2 Q 8以輸出㈣(〇 u t P u t f 1 1 e )的方式傳輸給當地的當地認證中心 3 0來克服此一限制。 以G SΜ通訊系統為例,晶片卡1〇除了可以是一張 用戶識別模組(S ΙΜ)卡’亦可為—張具有用戶識別模 組(S IΜ)的智慧卡’甚至可為_張不具有用戶識別模 組(S ΙΜ)卻可與S ΙΜ卡結合使用的晶片卡。如上所 述,本發明不限於GSMit訊系統,因此,晶片卡丄〇亦 1373951 可為通用用戶識別無組(U s j M)卡使用者識別模組 (U I Μ)卡、或可移動使用者識別模組(r卩I μ)卡。 甚麟可與通用用戶識别模M(us ίΜ)卡、使用者識 別模組(U ΙΜ)卡、或可移動使用者識別模組(RU J M)卡結合。由於晶片卡1〇並不限使用於GSM通訊系 統,亦不限需具有用戶識別模組(s ίΜ),而可與用戶 識別模組(S ΙΜ)卡結合使用,因此,偶若使用者所欲 前往的國家並非使用GSM通訊系統,則晶片卡i 〇可配 合該國的通訊系統做對應的搭配。 其中記憶體1〇1是用來儲存晶片卡i 〇的第一識 別碼資訊1 0 5及第二識別碼資訊工〇 6。第一識別碼資 訊1 0 5包含如臨時行動用戶識別碼(TMS工)、國際 行動用戶識別碼(1 MS I )、國際行動設備識別碼(;"' me I )、使用者身份模組識別碼(u I M【D )、電子序 號(ESN)、或I c卡識別碼(! cc t D)等的資訊。 而第二識別碼資訊106為晶片卡1〇出廠時,所特有的 識別序號,該識別序號是無法經由簡訊、網路 傳輸、智慧卡讀卡機、或〇TA ( 〇 v e r — t h e二: i r )的方式對外進行傳輸或讀取,因此,除了晶片卡i 0本身具有該識別序號之外’只有生產製造晶片^ 中介平台2 0知道該晶片卡丄〇的識別序號。中介平 ”,別序號(第二識別碼資訊工〇 6 )儲存於記^ 乙U 7中。 傳輸器1 0 3是用來將第-識別碼資訊工〇 5傳輸 川951 I平0 20。接收1 〇 4是用來從中介平台2 〇接 十應於第一識別碼資訊1 〇 5並由當地認證中心3 〇 2得的識職案3 0 2 (可為-數位簽#),並接收由 平》3 2 0利用從當地認證中心3 〇取得的公錄3 〇 3所解密的第三識別碼資訊3 〇丄。如同第一識別碼資訊 1 〇 5,第三識別碼資訊3 〇 i包括如臨時行動用戶識別 碼(TMS I )、國際行動用戶識別碼(j Ms j )、國際 行動設備識別碼(IME〗)、使用者身份模組識別碼⑺ ΪΜΙ D)、電子序號(E SN)、或! 識別碼(i c CID)等的資訊。其中接收器1〇4藉由簡訊、網路、 無線傳輸、智慧卡讀卡機、或〇τA的方式從中介平台2 〇的傳輸H 2 0 4接收到第三識別碼資訊3 Q丨及識別 檔案3 0 2。計算H ! 〇 2藉由-演算法第二識別碼 資訊1 Q 6及識別㈣3 0 2進行分散運算來產生認證 密鑰1 0 7。 由於中介平台2 0亦具有第二識別碼資訊i 〇 6,因 此’中介平台20的計算H206可藉由該演算法(相同 於计算器1 0 2的演算法)利用第二識別碼資訊丄〇 6及 識別檔案3 0 2進行分散運算來產生認證密鑰2 〇 8。 處理器2 ◦ 1是用來取得晶片卡工〇的第一識別碼 資訊1 0 5,並從當地認證中心3 〇取得公鑰3 〇 3。加 密裝置202主要藉由RSA、DIFFIe—helL· MAN、ELGAMAL、橢圓曲線密碼、dsa、F〇 RTEZZA、DES、TRIPLE DES、AES、 RC2、RC4、或IDEA的方式將第一識別碼資訊1 0 5加密。在本實施例,加密裝置2 0 2是以DE S的對 稱式加密法進行加密。 傳輸器2 0 4是用來將加密後的第一識別碼資訊1 0 5傳輸到當地認證中心3 〇,並將解密後的第三識別碼 資訊3 0 1及識別檔案3 〇 2傳輸到晶片卡1 〇,使得晶 片卡1 0也可以藉由該演算法產生認證密鑰1 〇 7。此 外’傳輸器2 0 4也負責將認證密鑰2 0 8傳輸到當地認 證中心3 0 ’以啟動該當地行動電話號碼。由於計算器1 0 2及計算器2 0 6經由演算法所產生的認證密鑰1 〇 7及認證密鑰2 0 8相同,因此,當地認證中心3 0僅需 藉由認證密鑰2 0 8來啟動該當地行動電話號碼。 接收器2 0 5是用來接收識別檔案3 0 2及由當地 認證中心3 0所加密的第三識別碼資訊3 0 1。如同加密 裝置2 0 2,當地認證中心30亦可藉由RSA、D I F F I E — HELLMAN、ELGAMAL、橢圓曲線密 碼、DSA、FORTEZZA、DES、TRI PLE DES、AES、RC2、RC4、或IDEA的方式將 第三識別碼資訊3 0 1加密。在本實施例,當地認證中心 3 0是以R S A的非對稱式加密法進行加密。解密裝置2 0 3再利用公鑰3 0 3將加密後的第三識別碼資訊3 0 1解密。計算器20 6藉由一演算法利用解密後的第三識 別碼資訊3 0 1及識別檔案3 0 2來產生認證密鑰2 0 8 〇 1373951 /在簡略介紹晶片卡i Q與中介平台2◦的各個要件 之後,接下來將針對本發明如何產生認證密鑰及晶片卡1 〇 ,中介平台2 Q、當地認證中心3 ◦三者之間的關係做 更詳細的說明。 ^如上所述,本發明的主要目的為提供使用者一個國外 當地的行動電話號碼,以便使用者出國時,可以於當地以 境内通話的方式進行撥打,進而節省高額的國際漫遊通話 費。 原則上,當地認證中心3 〇以S I Μ卡的I M S I 碼、I C C I D碼、Κ I碼做為其認證的依據。其中I μ S I碼及I c C I D碼皆可透過簡訊、網路、無線傳輸、 智慧卡讀卡機、或ΟΤΑ的方式載入到晶片卡中,唯有κ I碼受到此傳輸方式的限制。因此,本發明利用以下方法 來克服此一問題。 請參閱第2Α、2Β圖,其揭示本發明產生認證密输 的方法流程圖。首先,晶片卡1 〇透過傳輸器1 〇 3將第 一識別碼資訊1 〇 5傳輸給中介平台2 0的接收器2 〇 5 (步驟S4 0 1)。接收器2 0 5接收到第一識別碼資 訊1 0 5後,再由加密裝置2 0 2利用RSA、D I FF I Ε—HELLMAN、ELGAMAL、橢圓曲線密 碼、DSA、FORTEZZA、DES、TRi ple DES、AES、RC2、RC4、或 IDEA等的方式 將第一識別碼資訊1 0 5加密(步驟S 4 0 2 )。在本實 施例,加密裝置2 0 2是以D E S的對稱式加密法進行加 1373951 密。加密完成後,傳輸器2 〇 4會連同其加密密鑰將加密 後的第一識別碼資訊1〇 5傳送給當地認證中心3 〇 (步 驟S 4 0 3 )。由於第一識別碼資訊1 〇 5是以對稱式加 密法進行加密’故當地認證中心3 0只要利用傳輸器2 0 4所提供的加密密鑰進行解密即可。當地認證中心3 〇再 根據第一識別碼資訊1 〇 5取得使用者的身分資料及晶 片卡1 0資料。建檔完成後,當地認證中心3 〇再利用r S Α的非對稱式加密法將第一識別碼資訊1 〇 5以一私 錄加密成為識別檔案3 〇 2,以作為當地認證中心3 0未 來認證及辨識的依據(步驟s 4 〇 4)。換句話說,識別 檔案3 0 2為當地認證尹心3 0的一個數位簽章。當使用 者要前往識別檔案3 02的所在國家並提出申請當地行 動電話號碼的要求時,識別檔案3 〇 2會分配一組新的當 地行動電話號碼給使用者’並將該組行動電話號碼的第三 識別碼資訊3 0 1如同識別檔案3 0 2利用R S A以私 鎗加岔(步驟S 4 0 5 )。接下來,加密後的第三識別碼 資訊3 0 1與識別槽案3 0 2以簡訊、網路、無線傳輸、 智慧卡讀卡機、或OT A的方式傳送到中介平台2 〇的接 收器205 (步驟S406)。然後,處理器2〇1再請 求當地認證中心3 ◦發送公錄3 0 3以便解密(步驟s 4 0 7)。解密裝置再利用取得的公鑰3 〇 3進行第三識別 碼資訊301的解密(步驟S408)。識別檔案302 及解密後的第三識別碼資訊3 0 1將由傳輸器2 〇 4透 過簡訊、網路、無線傳輸、智慧卡讀卡機、或〇ΤA的方 XS1 14 1373951 式傳輸到晶片卡1 〇的接收器l〇4 (步驟S409)。 藉由識別檔案3 0 2及第二識別碼資訊1〇 6,計算器1 0 2及計算器2 0 6將可利用演算法分別產生一組認證 贫錄107及認證密錄208 (步驟S410)。由於計 算器1 0 2及計算器2 0 6所使用的演算法及帶入計算 的參數(識別檔案3 0 2及第二識別碼資訊【〇 6)相 同’因此’所計算出來的認證密鑰1 〇 7及認證密錄2 〇 8亦為相同。計算器2 〇 6產生認證密鑰2 〇 8之後,傳 輸器2 0 4將把認證密鑰2 0 8傳送給當地認證中心3 〇 (步驟S 4 1 1 ),並讓當地認證中心3 〇藉由認證密 錄2 0 8來將該當地行動電話號碼啟動(步驟s 4 1 2 此外,由於當地認證中心3 〇已由第一識別碼資訊 1 0 5取得使用者的身分資料及晶片卡1 〇資料,故對於 當地認證中心3 0來說,具有認證密鑰2 〇 8及第三識別 碼資訊3 0 1的行動電話號碼的使用者與晶片卡i 〇的 使用者相同。因此,使用者進入該國後,並不需要經過繁 雜的申請程序或審核流程便可以直接啟用該當地的行動 電話號碼。 此外,由於一般使用者旅遊或洽公僅會短期停留在當 地認證中心3 0所在國家,不需要長期擁有該當地的行動 電話號碼,因此,為了有效管理該行動電話號碼,當地認 證中心3 0可以在識別檔案3 0 2中加入一或多個分散 因子,其中分散因子可以包括曰期、時間、次數、頻率或 週期等參數。倘若識別檔案3 0 2具有分散因子,則認證 1373951 密鑰1 Ο 7及認證密鑰2 Ο 8將透過該演算法與分散因 子進行分散運算而得到。換句話說,若預設的分散因子為 一個日期區間的話,則所產生的認證密鑰1 〇 7及認證密 鑰2◦8將只於該曰期區間有效。以本實施例為例,其曰 期區間可依據使用者預計停留的期間而設定,意即,使用 者回國的同時’該當地行動電話號碼亦將跟著失效。 當使用者需要前往不只一個國家時,出國前僅需事先 分別取得所欲前往國家的第三識別碼資訊3 〇 i及識別 檔案3 0 2,並將之儲存於記憶體1 〇丄中,當需要使用 到其中一個國家的行動電話號碼時,再由計算器1Q2及 β十算器2 0 6直接以演算法產生該國的認證密錄1 〇 7 及認證密鑰2 0 8,並再由傳輸器2 〇 4將認證密鑰2 〇 8傳送給該國的當地認證中心3 〇以啟動該當地行動電 =號碼。如此,記憶體丄〇丄不冑要同時儲存多國的認證 密鑰1 0 7,甚至僅需儲存各國的識別檔案3 〇 2,而不 需儲存其第三識㈣資訊3 G 1,等到需要使用時,再經 由簡訊、網路、無線傳輸、智慧卡讀卡機、或Ο τ A的方 式载入到晶片卡中。 綜上所述,本發明藉由讓晶片卡與中介平台同時自行 2相同的認證密錄’再由中介平台將所產生的認證密鑰 當地的當地認證中心、來讓晶片卡不需要從外部輸 :式;(例如:網路下載、無線傳輸、内建安裝)便可 $仃產生認證密躺料,使得使用者出國時,能夠取 备地的行動電話號碼’並可於當地以境内通話的方式進二 1373951 撥打,進而節省高額的國際漫遊通話費。 本案得由熟悉此技藝之人士任施匠思而為諸般修 飾,然皆不脫如附申請範圍所欲保護者。This case is a way to make the chip card do not need to be inserted from the outside ▲ (for example: network download, wireless transmission, built-in installation) can generate a self-certification method. When the maker goes abroad, if the local mobile phone number can be obtained, the local call can be made in the local area, thereby saving a high amount of international roaming calls#. The implementation method will be described in detail below. Although the present embodiment will be described with the G s M communication system, it should be understood that the skilled person is not limited to this, and the tree can also be used for communication systems such as ffi; ^, pR S, 3 G, CDMA, WCDMA. First, please refer to Fig. 1, which discloses the main components (solid frame) of the wafer card and the intermediation platform of the present invention and indicates the internal information/components (dashed frame) contained therein. As shown, the chip card i Q includes a memory Q 1 , a calculator 1 0 2 , a transmitter 103 , a receiver mediation platform 20 including a processor 2 0 1 , an encryption device 2〇2, and a decryption device 2 0 3, Transmitter 204, receiver 205, calculator 206, 51 memory 2 〇7. In Figure 1, in addition to revealing the wafer card 1 and the intermediary level =, / indicates a local certification center 3 〇 'the user's premise = ie: local) local certification unit (issuing unit), Used to provide mobile phone numbers and communication services. Due to the different local certification centers of the country, therefore, the intermediary level a 9 η helmet ν a concentric..., Thousands of 20 is a platform for integrating countries:: center, allowing users to exempt from the need to apply for a local mobile phone code The complicated procedures and mental expenses. Through the intermediary Ping 2 2 〇 ‘users can make a simple procedure before going abroad: , the local mobile phone number of the home, without having to go to the local certification center where the place is not:=. Generally limited to mobile phone number reading (K i ) can not be carried to the chip card + via SMS, network download, wireless transmission, smart card reader, or OTA Uve - the way to make the current crystal 4 card can not reach the function of loading a new mobile phone number. Therefore, the present invention generates the same authentication key by allowing the wafer carder 0 and the intermediary platform 2G to simultaneously generate the same authentication key, and then the output is generated by the intermediary platform 2 Q (4) (〇ut utf 1 1 e) is transmitted to the local local certification authority 30 to overcome this limitation. Taking the G SΜ communication system as an example, the chip card 1 can be a user identification module (S ΙΜ) card, or a smart card with a user identification module (S IΜ), or even _ A chip card that does not have a User Identification Module (S ΙΜ) but can be used with an S-Leica. As described above, the present invention is not limited to the GSM relay system, and therefore, the chip cassette 1373951 can be a universal user identification groupless (U sj M) card user identification module (UI Μ) card, or removable user identification. Module (r卩I μ) card. The camera can be combined with a universal user identification module M (us Μ) card, a user identification module (U ΙΜ) card, or a removable user identification module (RU J M) card. Since the chip card is not limited to the GSM communication system, it is not limited to have a user identification module (s Μ Μ), and can be used in combination with a user identification module (S ΙΜ) card, so that even if the user If the country you want to travel to does not use the GSM communication system, the chip card can be matched with the country's communication system. The memory 1〇1 is used to store the first identification code information 1 0 5 and the second identification code information processing 6 of the chip card. The first identification code information 1 0 5 includes, for example, a temporary mobile subscriber identity (TMS), an international mobile subscriber identity (1 MS I ), an international mobile device identifier (; "' me I ), and a user identity module. Information such as identification code (u IM [D ), electronic serial number (ESN), or I c card identification code (! cc t D). The second identification code information 106 is a unique identification number of the chip card 1 when it is shipped from the factory. The identification number cannot be transmitted via SMS, network transmission, smart card reader, or 〇TA ( 〇ver — the two: ir The method of transmitting or reading is performed externally. Therefore, except that the wafer card i 0 itself has the identification number, 'only the manufacturing wafer ^ intermediate platform 20 knows the identification number of the wafer cassette. The mediation level", the serial number (second identification code information work 6) is stored in the record U. The transmitter 1 0 3 is used to transmit the first identification code information work 5 to the 951 I flat 0 20 . The receiving 1 〇 4 is used to connect the mediation platform 2 to the first identification code information 1 〇 5 and the local certification center 3 〇 2 to obtain the employment case 3 0 2 (may be - digital sign #), and Receiving the third identification code information 3 解密 decrypted by the quotation 3 〇 3 obtained from the local certification center 3 平. As the first identification code information 1 〇 5, the third identification code information 3 〇 i includes, for example, Temporary Action User ID (TMS I), International Mobile User ID (j Ms j ), International Mobile Equipment Identity (IME), User Identity Module (7) ΪΜΙ D), Electronic Serial Number (E) Information such as SN), or ! identification code (ic CID), wherein the receiver 1〇4 transmits from the intermediation platform 2 by means of a short message, network, wireless transmission, smart card reader, or 〇τA. 2 0 4 Received the third identification code information 3 Q丨 and the identification file 3 0 2. Calculate H ! 〇 2 by the algorithm second identification code information 1 Q 6 and identification (4) 3 0 2 perform a decentralization operation to generate an authentication key 1 0 7. Since the mediation platform 20 also has a second identification code information i 〇6, the calculation H206 of the mediation platform 20 can be performed by the algorithm (Identical to the calculator 1 0 2 algorithm) uses the second identification code information 丄〇 6 and the identification file 3 0 2 to perform the decentralized operation to generate the authentication key 2 〇 8. The processor 2 ◦ 1 is used to obtain the wafer card The first identification code information of the work is 1 0 5, and the public key 3 〇 3 is obtained from the local authentication center 3 加密 3. The encryption device 202 mainly uses RSA, DIFFIe-helL·MAN, ELGAMAL, elliptic curve cryptography, dsa, F〇 The first identification code information 1 0 5 is encrypted in the manner of RTEZZA, DES, TRIPLE DES, AES, RC2, RC4, or IDEA. In the present embodiment, the encryption device 202 is encrypted by the symmetric encryption method of DE S. The transmitter 2 0 4 is configured to transmit the encrypted first identification code information 1 0 5 to the local authentication center 3 〇, and transmit the decrypted third identification code information 3 0 1 and the identification file 3 〇 2 to the chip. Card 1 〇, so that the chip card 10 can also be authenticated by the algorithm Key 1 〇 7. In addition, 'Transporter 2 0 4 is also responsible for transmitting authentication key 2 0 8 to local certificate authority 3 0 ' to activate the local mobile phone number. Since calculator 1 0 2 and calculator 2 0 6 The authentication key 1 〇 7 and the authentication key 2 0 8 generated by the algorithm are the same, and therefore, the local authentication center 30 only needs to activate the local mobile phone number by the authentication key 2 0 8 . The receiver 2 0 5 is for receiving the identification file 3 0 2 and the third identification code information 3 0 1 encrypted by the local authentication center 30. Like the encryption device 202, the local authentication center 30 can also be third by RSA, DIFFIE-HELLMAN, ELGAMAL, elliptic curve cryptography, DSA, FORTEZZA, DES, TRI PLE DES, AES, RC2, RC4, or IDEA. Identification code information 3 0 1 encryption. In the present embodiment, the local authentication center 30 is encrypted by the asymmetric encryption method of R S A . The decryption device 203 decrypts the encrypted third identification code information 301 using the public key 307. The calculator 20 6 uses the decrypted third identification code information 3 0 1 and the identification file 3 0 2 to generate an authentication key 2 0 8 〇1373951 / briefly introduces the chip card i Q and the intermediary platform 2◦ After the various requirements, the relationship between the authentication key and the chip card 1 , the intermediary platform 2 Q, and the local authentication center 3 will be described in more detail. As described above, the main object of the present invention is to provide a foreign mobile phone number for a user, so that when the user goes abroad, the user can make a call in the local area, thereby saving a high amount of international roaming charges. In principle, the local certification center 3 uses the I M S I code, I C C I D code, and Κ I code of S I Leica as the basis for its certification. The I μ S I code and the I c C I D code can be loaded into the chip card through a short message, network, wireless transmission, smart card reader, or ΟΤΑ, and only the κ I code is limited by this transmission mode. Therefore, the present invention utilizes the following method to overcome this problem. Referring to Figures 2 and 2, there is shown a flow chart of a method of generating a certified secret transmission in accordance with the present invention. First, the chip card 1 transmits the first identification code information 1 〇 5 to the receiver 2 〇 5 of the intermediation platform 20 through the transmitter 1 ( 3 (step S4 0 1). After the receiver 2 0 5 receives the first identification code information 1 0 5 , the encryption device 2 0 2 uses RSA, DI FF I Ε HELLMAN, ELGAMAL, elliptic curve cryptography, DSA, FORTEZZA, DES, TRi ple DES, The first identification code information 1 0 5 is encrypted in a manner of AES, RC2, RC4, or IDEA (step S 4 0 2 ). In the present embodiment, the encryption device 202 is symmetrical with the symmetrical encryption method of D E S plus 1373951. After the encryption is completed, the transmitter 2 〇 4 transmits the encrypted first identification code information 1 〇 5 to the local authentication center 3 连同 (step S 4 0 3 ) together with its encryption key. Since the first identification code information 1 〇 5 is encrypted by the symmetric encryption method, the local authentication center 30 can decrypt by using the encryption key provided by the transmitter 240. The local certification center 3 取得 then obtains the user's identity data and the wafer card 10 data according to the first identification code information 1 〇 5. After the file is completed, the local certification center 3 〇 uses the asymmetric encryption method of r S Α to encrypt the first identification code information 1 〇 5 into a recognition file 3 〇 2 as a local certification center. Basis for certification and identification (step s 4 〇 4). In other words, the identification file 3 0 2 is a digital signature of the local certification Yin Xin 3 0. When the user wants to go to the country where the file is identified and submits a request for a local mobile phone number, the identification file 3 〇 2 will assign a new set of local mobile phone numbers to the user 'and the group's mobile phone number The third identification code information 3 0 1 is like the identification file 3 0 2 is encrypted by the RSA with a private gun (step S 4 0 5 ). Next, the encrypted third identification code information 3 0 1 and the identification slot 3 0 2 are transmitted to the receiver of the intermediary platform 2 by means of a short message, network, wireless transmission, smart card reader, or OT A. 205 (step S406). The processor 2〇1 then requests the local certificate authority 3 to send the public record 3 0 3 for decryption (step s 4 0 7). The decryption device then decrypts the third identification code information 301 using the obtained public key 3 〇 3 (step S408). The identification file 302 and the decrypted third identification code information 3 0 1 will be transmitted to the chip card 1 by the transmitter 2 〇 4 through the short message, network, wireless transmission, smart card reader, or 〇ΤA's side XS1 14 1373951. The receiver of the UI is 4 (step S409). By identifying the file 3 0 2 and the second identification code information 1〇6, the calculator 1 0 2 and the calculator 2 0 6 will respectively generate a set of authentication poor records 107 and authentication secret records 208 using the algorithm (step S410). . The algorithm used by the calculator 1 0 2 and the calculator 2 0 6 and the parameters brought into the calculation (the identification file 3 0 2 and the second identification code information [〇6) are the same 'so that' the calculated authentication key 1 〇 7 and the authentication secret record 2 〇 8 are also the same. After the calculator 2 〇6 generates the authentication key 2 〇8, the transmitter 2 0 4 will transmit the authentication key 2 0 8 to the local certification center 3 〇 (step S 4 1 1 ), and let the local authentication center 3 borrow The local mobile phone number is activated by the authentication secret record 2 0 (step s 4 1 2 In addition, since the local authentication center 3 has obtained the user's identity data and the chip card 1 by the first identification code information 1 0 5 For the local authentication center 30, the user of the mobile phone number having the authentication key 2 〇 8 and the third identification code information 301 is the same as the user of the chip card i 。. Therefore, the user enters After the country, you don't need to go through the complicated application process or review process to directly activate the local mobile phone number. In addition, since the general user travels or negotiates, it will only stay in the local certification center 30 countries for a short period of time. It is necessary to have the local mobile phone number for a long time. Therefore, in order to effectively manage the mobile phone number, the local certification center 30 can add one or more dispersion factors to the identification file 3 0 2 , among which the dispersion factor Parameters such as flood time, time, number of times, frequency or period may be included. If the identification file 3 0 2 has a dispersion factor, the authentication 1373951 key 1 Ο 7 and the authentication key 2 Ο 8 will be dispersed by the algorithm and the dispersion factor. In other words, if the preset scatter factor is a date interval, the generated authentication key 1 〇 7 and the authentication key 2 ◦ 8 will be valid only for the epoch interval. For example, the period of the flood period can be set according to the period during which the user expects to stay, that is, the user's local mobile phone number will also be invalidated when the user returns to the country. When the user needs to travel to more than one country, only before going abroad It is necessary to separately obtain the third identification code information 3 〇i and the identification file 3 0 2 of the country to be visited, and store it in the memory 1 ,, when it is necessary to use the mobile phone number of one of the countries, and then The calculator 1Q2 and the beta calculator 2 0 6 directly generate the authentication password 1 〇 7 and the authentication key 2 0 8 of the country by the algorithm, and then transmit the authentication key 2 〇 8 by the transmitter 2 〇 4. Give this The local certification center 3 启动 to start the local mobile phone = number. In this way, the memory does not need to store the multi-national authentication key 1 0 7 at the same time, even only need to store the national identification file 3 〇 2, and There is no need to store the third knowledge (4) information 3 G 1, and when it is needed, it can be loaded into the chip card via SMS, network, wireless transmission, smart card reader, or τ τ A. As described, the present invention allows the wafer card to be externally transmitted by allowing the wafer card to be the same as the intermediary platform at the same time as the same local authentication center of the authentication key generated by the intermediary platform. (For example: network download, wireless transmission, built-in installation), you can generate certified lie, so that when you go abroad, you can get the mobile phone number and you can enter the local call in the local area. Dial 1373951 to save on high international roaming charges. This case has to be modified by people who are familiar with this skill, but they are not subject to the scope of the application.
17 1373951 【圖式簡單說明】 第1圖為依據本發明較佳實施例晶片卡及中介平台 的方塊圖;及 σ 第2 A、2 Β圖為依據本發明較佳實施例產生認證密 鑰的方法流程圖。 【主要元件符號說明】 10 晶片卡 10 1 記憶體 10 2 計算器 10 3 傳輸器 10 4 接收器 10 5 第一識別碼資訊 10 6 第二識別碼資訊 10 7 έ忍證密錄 2 0 中介平台 2 0 1 處理器 2 0 2 加密裝置 2 0 3 解密裝置 2 0 4 傳輸器 2 0 5 接收器 2 0 6 計算器 2 0 7 記憶體 2 0 8 認證密鑰17 1373951 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of a wafer card and an intermediation platform in accordance with a preferred embodiment of the present invention; and FIG. 2A and FIG. 2 are diagrams showing an authentication key generated in accordance with a preferred embodiment of the present invention. Method flow chart. [Main component symbol description] 10 Chip card 10 1 Memory 10 2 Calculator 10 3 Transmitter 10 4 Receiver 10 5 First identification code information 10 6 Second identification code information 10 7 έ 证 密 2 2 Intermediary platform 2 0 1 Processor 2 0 2 Encryption device 2 0 3 Decryption device 2 0 4 Transmitter 2 0 5 Receiver 2 0 6 Calculator 2 0 7 Memory 2 0 8 Authentication key
IS1 1373951 3 0 當地認證中心 3 0 1 第三識別碼資訊 3 0 2 識別檔案 3 0 3 公錄IS1 1373951 3 0 Local Certification Center 3 0 1 Third Identification Code Information 3 0 2 Identification File 3 0 3
1919