TWI382741B - Information Protection Method and System of Smart Card - Google Patents

Information Protection Method and System of Smart Card Download PDF

Info

Publication number
TWI382741B
TWI382741B TW96116490A TW96116490A TWI382741B TW I382741 B TWI382741 B TW I382741B TW 96116490 A TW96116490 A TW 96116490A TW 96116490 A TW96116490 A TW 96116490A TW I382741 B TWI382741 B TW I382741B
Authority
TW
Taiwan
Prior art keywords
data
data frame
smart card
frame
encryption
Prior art date
Application number
TW96116490A
Other languages
Chinese (zh)
Other versions
TW200845709A (en
Inventor
Ying Hui She
Original Assignee
Mitac Int Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitac Int Corp filed Critical Mitac Int Corp
Priority to TW96116490A priority Critical patent/TWI382741B/en
Publication of TW200845709A publication Critical patent/TW200845709A/en
Application granted granted Critical
Publication of TWI382741B publication Critical patent/TWI382741B/en

Links

Landscapes

  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Description

智慧卡之資料保護方法及其系統 Smart card data protection method and system thereof

一種智慧卡之資料存取保護方法及系統,特別有關於一種行動通訊裝置用的用戶識別模組之資料存取保護方法及系統。 A data access protection method and system for a smart card, in particular, a data access protection method and system for a user identification module for a mobile communication device.

在通訊發達的現代社會,行動電話已經是每個人必備的隨身通訊裝置。在行動電話中聯絡用的通訊錄,更是不可或缺的基本功能。以往的通訊錄僅能記載被發話者的電話號碼,但現在的通訊錄可用以紀錄被發話者的其他相關資料,例如,被發話者的生日、住家電話、住家住址、公司住址、傳真電話或e-mail等。 In a modern society with developed communications, mobile phones are a must-have portable communication device for everyone. The address book used for contact in mobile phones is an indispensable basic function. In the past, the address book only recorded the phone number of the speaker, but the current address book can be used to record other relevant information of the speaker, for example, the birthday of the speaker, home phone, home address, company address, fax number or E-mail, etc.

一般而言,使用者會將通訊錄儲存於用戶識別模組(Subscriber Identity Model,SIM)中,以下簡稱為SIM卡。SIM卡是由中央處理器、唯讀記憶體、隨機存取記憶體、可程式化唯讀記憶體和輸出/入電路組成。當手機向SIM卡發出命令時,SIM卡會根據其標準規範來執行或者拒絕執行手機發出的指令。全球行動通訊系統11.11(Global System for Mobile Communications,GSM)中更規範了SIM卡的所有存取動作行為,使用者可以輕易地在不同的手機之間移動SIM卡中的所屬電信業者之帳號、簡訊和個人通訊錄。 Generally, the user stores the address book in a Subscriber Identity Model (SIM), hereinafter referred to as a SIM card. The SIM card is composed of a central processing unit, a read-only memory, a random access memory, a programmable read-only memory, and an output/input circuit. When the mobile phone issues a command to the SIM card, the SIM card will execute or refuse to execute the instructions issued by the mobile phone according to its standard specifications. In the Global System for Mobile Communications (GSM) 11.11 (Global System for Mobile Communications, GSM), all the access actions of the SIM card are more standardized. Users can easily move the account and SMS of the carrier in the SIM card between different mobile phones. And personal address book.

「第1圖」係為SIM卡之通訊錄儲存資料框架示意圖。對於儲存在通訊錄的每一筆資料而言,可以視為各自獨立的資料框 架。在資料框架中各自包括若干個資料欄位,分別用以紀錄被發話者的電話號碼、名字、住址或E-mail等。「第2圖」係為操作端與SIM卡之架構示意圖。在此操作端當然不僅侷限於手機而已,更可以是讀卡機等其他存取SIM卡的裝置。當使用者透過操作端下達相關指令至存取介面,透過此存取介面去存取SIM卡中的各項資料。 "Figure 1" is a schematic diagram of the address book storage data frame of the SIM card. For each piece of data stored in the address book, it can be considered as a separate data frame. frame. Each of the data frames includes a number of data fields for recording the phone number, name, address or E-mail of the callee. "Picture 2" is a schematic diagram of the architecture of the operation terminal and the SIM card. In this operation, of course, it is not limited to a mobile phone, but may be another device for accessing a SIM card such as a card reader. When the user sends the relevant command to the access interface through the operation terminal, the user accesses the data in the SIM card through the access interface.

在SIM卡中的這些資料對於使用者而言,都是使用者的個人隱私資料。為了避免SIM卡中的這些資料被有心的使用者擷取,所以全球行動通訊系統特別規範了一個人識別號碼(Personal Identification Number,PIN),用以限定SIM卡的存取權限。 The information in the SIM card is the user's personal privacy information for the user. In order to prevent the data in the SIM card from being captured by the user, the Global System for Mobile Communications specifically defines a Personal Identification Number (PIN) to limit the access rights of the SIM card.

使用者可以利用PIN碼將SIM卡中的資料加以鎖定,當欲存取這些資料前需要輸入PIN碼解開鎖定的限制。但是全球行動通訊系統的存取設置是一次針對所有的資料加以限制。當使用者開啟SIM卡的存取設置後,使用者每次要存取通訊錄中的各筆資料時,都要輸入一次PIN碼先解除其存取限制。PIN碼只能允許三次的輸入錯誤,當第三次輸入錯誤後,SIM卡會將內部的資料一併鎖定,直至使用者輸入另一組PIN解鎖碼(PIN Unlock Number,PUK)。但是PUK碼卻有十次的輸入限制,當輸入過十次PUK碼後則SIM卡中的所有資料將無法再次被讀出了。如此一來,雖然可以防範非法使用者存取通訊錄,相對的也限制了合法使用者存取通訊錄的方便性。 The user can use the PIN code to lock the data in the SIM card. Before accessing the data, you need to enter the PIN code to unlock the lock. However, the access settings of the Global System for Mobile Communications are limited to all data at once. After the user opens the access setting of the SIM card, each time the user wants to access each piece of data in the address book, the user must input the PIN code once to remove the access restriction. The PIN code can only allow three input errors. When the third time is entered incorrectly, the SIM card will lock the internal data together until the user enters another set of PIN Unlock Number (PUK). However, the PUK code has ten input restrictions. When the PUK code is input ten times, all the data in the SIM card cannot be read again. In this way, although it is possible to prevent unauthorized users from accessing the address book, the convenience of the legitimate user to access the address book is relatively limited.

本發明之目的是提供一種智慧卡之資料保護方法,其目的在於保護讀取與寫入智慧卡中資料框架所對應的欄位資料。 The object of the present invention is to provide a data protection method for a smart card, which aims to protect the field data corresponding to the data frame in the read and write smart card.

為達上述目的,本發明之智慧卡之資料保護方法,應用於將資料寫入智慧卡中之資料框架所屬的各項欄位。此智慧卡之資料保護方法包括下列步驟:根據第一資料欄位選擇 對應之資料框架。根據加密方法用以對資料框架所屬的資料欄位進行加密運算處理,進而產生加密資料框架與偽裝資料框架。接著,分別將加密資料框架儲存至資料儲存模組中,將偽裝資料框架覆寫至所選擇的資料框架。 In order to achieve the above object, the data protection method of the smart card of the present invention is applied to the fields in which the data frame belongs in the smart card. The data protection method of the smart card includes the following steps: selecting according to the first data field Corresponding data framework. According to the encryption method, the data field to which the data frame belongs is subjected to encryption operation processing, thereby generating an encrypted data frame and a camouflage data frame. Then, the encrypted data frame is separately stored in the data storage module, and the camouflage data frame is overwritten to the selected data frame.

為達上述目的,本發明之智慧卡之資料保護方法,應用於讀取智慧卡中之資料框架。資料框架包括一第一資料欄位,用以儲存個人電話號碼。此保護方法包括下列步驟:根據第一資料欄位從智慧卡中讀出對應之資料框架。判斷資料框架是否為偽裝資料框架。若資料框架為偽裝資料框架時,根據第一識別代碼用以從資料儲存模組中讀取加密資料框架。根據第二識別代碼用以對加密資料框架進行解密運算。 In order to achieve the above object, the data protection method of the smart card of the present invention is applied to reading a data frame in a smart card. The data frame includes a first data field for storing personal phone numbers. The protection method includes the following steps: reading the corresponding data frame from the smart card according to the first data field. Determine whether the data frame is a disguised data frame. If the data frame is a camouflage data frame, the first identification code is used to read the encrypted data frame from the data storage module. The decryption operation is performed on the encrypted data frame according to the second identification code.

從另一觀點而言,本發明之另一目的是提供一種智慧卡之資料保護系統,其目的在於保護讀取與寫入智慧卡中之資料框架。 From another point of view, another object of the present invention is to provide a data protection system for a smart card, the purpose of which is to protect a data frame in a read and write smart card.

本發明之目的在於提供一種智慧卡之資料保護系統,使用者透過資料存取介面,將資料輸入至智慧卡中之資料框架。其中, 資料框架包括一第一資料欄位,用以儲存個人電話號碼。資料保護系統包括有資料保護模組、加解密模組與資料儲存模組。資料保護模組係分別耦接至資料存取介面與智慧卡,用以產生加密資料框架與偽裝資料框架,並將偽裝資料框架儲存於智慧卡中。加解密模組係耦接於資料保護模組,係用以產生加密資料框架。資料儲存模組係耦接於加解密模組,係用以儲存加密資料框架。 The object of the present invention is to provide a data protection system for a smart card, in which a user inputs data into a data frame in a smart card through a data access interface. among them, The data frame includes a first data field for storing personal phone numbers. The data protection system includes a data protection module, an encryption and decryption module and a data storage module. The data protection module is respectively coupled to the data access interface and the smart card for generating the encrypted data frame and the camouflage data frame, and storing the camouflage data frame in the smart card. The encryption and decryption module is coupled to the data protection module and is used to generate an encrypted data frame. The data storage module is coupled to the encryption and decryption module for storing the encrypted data frame.

本發明之目的在於提供一種智慧卡之資料保護系統,透過資料存取介面,用以讀取智慧卡中之特定資料框架,資料框架包括第一資料欄位,資料保護系統包括資料保護模組,分別耦接至資料存取介面與智慧卡。並根據第一資料欄位用以判斷資料框架是否為偽裝資料框架。若資料框架為偽裝資料框架時,則將偽裝資料框架回傳至資料存取介面;若資料框架不是偽裝資料框架時,則將資料框架回傳至資料存取介面。 The object of the present invention is to provide a data protection system for a smart card, which is used to read a specific data frame in a smart card through a data access interface, the data frame includes a first data field, and the data protection system includes a data protection module. They are respectively coupled to the data access interface and the smart card. And according to the first data field, it is used to judge whether the data frame is a camouflage data frame. If the data frame is a camouflage data frame, the masquerading data frame is transmitted back to the data access interface; if the data frame is not a masquerading data frame, the data frame is transmitted back to the data access interface.

本發明藉由將偽裝資料寫入智慧卡中的資料框架裡,藉以保護通訊錄裡的特定項次。使用者不須為了鎖定這些特定項次,而將SIM卡中所有通訊錄加密。就算將此張SIM卡放入其他的手機中,SIM卡中已被加密處理的通訊錄項次也依然無法顯示。 The present invention protects a particular item in the address book by writing the spoofed material into a data frame in the smart card. The user does not have to encrypt all the contacts in the SIM card in order to lock these specific items. Even if this SIM card is placed in another mobile phone, the address book items that have been encrypted in the SIM card cannot be displayed.

有關本發明的特徵與實作,茲配合圖示作最佳實施例詳細說明如下。 The features and implementations of the present invention are described in detail below with reference to the preferred embodiments.

「第3圖」係為本發明之一較佳實施例之示意圖。在本發明 提供一種智慧卡(Smart Card)之資料保護方法及系統,用以保護讀取與寫入智慧卡中之資料。在本發明中智慧卡尤指用於行動通訊裝置中的用戶識別模組SIM(Subscriber Identity Model,SIM)卡100,以下簡稱為SIM卡100。本發明之此實施例中包括有SIM卡100、操作端310、資料存取介面320與資料保護系統330。 Fig. 3 is a schematic view of a preferred embodiment of the present invention. In the present invention A smart card data protection method and system are provided for protecting data read and written in a smart card. In the present invention, the smart card is particularly referred to as a Subscriber Identity Model (SIM) card 100 for use in a mobile communication device, hereinafter referred to as SIM card 100. The embodiment of the present invention includes a SIM card 100, an operation terminal 310, a data access interface 320, and a data protection system 330.

SIM卡100係用以儲存個人通訊資料,SIM卡100中更包括有若干個資料框架110分別用以儲存資料。在每一個資料框架110中至少包括第一資料欄位111及若干的資料欄位。在此假設第一資料欄位111是用以儲存通話者的第一電話號碼,而其他的資料欄位則是用以儲存發話者的名字、住址、照片、來電鈴聲或E-mail等。操作端310用以接受使用者之指令,接著在透過資料存取介面320來存取SIM卡100裡的資料。例如,操作端310可以利用讀卡機配合相關軟體或手機來存取SIM卡100中的資料。 The SIM card 100 is used for storing personal communication data, and the SIM card 100 further includes a plurality of data frames 110 for storing data. At least one first data field 111 and a plurality of data fields are included in each of the data frames 110. It is assumed here that the first data field 111 is for storing the first telephone number of the caller, and the other data fields are for storing the name, address, photo, ringtone or E-mail of the caller. The operation terminal 310 is configured to accept an instruction from the user, and then access the data in the SIM card 100 through the data access interface 320. For example, the operating terminal 310 can access the data in the SIM card 100 by using a card reader in conjunction with a related software or mobile phone.

資料存取介面320連結於操作端310,資料存取介面320提供存取SIM卡100的各種應用程式介面(Application Interface,API)。例如有各類手機的標準工具套件(Standard Tool Kits,STK)、用戶識別模組管理程式(SIM Managements)等。資料保護系統330連結於SIM卡100與資料存取介面320之間,資料保護系統330中更包括資料保護模組331、加解密模組332與資料儲存模組333。資料保護模組331耦接至資料存取介面320與SIM卡100,資料保護模組331用以產生加密資料框架與偽裝資料框架(未繪示),並將偽 裝資料框架覆寫原資料框架110。加密資料框架與偽裝資料框架其組成架構請參考「第1圖」。加解密模組332係耦接至資料保護模組331,加解密模組332根據所接收到的資料框架110與加密演算法用以產生一加密資料框架。資料儲存模組333耦接於加解密模組332,用以儲存加解密模組332所生成的加密資料框架。 The data access interface 320 is coupled to the operating terminal 310. The data access interface 320 provides various application interfaces (APIs) for accessing the SIM card 100. For example, there are standard tool kits (STK) for various types of mobile phones, and SIM Managements for user identification. The data protection system 330 is connected between the SIM card 100 and the data access interface 320. The data protection system 330 further includes a data protection module 331, an encryption and decryption module 332, and a data storage module 333. The data protection module 331 is coupled to the data access interface 320 and the SIM card 100. The data protection module 331 is configured to generate an encrypted data frame and a camouflage data frame (not shown), and The data frame is overwritten with the original data frame 110. Please refer to "Figure 1" for the structure of the encrypted data frame and the disguised data frame. The encryption and decryption module 332 is coupled to the data protection module 331. The encryption and decryption module 332 is configured to generate an encrypted data frame according to the received data frame 110 and the encryption algorithm. The data storage module 333 is coupled to the encryption and decryption module 332 for storing the encrypted data frame generated by the encryption and decryption module 332.

請參照「第4圖」本發明之資料保護寫入流程示意圖所示。首先,根據第一資料欄位選擇出對應之資料框架(步驟S410)。接著,根據加密方法對資料框架中的資料欄位進行加密運算處理(步驟S420),分別產生加密資料框架與偽裝資料框架(步驟S430)。最後,將偽裝資料框架覆寫至原來的資料框架中(步驟S440),以及將加密資料框架儲存至資料儲存模組中(步驟S450)。 Please refer to "Figure 4" for the data protection write flow diagram of the present invention. First, the corresponding data frame is selected according to the first data field (step S410). Next, the data field in the data frame is subjected to encryption operation processing according to the encryption method (step S420), and an encrypted data frame and a masquerading data frame are respectively generated (step S430). Finally, the masquerading data frame is overwritten into the original data frame (step S440), and the encrypted data frame is stored in the data storage module (step S450).

為了方便解說本實施例之資料保護寫入之系統元件及其作動,請同時參考第3圖與第4圖。首先,使用者根據一第一資料欄位111選取一資料框架110(對應步驟S410)。其中此第一資料欄位111為行動電話號碼,而資料框架110中所記載的是此行動電話號碼對應的通訊錄相關資料。以行動電話號碼為例,因為行動電話號碼對使用者具有單一對應關係,換句話說每一支行動電話號碼只會對應到一個通話者。當然,第一資料欄位也可以是其他通話者相關資訊,但並非僅限為行動電話號碼。使用者可以決定系統所使用的加密方法(對應步驟S420),藉以加密處理資料框架110中的資料。其中加密方法為安全雜湊演算法(Secure Hashing Algorithm,SHA-1)、公開密鑰密碼技術(RSA)、先進加密標準(Advanced Encryption Standard,AES)或MD5雜湊演算法之任一。 In order to facilitate the explanation of the system components of the data protection writing of the embodiment and the operation thereof, please refer to FIG. 3 and FIG. 4 at the same time. First, the user selects a data frame 110 according to a first data field 111 (corresponding to step S410). The first data field 111 is a mobile phone number, and the information related to the mobile phone number corresponding to the mobile phone number is recorded in the data frame 110. Take the mobile phone number as an example, because the mobile phone number has a single correspondence with the user. In other words, each mobile phone number only corresponds to one caller. Of course, the first data field can also be related to other callers, but not limited to mobile phone numbers. The user can determine the encryption method used by the system (corresponding to step S420) to encrypt the data in the data frame 110. The encryption method is Secure Hashing (Secure Hashing). Algorithm, SHA-1), Public Key Cryptography (RSA), Advanced Encryption Standard (AES), or MD5 hash algorithm.

接下來,系統根據使用者選擇的加密方法,將資料框架110經由加解密模組332運算後,分別生成加密資料框架與偽裝框架(對應步驟S430)。加密資料框架是資料框架110經過上述的加密演算法處理後所得到。偽裝資料框架是資料保護模組利用一亂數資料或空白資料,將其寫入偽裝資料框架所屬的第一資料欄位111中。最後,系統分別將偽裝資料框架覆寫至原資料框架110及加密資料框架儲存至資料儲存模組333中(對應步驟S440與S450)。 Next, the system calculates the encrypted data frame and the masquerading frame by the data frame 110 via the encryption/decryption module 332 according to the encryption method selected by the user (corresponding to step S430). The encrypted data frame is obtained by the data frame 110 after the above-described encryption algorithm. The camouflage data frame is a data protection module that uses a random data or blank data to write it into the first data field 111 to which the camouflage data frame belongs. Finally, the system respectively overwrites the spoofed data frame to the original data frame 110 and the encrypted data frame to the data storage module 333 (corresponding to steps S440 and S450).

請參照「第5圖」本發明之資料保護讀取流程示意圖所示。使用者選取第一資料欄位,根據第一資料欄位做為索引,從SIM卡中讀出所對應的資料框架(步驟S510)。此時需要注意的是,若此筆資料框架110中所儲存的資料是未經加密的通訊錄,使用者就能直接讀取此筆資料框架110的相關資料。若此筆資料框架110中所儲存的資料是偽裝資料框架的話,使用者所得到的資料則是無意義或者是空白的訊息,藉以防範有心人士存取此筆資料框架110中的通訊錄。 Please refer to "Figure 5" for a schematic diagram of the data protection read flow of the present invention. The user selects the first data field, and reads the corresponding data frame from the SIM card according to the first data field as an index (step S510). At this time, it should be noted that if the data stored in the data frame 110 is an unencrypted address book, the user can directly read the related data of the data frame 110. If the data stored in the data frame 110 is a camouflage data frame, the information obtained by the user is a meaningless or blank message, so as to prevent the interested person from accessing the address book in the data frame 110.

對於原使用者而言,若是直接存取此筆資料時,也會得到上述的偽裝框架的資料。所以原使用者要能取出正確的通訊錄資料的話,需要進行下述步驟。判斷資料框架110是否為偽裝資料框架(步驟S520)。若資料框架110為偽裝資料框架時,根據第一識 別代碼用以從資料儲存模組中讀取加密資料框架(步驟S530)。第一識別代碼可以為使用者密碼(password)、個人識別號碼(Personal Identification Number,PIN)或國際行動用戶識別碼(International Mobile Station Identity,IMSI)的其中之一。接下來,在根據第二識別代碼用以對加密資料框架進行解密運算(步驟S540)。將解密後的原資料框架110讀出(步驟S550)。第二識別代碼則是可以為使用者密碼、個人識別號碼或國際行動用戶識別碼的其中之一。 For the original user, if the data is directly accessed, the information of the above camouflage frame is also obtained. Therefore, if the original user wants to take out the correct address book data, the following steps are required. It is judged whether or not the material frame 110 is a camouflage material frame (step S520). If the data frame 110 is a camouflage data frame, according to the first knowledge The code is used to read the encrypted data frame from the data storage module (step S530). The first identification code may be one of a user password, a personal identification number (PIN), or an International Mobile Station Identity (IMSI). Next, the decryption operation is performed on the encrypted material frame according to the second identification code (step S540). The decrypted original material frame 110 is read (step S550). The second identification code can be one of a user password, a personal identification number, or an international mobile subscriber identity.

以下將解說資料讀取之系統詳細動作,請參考「第3圖」以及「第5圖」。首先假設為原使用者存取其通訊錄,使用者輸入一組行動電話號碼。系統會根據這組行動電話號碼從SIM卡100中找出是否具有此筆電話號碼的資料框架110(對應步驟S510)。系統會將此資料框架110回覆顯示給使用者。若具有此筆電話號碼的資料框架110是未經過資料保護處理的話,則系統會顯示此資料框架110所包含的相關資料,例如此電話號碼的擁有者姓名、住址、E-mail或公司傳真電話等。相反的,若此筆資料框架110中所儲存的是偽裝資料框架的話,系統所顯示的資料則是無意義或是空白的訊息(對應步驟S520、S550)。所以當使用者欲讀取原資料框架110中的通訊錄時,使用者分別需要通過資料儲存模組與加解密模組的驗證後方能將原資料框架110的通訊錄讀出。驗證的方法可以用使用者密碼、個人識別號碼或國際行動用戶識別碼的其中之一來進行驗證(對應步驟S530~S550)。 The following explains the detailed operation of the system for reading data. Please refer to "3" and "5". First assume that the original user accesses his address book and the user enters a set of mobile phone numbers. The system will find out from the SIM card 100 whether or not the data frame 110 has the phone number based on the set of mobile phone numbers (corresponding to step S510). The data frame 110 will be displayed back to the user. If the data frame 110 having the phone number is not protected by data protection, the system displays relevant information contained in the data frame 110, such as the owner name, address, E-mail or company fax number of the phone number. Wait. Conversely, if the data frame is stored in the data frame 110, the data displayed by the system is a meaningless or blank message (corresponding to steps S520 and S550). Therefore, when the user wants to read the address book in the original data frame 110, the user needs to read the address book of the original data frame 110 through the verification of the data storage module and the encryption and decryption module. The verification method may be verified by one of a user password, a personal identification number, or an international mobile subscriber identity (corresponding to steps S530 to S550).

根據上述的資料保護系統及方法,使用者可以針對不同的資料框架進行不同的加密處理。例如,對於不同的資料框架施以不同的密碼或加密演算法來加以保護。更進一步的話,可以將偽裝資料框架的顯示訊息加以變化。例如,當系統讀取到偽裝資料框架時,系統可以顯示『查無此查聯絡人』或『此為錯誤通話』等各種偽造訊息,用以欺騙不合法的使用者。 According to the data protection system and method described above, the user can perform different encryption processes for different data frames. For example, different data frames are protected with different passwords or encryption algorithms. Further, the display message of the camouflage data frame can be changed. For example, when the system reads the masquerading data frame, the system can display various fake messages such as "Check no contact" or "This is a wrong call" to deceive illegal users.

本發明係透過資料保護系統,來用以存取SIM卡中的資料框架。在資料框架的資料進行加解密保護後,在分別將偽裝資料框架與加密資料框架寫入至原資料框架與資料儲存模組333中。當其他使用者欲存取此筆資料框架時,僅能讀出已被偽裝資料框架覆寫過的資料。而且使用者可以自由選取所要保護的資料框架。 The invention is used to access a data frame in a SIM card through a data protection system. After the data of the data frame is protected and decrypted, the masquerading data frame and the encrypted data frame are respectively written into the original data frame and the data storage module 333. When other users want to access the data frame, only the data that has been overwritten by the camouflage data frame can be read. And the user is free to choose the data frame to be protected.

雖然本發明以前述之較佳實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。 While the present invention has been described above in terms of the preferred embodiments thereof, it is not intended to limit the invention, and the invention may be modified and modified without departing from the spirit and scope of the invention. The patent protection scope of the invention is subject to the definition of the scope of the patent application attached to the specification.

100‧‧‧用戶識別模組 100‧‧‧User Identification Module

110‧‧‧資料框架 110‧‧‧Information Framework

111‧‧‧第一資料欄位 111‧‧‧First data field

210‧‧‧操作端 210‧‧‧Operator

220‧‧‧資料存取介面 220‧‧‧data access interface

310‧‧‧操作端 310‧‧‧Operator

320‧‧‧資料存取介面 320‧‧‧Data access interface

330‧‧‧資料保護系統 330‧‧‧Data Protection System

331‧‧‧資料保護模組 331‧‧‧ Data Protection Module

332‧‧‧加解密模組 332‧‧‧Encryption and decryption module

333‧‧‧資料儲存模組 333‧‧‧ Data Storage Module

第1圖係為SIM卡之通訊錄儲存資料框架示意圖。 Figure 1 is a schematic diagram of the address book storage data frame of the SIM card.

第2圖係為操作端與SIM卡之架構示意圖。 Figure 2 is a schematic diagram of the architecture of the operating terminal and the SIM card.

第3圖係為本發明之一較佳實施例之示意圖。 Figure 3 is a schematic illustration of one preferred embodiment of the invention.

第4圖係為本發明之資料保護寫入流程示意圖。 Figure 4 is a schematic diagram of the data protection writing process of the present invention.

第5圖係為本發明之資料保護讀取流程示意圖。 Figure 5 is a schematic diagram of the data protection reading process of the present invention.

100‧‧‧用戶識別模組 100‧‧‧User Identification Module

110‧‧‧資料框架 110‧‧‧Information Framework

111‧‧‧第一資料欄位 111‧‧‧First data field

310‧‧‧操作端 310‧‧‧Operator

320‧‧‧資料存取介面 320‧‧‧Data access interface

330‧‧‧資料保護系統 330‧‧‧Data Protection System

331‧‧‧資料保護模組 331‧‧‧ Data Protection Module

332‧‧‧加解密模組 332‧‧‧Encryption and decryption module

333‧‧‧資料儲存模組 333‧‧‧ Data Storage Module

Claims (11)

一種智慧卡之資料保護方法,應用於寫入一智慧卡中之一資料框架,在該資料框架中至少包括一第一資料欄位用以儲存資料,該方法包括下列步驟:根據該第一資料欄位選擇對應之該資料框架;根據一加密方法,對該資料框架所屬的資料欄位進行一加密運算處理,產生一加密資料框架與一偽裝資料框架;將該加密資料框架儲存至一資料儲存模組中;以及將該偽裝資料框架覆寫至所選擇的該資料框架。 A data protection method for a smart card is applied to a data frame written in a smart card, and at least a first data field is included in the data frame for storing data, the method comprising the following steps: according to the first data The field selection corresponds to the data frame; according to an encryption method, the data field to which the data frame belongs is subjected to an encryption operation process to generate an encrypted data frame and a camouflage data frame; and the encrypted data frame is stored to a data storage In the module; and overwriting the masquerading data frame to the selected data frame. 如申請專利範圍第1項所述之智慧卡之資料保護方法,其中該智慧卡為一用戶識別模組(Subscriber Identity Model,SIM)。 The method for protecting a smart card according to claim 1, wherein the smart card is a Subscriber Identity Model (SIM). 如申請專利範圍第1項所述之智慧卡之資料保護方法,其中該第一資料欄位儲存一第一電話號碼。 The method for protecting a smart card according to claim 1, wherein the first data field stores a first telephone number. 如申請專利範圍第1項所述之智慧卡之資料保護方法,其中加密方法係選擇一安全雜湊演算法(Secure Hashing Algorithm,SHA-1)、一公開密鑰密碼技術(RSA)、一先進加密標準(Advanced Encryption Standard,AES)或一MD5雜湊演算法,用以加密處理該資料框架之資料欄位中的資料,藉此生成該加密資料框架。 For example, in the data protection method of the smart card described in claim 1, wherein the encryption method selects a Secure Hashing Algorithm (SHA-1), a public key cryptography (RSA), and an advanced encryption. An Advanced Encryption Standard (AES) or an MD5 hash algorithm is used to encrypt and process data in the data field of the data frame, thereby generating the encrypted data frame. 如申請專利範圍第1項所述之智慧卡之資料保護方法,其中產生該偽裝資料框架,更包括下列步驟: 產生一亂數資料或一空白資料,分別寫入該偽裝資料框架中的該些資料欄位裡。 For example, the data protection method for the smart card described in claim 1 of the patent application, wherein the camouflage data frame is generated, further includes the following steps: A random data or a blank data is generated and written into the data fields in the camouflage data frame. 一種智慧卡之資料保護系統,透過一資料存取介面,用以輸入至一智慧卡中之一資料框架用以儲存個人電話號碼,該資料框架包括一第一資料欄位,該資料保護系統包括:一資料保護模組,分別耦接至該資料存取介面與該智慧卡,用以產生一偽裝資料框架,並將該偽裝資料框架儲存於該智慧卡中;一加解密模組,耦接於該資料保護模組,加密處理該資料框架用以用以產生該加密資料框架;以及一資料儲存模組,耦接於該加解密模組,用以儲存該加密資料框架。 A data protection system for a smart card is used to input a data frame of a smart card for storing a personal telephone number through a data access interface, the data frame including a first data field, and the data protection system includes a data protection module coupled to the data access interface and the smart card for generating a camouflage data frame and storing the camouflage data frame in the smart card; an encryption and decryption module coupled The data protection module is configured to encrypt the data frame to generate the encrypted data frame, and a data storage module coupled to the encryption and decryption module for storing the encrypted data frame. 如申請專利範圍第6項所述之智慧卡之資料保護系統,其中該智慧卡為一用戶識別模組(Subscriber Identity Model,SIM)。 For example, the data protection system of the smart card described in claim 6 is wherein the smart card is a Subscriber Identity Model (SIM). 如申請專利範圍第6項所述之智慧卡之資料保護系統,其中該該第一資料欄位為一第一電話號碼。 The data protection system of the smart card as claimed in claim 6, wherein the first data field is a first telephone number. 如申請專利範圍第6項所述之智慧卡之資料保護系統,其中加解密模組係選擇一安全雜湊演算法(Secure Hashing Algorithm,SHA-1)、一公開密鑰密碼技術(RSA)、一先進加密標準(Advanced Encryption Standard,AES)或一MD5雜湊演算法,用以加密處理該資料框架之資料欄位中的資料,藉此生成該加密 資料框架。 For example, the data protection system of the smart card described in claim 6 wherein the encryption and decryption module selects a Secure Hashing Algorithm (SHA-1), a public key cryptography (RSA), and a Advanced Encryption Standard (AES) or an MD5 hash algorithm for encrypting the data in the data field of the data frame to generate the encryption Data framework. 如申請專利範圍第6項所述之智慧卡之資料保護系統,其中該偽裝資料框架之對應的該些資料欄位,分別用一亂數資料或一空白資料寫入該些資料欄位中。 For example, in the data protection system of the smart card described in claim 6, wherein the corresponding data fields of the camouflage data frame are respectively written into the data fields by using a random data or a blank data. 一種智慧卡之資料保護系統,透過一資料存取介面,用以讀取一智慧卡中之特定一資料框架,該資料框架包括一第一資料欄位用以儲存個人電話號碼,該資料保護系統包括:一資料保護模組,分別耦接至該資料存取介面與該智慧卡,並根據該第一資料欄位用以判斷該資料框架是否為一偽裝資料框架,若該資料框架為該偽裝資料框架時,則將該偽裝資料框架回傳至該資料存取介面,若該資料框架不是該偽裝資料框架時,則將該資料框架回傳至該資料存取介面。 A smart card data protection system for reading a specific data frame in a smart card through a data access interface, the data frame including a first data field for storing a personal telephone number, the data protection system The method includes: a data protection module coupled to the data access interface and the smart card, and configured to determine whether the data frame is a camouflage data frame according to the first data field, if the data frame is the camouflage In the data frame, the spoofing data frame is transmitted back to the data access interface, and if the data frame is not the masquerading data frame, the data frame is transmitted back to the data access interface.
TW96116490A 2007-05-09 2007-05-09 Information Protection Method and System of Smart Card TWI382741B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW96116490A TWI382741B (en) 2007-05-09 2007-05-09 Information Protection Method and System of Smart Card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW96116490A TWI382741B (en) 2007-05-09 2007-05-09 Information Protection Method and System of Smart Card

Publications (2)

Publication Number Publication Date
TW200845709A TW200845709A (en) 2008-11-16
TWI382741B true TWI382741B (en) 2013-01-11

Family

ID=44822919

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96116490A TWI382741B (en) 2007-05-09 2007-05-09 Information Protection Method and System of Smart Card

Country Status (1)

Country Link
TW (1) TWI382741B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001043472A1 (en) * 1999-12-10 2001-06-14 Sonera Oyj Safe information interchange between a user of a terminal and a sim application toolkit via wap
US6351813B1 (en) * 1996-02-09 2002-02-26 Digital Privacy, Inc. Access control/crypto system
US20040030906A1 (en) * 2002-06-20 2004-02-12 International Business Machines Corporation System and method for SMS authentication
TW200421809A (en) * 2002-07-29 2004-10-16 Koninkl Philips Electronics Nv Security system for apparatuses in a wireless network
TWI230533B (en) * 2003-12-23 2005-04-01 Mitac Int Corp Method for protecting private file in smart phone
US20050147247A1 (en) * 2003-11-14 2005-07-07 Westberg Thomas E. Interactive television systems having POD modules and methods for use in the same

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351813B1 (en) * 1996-02-09 2002-02-26 Digital Privacy, Inc. Access control/crypto system
WO2001043472A1 (en) * 1999-12-10 2001-06-14 Sonera Oyj Safe information interchange between a user of a terminal and a sim application toolkit via wap
US20040030906A1 (en) * 2002-06-20 2004-02-12 International Business Machines Corporation System and method for SMS authentication
TW200421809A (en) * 2002-07-29 2004-10-16 Koninkl Philips Electronics Nv Security system for apparatuses in a wireless network
US20050147247A1 (en) * 2003-11-14 2005-07-07 Westberg Thomas E. Interactive television systems having POD modules and methods for use in the same
TWI230533B (en) * 2003-12-23 2005-04-01 Mitac Int Corp Method for protecting private file in smart phone

Also Published As

Publication number Publication date
TW200845709A (en) 2008-11-16

Similar Documents

Publication Publication Date Title
US7992006B2 (en) Smart card data protection method and system thereof
US8543091B2 (en) Secure short message service (SMS) communications
US9807065B2 (en) Wireless device and computer readable medium for storing a message in a wireless device
US20050235143A1 (en) Mobile network authentication for protection stored content
EP2113856A1 (en) Secure storage of user data in UICC and Smart Card enabled devices
US9276748B2 (en) Data-encrypting method and decrypting method for a mobile phone
CN100353787C (en) Security guarantee for memory data information of mobile terminal
JP4887362B2 (en) Method for implementing SIM functionality in a maintenance module at a later date
CN101795450A (en) Method and device for carrying out security protection on mobile phone data
EP2840818B1 (en) Method and device for information security management of mobile terminal, and mobile terminal
JP6397046B2 (en) Address book protection method, apparatus and communication system
CN102867157A (en) Mobile terminal and data protecting method
WO2011130970A1 (en) Device and method for protecting data of mobile terminal
CN101262669B (en) A secure guarantee method for information stored in a mobile terminal
KR101067146B1 (en) Method for processing encrypted message in portable terminal and portable terminal
WO2011088660A1 (en) Method and apparatus for protecting cell-phone information content
US20060121882A1 (en) Desktop cellular phone having a SIM card with an encrypted SIM PIN
CN101355740B (en) Method and system for protecting smart card data
TW201424332A (en) User information protecting system and method
TWI382741B (en) Information Protection Method and System of Smart Card
KR20140047312A (en) Privacy protection apparatus and method
JP2007258769A (en) Personal information protection system and method
JP2007525123A (en) Apparatus and method for authenticating a user accessing content stored in encrypted form on a storage medium
CN106888318A (en) A kind of smart mobile phone black box device
KR100932275B1 (en) Restriction Method of Subscriber Identity Module Using TPM and Mobile Terminal for the Same

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees