WO2005050910A1 - Procede d'authentification de l'auto-validite d'un dispositif - Google Patents

Procede d'authentification de l'auto-validite d'un dispositif Download PDF

Info

Publication number
WO2005050910A1
WO2005050910A1 PCT/CN2004/001325 CN2004001325W WO2005050910A1 WO 2005050910 A1 WO2005050910 A1 WO 2005050910A1 CN 2004001325 W CN2004001325 W CN 2004001325W WO 2005050910 A1 WO2005050910 A1 WO 2005050910A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
verification
mobile terminal
information
pairing key
Prior art date
Application number
PCT/CN2004/001325
Other languages
English (en)
Chinese (zh)
Inventor
Zhengwei Wang
Ping Guo
Yongjian Dong
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNB2003101167668A external-priority patent/CN100362880C/zh
Priority claimed from CNB2003101167672A external-priority patent/CN100388835C/zh
Priority claimed from CN 200410032708 external-priority patent/CN1684411B/zh
Priority claimed from CN 200410036742 external-priority patent/CN1691578A/zh
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2005050910A1 publication Critical patent/WO2005050910A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a security verification technology, and in particular, to a method for a device to verify its legitimacy. Background of the invention
  • a mobile terminal such as a mobile phone
  • its security is more important for the user.
  • Most current mobile terminals use a machine-card separation method, that is, the mobile terminal itself and the user card used to verify wireless network user information are two separate parts, and they can be combined together when in use.
  • This method has many outstanding advantages. For example, if the user wants to change a mobile terminal, he only needs to purchase a new mobile terminal and insert the original user card into the new mobile terminal. In this way, since the user's information does not need Therefore, the user does not need to go through any formalities for replacing the mobile terminal with the communication operator.
  • a more common method is to set a password protection on the mobile terminal. For example, a power-on password is set on the mobile terminal, and a correct power-on password needs to be entered each time the mobile terminal is turned on, so that the mobile terminal can perform subsequent operations such as registering with the network. If the power-on password is entered incorrectly, the mobile terminal cannot be used normally. In this way, even if the thief obtains the user's mobile terminal, he will not be able to use and sell it because he cannot enter the correct password. Therefore, this method solves the mobile terminal easily to a certain extent The problem of being stolen.
  • EIR Equipment Identification Register
  • IMEI international mobile equipment identification
  • this method requires the construction of a large number of EIR equipment, the construction of network equipment needs to be increased, and the network construction cost of the communication operator is increased.
  • this method also requires different communication operators to unify this anti-theft service at the same time, so as to avoid that mobile terminals lost from one communication operator's network can be taken to another communication operator's network for use, which will greatly increase the number of communication operators.
  • the tedious service coordination work among them increases the operation cost of the communication operator, and brings inconvenience to the business development of the communication operator.
  • the main object of the present invention is to provide a method for the device to verify its legitimacy, which can effectively enable the device to verify its legitimacy and improve the security of the device. And the implementation is simple and reliable.
  • the method for verifying the legitimacy of the device according to the present invention includes at least the following steps:
  • the first device obtains a verification letter corresponding to the corresponding pairing key stored by the second device c
  • the first device determines whether the key stored by the first device and the corresponding pairing key stored by the second device match according to the verification information If yes, judge yourself legal; otherwise judge yourself illegal.
  • the insurance key information of the pairing key may be the pairing key itself, a calculation result obtained by calculating the pairing key, or a calculation result of jointly calculating the pairing key and the random number.
  • the first device may be a mobile terminal
  • the second device may be a verification device such as an HLR, AC, EIR, UC, or short message device in a mobile communication network.
  • the verification device further stores a pairing key and mobile terminal related information.
  • the mobile terminal related information may be mobile terminal user information, mobile terminal device information, or user card information in the mobile terminal.
  • the second device may also be a second mobile terminal holding multiple pairing keys, or a user card or electronic key holding one pairing key.
  • the first device may be a computer device, and the second device is a server device.
  • the computer is determining that the key stored by the first device and the pairing key stored by the second device may be a pair of symmetric keys or an asymmetric key.
  • the present invention is implemented by setting and saving on the first device.
  • a key for verifying its legitimacy, and a corresponding pairing key is stored in the second device.
  • the first device actively or passively obtains the verification information of the corresponding pairing key stored on the second device, and verifies the pairing key and itself according to the verification information obtained from the second device.
  • the saved keys match, if they match, determine that they are legal, that is, they are in a legal use state, or that the user currently using themselves is a legitimate user; otherwise, they are judged to be illegal, that is, they are in an illegal use state, or that The user currently using himself is an illegal user.
  • the present invention can effectively achieve the purpose of the device verifying its legitimacy.
  • the present invention only needs to set and save a key on a device that needs to verify its legitimacy, and save a corresponding pairing key on another device, and perform one time acquisition and save on another device before the device is normally used.
  • the operation of the verification information of the pairing key and the operation of verifying whether the pairing key and the key saved by itself match based on the verification information may be sufficient, and the entire process is very simple and convenient.
  • the code management server can conveniently and effectively control the computer's use on time and place.
  • a key set in the computer and can be permanently stored in the computer for the computer to verify the openness of its special functions, and at the same time, a corresponding pairing key is stored in an information security server;
  • the computer verifies whether the pairing key matches the key saved by the pairing key according to the verification information of the pairing key obtained from the information security server. If the pairing key matches, the computer opens the use of its own special functions, such as allowing a floppy drive, USB port, parallel port, or The serial port is normally used, otherwise the computer is prohibited from using its own special functions. In this way, by controlling the information security server, you can conveniently and effectively control the opening and prohibition of the corresponding special functions of all other computers.
  • the mobile terminal verifies whether the pairing key matches the key saved by the pairing key according to the verification information of the pairing key obtained from the verification device. If the pairing key matches, it indicates that the mobile terminal is used legally, otherwise it indicates that the mobile terminal is illegally used. In this way, for the stolen mobile terminal, by controlling the access of the corresponding pairing key stored by the verification device, the stolen mobile terminal cannot obtain the verification information of the correct pairing key from the verification device.
  • the stolen mobile terminal cannot be verified as being illegally used by itself when it is used, so that the stolen mobile terminal cannot be used normally.
  • the mobile terminal is locked, the location of the mobile terminal is recorded, and the owner is notified according to the communication number stored in the mobile terminal in advance, and the public security agency is reported, so that illegal users can not only use the stolen mobile terminal to make a profit, but also Being caught quickly, thereby effectively eliminating the motive of thieves stealing the mobile terminal, helping the owner to recover the lost mobile terminal as soon as possible, and then fundamentally solving the problem that the mobile terminal is easy to be stolen.
  • the process of setting the key can be automatically and randomly generated by the mobile terminal, and of course, it can also be automatically and randomly generated by the verification device. Therefore, the user does not need to perform complicated input.
  • the mobile terminal automatically performs the above-mentioned legality verification operation when it is used, and does not require the user to perform tedious operations such as entering a power-on password. Therefore, it brings great convenience to the user and makes the present invention More practical.
  • the method of the present invention does not require different communication operators to carry out this anti-theft service at the same time, reduces unnecessary service coordination between communication operators, reduces the operational complexity of the communication operators, and reduces the operation costs of the communication operators.
  • the HLR For communication operators, they can make full use of existing network equipment, such as adding verification device functions to the HLR and saving corresponding pairing keys for mobile terminals to verify their legitimacy, so that mobile terminals can perform verifications from the HLR. Obtain the verification information of the corresponding pairing key.
  • the entire operation process is simple and requires only a small amount of equipment investment by the communication operator, or even an increase in equipment investment.
  • the method according to the present invention basically does not increase the operation complexity of the communication operator, the operation cost is reduced. It has almost no impact, and therefore also makes the method according to the invention easier to be accepted by a communication operator.
  • the present invention can effectively verify the legitimacy of the device, improve the security of the device, and implement the method in a simple and reliable manner.
  • FIG. 1 is an overall flowchart of the present invention. '
  • FIG. 2 is a method flowchart of the first embodiment of the present invention.
  • FIG. 3 is a flowchart of a method according to a second embodiment of the present invention.
  • FIG. 4 is a flowchart of a method according to a third embodiment of the present invention.
  • FIG. 5 is a flowchart of a method according to a fourth embodiment of the present invention.
  • FIG. 6 is a flowchart of a method according to a fifth embodiment of the present invention.
  • FIG. 7 is a flowchart of a method according to a sixth embodiment of the present invention.
  • FIG. 8 is a flowchart of a method according to a seventh embodiment of the present invention.
  • FIG. 9 is a flowchart of a method according to an eighth embodiment of the present invention.
  • FIG. 10 is a method flowchart of a ninth embodiment of the present invention.
  • FIG. 11 is a flowchart of a method according to a tenth embodiment of the present invention.
  • FIG. 12 is a flowchart of a method according to an eleventh embodiment of the present invention.
  • FIG. 13 is a flowchart of a method according to a twelfth embodiment of the present invention.
  • FIG. 14 is a method flowchart of a thirteenth embodiment of the present invention.
  • FIG. 15 is a method flowchart of a fourteenth embodiment of the present invention. Mode of Carrying Out the Invention
  • FIG. 1 shows the overall flowchart of the invention.
  • a first device that needs to verify its legitimacy is set and saved with a key Ka for the first device to verify its legitimacy, and at the same time, a second device that is independent of the first device A corresponding pairing key Kb is stored on the device.
  • step 102 when the first device needs to perform authentication, the first device obtains the authentication information of the corresponding pairing key Kb stored on the second device.
  • step 103 the first device verifies whether the pairing key Kb and the key Ka held by itself match according to the verification information of the corresponding pairing key Kb obtained from the second device. If they match, the first device determines that it is legal in step 104 If they do not match, the first device determines that it is illegal in step 105.
  • the first device determines that it is legal in fact that the first device determines that it is currently using its own The user is legal, that is, the user currently uses himself legally; accordingly, the first device determines that the user is illegal. In fact, the first device judges that the user currently using itself is illegal, that is, the user currently uses himself illegally.
  • the first device may first send a request message to the second device to obtain the verification information of the corresponding pairing key Kb.
  • the second device After receiving the request message from the first device, the second device sends the request message to the first device.
  • a device sends a response message containing the verification information of the corresponding pairing key Kb stored.
  • the first device sends the request message to the second device, either immediately after the first device has a special state, or after a random time or a predetermined time has passed after the first device has a special state.
  • the special state here may be that the first device is started, or that the first device is connected to the second device, or that a period of time for verification of a cycle is reached, and so on.
  • the second device may actively send the saved verification information of the corresponding pairing key Kb to the first device, for example, the second device connects to itself at the first device, or waits for a period of verification When the time point is reached, the saved verification information of the corresponding pairing key Kb is sent to the first device.
  • the key Ka stored in the first device and the corresponding pairing key Kb stored in the second device may be a pair of symmetric keys in a symmetric key mechanism, or may be an asymmetric key (that is, a public key).
  • a pair of public and private keys for the mechanism For the case of using a symmetric key mechanism, the key Ka and the pairing key Kb may be the same or different. If they are different, the pairing key Kb should be able to be derived from the key Ka.
  • the private key of the paired key is generally used as the key Ka
  • the public key of the paired key is used as the paired key Kb.
  • the verification information of the corresponding pairing key Kb is the pairing key Kb itself, that is, the second device directly sends the corresponding pairing key Kb to the first device.
  • the specific process is shown in Figure 2.
  • step 201 a key Ka that is used by the first device to verify its legitimacy is set on the first device that needs to verify its legitimacy, and a corresponding pairing key Kb is stored on another second device.
  • step 202 when authentication is required, the first device sends a request message to the second device to obtain the corresponding pairing key Kb.
  • step 203 after receiving the request message from the first device, the second device sends the corresponding pairing key Kb stored in the second device to the first device in a response message.
  • step 204 the first device verifies whether the corresponding pairing key Kb obtained from the second device and the key Ka held by itself match, and if they match, the first device determines that it is legal in step 205; if it does not match, in step 206 The first device judged itself illegal.
  • step 204 directly determines whether the corresponding pairing key Kb obtained from the second device and the key Ka held by itself are equal to verify whether the two match. If the key Ka and the pairing password Kb are not the same, the pairing key Kb can be simply derived from the key Ka, for example, Kb is the result of an exclusive-OR operation of Ka and a fixed constant. Whether the corresponding pairing key Kb can be derived from the key Ka saved by itself to verify whether the two match; or directly in step 201, establish and save the correspondence between the key Ka and the pairing password Kb on the first device. In step 204, it is directly judged whether the corresponding pairing key Kb obtained from the second device and the key Ka held by itself satisfy the established correspondence relationship to verify whether the two match.
  • the second device directly sends the pairing key Kb to the first device. And we know that the key information is easily leaked during the process of sending the pairing key 3 ⁇ 4) by the second device to the first device, so the security is not high enough.
  • the present invention proposes a second embodiment as shown in FIG. 3.
  • step 301 a key Ka that is used by the first device to verify its legitimacy is set and saved on the first device that needs to verify its legitimacy, and a corresponding pairing key Kb is stored on another second device.
  • step 302 when authentication is required, the first device sends a request message to the second device to obtain authentication information of the corresponding pairing key Kb.
  • step 303 after receiving the request message from the first device, the second device performs calculation according to a corresponding pairing key Kb saved by itself according to a predetermined algorithm, and obtains a calculation result, that is, the corresponding pairing key Kb verify message.
  • step 304 the second device sends the obtained calculation result to the first device through a response message.
  • the first device also performs calculation according to a predetermined algorithm according to the key Ka saved by the first device, and obtains a calculation result.
  • step 306 the first device compares the calculation result received from the second device with the calculation result obtained by itself to verify whether the corresponding pairing key Kb stored by the second device and the key Ka held by itself match, and if they match, in step 307 The first device determines that it is legal; if it does not match, the first device determines that it is illegal in step 308.
  • the predetermined algorithm used by the second device may be any algorithm, and preferably performs digest calculation.
  • the predetermined algorithm used by the first device may be an algorithm corresponding to the predetermined algorithm used by the second device. For example, if the corresponding pairing key Kb stored by the second device is the same as the key Ka held by itself, then the first device and the second device may use the same digest algorithm to perform the matching based on the pairing key Kb and the key Ka, respectively. Digest operation, the obtained operation result information will be the same, that is, the digest calculated according to the pairing key Kb and the key Ka The calculated digests are the same, that is, it can be verified whether the pairing key Kb and the key Ka match by comparing whether the digest results are the same.
  • the algorithm corresponding to the first device should first include simply deriving the pairing key Kb from the key Ka, and then perform the same digest algorithm as the second device's calculation based on the derived pairing key Kb.
  • the present invention proposes a third embodiment as shown in FIG.
  • step 401 a key Ka that is used by the first device to verify its legitimacy is set and saved on the first device that needs to verify its legitimacy, and a corresponding pairing key Kb is stored on another second device.
  • step 402 when the first device needs to perform authentication, it sends a random number to the second device, and requests to obtain authentication information of the corresponding pairing key Kb.
  • the second device calculates according to a corresponding pairing key Kb saved by itself and a random number received from the first device according to a predetermined algorithm, and obtains a calculation result, that is, verification information of the corresponding pairing key Kb.
  • step 404 the second device sends the obtained calculation result to the first device.
  • step 405 the first device performs calculation according to a predetermined algorithm according to a key Ka saved by itself and a random number generated by itself, to obtain a calculation result.
  • the first device compares the calculation result received from the second device with the calculation result obtained by itself to verify whether the corresponding pairing key Kb saved by the second device and the key Ka held by itself match, and if they match, in step 407
  • the first device determines that it is legal; if not, the first device determines that it is illegal.
  • the predetermined algorithm used by the second device may be any algorithm, and preferably performs encryption, decryption, or digest operations, for example, using a key to perform a cryptographic operation on a random number, or according to a key Calculates a summary of the random numbers.
  • the predetermined algorithm used by the first device may be an algorithm corresponding to the predetermined algorithm used by the second device.
  • the second device and the first device may use the same digest algorithm to respectively compare the pairing key Kb and the key Ka with each other.
  • the random number is digested, and the obtained calculation result information will be the same, that is, the digest of the random number calculated according to the pairing key Kb and the digest of the random number calculated according to the key Ka are the same, that is, by comparing whether the digest result is The same can verify whether the pairing key Kb and the key Ka match.
  • the second device may also generate a controllable random number to perform verification. For this reason, a fourth embodiment shown in Fig. 5 is proposed.
  • step 501 a key Ka that is used by the first device to verify its legitimacy is set on the first device that needs to verify its legitimacy, and a corresponding pairing key Kb is stored on another second device.
  • step 502 when authentication is needed, the first device sends a request message to the second device to obtain authentication information of the corresponding pairing key Kb.
  • step 503 the second device generates a controllable random number, and performs calculation according to a corresponding pairing key Kb and the controllable random number saved by itself according to a predetermined algorithm, to obtain a calculation result, that is, a corresponding pairing key Kb Verification information.
  • step 504 the second device sends the obtained calculation result and the generated controllable random number to the first device.
  • step 505 the first device performs calculation according to a predetermined algorithm according to the key Ka saved by itself and the controllable random number received from the second device to obtain a calculation result.
  • step 506 the first device compares the calculation result received from the second device with its own obtained Whether the calculated results match, if they match, execute step 507, and if they do not match, determine in step 510 that they are illegal.
  • step 507 the first device determines whether the controllable random number is acceptable, and if so, determines that it is legal in step 508; otherwise, determines in step 509 that the verification operation has failed.
  • the next verification operation may be performed again, for example, requesting the second device to generate a controllable random number again, or renegotiating a controllable random number generation rule with the second device.
  • the controllable random number generated by the second device starts from a certain number and is generated in increments, and the increment is within a range, such as within 0 to 255, and so on.
  • the controllable random number generated by the second device can be generated by setting a controllable random number occurrence.
  • the controllable random number generator includes a controllable number generator and a random number generator.
  • the controllable number generator can generate a controllable number sequence. Two adjacent numbers in the controllable number sequence satisfy a preset relationship, such as the previous number is greater than or less than the next number, or the latter number is the same as the previous number.
  • the difference satisfies a certain rule, for example, the difference is a constant value, or the difference is a number in a region such as 1 to 256, or the difference itself is an equal difference sequence, and so on.
  • a typical example of a controllable number sequence is a sequence of natural numbers, where the difference between each number and its previous number is a constant one.
  • the second device When the second device generates a random number using a controllable random number generator, first a controllable number is generated by the controllable number generator, and a random number is generated by the random number generator; and then a controllable number and a random number are jointly calculated to obtain a random number.
  • the new random number The joint calculation here can insert each bit of the controllable number into the random number according to a certain rule.
  • the first device determines whether the controllable random number is acceptable by directly determining whether the random number is a controllable random number. For example, after receiving the random number and the calculation result, the first device picks up the controllable number from the random number according to the above-mentioned insertion rule, and compares the controllable number saved by the first device when the previous verification succeeds, that is, the reference number, Determine whether the value and the reference number saved by itself meet the preset rule or relationship of the controllable number sequence, such as whether it is increasing, and the difference is No is between 0 and 255 and so on.
  • the value is determined to be a controllable number, and accordingly, the random number is a controllable random number; otherwise, it is determined that the random number is not a controllable random number.
  • the first device saves the controllable number picked up as a reference number each time the verification is successful, so as to be used as a comparison parameter in the next verification.
  • the stored reference number may be a null value, for example, 0.
  • a controllable random number may not be generated, but a verification sequence number may be further considered when the random numbers are jointly calculated.
  • the first device is a mobile terminal and the second device is an HLR.
  • the verification serial number may be an authentication serial number used for mobile terminal authentication.
  • step 601 a key Ka that is used by the first device to verify its legitimacy is set and saved on the first device that needs to verify its legitimacy, and a corresponding pairing key Kb is stored on another second device.
  • a verification sequence number is stored on both the first device and the second device.
  • a random number is generated by the second device.
  • the random number is generated after receiving a request message from the first device, or the random number is generated in a specific state, such as reaching a predetermined time.
  • step 603 the second device generates a random number and calculates according to a predetermined algorithm according to the corresponding pairing key Kb saved by itself, the random number and the saved verification sequence number, to obtain a calculation result, that is, the corresponding pairing key Kb Verification information.
  • step 604 the second device sends the obtained calculation result, the generated random number, and the saved verification sequence number to the first device.
  • step 605 the first device performs calculation according to a predetermined algorithm according to the key Ka saved by itself and the random number and verification sequence number received from the second device to obtain a calculation result.
  • step 606 the first device compares whether the calculation result received from the second device and the calculation result obtained by itself match, and if they match, execute step 607; if they do not match, in step 610 The first device determines that it is illegal.
  • the first device determines whether the verification serial number is acceptable. If it is, in step 608, the first device determines that it is legal, and uses the verification serial number to update the verification serial number saved by itself. Otherwise, it determines in step 609 The operation fails. At this time, the next verification operation can be performed again, such as requesting to update the verification serial number saved by itself, or initiating an operation to synchronize the verification serial number, so that the verification serial number of the second device is synchronized with the verification serial number of the first device. For example, the verification serial number of the first device is sent to the second device, and the second device updates its own verification serial number according to the verification serial number of the first device, so that the verification serial numbers stored by the two are consistent, thereby ensuring the next time. The first device judges that the verification serial number is acceptable.
  • Step 604 further includes an operation of updating the verification serial number by the second device.
  • the judgment of whether the verification serial number is acceptable here is to determine whether a preset condition is satisfied between the current verification serial number and the verification serial number stored by the first device.
  • the preset condition here is that the difference between the current authentication serial number and the authentication serial number stored by the first device is within a predetermined range. Of course, other conditions are also possible.
  • the first verification device determines that the verification operation fails, or the first device determines that it is illegal.
  • the pairing key Kb and the key Ka generally belong to a pair of symmetric keys. If the pairing key Kb and the key Ka are a pair of asymmetric keys, then Ka can also be stored on the first device as a private key and the pairing key Kb as a public key on the second device.
  • the present invention proposes a sixth embodiment as shown in FIG. 7.
  • step 701 a first device that needs to verify its legitimacy is set up and saves a private key Ka for the first device to verify its legitimacy, and at the same time, a corresponding paired public key Kb is stored on another second device.
  • step 702 when authentication is required, the first device sends a random number to the second device, requesting to obtain authentication information of the corresponding paired public key Kb.
  • step 703 the second device performs a cryptographic calculation on the random number received from the first device according to a corresponding paired public key Kb stored by itself, to obtain a ciphertext of the random number, that is, verification of the corresponding paired public key Kb. information.
  • step 704 the second device sends the obtained ciphertext to the first device.
  • step 705 the first device decrypts the ciphertext obtained from the second device according to the private key Ka saved by itself, and obtains the corresponding plaintext.
  • step 706 the first device compares whether the plaintext obtained by decryption is the same as the random number that it sent to the second device in step 702 to verify whether the corresponding pairing key Kb saved by the second device matches the key Ka saved by itself. If it matches, the first device determines that it is legal in step 707; if it does not match, the first device determines that it is invalid in step 708.
  • a verification switch indicating whether to perform legality verification may be set on the first device.
  • the first device needs to perform verification, first read the value of the verification switch, if the value indicates that the validity is not performed Verification, then the first device directly determines that it is legal without performing the verification step. If the value of the verification switch indicates that verification is required, the first device executes the steps of obtaining verification information from the second device and judging the correctness of the verification information, and determines whether it is legal according to the judgment result.
  • a maintenance management operation password may be further set.
  • a Maintenance management operation password When the user needs to perform maintenance management operations on the key or verification switch of the first device, the first device first prompts the user to enter the maintenance management operation password. If the maintenance management operation password entered by the user is correct, the first device Allow users to perform maintenance management operations; otherwise, the first device does not allow users to perform maintenance management operations.
  • the first device is a mobile terminal
  • the second device is a verification device that stores user information of the mobile terminal.
  • it may be an HLR or an AC.
  • a key Ka is set and saved on the mobile terminal.
  • the key Ka can be any combination of characters with an unlimited number of digits, preferably a digital key of 128 bits or more is used.
  • the key Ka should be able to be permanently stored in the mobile terminal without power, that is, when the mobile terminal is not powered, the key Ka will still be stored in the mobile terminal without being lost.
  • the correspondence between the pairing key Kb of the key Ka and the user information of the mobile terminal user is stored in an authentication device.
  • the user information here may be the number of the mobile terminal, the International Mobile Subscriber Identity (IMSI) information of the user card, the subscription data of the user, or any other information that can identify the user identity of the mobile terminal, such as a user card Electronic serial number ESN, user card or user ID number stored in the mobile terminal, and so on.
  • IMSI International Mobile Subscriber Identity
  • step 803 after connecting to the network, the mobile terminal sends a request message requesting the pairing key Kb of the mobile terminal key Ka to an authentication device such as the HLR.
  • step 804 after receiving the request message from the mobile terminal, the verification device sends the corresponding pairing key Kb corresponding to the current user information of the mobile terminal to the corresponding mobile terminal through the response message.
  • step 805 after receiving the key Kb from the verification device, the mobile terminal verifies whether the pairing key Kb obtained from the verification device and the key Ka held by itself match. If the two match, the mobile terminal determines in step 806 Legal, that is, the current user of the mobile terminal is Legal users, at this time the mobile terminal is allowed to perform any operation. If the two do not match, in step 806
  • the mobile terminal may perform a lock operation at this time to reject the user's business operation, or notify the network to stop serving the mobile terminal, and so on.
  • the mobile terminal can perform processing such as locking the keyboard and stopping responding to the user's operation, so that the user can no longer use the mobile terminal.
  • an alarm message can also be sent to the communication operator through the communication network, and the communication operator reports the public security agency for processing, or directly reports the alarm to the public security agency.
  • the mobile terminal user can also set a communication alarm number on the mobile terminal in advance, such as setting For the communication numbers of relatives and friends, the mobile terminal notifies the owner according to the communication alarm number stored in the mobile terminal in advance by the owner after discovering that the terminal has been used illegally.
  • the mobile terminal can play voice messages such as "You are an illegal user" to attract the attention of the illegal users.
  • a predetermined calculation such as a digest operation may be performed on the key to perform corresponding matching verification.
  • a random number can be further generated like the third embodiment, and the random number and the key are used for joint calculation to perform corresponding matching verification.
  • a controllable random number can be generated and further judged whether the controllable random number is acceptable.
  • the verification serial number can be saved and further judged whether the verification serial number is acceptable.
  • a private key may be stored in the mobile terminal, and the corresponding relationship between the paired public key of the private key stored in the corresponding authentication device and the user information of the user of the mobile terminal.
  • the mobile terminal sends a random number to the verification device.
  • the verification device obtains the corresponding paired public key according to the mobile terminal user information, uses the public key to encrypt the random number, and sends the obtained ciphertext to the mobile
  • the terminal the mobile terminal decrypts the ciphertext according to the private key saved by itself to obtain a plaintext of a random number, and then determines whether the plaintext is the same as the random number sent to the verification device by itself. Whether the saved private key and the public key corresponding to the current user information of the mobile terminal stored by the verification device match to determine the legality status of the mobile terminal. That is, in the seventh embodiment, any one of the calculation modes in the first to sixth embodiments can be combined.
  • the first device is a mobile terminal and the second device is a short message forwarding device.
  • the short message forwarding device here may be a short message center.
  • step 901 a special short message communication number is set in advance.
  • step 902 a key Ka is set and saved in the mobile terminal.
  • step 903 the correspondence between the user information and the pairing key Kb of the key Ka set in the mobile terminal is added in the short message forwarding device.
  • step 904 the mobile terminal sends a short message of the pairing key Kb requesting the mobile terminal key Ka by using the special short message communication number as the called number after connecting to the network.
  • step 905 the short message forwarding device is receiving After receiving the short message from the mobile terminal, it is determined that the short message is a short message for which the mobile terminal requests a key according to the destination number of the short message as a special short message communication number.
  • step 906 the short message forwarding device obtains a corresponding pairing key Kb corresponding to the user of the mobile terminal according to the mobile terminal number or IMSI information carried in the short message.
  • step 907 the short message forwarding device sends a short message to the mobile terminal, and the calling number of the short message is the aforementioned special short message communication number, and the short message carries the information obtained by the short message forwarding device.
  • the corresponding pairing key Kb The corresponding pairing key Kb.
  • step 908 after receiving the short message whose calling number is the special short message communication number, the mobile terminal extracts the corresponding pairing key Kb obtained by the short message forwarding device from the short message.
  • step 909 the mobile terminal compares whether the corresponding pairing key Kb obtained from the short message forwarding device matches the key Ka stored by itself, and if the two match, in step 910 The mobile terminal determines that it is legal, that is, indicates that the current user of the mobile terminal is a legitimate user. At this time, the mobile terminal allows any operation. If the two do not match, the mobile terminal determines that it is illegal in step 911, that is, it indicates that the mobile terminal is current. The user is an illegal user.
  • the request message sent by the mobile terminal to the verification device and the response message returned by the verification device to the mobile terminal are both sent through a short message.
  • the first device is a mobile terminal
  • the second device is a short message sending and receiving device.
  • the short message sending and receiving device here may be a second mobile terminal or a short message sending and receiving device. Short message server.
  • step 1001 a short message communication signal code is set for the short message transmitting and receiving device required for verification.
  • step 1002 a key Ka is set and saved in the mobile terminal.
  • step 1003 the correspondence between the user information and the pairing key Kb of the key Ka set in the mobile terminal is added in the short message transceiver.
  • step 1004 after the mobile terminal is connected to the network, the mobile terminal sends a short message to the short message sending and receiving device requesting the pairing key Kb of the mobile terminal key Ka through the short message communication number.
  • step 1005 after receiving the short message from the mobile terminal, the short message transmitting and receiving device obtains a corresponding pairing key Kb corresponding to the mobile terminal user according to the mobile terminal number or IMSI information carried in the short message.
  • step 1006 the short message sending and receiving device sends a short message to the mobile terminal, and the short message carries the corresponding pairing key Kb obtained by the short message sending and receiving device.
  • step 1007 after the mobile terminal receives the short message whose calling number is the short message communication number of the short messaging device, the mobile terminal extracts the corresponding matching key Kb obtained by the short messaging device.
  • step 1008 the mobile terminal compares the corresponding pairing secrets obtained from the short messaging device. Whether the key Kb matches the key Ka stored by the user. If the two match, the mobile terminal determines that it is legal in step 1009, that is, it indicates that the current user of the mobile terminal is a legitimate user. At this time, the mobile terminal is allowed to perform any operation. If they do not match, the mobile terminal determines that it is illegal in step 1010, that is, it indicates that the current user of the mobile terminal is an illegal user.
  • a short message center serving as a short message forwarding device, it may directly receive a short message from a mobile terminal and send a short message to the mobile terminal.
  • a short message server or another second mobile terminal the short message interaction between the mobile terminal and the short message server, or the short message interaction between the mobile terminal and the second mobile terminal needs to be forwarded by the short message center.
  • the short message sending and receiving device When the second device is a short message sending and receiving device, the short message sending and receiving device is often not specifically used to respond to the authentication request of the mobile terminal. These short message sending and receiving devices may also process some short messages for other purposes. The short message sending / receiving device needs to distinguish the short message used for verifying the request. At this time, a verification operation code may be added to the short message sent by the mobile terminal to the short message sending and receiving device to verify the request to distinguish that the short message is a short message used to verify the request, so that the short message sending and receiving device can distinguish and process.
  • the short message sending and receiving device should also add a verification operation code to the short message of the verification request returned to the mobile terminal to distinguish that the short message is the short message of the verification request, so that the mobile terminal can Distinguish.
  • the verification operation code here may be identified by adding a specific content to the beginning of the short message.
  • the short message forwarding device and the short message transmitting and receiving device herein may be collectively referred to as a short message device.
  • the first device is a mobile terminal and the verification device is an unstructured supplementary service data (USSD) center (UC).
  • USSD unstructured supplementary service data
  • step 1101 a key Ka is set and saved in the mobile terminal.
  • step 1102 the correspondence between the user information and the pairing key Kb of the key Ka set in the mobile terminal is added in the UC.
  • step 1103 after connecting to the network, the mobile terminal sends a request message for the pairing key Kb of the mobile terminal key Ka to the UC through a USSD command.
  • step 1104 after receiving the request message from the mobile terminal, the UC obtains the corresponding pairing key Kb corresponding to the user of the mobile terminal according to the user information carried in the request message.
  • step 1105 the UC sends the obtained corresponding pairing key b to the mobile terminal through a USSD command.
  • step 1106 the mobile terminal compares whether the corresponding pairing key Kb obtained from the UC matches the key Ka held by itself. If the two match, the mobile terminal determines that it is legal, that is, it indicates the current user of the mobile terminal. It is a legal user. At this time, the mobile terminal is allowed to perform any operation. If the two do not match, the mobile terminal determines that it is illegal in step 908, that is, it indicates that the current user of the mobile terminal is an illegal user.
  • the second device is a second mobile terminal
  • the mobile terminal when the mobile terminal sends an authentication request to the second mobile terminal, it is not through a short message, but through a user.
  • the response message may also be transmitted not through the short message but through the UUS.
  • the second mobile terminal may not perform the operation of saving the correspondence between the user information and the corresponding pairing key Kb, and It is sufficient to directly save the pairing key Kb of the key Ka of the mobile terminal as the first device, because the second mobile terminal may store a limited number of pairs of the key Ka of the mobile terminal as the first device Key Kb.
  • the second mobile terminal after the second mobile terminal receives the verification request, it can send all the saved pairing keys Kb to the mobile terminal that needs to be verified, and the mobile terminal that needs to be verified determines whether there is a
  • the pairing key Kb of the two mobile terminals matches the key Ka held by themselves. Now, the inspection passes, otherwise the insurance card fails.
  • the correspondence between the user information of the mobile terminal user and the corresponding pairing key Kb is stored in the authentication device.
  • the identification information of the mobile terminal may be used to replace the user information of the mobile terminal user stored in the correspondence relationship described in the verification device as the second device.
  • the user information of the mobile terminal and the identification information of the mobile terminal herein may be collectively referred to as mobile terminal related information.
  • the correspondence between the identification information of the mobile terminal and the corresponding pairing key Kb is saved in the blepharoplasty device.
  • the first device is a mobile terminal
  • the second device is a verification device that stores identification information of the mobile terminal.
  • it may be an HLR or an AC.
  • a key Ka is set and saved on the mobile terminal.
  • the key Ka can be any combination of characters with an unlimited number of digits, preferably a digital key of 128 bits or more is used.
  • the key Ka should be able to be permanently stored in the mobile terminal without power, that is, if the mobile terminal is not powered, the key Ka will still be stored in the mobile terminal without being lost.
  • a correspondence between the pairing key Kb of the key Ka and the identification information of the mobile terminal is stored in an authentication device.
  • the identification information here may be the identification of the mobile terminal.
  • GSM Global System for Mobile communications
  • IMEI IMEI
  • CDMA Code Division Multiple Access
  • ESN ESN
  • step 1203 after connecting to the network, the mobile terminal sends to the verification device such as the HLR a request message requesting the pairing key Kb of the mobile terminal key Ka, and the request information carries identification information of the mobile terminal.
  • the verification device such as the HLR a request message requesting the pairing key Kb of the mobile terminal key Ka
  • the request information carries identification information of the mobile terminal.
  • step 1204 after receiving the request information from the mobile terminal, the verification device obtains the corresponding pairing key Kb according to the identification information of the mobile terminal, and sends the pairing key Kb to the corresponding mobile terminal.
  • step 1205 after receiving the key Kb from the verification device, the mobile terminal verifies Whether the pairing key Kb obtained from the verification device and the key Ka held by it match, and if they match, it is determined in step 1206 that the mobile terminal is legal, that is, the current user of the mobile terminal is a legitimate user, and the mobile terminal is allowed to perform In any operation, if the two do not match, it is determined in step 1207 that the mobile terminal is illegal, that is, the current user of the mobile terminal is an illegal user.
  • an identifier may be further set for a correspondence relationship between the pairing key stored in the verification device and related information of the mobile terminal, and for a lost mobile terminal, the identifier is set as that the mobile terminal is lost.
  • the verification device determines the pairing key it further includes: determining whether the identifier indicates that the mobile terminal has been lost, and if so, acquiring contract information of the mobile terminal user, thereby determining information of the current user who illegally uses the mobile terminal, to help find The whereabouts of the stolen mobile terminal; otherwise, it is processed according to the normal process, that is, the step of determining the pairing key and the subsequent steps are performed.
  • the identification effect can also be determined after the pairing key is determined, and the same effect can be achieved.
  • the user information of the mobile terminal user stored in the correspondence relationship in the verification device as the second device is replaced with the identification information of the mobile terminal, and
  • the verification device sends the verification request message, it carries the identification information of the mobile terminal. Accordingly, the verification device obtains the corresponding pairing key Kb according to the mobile terminal identification information carried in the request message.
  • the first device is a mobile terminal
  • the second device is a user card inserted in the mobile terminal.
  • step 1301 a key Ka is set and saved on the mobile terminal, and a pairing key Kb of the key Ka is set and saved on the user card.
  • step 1302 the mobile terminal sends a request message to the user card requesting authentication information of the pairing key Kb.
  • step 1303 after receiving the request message from the mobile terminal, the user card sends the verification information of the pairing key Kb to the mobile terminal.
  • step 1304 the mobile terminal verifies whether the verification information of the pairing key Kb obtained from the user card and the verification information of the key Ka held by itself match. If the two match, it is determined in step 1305 that the mobile terminal is legal, that is, the mobile terminal The current user is a legal user. At this time, the mobile terminal is allowed to perform any operation. If the two do not match, it is determined in step 1306 that the mobile terminal is illegal, that is, the current user of the mobile terminal is an illegal user.
  • an electronic key used with a mobile terminal can be used instead of a user card, and the same effect can be achieved.
  • the verification information of the pairing key can be the pairing key itself as in the first embodiment.
  • the key can be subjected to a predetermined calculation such as a digest operation as in the second embodiment to perform corresponding matching verification.
  • a random number can be further generated like the third embodiment, and the random number and the key are used for joint calculation to perform corresponding matching verification.
  • a controllable random number is generated and it is further judged whether the controllable random number is acceptable.
  • a private key is stored in the mobile terminal, and a paired public key of the private key is stored in the user card.
  • a random number is sent to the user card through the mobile terminal, the user card uses the paired public key to encrypt the random number, and sends the obtained ciphertext to the mobile terminal, and the mobile terminal decrypts it according to the private key saved by it
  • the ciphertext obtains the plaintext of the random number, and then compares the plaintext and the random number sent to the user card to determine whether the private key saved by the user and the public key saved by the user card match to determine the validity of the mobile terminal. status. That is, in the twelfth embodiment, any one of the calculation modes in the first to sixth embodiments can be combined.
  • the correspondence may be saved in the verification device first.
  • the pairing key Kb corresponding to the key Ka and Ka of the mobile terminal may be generated by the mobile terminal, and the key Ka is stored in the mobile terminal, and the pairing key Kb is sent to the verification device and saved by the verification device; or corresponding to the mobile
  • the key Ka of the terminal and the pairing key Kb of Ka are generated by the verification device, and the pairing key Kb is stored in the verification device, and the key Ka is sent to the corresponding mobile terminal for storage by the mobile terminal.
  • pairing key Kb There are two ways to send the pairing key Kb from a mobile terminal to an authentication device such as HLR and AC.
  • One way is to call a special number first, and then append the above information to be sent to the verification device. For example, suppose the pairing key Kb is 5134356, call a special number first 17999, and then add the pairing key Kb5134356 after 17999, that is, call 179995134356. In this way, the verification device will extract the pairing key Kb5134356 according to the previous agreement.
  • the second method is implemented by adding a supplementary service command operation code to the verification device.
  • the SetK operation code for setting the key is used to set the pairing key Kb of the mobile terminal password Ka in the verification device
  • the GetK command is used to obtain the pairing key Kb of the mobile terminal key Ka from the verification device.
  • SetK can be completed by setting a call forwarding command, for example, setting the prefix of the destination number of the call forwarding to a special prefix, and appending the pairing password Kb to be set after the prefix.
  • GetK can be completed by querying the call transfer status command.
  • the number prefix of the call transfer destination number returned by the HLR to the mobile terminal is a special number prefix
  • the pairing password Kb obtained by the query is appended to the number prefix.
  • the pairing key Kb can also be transmitted by other methods.
  • the key Ka and the pairing key Kb generated by the mobile terminal can be generated automatically or manually.
  • automatic generation if the user selects the legality verification operation through the menu of the mobile terminal to execute the legality verification function setting, the mobile terminal judges whether the key Ka saved by it is empty, and if it is empty, the mobile terminal automatically randomly Generate and save the key Ka and the pairing key Kb.
  • the mobile terminal only needs to generate one, and then save the key Ka, and automatically send the pairing key Kb to the verification device, for example, by using a SetK operation code.
  • the verification device After the verification device obtains the pairing key Kb sent by the mobile terminal, it establishes a correspondence between the pairing key Kb and the current user information or mobile terminal identification information of the mobile terminal. If it is generated manually, the mobile terminal will require the user to input the key Ka and the pairing key Kb by himself, save the information entered by the user (or save only the key Ka) after the user inputs, and send the pairing key Kb to the verification device in. In the automatic mode, the mobile terminal can display the randomly generated key to the user. When the mobile terminal executes the setting of the validity verification function, if it finds that the key Ka held by it is not empty, the mobile terminal directly obtains the pairing key Kb according to the key Ka, and sends the pairing key Kb to the verification device. Save it. Obtaining the pairing key Kb according to the key Ka may be deriving the pairing key Kb according to the key Ka, or querying the pairing key Kb according to the key Ka, and so on.
  • the mobile terminal user can set, view, change and clear the key Ka and the pairing key Kb, and at the same time, synchronize the setting or change result of the pairing key Kb to the verification device, and the verification device will modify the corresponding saved original
  • the correspondence between the user information of the mobile terminal user and the pairing key Kb is modified by the verification device, and the correspondence between the corresponding identification information of the corresponding mobile terminal and the pairing key Kb is stored.
  • the mobile terminal performs the above verification operation only when the verification switch is turned on; otherwise, the mobile terminal directly judges that it is being used legally.
  • the user of the mobile terminal can perform the operations of closing and opening the authentication switch.
  • the maintenance operation password can be set on the mobile terminal to restrict the setting, viewing, changing, and clearing of the key information, as well as setting the verification switch and checking the status of the verification switch.
  • the setting operations include opening and closing. When a user needs to view key information and other maintenance operations, he must enter the password. The mobile terminal determines whether the password is correct. If the password is allowed to be viewed correctly, the user is not allowed to view it. In this way, it is possible to further prevent thieves from obtaining key information set by the user in the mobile terminal, thereby being convenient for the user without losing the anti-theft effect.
  • the mobile terminal should be able to enable the user to perform maintenance operations on the mobile terminal without being connected to the mobile network. For example, if the user fails to pass the authentication of the mobile terminal 3 due to card replacement, the mobile terminal may prompt the user to actively close the verification switch or reset the key Ka.
  • the key Ka in the mobile terminal may be stored on a chip separately set in the mobile terminal, and the chip may be referred to as a legality verification chip.
  • the operation of the mobile terminal to determine whether the key Ka stored in the mobile terminal and the corresponding pairing key Kb stored in the verification device match can be performed by the validity verification chip.
  • the first device is a mobile terminal and the second device is a verification device
  • the second device is a verification device
  • the mobile terminal sets the validity verification function, whether the user replaces the user card or the number, and the corresponding pairing key Kb corresponding to the user information of the user of the corresponding verification device has not changed, that is, it is still stored with the mobile terminal. If the key Ka matches, the mobile terminal can still pass the verification operation of the present invention even after the user card is replaced.
  • the mobile terminal cannot pass the verification operation of the present invention. Therefore, for a stolen mobile terminal, since the pairing key Kb corresponding to the user information of the thief cannot match the key Ka of the stolen mobile terminal, the thief will not be able to use the mobile terminal normally.
  • the mobile terminal adds a legality verification function, while improving the security of the user's mobile terminal, it will not bring troubles in use and maintenance to the legal user.
  • the mobile terminal replaces the user card Later, if the mobile terminal can still access the corresponding authentication device, for example, the authentication device is jointly constructed by different operators, or users of different operators are allowed to access the authentication device to each other, then the mobile terminal can still be used normally.
  • the authentication device is owned by a device operator and only users of the operator's network are allowed to access the authentication device, after the mobile terminal has replaced the user card, if the user card is the user card of the operator's network, the mobile device The use of the terminal is not affected; if the user card is not the user card of the operator's network, the mobile terminal cannot pass the verification because it cannot access the corresponding insurance equipment, so that the mobile terminal cannot be used normally. In this way, it can effectively prevent The occurrence of illegal network hopping.
  • the user's mobile terminal is stolen, the user can request the operator to delete the correspondence between the identification information of the mobile terminal and the corresponding pairing key Kb stored in the verification device by virtue of his own identity certificate. Since the stolen mobile terminal cannot obtain the corresponding pairing key Kb required for the mobile terminal for verification when the thief uses it again, the thief will not be able to use the mobile terminal normally, thus achieving the anti-theft effect.
  • the mobile terminal mentioned in the present invention may be a mobile phone, a personal digital assistant (PDA), a portable computer or a personal computer (PC), etc., as long as they can directly or indirectly connect to a verification device on a corresponding communication network, the present invention can be applied. Invented to verify the legality of equipment use.
  • PDA personal digital assistant
  • PC personal computer
  • the invention proposes a thirteenth embodiment as shown in FIG. 14.
  • the first device is a computer device
  • the second device is a password management server.
  • a normal use password is stored in the computer device.
  • step 1402 a correspondence between a managed computer device and a corresponding normal use password is stored in the password server.
  • step 1403 when the normal use password needs to be input after the computer device is turned on, a request message for the normal use password is sent to the password management server.
  • step 1404 if the password management server confirms that the computer device can be powered on, it sends a corresponding normal use password to the computer device; otherwise, it sends a computer device failure message or a wrong normal use password to the computer device.
  • step 1405 the computer device compares whether the normal use password obtained from the password management server is consistent with the normal use password saved by itself. If they are the same, it is determined in step 1406 that they are legal and allowed to enter the normal use state; otherwise, it is determined in step 1407 that they are illegal and prohibited to enter the normal use state, or directly shut down, so that the employee cannot use the computer equipment.
  • the computer device will not receive the power-on password information from the password management server, and the comparison in step 1405 will inevitably Failed to start normally.
  • the company can restrict employees to use the company's computer equipment during non-working hours by turning on and off the password management server separately during working hours and non-working hours.
  • the present invention proposes a fourteenth embodiment as shown in FIG.
  • step 1501 a key Ka is set and saved in the computer for the computer to verify the legitimacy of its special function opening.
  • step 1502 at the same time, a corresponding pairing key Kb of the computer is stored in an information security server.
  • step 1503 when the computer performs special functions as required, for example, a floppy drive is needed, or data needs to be written to the computer through a USB port, etc., the insurance key information of the matching key Kb is obtained from the information security server.
  • step 1504 the information security server obtains the corresponding pairing key Kb according to the information of the requesting computer, and sends the obtained verification information of the pairing key Kb to the computer.
  • step 1505 after receiving the verification information of the pairing key Kb returned by the information security server, the computer determines whether the pairing key Kb and the key Ka held by it match based on the verification information. If they match, in step 1506, The computer opens the use of its own special functions, such as allowing the floppy drive, USB port, parallel port or serial port to be used normally; otherwise, in step 1507, the computer prohibits the use of its own special functions.
  • the key Kb may be the same as the key Ka
  • the verification information of the key Kb may be the key Kb itself.
  • step 1505 it is determined whether the pairing key Kb and the key Ka saved by the key Kb match to determine whether Kb is Same as Ka. ⁇
  • a predetermined calculation such as a digest operation may be performed on the key to perform corresponding matching verification as in the second embodiment, or a random number may be further generated as in the third embodiment. And use the random number and key for joint calculation to perform corresponding matching verification.
  • a controllable random number may be further generated and it is determined whether the controllable random number is acceptable.
  • a private key is stored in a computer, the corresponding relationship between the paired public key of the private key stored in the corresponding information security server and the computer information, and a computer is sent to the information security server through the computer.
  • the information security server obtains a corresponding paired public key according to the computer information, encrypts the random number with the public key, and sends the obtained ciphertext to the computer, and the computer decrypts the ciphertext according to the private key saved by the computer Plain text of random numbers, then By comparing whether the plaintext and the random number sent to the information security server are the same, it can be judged whether the private key saved by itself and the public key corresponding to the computer saved by the information security server match, and then whether the computer allows the corresponding special function use.
  • the first device in a case where the first device cannot obtain the verification information of the corresponding pairing key Kb from the second device, that is, the pairing key Kb of the key Ka does not exist on the second device, the first device will directly determine that it is illegal .
  • the correspondence between the user information of the mobile terminal user and the corresponding pairing key Kb, the correspondence between the identification information of the mobile terminal and the corresponding pairing key Kb, and the personality of the mobile terminal are stored in the verification device.
  • the correspondence between the information and the corresponding pairing key Kb, the correspondence between the computer and the corresponding pairing password Kb, and the correspondence between the computer and the corresponding pairing key Kb are actually the user information of the mobile terminal user, the mobile terminal's
  • the identification information, the personalized information of the mobile terminal, and the computer information such as the computer equipment identification are used as the name of an account, and the pairing key Kb is used as the key of the account.
  • the first device when it performs verification, it obtains the verification information of the corresponding pairing key Kb from the corresponding verification device according to the corresponding account name, and verifies the corresponding pairing key Kb stored in the second device according to the verification information. Whether it matches the key Ka saved by you. Therefore, the implementation methods such as the account name and key Ka set for authentication that are extended from this clearly fall within the protection scope of the present invention.
  • the mobile terminal related information may be user information of the mobile terminal, and the user information is one or any combination of mobile terminal number information, international mobile subscriber identity IMSI information, or user subscription data.
  • the above mobile terminal related information may be mobile terminal user card related information, and the user card related information is one of personal identification information set in the user card, international mobile subscriber identity IMSI information, and electronic serial number ESN of the user card, or random combination.
  • the above mobile terminal related information may be mobile terminal identification information, and the mobile terminal identification information is international mobile equipment identification IMEI information or personal identification information set in the mobile terminal.
  • the present invention can preset a prescribed verification operation response time. If the first device does not complete a verification operation within the prescribed verification operation response time, the first device may directly determine that it is illegal, or may determine that the verification operation failed and Repeat the next verification operation. If the next verification operation is successful, it may be determined that the first device is legitimate.
  • a verification operation end time may be specified. If the first device fails to pass the verification within the prescribed verification operation end time, it will directly determine that it is illegal. Or you can specify a permitted number of verification operations. If the first device fails to pass the verification within the specified number of allowed verification operations, it will directly determine that it is illegal.
  • the second device exists independently of the first device, that is, the second device does not depend on the first device, and if there is no first device, the second device can operate normally. In other words, the operations of the first device and the second device are independent of each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'authentification de l'auto-validité d'un dispositif. Ce procédé comporte au moins les étapes suivantes : un premier dispositif enregistre une clé nécessaire à l'authentification de l'auto-validité ; et enregistre dans un deuxième dispositif une clé d'appariement correspondant à ladite clé. Puis le premier dispositif obtient les données d'authentification correspondant à la clé d'appariement stockées dans le deuxième dispositif. Le premier dispositif évalue si la clé enregistrée dans le premier dispositif coïncide avec la clé d'appariement enregistrée dans le deuxième dispositif selon les données d'authentification obtenues du deuxième dispositif. Si elle coïncide, le premier dispositif s'auto-évalue valide. Sinon, il s'auto-évalue invalide. L'invention permet d'authentifier efficacement l'auto-validité du dispositif et cela facilement.
PCT/CN2004/001325 2003-11-21 2004-11-22 Procede d'authentification de l'auto-validite d'un dispositif WO2005050910A1 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
CN200310116767.2 2003-11-21
CNB2003101167668A CN100362880C (zh) 2003-11-21 2003-11-21 一种移动终端用户合法性的验证方法
CNB2003101167672A CN100388835C (zh) 2003-11-21 2003-11-21 一种验证移动终端用户合法性的方法
CN200310116766.8 2003-11-21
CN200410032708.1 2004-04-13
CN 200410032708 CN1684411B (zh) 2004-04-13 2004-04-13 一种验证移动终端用户合法性的方法
CN200410036742.6 2004-04-29
CN 200410036742 CN1691578A (zh) 2004-04-29 2004-04-29 一种设备验证自身合法性的方法

Publications (1)

Publication Number Publication Date
WO2005050910A1 true WO2005050910A1 (fr) 2005-06-02

Family

ID=34623827

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2004/001325 WO2005050910A1 (fr) 2003-11-21 2004-11-22 Procede d'authentification de l'auto-validite d'un dispositif

Country Status (1)

Country Link
WO (1) WO2005050910A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10608819B1 (en) 2019-09-24 2020-03-31 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel
US10656854B1 (en) 2019-10-22 2020-05-19 Apricorn Method and portable storage device with internal controller that can self-verify the device and self-convert the device from current mode to renewed mode without communicating with host
CN114978704A (zh) * 2022-05-24 2022-08-30 北京天融信网络安全技术有限公司 基于服务器的密码修改方法及服务器

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1338841A (zh) * 2000-08-11 2002-03-06 海南格方网络安全有限公司 计算机安全认证智能密钥
US20020144118A1 (en) * 2001-04-02 2002-10-03 Toshihiro Maruyama Authentication method in an agent system
US20030163701A1 (en) * 2002-02-27 2003-08-28 Hitachi, Inc. Method and apparatus for public key cryptosystem

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1338841A (zh) * 2000-08-11 2002-03-06 海南格方网络安全有限公司 计算机安全认证智能密钥
US20020144118A1 (en) * 2001-04-02 2002-10-03 Toshihiro Maruyama Authentication method in an agent system
US20030163701A1 (en) * 2002-02-27 2003-08-28 Hitachi, Inc. Method and apparatus for public key cryptosystem

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10608819B1 (en) 2019-09-24 2020-03-31 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel
US11310048B2 (en) 2019-09-24 2022-04-19 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption keys(s) via side channel
US10656854B1 (en) 2019-10-22 2020-05-19 Apricorn Method and portable storage device with internal controller that can self-verify the device and self-convert the device from current mode to renewed mode without communicating with host
CN114978704A (zh) * 2022-05-24 2022-08-30 北京天融信网络安全技术有限公司 基于服务器的密码修改方法及服务器
CN114978704B (zh) * 2022-05-24 2023-07-04 北京天融信网络安全技术有限公司 基于服务器的密码修改方法及服务器

Similar Documents

Publication Publication Date Title
US10614199B2 (en) Online account access control by mobile device
JP4866863B2 (ja) セキュリティコード生成方法及びユーザ装置
KR101117314B1 (ko) 휴대용 원격통신 장치
US20160323272A1 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
US8184811B1 (en) Mobile telephony content protection
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
US20080005577A1 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
CN108615154B (zh) 一种基于硬件加密保护的区块链数字签名系统及使用流程
WO2009155813A1 (fr) Procédé pour stocker des données chiffrées dans un client et système associé
JP2004326796A (ja) 高度機密保護機能を要求するアプリケーションを実行する方法における、端末とアプリケーションとの安全確保の方法、通信端末、識別モジュール
CN103793960A (zh) 用于移动钥匙服务的方法
CN107864124B (zh) 一种终端信息安全保护方法、终端及蓝牙锁
CN100353787C (zh) 一种移动终端内存储的资料信息的安全保障方法
CN107492161A (zh) 一种基于时间的动态令牌及低功耗蓝牙技术的锁管理方案
CN101272616A (zh) 一种无线城域网的安全接入方法
US20130097427A1 (en) Soft-Token Authentication System
CN110719203A (zh) 智能家居设备的操作控制方法、装置、设备及存储介质
CN104868998A (zh) 一种向电子设备供应加密数据的系统、设备和方法
CN112765626A (zh) 基于托管密钥授权签名方法、装置、系统及存储介质
KR101281099B1 (ko) 스마트폰 분실 및 도난의 피해 방지를 위한 인증방법
WO2013182103A2 (fr) Terminal de chiffrement et déchiffrement et procédé de chiffrement déchiffrement appliqué à celui-ci
CN101262669B (zh) 一种移动终端内存储的资料信息的安全保障方法
JP2005275467A (ja) バックアップ装置、被バックアップ装置、バックアップ媒介装置、バックアップシステム、バックアップ方法、データ復元方法、プログラム及び記録媒体
WO2006026925A1 (fr) Procede d'etablissement de la cle d'authentification
CN1705263B (zh) 移动终端用户的合法性验证方法及其移动终端

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase