WO2011153730A1 - 一种实现锁网锁卡的方法及移动终端 - Google Patents

一种实现锁网锁卡的方法及移动终端 Download PDF

Info

Publication number
WO2011153730A1
WO2011153730A1 PCT/CN2010/076053 CN2010076053W WO2011153730A1 WO 2011153730 A1 WO2011153730 A1 WO 2011153730A1 CN 2010076053 W CN2010076053 W CN 2010076053W WO 2011153730 A1 WO2011153730 A1 WO 2011153730A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
cpld
sensitive data
storage area
otp
Prior art date
Application number
PCT/CN2010/076053
Other languages
English (en)
French (fr)
Inventor
赵雷
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011153730A1 publication Critical patent/WO2011153730A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to a lock network lock card technology in the field of mobile terminals, and in particular, to a method and a mobile terminal for implementing a lock network lock card. Background technique
  • the lock network lock card refers to that the mobile terminal can only use the fixed communication carrier's network and the Subscriber Identity Module (SIM), and the lock network lock card technology is widely applied to the mobile terminal customized by the communication carrier. In this way, the communication carrier can control that the mobile terminal can only support the SIM card issued by itself.
  • SIM Subscriber Identity Module
  • CDMA code division multiple access
  • the mobile terminal of the Code Division Multiple Access is also the Global System for Mobile Communications (GSM).
  • GSM Global System for Mobile Communications
  • EPROM erasable programmable read-only memories
  • 200710087431.6 the invention whose name is a mobile terminal security lock network lock card protection and unlocking method based on asymmetric algorithm proposes a method for implementing a lock network lock card on a mobile terminal, after the personal computer receives the lock network lock card parameter , using the asymmetric private key pair lock network lock card parameters and the lock Abstract encryption of the network lock card parameters, and stored in the mobile terminal together with the assigned asymmetric public key
  • the disadvantage of storing sensitive data on the EPROM or FLASH memory of the mobile terminal is that they are all storage units for the read and write operation timings.
  • the sensitive data is stored on it and is easily destroyed or read and written and rewritten. If the sensitive data is destroyed or rewritten, the security performance of the lock network lock card will be reduced, that is, the mobile terminal of the lock network lock card is easily cracked, and eventually brings direct economic loss to the communication carrier. Summary of the invention
  • the main object of the present invention is to provide a method for implementing a lock network lock card and a mobile terminal, and to improve the security of the mobile terminal of the lock network lock card.
  • the present invention provides a method for implementing a lock network lock card, including:
  • OTP one-time programmable
  • CPLD Complex Programmable Logic Devices
  • the mobile terminal After the mobile terminal is turned on, when it is determined that the CPLD exists, the sensitive data of the OTP storage area is read and the sensitive data is verified, and when the sensitive data passes the verification, the mobile terminal is allowed to be used.
  • the method further includes: when it is determined that the CPLD does not exist, the mobile terminal is not allowed to be used, and the mobile terminal is turned off;
  • the method further includes: when the sensitive data fails to pass the verification, the mobile terminal is not allowed to be used, and the mobile terminal is closed.
  • the determining whether the CPLD exists is:
  • the driving layer of the mobile terminal According to the voltage value of the pin connected to the CPLD measured by the driving layer of the mobile terminal, or whether the driving layer acquires the IP number of the CPLD, or whether the chip receives the handshake of the CPLD in the cycle.
  • Message feedback determining whether the CPLD exists; when the voltage value is not zero, or When the IP number is obtained, or when the feedback of the handshake message is received, it is determined that the CPLD exists; otherwise, it is determined that the CPLD does not exist.
  • the method before the storing the sensitive data in the OTP storage area of the CPLD, the method further includes: setting the CPLD on the mobile terminal.
  • the setting the CPLD on the mobile terminal is:
  • the schematic diagram of the motherboard of the mobile terminal is analyzed, and the CPLD is added to the motherboard according to the sleeve of the mobile terminal, and the CPLD is connected to the sleeve through the bidirectional link.
  • the storing the sensitive data in the OTP storage area of the CPLD is: the driving layer of the mobile terminal sends the OTP dedicated timing to the data bus of the OTP storage area, and then sends the sensitive data to be stored, and the OTP storage area is based on the secondary data. Sensitive data is obtained on the bus, and the sensitive data is stored according to an OTP dedicated timing; the sensitive data is encapsulated by a function.
  • the sensitive data of the read OTP storage area is:
  • the driver layer of the mobile terminal's driver layer directly calls the function to drive the CPLD. This function reads the sensitive data of the OTP memory area through the data line of the chipset and the CPLD.
  • the verifying the sensitive data is:
  • the mobile terminal's chip uses the pre-stored decryption function to decrypt the read sensitive data, and judges whether the decrypted sensitive data is consistent with the pre-stored sensitive data. If it is consistent, it passes the check. If it is inconsistent, the check fails. .
  • the present invention also provides a mobile terminal for implementing a lock network lock card, comprising: a CPLD and a sleeve; wherein
  • the mobile terminal After the mobile terminal is opened, when the presence of the CPLD is determined, the sensitive data of the OTP storage area is read and the sensitive data is verified. When the sensitive data passes the verification, the mobile terminal is allowed to be used.
  • the sensitive data passes the verification, the mobile terminal is allowed to be used.
  • the sleeve is also used to determine whether the CPLD exists. When it is determined that the CPLD does not exist, the mobile terminal is not allowed to be used to shut down the mobile terminal; when the sensitive data fails to pass the verification, the mobile terminal is not allowed to be used, and the mobile terminal is closed. .
  • the method for implementing a lock network lock card and the mobile terminal provided by the present invention, by adding a CPLD in the mobile terminal, and using the OTP storage area of the device to store sensitive data, based on the characteristics of the OTP storage area, and only when the CPLD exists and the OTP storage
  • the sensitive data stored in the area is allowed to use the mobile terminal after verification, thereby increasing the difficulty of cracking the mobile terminal of the lock network lock card, having more complete security and anti-cracking, and preventing the mobile terminal due to the lock network lock card from being Crack, resulting in economic losses to the communications carrier.
  • FIG. 1 is a schematic flow chart of a method for implementing a lock network lock card according to the present invention
  • FIG. 2 is a schematic structural view of a main board of a mobile terminal according to the present invention.
  • FIG. 3 is a schematic flow chart of a method for verifying a lock of a lock card before loading a software in a mobile terminal;
  • FIG. 4 is a schematic structural diagram of a mobile terminal implementing a lock network lock card according to the present invention. detailed description
  • CPLD Complex Programmable Logic Device
  • OTP One Time Programable
  • the invention is a method for realizing the lock network lock card by utilizing the characteristics of the OTP storage area, and the basic idea is: storing sensitive data in a one-time programmable (OTP) storage area of a complex programmable logic device (CPLD); After that, when it is determined that the CPLD exists, the sensitive data of the OTP storage area is read and the sensitive data is verified, and when the sensitive data passes the verification, the mobile terminal is allowed to be used.
  • OTP one-time programmable
  • CPLD complex programmable logic device
  • FIG. 1 is a schematic flowchart of a method for implementing a lock network lock card according to the present invention. As shown in FIG. 1, the method includes the following steps:
  • Step 101 Set a CPLD on the mobile terminal, and store the sensitive data in the OTP storage area of the CPLD.
  • FIG. 2 is a schematic structural diagram of a main board of a mobile terminal according to the present invention.
  • the CPLD is added to the motherboard.
  • the CPLD can be connected to the chip through a bidirectional link.
  • the bidirectional link includes address lines and data lines. Other line positions can be similar to the existing EPROM or FLASH memory lines on the motherboard.
  • the CPLD grounding, clock, chip select signal and other control signals can be shared with the EPROM or FLASH memory, or a separate line can be used.
  • the CPLD has an independent FLASH memory.
  • the FLASH memory has an OTP memory area and OTP storage. The read and write operation timing of the area is not disclosed, and the OTP storage area can store a large amount of data;
  • the driving layer of the mobile terminal sends the OTP dedicated timing to the data bus of the OTP storage area, and then sends the sensitive data to be stored, the OTP storage area obtains the sensitive data from the data bus, and stores the sensitive data according to the OTP dedicated timing; OTP dedicated timing
  • the action is similar to the notification message, that is, the driver layer for the mobile terminal informs the OTP storage area to perform operations on the data on the data bus.
  • the OPT dedicated timing sent by the driver layer of the mobile terminal is used to notify the OTP storage.
  • the area saves the data on the data bus; uses the function to be sensitive to the storage in the OTP storage area
  • the data is encapsulated, and the function is written by the driver layer according to the operation to be performed on the OTP storage area; the function may be a public function, so that each layer in the mobile terminal can call the function, thereby facilitating the execution of the OTP storage area.
  • the sensitive data may be China Mobile's network IP number 46000, or mobile country number.
  • Step 102 Open the mobile terminal, determine whether the CPLD exists, if yes, go to step 103, if not, go to step 106;
  • the mobile terminal is turned on, and before the mobile terminal enters the standby state, the mobile terminal performs verification of the lock network lock card, that is, first determines whether the CPLD exists; the drive layer measurement sleeve of the mobile terminal is connected to the CPLD.
  • the voltage value of the pin is used to judge whether the CPLD exists. If the voltage is 0, it means that there is no CPLD connected to the sleeve. If the voltage value is not 0, the CPLD is connected to the sleeve; because the CPLD is connected to the sleeve, The IP pin of the CPLD is connected to the pin of the chip. Therefore, the driver layer of the chip can also try to obtain the IP number of the CPLD.
  • the CPLD is connected to the chip. If the IP number is not obtained, the CPLD is not connected to the chipset.
  • the chip can also send a handshake message to the CPLD through the data line. If the handshake message of the CPLD is not received within the period, the CPLD does not exist.
  • the CPLD Upon receiving feedback from the CPLD, the CPLD is considered to exist, and the period can be set according to the empirical value of the transmission speed between the sleeve and the CPLD;
  • step 103 determines that the CPLD exists
  • step 106 determines that the CPLD does not exist
  • Step 103 Read sensitive data of the OTP storage area.
  • the driver layer of the mobile terminal directly calls the function to drive the CPLD, and the function reads the sensitive data of the OTP storage area through the data line of the sleeve and the CPLD.
  • Step 104 the read sensitive data is verified, if the verification is passed, step 105 is performed, if the verification is not passed, step 106 is performed;
  • the sensitive data read is usually encrypted by the manufacturer of the mobile terminal.
  • the number is encrypted, so the mobile terminal's chip uses the pre-stored decryption function corresponding to the encryption function to decrypt the read sensitive data, and the chip determines the decrypted sensitive data and the pre-stored OTP storage area should be saved. Whether the sensitive data is consistent, if it is consistent, it passes the verification, and step 105 is performed. If the inconsistency does not pass the verification, step 106 is performed.
  • Step 105 Allow the mobile terminal to enter the standby state
  • the mobile terminal's chip allows the mobile terminal to be used, and the mobile terminal can normally enter the standby state.
  • Step 106 Do not use the mobile terminal to shut down the mobile terminal
  • the chip does not allow the mobile terminal to be used, and the mobile terminal is turned off.
  • FIG. 3 is a schematic flow chart of a method for verifying the lock of the network lock card before loading the software in the mobile terminal, as shown in FIG. The method includes the following steps:
  • Step 301 The computer sends a loading instruction to the mobile terminal.
  • the loading software of the computer sends the loading command to the download management module of the mobile terminal through the serial port of the computer and the mobile terminal.
  • Step 302 The mobile terminal determines whether the CPLD exists, and sends the determination result to the computer. Specifically, after receiving the loading instruction, the download management module of the mobile terminal sends a handshake message to the CPLD. If the feedback of the CPLD is not received within the period, If the CPLD does not exist, the download management module will send the corresponding return value indicating that the CPLD does not exist to the computer; if the feedback of the CPLD is received, the CPLD is considered to exist, and the download management module sends the return value corresponding to the existence of the CPLD to the computer; The correspondence between the return value and the presence of the CPLD is stored in the download management module and the computer.
  • Step 303 The computer determines, according to the judgment result of the mobile terminal, whether to perform loading. Specifically, the computer receives the judgment result sent by the download management module of the mobile terminal, according to Whether the return value corresponds to the existence of the CPLD to determine whether to load the software to the mobile terminal. If the return value corresponds to the CPLD, the load is performed, and step 304 is performed; if the return value corresponds to the CPLD not existing, the loading is not performed. Go to step 305.
  • Step 304 the computer allows loading
  • the computer allows loading, and the loading software is loaded to the mobile terminal.
  • Step 305 the computer interrupts the loading process
  • the computer interrupts the current loading process.
  • FIG. 4 is a schematic structural diagram of a mobile terminal for implementing a lock network lock card according to the present invention.
  • the mobile terminal includes: a CPLD 41, a sleeve 42; wherein
  • CPLD41 used to store sensitive data in its own OTP storage area
  • the mobile terminal After the mobile terminal is turned on, when the mobile terminal is turned on, when the presence of the CPLD 41 is determined, the sensitive data of the OTP storage area is read and the sensitive data is verified. When the sensitive data passes the verification, the mobile terminal is allowed to be used. ;
  • the cover 42 reads the sensitive data of the OTP storage area, specifically: the driver layer of the mobile terminal 42 directly calls the function to drive the CPLD41, and the function reads the sensitivity of the OTP storage area through the data line of the sleeve and the CPLD41. data.
  • the set 42 checks the sensitive data specifically: decrypting the read sensitive data by using a pre-stored decryption function, and determining whether the decrypted sensitive data is consistent with the pre-stored sensitive data, if consistent After verification, if it is inconsistent, it will not pass the verification.
  • the sleeve 42 is further configured to determine whether the CPLD 41 is present. When it is determined that the CPLD 41 does not exist, the mobile terminal is not allowed to be used, and the mobile terminal is disabled. When the sensitive data fails to pass the verification, the mobile terminal is not allowed to be used, and the mobile terminal is disabled. terminal.
  • the sleeve 42 determines whether the CPLD 41 is present: a voltage value of a pin connected to the CPLD 41 according to the driving layer measured by the driving layer, or whether the driving layer acquires the IP of the CPLD 41.
  • the number, or whether the handshake message of the CPLD 41 is received in the period determines whether the CPLD 41 exists. When the voltage value is not zero, or the IP number is obtained, or the feedback of the handshake message is received, the presence of the CPLD 41 is determined. On the contrary, it is determined that CPLD41 does not exist.
  • the mobile terminal When a computer wants to load software in the mobile terminal, it needs to perform verification of the lock network lock card; when the computer performs verification of the lock network lock card before loading the software in the mobile terminal, the mobile terminal further includes:
  • the download management module 43 is configured to: after receiving the load instruction sent by the computer, send a handshake message to the CPLD41, and when the feedback of the CPLD41 is not received within the period, send a return value indicating that the CPLD41 does not exist to the computer; or When receiving feedback from the CPLD41, the corresponding return value of the CPLD41 is sent to the computer.
  • the download management module 43 is further configured to save a correspondence between the return value and the existence of the CPLD 41.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开一种实现锁网锁卡的方法,包括:将敏感数据存储在复杂可编程逻辑器件(CPLD)的一次性可编程(OTP)存储区;开启移动终端后,当确定CPLD存在时,读取OTP存储区的敏感数据并对所述敏感数据进行校验,当所述敏感数据通过校验后,允许使用移动终端;本发明还提供一种实现锁网锁卡的移动终端。根据本发明的技术方案,提高了锁网锁卡的移动终端的安全性。

Description

一种实现锁网锁卡的方法及移动终端 技术领域 本发明涉及移动终端领域的锁网锁卡技术, 尤其涉及一种实现锁网锁 卡的方法及移动终端。 背景技术
电信技术的飞速发展造就了一批国际顶级的通信运营商, 这些通信运 营商的业务和服务遍及全球, 在全球的市场竟争中, 这些通信运营商通常 会选择一个扩大影响以及扩大用户量的营销方式, 那就是入网赠送移动终 端或者存话费送移动终端的方式。 赠送的移动终端中不乏市场上热销的机 型, 为了保护自身的商业利益, 通信运营商会给移动终端的生产厂商提出 锁网锁卡的技术要求, 同时还要求最大可能性的防止锁网锁卡的移动终端 被非法破解。 其中, 锁网锁卡指的是移动终端只能使用固定通信运营商的 网络和用户身份识别模块 ( SIM, Subscriber Identity Module )卡, 锁网锁卡 技术广泛的应用于通信运营商定制的移动终端, 这样通信运营商就可以控 制该移动终端仅能够支持自己发行的 SIM卡。
市场上有多种锁网锁卡的移动终端, 无论是早期的码分多址(CDMA,
Code Division Multiple Access ) 的移动终端还是全球移动通信系统( GSM,
Global System for Mobile Communications )的移动终端, 大多都是将敏感数 据保存在移动终端的可擦除可编程的只读内存 ( EPROM , Erasable
Programmable Read Only Memory )或者是 FLASH存储器上的。 申请号为
200710087431.6,发明名称为基于非对称算法的移动终端安全锁网锁卡保护 和解锁方法的专利申请中提出一种在移动终端上实现锁网锁卡的方法, 个 人计算机接收到锁网锁卡参数后, 使用非对称私钥对锁网锁卡参数及该锁 网锁卡参数的摘要加密, 并和分配的非对称公钥一起保存在移动终端的
FLASH存储器上。 将敏感数据保存在移动终端的 EPROM或者是 FLASH 存储器上的缺点是, 它们都是读写操作时序公开的存储单元, 敏感数据存 放在上面就容易被破坏或者被读写出并进行改写。 如果敏感数据被破坏或 者被改写, 将导致锁网锁卡的安全性能降低, 即锁网锁卡的移动终端容易 被破解, 最终给通信运营商带来直接的经济损失。 发明内容
有鉴于此, 本发明的主要目的在于提供一种实现锁网锁卡的方法及移 动终端, 提高锁网锁卡的移动终端的安全性。
为达到上述目的, 本发明的技术方案是这样实现的:
本发明提供一种实现锁网锁卡的方法, 包括:
将敏感数据存储在复杂可编程逻辑器件 (CPLD ) 的一次性可编程 ( OTP )存储区;
开启移动终端后, 当确定 CPLD存在时, 读取 OTP存储区的敏感数据 并对所述敏感数据进行校验, 当所述敏感数据通过校验后, 允许使用移动 终端。
上述方法中,
该方法还包括: 当确定 CPLD 不存在时, 不允许使用移动终端, 关闭 移动终端;
所述读取 OTP存储区的敏感数据并进行校验之后, 该方法还包括: 当 所述敏感数据未通过校验时, 不允许使用移动终端, 关闭移动终端。
上述方法中, 所述确定 CPLD是否存在为:
才艮据移动终端的套片的驱动层测量的套片与 CPLD相连的管脚的电压 值, 或所述驱动层是否获取到 CPLD的 IP号码, 或套片是否在周期内收到 CPLD的握手消息反馈, 判断 CPLD是否存在; 当所述电压值不为零, 或获 取到所述 IP号码, 或收到所述握手消息反馈时, 确定 CPLD存在; 反之, 确定 CPLD不存在。
上述方法中, 所述将敏感数据存储在 CPLD的 OTP存储区之前, 该方 法还包括: 在移动终端上设置 CPLD。
上述方法中, 所述在移动终端上设置 CPLD为:
对移动终端的主板的原理图进行分析, 并根据移动终端的套片, 将 CPLD添加到主板上 , 所述 CPLD通过双向链路与套片连接。
上述方法中, 所述将敏感数据存储在 CPLD的 OTP存储区为: 移动终端的驱动层向 OTP存储区的数据总线发送 OTP专用时序,然后 再发送要存储的敏感数据, OTP存储区根据从数据总线上获得敏感数据, 并根据 OTP专用时序存储所述敏感数据; 利用函数对所述敏感数据进行封 装。
上述方法中, 所述读取 OTP存储区的敏感数据为:
移动终端的套片的驱动层直接调用函数对 CPLD进行驱动, 该函数通 过套片与 CPLD的数据线读取 OTP存储区的敏感数据。
上述方法中, 所述对所述敏感数据进行校验为:
移动终端的套片利用预先存储的解密函数对读取的敏感数据进行解 密, 判断解密出的敏感数据与自身预先存储的敏感数据是否一致, 如果一 致就通过校验, 如果不一致就未通过校验。
本发明还提供一种实现锁网锁卡的移动终端, 包括: CPLD、 套片; 其 中,
CPLD , 用于将敏感数据保存在自身的 OTP存储区;
套片, 用于开启移动终端后, 当确定 CPLD存在时, 读取 OTP存储区 的敏感数据并对所述敏感数据进行校验, 当所述敏感数据通过校验后, 允 许使用移动终端。 上述移动终端中,
所述套片, 还用于判断 CPLD是否存在, 当确定 CPLD不存在时, 不 允许使用移动终端, 关闭移动终端; 当所述敏感数据未通过校验时, 不允 许使用移动终端, 关闭移动终端。
本发明提供的实现锁网锁卡的方法及移动终端, 通过在移动终端中添 加 CPLD , 并利用该器件的 OTP存储区保存敏感数据, 基于 OTP存储区的 特性, 并且只有当 CPLD存在且 OTP存储区存储的敏感数据通过校验后才 允许使用移动终端, 因此增加了锁网锁卡的移动终端的破解难度, 具有更 加完备的安全性和防破解性, 预防由于锁网锁卡的移动终端被破解, 从而 给通信运营商带来的经济损失。 附图说明
图 1是本发明实现锁网锁卡的方法的流程示意图;
图 2是本发明中移动终端的主板的结构示意图;
图 3是计算机在移动终端中加载软件前锁网锁卡的校验的方法的流程 示意图;
图 4是本发明实现锁网锁卡的移动终端的结构示意图。 具体实施方式
复杂可编程逻辑器件(CPLD , Complex Programmable Logic Device ) 是一种数字逻辑处理芯片, 是用户根据需要而自行构造逻辑功能的数字集 成电路, 其基本设计方法是借助集成开发软件平台, 利用原理图、 硬件描 述语言等方法, 生成相应的目标文件, 通过编程将代码发送到目标芯片中, 实现设计的数字系统。 CPLD 上具有一次性可编程 ( OTP , One Time Programable )存储区, OTP存储区的特点是一旦将数据存储到这个存储区, 就不可再次更改。 本发明正是利用 OTP存储区的特点实现锁网锁卡的方法, 其基本思想 是: 将敏感数据存储在复杂可编程逻辑器件 (CPLD ) 的一次性可编程 ( OTP )存储区; 开启移动终端后, 当确定 CPLD存在时, 读取 OTP存 储区的敏感数据并对所述敏感数据进行校验, 当所述敏感数据通过校验 后, 允许使用移动终端。
下面通过附图及具体实施例对本发明再做进一步的详细说明。
本发明提供一种实现锁网锁卡的方法, 图 1 是本发明实现锁网锁卡的 方法的流程示意图, 如图 1所示, 该方法包括以下步骤:
步骤 101 , 在移动终端上设置 CPLD, 将敏感数据存储在 CPLD的 OTP 存储区;
具体的, 图 2是本发明中移动终端的主板的结构示意图, 如图 2所示, 在进行移动终端的硬件设计时, 对移动终端的主板的原理图进行分析, 并 根据移动终端所使用的套片,将 CPLD添加到主板上, CPLD可通过双向链 路与套片进行连接, 双向链路包括地址线和数据线, 其他的线路位置可以 与主板上已存在的 EPROM或 FLASH存储器的线路位置类似, CPLD的接 地、 时钟、 片选信号等控制信号既可以同 EPROM或 FLASH存储器共用线 路,也可以单独使用一套线路; CPLD中有独立的 FLASH存储器,该 FLASH 存储器上具有 OTP存储区, OTP存储区的读写操作时序是不公开的, 并且 该 OTP存储区可以存储大量的数据;
移动终端的驱动层向 OTP存储区的数据总线发送 OTP专用时序,然后 再发送要存储的敏感数据, OTP存储区从数据总线上获得敏感数据, 并根 据 OTP专用时序存储敏感数据; OTP专用时序的作用与通知消息相似, 即 用于移动终端的驱动层告知 OTP存储区对数据总线上的数据执行的操作, 在本实施例中,移动终端的驱动层发送的 OPT专用时序是用于告知 OTP存 储区将数据总线上的数据进行保存; 利用函数对 OTP存储区中存储的敏感 数据进行封装 ,该函数是由驱动层根据要对 OTP存储区执行的操作撰写的; 该函数可以是公共函数, 这样移动终端中各个层都可以调用该函数, 从而 方便的对 OTP存储区的执行各种操作;
所述敏感数据可以是中国移动的网络 IP号 46000,或者移动国家号等。 步骤 102, 开启移动终端, 判断 CPLD是否存在, 如果存在, 执行步骤 103 , 如果不存在, 执行步骤 106;
具体的, 开启移动终端, 在移动终端进入待机状态之前, 移动终端要 进行锁网锁卡的校验, 即先要判断 CPLD是否存在; 移动终端的套片的驱 动层测量套片与 CPLD相连的管脚的电压值来判断 CPLD是否存在, 如果 电压为 0, 则说明不存在 CPLD与套片相连, 如果电压值不为 0, 则说明存 在 CPLD与套片相连; 因为 CPLD如果与套片相连, CPLD的 IP号码的获 取管脚是与套片的管脚相连的,所以套片的驱动层还可以试图去获取 CPLD 的 IP号码, 如果可以获取到 IP号码, 就说明存在 CPLD与套片相连, 如果 没有获取到 IP号码, 就说明不存在 CPLD与套片相连; 套片还可以通过数 据线发送握手消息给 CPLD, 如果在周期内没有收到 CPLD 的握手消息反 馈, 就认为 CPLD不存在, 如果收到 CPLD的反馈, 就认为 CPLD存在, 该周期可以根据套片与 CPLD之间传输速度的经验值设定;
当移动终端的套片判断 CPLD存在时, 就执行步骤 103 , 当移动终端的 套片判断 CPLD不存在时, 就执行步骤 106;
步骤 103 , 读取 OTP存储区的敏感数据;
具体的, 移动终端的套片的驱动层直接调用函数对 CPLD进行驱动, 该函数通过套片与 CPLD的数据线读取 OTP存储区的敏感数据。
步骤 104,对读取的敏感数据进行校验,如果通过校验,执行步骤 105 , 如果未通过校验, 执行步骤 106;
具体的, 读取的敏感数据通常是经过移动终端的生产厂商利用加密函 数加密的, 所以移动终端的套片利用预先存储的与加密函数对应的解密函 数对读取的敏感数据进行解密, 套片判断解密出的敏感数据与自身预先存 储的 OTP存储区上应该保存的敏感数据是否一致, 如果一致就通过校验, 执行步骤 105 , 如果不一致就未通过校验, 执行步骤 106。
步骤 105 , 允许使用移动终端, 进入待机状态;
具体的, 当 CPLD存在且其中的敏感数据通过校验后, 移动终端的套 片允许使用移动终端, 移动终端可以正常进入待机状态。
步骤 106, 不允许使用移动终端, 关闭移动终端;
具体的, 当 CPLD不存在或者 CPLD存在但其中的敏感数据未通过校 验时, 套片不允许使用移动终端, 将移动终端关闭。
当有计算机想在移动终端中加载软件时, 需要进行锁网锁卡的校验; 图 3是计算机在移动终端中加载软件前锁网锁卡的校验的方法的流程示意 图, 如图 3所示, 该方法包括以下步骤:
步骤 301 , 计算机发送加载指令给移动终端;
具体的, 计算机的加载软件通过计算机与移动终端的连接串口, 将加 载指令发送给移动终端的下载管理模块。
步骤 302 ,移动终端判断 CPLD是否存在,并将判断结果发送给计算机; 具体的, 移动终端的下载管理模块收到加载指令后, 发送握手消息给 CPLD, 如果在周期内没有收到 CPLD的反馈, 就认为 CPLD不存在, 下载 管理模块将表示 CPLD 不存在所对应的返回值发送给计算机; 如果收到 CPLD的反馈, 就认为 CPLD存在, 下载管理模块将 CPLD存在所对应的 返回值发送给计算机; 返回值与 CPLD是否存在的对应关系保存在下载管 理模块和计算机中。
步骤 303 , 计算机根据移动终端的判断结果判断是否进行加载; 具体的, 计算机收到移动终端的下载管理模块发送的判断结果, 根据 返回值与 CPLD是否存在的对应关系判断是否将软件加载到移动终端, 如 果返回值对应的是 CPLD存在, 就进行加载, 执行步骤 304; 如果返回值对 应的是 CPLD不存在, 就不进行加载, 执行步骤 305。
步骤 304, 计算机允许加载;
具体的, 计算机允许加载, 即将加载软件加载到移动终端。
步骤 305 , 计算机中断加载流程;
具体的, 计算机中断当前的加载流程。
为实现上述方法, 本发明还提供一种实现锁网锁卡的移动终端, 图 4 是本发明实现锁网锁卡的移动终端的结构示意图, 如图 4所示, 该移动终 端包括: CPLD41、 套片 42; 其中,
CPLD41 , 用于将敏感数据保存在自身的 OTP存储区;
套片 42, 用于开启移动终端后, 当确定 CPLD41存在时, 读取 OTP存 储区的敏感数据并对所述敏感数据进行校验, 当所述敏感数据通过校验后, 允许使用移动终端。;
所述套片 42读取 OTP存储区的敏感数据具体为: 移动终端的套片 42 的驱动层直接调用函数对 CPLD41 进行驱动, 该函数通过套片与 CPLD41 的数据线读取 OTP存储区的敏感数据。
所述套片 42对所述敏感数据进行校验具体为: 利用预先存储的解密函 数对读取的敏感数据进行解密, 判断解密出的敏感数据与自身预先存储的 敏感数据是否一致, 如果一致就通过校验, 如果不一致就未通过校验。
所述套片 42, 还用于判断 CPLD41是否存在, 当确定 CPLD41不存在 时, 不允许使用移动终端, 关闭移动终端; 当所述敏感数据未通过校验时, 不允许使用移动终端, 关闭移动终端。
所述套片 42判断 CPLD41是否存在具体为:根据驱动层测量的套片 42 与 CPLD41相连的管脚的电压值, 或所述驱动层是否获取到 CPLD41的 IP 号码, 或是否在周期内收到 CPLD41的握手消息反馈, 判断 CPLD41是否 存在; 当所述电压值不为零, 或获取到所述 IP号码, 或收到所述握手消息 反馈时, 确定 CPLD41存在; 反之, 确定 CPLD41不存在。
当有计算机想在移动终端中加载软件时, 需要进行锁网锁卡的校验; 当计算机在移动终端中加载软件前进行锁网锁卡的校验时, 该移动终端进 一步包括:
下载管理模块 43 , 用于当收到计算机发送的加载指令后, 发送握手消 息给 CPLD41 , 当在周期内没有收到 CPLD41 的反馈时, 将表示 CPLD41 不存在所对应的返回值发送给计算机; 或, 当收到 CPLD41 的反馈时, 将 CPLD41存在所对应的返回值发送给计算机。
该下载管理模块 43进一步用于保存返回值与 CPLD41是否存在的对应 关系。
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。

Claims

权利要求书
1、 一种实现锁网锁卡的方法, 其特征在于, 该方法包括:
将敏感数据存储在复杂可编程逻辑器件 (CPLD ) 的一次性可编程 ( OTP )存储区;
开启移动终端后, 当确定 CPLD存在时, 读取 OTP存储区的敏感数据 并对所述敏感数据进行校验, 当所述敏感数据通过校验后, 允许使用移动 终端。
2、 根据权利要求 1所述的方法, 其特征在于, 该方法还包括: 当确定 CPLD不存在时, 不允许使用移动终端, 关闭移动终端;
所述读取 OTP存储区的敏感数据并进行校验之后, 该方法还包括: 当 所述敏感数据未通过校验时, 不允许使用移动终端, 关闭移动终端。
3、根据权利要求 1所述的方法,其特征在于,确定 CPLD是否存在为: 才艮据移动终端的套片的驱动层测量的套片与 CPLD相连的管脚的电压 值, 或所述驱动层是否获取到 CPLD的 IP号码, 或套片是否在周期内收到 CPLD的握手消息反馈, 判断 CPLD是否存在; 当所述电压值不为零, 或获 取到所述 IP号码, 或收到所述握手消息反馈时, 确定 CPLD存在; 反之, 确定 CPLD不存在。
4、 根据权利要求 1所述的方法, 其特征在于, 所述将敏感数据存储在 CPLD的 OTP存储区之前, 该方法还包括: 在移动终端上设置 CPLD。
5、 根据权利要求 4所述的方法, 其特征在于, 所述在移动终端上设置 CPLD为:
对移动终端的主板的原理图进行分析, 并根据移动终端的套片, 将 CPLD添加到主板上 , 所述 CPLD通过双向链路与套片连接。
6、 根据权利要求 1所述的方法, 其特征在于, 所述将敏感数据存储在 CPLD的 OTP存储区为: 移动终端的驱动层向 OTP存储区的数据总线发送 OTP专用时序,然后 再发送要存储的敏感数据, OTP存储区根据从数据总线上获得敏感数据, 并根据 OTP专用时序存储所述敏感数据; 利用函数对所述敏感数据进行封 装。
7、根据权利要求 1所述的方法, 其特征在于, 所述读取 OTP存储区的 敏感数据为:
移动终端的套片的驱动层直接调用函数对 CPLD进行驱动, 该函数通 过套片与 CPLD的数据线读取 OTP存储区的敏感数据。
8、 根据权利要求 1所述的方法, 其特征在于, 所述对所述敏感数据进 行校验为:
移动终端的套片利用预先存储的解密函数对读取的敏感数据进行解 密, 判断解密出的敏感数据与自身预先存储的敏感数据是否一致, 如果一 致就通过校验, 如果不一致就未通过校验。
9、 一种实现锁网锁卡的移动终端, 其特征在于, 该移动终端包括: CPLD, 套片; 其中,
CPLD , 用于将敏感数据保存在自身的 OTP存储区;
套片, 用于开启移动终端后, 当确定 CPLD存在时, 读取 OTP存储区 的敏感数据并对所述敏感数据进行校验, 当所述敏感数据通过校验后, 允 许使用移动终端。
10、 根据权利要求 9所述的移动终端, 其特征在于,
所述套片, 还用于判断 CPLD是否存在, 当确定 CPLD不存在时, 不 允许使用移动终端, 关闭移动终端; 当所述敏感数据未通过校验时, 不允 许使用移动终端, 关闭移动终端。
PCT/CN2010/076053 2010-06-07 2010-08-17 一种实现锁网锁卡的方法及移动终端 WO2011153730A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010194805.6 2010-06-07
CN201010194805.6A CN101888448B (zh) 2010-06-07 2010-06-07 一种实现锁网锁卡的方法及移动终端

Publications (1)

Publication Number Publication Date
WO2011153730A1 true WO2011153730A1 (zh) 2011-12-15

Family

ID=43074160

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/076053 WO2011153730A1 (zh) 2010-06-07 2010-08-17 一种实现锁网锁卡的方法及移动终端

Country Status (2)

Country Link
CN (1) CN101888448B (zh)
WO (1) WO2011153730A1 (zh)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594972B (zh) * 2011-01-05 2015-01-28 中兴通讯股份有限公司 移动终端锁卡的方法、装置和系统
CN102301381A (zh) * 2011-07-08 2011-12-28 华为技术有限公司 信息安全处理的方法及装置
CN105554300A (zh) * 2016-01-15 2016-05-04 成都中科创达软件有限公司 一种移动电话终端的防盗方法及系统
CN108064038A (zh) * 2017-12-06 2018-05-22 广东欧珀移动通信有限公司 统一定制终端软件版本的方法、电子装置和可读存储介质
CN114064076A (zh) * 2021-11-12 2022-02-18 天津航空机电有限公司 一种预防机载设备下电引发存储器数据异常改变的方法

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722878A (zh) * 2004-07-14 2006-01-18 乐金电子(中国)研究开发中心有限公司 一种便携终端的盗用防止装置及其方法
CN1794852A (zh) * 2004-12-22 2006-06-28 Lg电子株式会社 用于防止篡改(hacking)移动通信终端中用户识别模块的方法和装置
CN1913679A (zh) * 2006-08-25 2007-02-14 华为技术有限公司 移动终端防盗用的保护方法与系统
US20070050622A1 (en) * 2005-09-01 2007-03-01 Rager Kent D Method, system and apparatus for prevention of flash IC replacement hacking attack
CN101026834A (zh) * 2007-01-17 2007-08-29 中兴通讯股份有限公司 锁定方法和解锁方法
CN101370288A (zh) * 2008-08-06 2009-02-18 深圳华为通信技术有限公司 一种锁网方法及终端
CN101379506A (zh) * 2006-02-10 2009-03-04 高通股份有限公司 用于从外部存储装置进行安全引导的方法和设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4488354B2 (ja) * 2002-09-16 2010-06-23 テレフオンアクチーボラゲット エル エム エリクソン(パブル) 電子機器へのデータのローディング方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722878A (zh) * 2004-07-14 2006-01-18 乐金电子(中国)研究开发中心有限公司 一种便携终端的盗用防止装置及其方法
CN1794852A (zh) * 2004-12-22 2006-06-28 Lg电子株式会社 用于防止篡改(hacking)移动通信终端中用户识别模块的方法和装置
US20070050622A1 (en) * 2005-09-01 2007-03-01 Rager Kent D Method, system and apparatus for prevention of flash IC replacement hacking attack
CN101379506A (zh) * 2006-02-10 2009-03-04 高通股份有限公司 用于从外部存储装置进行安全引导的方法和设备
CN1913679A (zh) * 2006-08-25 2007-02-14 华为技术有限公司 移动终端防盗用的保护方法与系统
CN101026834A (zh) * 2007-01-17 2007-08-29 中兴通讯股份有限公司 锁定方法和解锁方法
CN101370288A (zh) * 2008-08-06 2009-02-18 深圳华为通信技术有限公司 一种锁网方法及终端

Also Published As

Publication number Publication date
CN101888448A (zh) 2010-11-17
CN101888448B (zh) 2014-03-19

Similar Documents

Publication Publication Date Title
US11153746B2 (en) Method and terminal for keeping subscriber identity module card in standby state
US20220271940A1 (en) Method and system for verifying device ownership upon receiving a tagged communication from the device
WO2020093214A1 (zh) 一种应用程序登录方法、应用程序登录装置及移动终端
US10353823B2 (en) Less-secure processors, integrated circuits, wireless communications apparatus, methods and processes of making
JP5570593B2 (ja) 仮想モバイル機器の機能移行
US7921303B2 (en) Mobile security system and method
KR101720477B1 (ko) 저장 장치의 원격 액세스 제어
US10511965B2 (en) Method and system for downloading software based on mobile terminal
TWI499316B (zh) 用於管理安全元件內資料之方法及裝置
CN102004876B (zh) 可容忍非信任组件的安全终端加固模型及加固方法
WO2022250836A1 (en) Transfer of ownership of a computing device via a security processor
WO2011153730A1 (zh) 一种实现锁网锁卡的方法及移动终端
TW200917801A (en) Secure apparatus, integrated circuit, and method of providing hardware security
EP2429226B1 (en) Mobile terminal and method for protecting its system data
WO2022256128A1 (en) Firmware policy enforcement via a security processor
Anwar et al. Redesigning secure element access control for NFC enabled Android smartphones using mobile trusted computing
CN107769917A (zh) 一种用于无线终端的可信平台和方法
KR20060058561A (ko) 가입자 인증 모듈이 장착된 이동통신 단말기 및 부팅 속도향상 방법
Anwar et al. An alternate secure element access control for NFC enabled Android smartphones
CN118785166A (zh) 一种基于公网与电力无线专网的移动终端
CN110401948A (zh) 无线网络认证方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10852723

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10852723

Country of ref document: EP

Kind code of ref document: A1