WO2012012964A1 - Wireless communication terminal and method for binding wireless communication terminal with user interface - Google Patents

Wireless communication terminal and method for binding wireless communication terminal with user interface Download PDF

Info

Publication number
WO2012012964A1
WO2012012964A1 PCT/CN2010/077053 CN2010077053W WO2012012964A1 WO 2012012964 A1 WO2012012964 A1 WO 2012012964A1 CN 2010077053 W CN2010077053 W CN 2010077053W WO 2012012964 A1 WO2012012964 A1 WO 2012012964A1
Authority
WO
WIPO (PCT)
Prior art keywords
data card
public key
wireless communication
communication terminal
board side
Prior art date
Application number
PCT/CN2010/077053
Other languages
French (fr)
Chinese (zh)
Inventor
谭冠军
房立军
李普光
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012012964A1 publication Critical patent/WO2012012964A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Wireless communication terminal and method thereof for binding to user interface
  • the present invention relates to the field of wireless communication technologies, and more particularly to a wireless communication terminal and a method thereof for binding to a user interface (UI, User Interface). Background technique
  • the UI is a PC-side software that interacts with the data card and the user.
  • Data card related services such as phone book, Internet access, SMS, MMS, voice telephony, video telephony, etc., all interact with the user through the UI;
  • the UI extends the AT through standard AT commands and some data cards.
  • the instructions interact with the data card, and the data card implements these services.
  • the UI plays an important role.
  • AT is Attention, AT command set is from terminal equipment (TE, Terminal Equipment) or data terminal equipment (DTE, Data Terminal Equipment), to terminal adapter (TA, Terminal Adapter) or data circuit terminal equipment (DCE, Data Circuit Terminal Equipment ) sent.
  • TE Terminal Equipment
  • DTE Data Terminal Equipment
  • TA Terminal Adapter
  • DCE Data Circuit Terminal Equipment
  • the user uses a certain type of data card customized by the operator, but uses a UI that does not match it, and uses the standard AT command. Although the data card can be used normally, some features of the operator in customizing the UI. Business, such as advertising, cannot be reflected.
  • Non-customized data cards do not support certain services on the UI, making it impossible for users to use customized
  • the UI and data card are bound to each other to prevent any hacker from using any physical or software method to unlock the data card's lock UI function on the available commercial machine.
  • An effective way to solve the above problems is to use the public key cryptosystem (PKI) technology.
  • the current public key cryptosystems generally fall into three categories: large integer decomposition problem class - public key cryptography (RSA) algorithm, discrete logarithm problem class - digital signature algorithm (DSA), elliptic curve class - elliptic curve cryptography ( ECC).
  • RSA large integer decomposition problem class - public key cryptography
  • DSA discrete logarithm problem class - digital signature algorithm
  • ECC elliptic curve class - elliptic curve cryptography
  • the elliptic curve cryptosystem is a system with the highest encryption strength provided by each bit in the public key cryptosystem.
  • An object of the present invention is to provide a wireless communication terminal and a method thereof for binding to a UI to solve the above problems.
  • the present invention provides a wireless communication terminal that can be bound to a UI.
  • the board side of the data card includes a board side AT command processing module, a board side public key algorithm module, and a board side control module, wherein
  • the board side AT command processing module is configured to receive and send an AT command from the UI side to the UI side;
  • the board side public key algorithm module is configured to securely store the public key A and use the public key A to complete the encryption and decryption functions;
  • the board side control module is configured to complete coordination and control of each module on the board side.
  • the UI side corresponding to the data card includes a UI control module, a random number generator, a UI side public key algorithm module, and a UI side AT command processing module, where
  • the UI control module is configured to complete coordination and control of each module on the UI side;
  • the random number generator is configured to generate a random number;
  • the UI side public key algorithm module is configured to securely store the private key B and complete the encryption and decryption functions by using the private key B.
  • the UI side AT command processing module is configured to receive and send AT commands from the board side to the board side.
  • the wireless communication terminal further includes a board-side timer module, configured to determine a result of reporting the encrypted random number to the UI within a time range of the timer.
  • the interaction process between the wireless terminal and the UI is as follows:
  • the board side public key algorithm module is specifically configured to encrypt the plaintext information by using the public key A to obtain ciphertext information, ciphertext The information is transmitted to the UI side.
  • the UI side public key algorithm module is specifically configured to decrypt the received ciphertext information through the private key B, and finally obtain the plaintext information on the UI side;
  • the UI side public key algorithm module is specifically configured to encrypt the plaintext information by using the private key B to obtain the ciphertext information, and the ciphertext information is transmitted to the data card board side; correspondingly, the board side is disclosed.
  • the key algorithm module is specifically configured to decrypt the received ciphertext information through the public key A, and finally obtain the plaintext information on the data card board side.
  • the UI side public key algorithm module is further configured to: after starting and completing its own initialization work and identifying that the data card completes the initialization interaction process, transition to a normal working mode, and generate a timer to generate a random number.
  • S uses the key S to encrypt the random number to generate an encryption result (S), and notifies the data card side software by means of the AT command by S and (S).
  • the board side public key algorithm module is further configured to switch to a normal working mode after completing the initialization operation after the data card side software starts, and generate a timer ⁇ ; if the data card side software is in the timer 7 ⁇ Receive S and use its own key within the time range A respectively encrypts the result of S and decryption) and D (S)). If 3 ⁇ 4 and S are the same, the data card side software will return to the UI by means of the AT command, and the data card judges that the UI corresponds to the data card software.
  • the data card side works normally, otherwise, the data card side enters the abnormal working mode; the UI receives the decryption with its own key s in the timer 7 ⁇ time range ( ⁇ 0 ⁇ , if 1 ⁇ ⁇ " and the same, the UI judges that the data card is the data card side software that is compatible with the UI, and the UI works normally. Otherwise, the UI enters the abnormal working mode.
  • the present invention also provides a method for binding a wireless communication terminal to a UI, which includes a wireless communication terminal and a UI performing a regular encryption and verification interaction using a pre-assigned key pair after the normal operation of the UI, to insure the other party's Correctness.
  • the interaction process between the wireless terminal and the UI includes: on the side of the wireless communication terminal board, the plaintext information is encrypted by the public key A to obtain the ciphertext information, the ciphertext information is transmitted to the UI side, and then decrypted by the private key B, and finally The UI side obtains the plaintext information; the interaction process between the UI side and the data card board side is: On the UI side, the plaintext information is encrypted by the private key B to obtain the ciphertext information, the ciphertext information is transmitted to the data card board side, and then the public key is passed. A decryption, and finally get the plaintext information on the data card board side.
  • the method further includes: the UI transitioning to a normal working mode after starting and completing its own initialization work and identifying that the data card completes the initialization interaction process, generating a timer, generating a random number S, and using the key S Encryption operation on the random number produces an encryption result E B , and notifies the data card side software by means of the AT command by S and E B (S).
  • the method further includes: after the data card side software starts and completes its own initialization work, and then transitions to a normal working mode, and generates a timer if the data card side software receives the S in the timer 7 ⁇ time range and utilizes
  • the result of the own key is encrypted S and decrypted (S) respectively (5) and if it is the same as S, the data card side software will return to the UI through the AT command, and the data card determines that the UI corresponds to the data card software.
  • UI the data card side works normally, otherwise, the data card side enters the abnormal working mode;
  • the UI receives the decryption using its own key s to obtain D B ( E A (S)) within the timer 7 ⁇ time range. If ⁇ ( ⁇ ( ⁇ and the same, m determines that the data card is the data associated with the UI)
  • the card side software the UI works normally, otherwise, the UI enters the abnormal working mode.
  • the technical solution of the present invention enhances the correspondence between the UI version and the data card software version.
  • the UI version and the data card software version do not match, the UI or the data card cannot be used normally, and the carrier is satisfied.
  • Implement UI binding and data card software version binding to achieve the needs of its special business.
  • the public key encryption algorithm and its encryption strength and check interval can be modified according to actual needs, which greatly enhances the practicability and confidentiality, and satisfies various customization requirements.
  • FIG. 1 is a schematic diagram of a data card board side to UI side encryption and decryption process according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a data card UI side to board side encryption and decryption process according to an embodiment of the present invention
  • FIG. 3 is a data card in an embodiment of the present invention
  • FIG. 4 is a schematic diagram of processing after the UI side and the data card side begin to interact in the UI and the data card board side in the embodiment of the present invention
  • FIG. 5 is a flowchart of processing after power-on of the data card board side in which the UI and the data card board side are mutually bound in the embodiment of the present invention. detailed description
  • the present invention provides a wireless communication terminal and a method thereof for binding to a UI.
  • the principle of implementing the corresponding binding is that the wireless communication terminal and the UI use the pre-assigned key pair to perform regular encryption and verification interaction after the normal operation, to verify the correctness of the other party, and to ensure the correspondence between the UI and the wireless communication terminal. , achieve mutual binding.
  • the wireless communication terminal uses a data card as an example for description.
  • FIG. 1 and FIG. 2 a schematic diagram of the encryption and decryption process from the data card board side to the UI side and the UI side to the board side of the present invention using the public key encryption algorithm is shown.
  • the interaction between the data card board side and the UI side is: On the board side, the plaintext information is encrypted by the public key A to obtain the ciphertext information, the ciphertext information is transmitted to the UI side, and then decrypted by the private key B. Finally, the plaintext information is obtained on the UI side.
  • the interaction between the UI side and the data card board side is: On the UI side, the plaintext information is encrypted by the private key B to obtain ciphertext information, and the ciphertext information is transmitted to the data card board side, and then the public key A is passed. Decrypt, and finally get the plaintext information on the data card board side.
  • the network operator or the data card manufacturer generates a pair of asymmetric key pairs, stores the public key A in the software of the data card board side, and stores the private key B in the UI software.
  • the UI After the UI starts, it completes its initialization work and recognizes that the data card completes the initialization interaction process and then switches to the normal working mode. At the same time, a timer is generated to generate a random number S and the random number is encrypted by the key S to generate an encryption result. (S), and the random number S and the encryption result OS) are notified to the data card side software by means of the AT command.
  • the data card side software After the data card side software is started, it will enter the normal working mode after completing its own initialization work, and a timer ⁇ is generated at the same time; if the data card side software receives the random number s and the encryption result (s) within the timer ⁇ time range, the use The public key of its own ⁇ encrypts the random number s and decrypts the result (S) and D obtained by the encryption result (S) generated by the UI side, if D and random number
  • the data card side software will return to the UI through the AT command.
  • the data card judgment UI is the UI corresponding to the data card software, and the data card side works normally. Otherwise, the data card side enters the abnormal working mode.
  • the UI receives the decryption using its own private key s within the timer 7 ⁇ time range.
  • the data card and UI start the next timing check immediately after the end of one calibration during normal operation, thus ensuring regular verification of the UI and data card.
  • the invention fully utilizes the characteristics that the public key and the private key of the public key encryption algorithm are separately stored, and can simultaneously perform encryption and signature to perform the anti-counterfeiting and confidentiality of the information, and realizes the mutual encryption and verification of the data card and the UI.
  • the interaction to verify the correctness of the other party, to ensure that the UI and the data card - the correspondence, the realization of the mutual binding.
  • the time interval of the public key encryption algorithm and the verification of the binding is modified according to actual needs, which greatly enhances the practicability and confidentiality; the feature that the public key encryption algorithm can be publicized by the public key encryption algorithm is greatly increased.
  • the security and operability of data card and UI mutual verification meets the needs of various customizations.
  • the network operator or data card manufacturer generates a pair of asymmetric key pairs using a public key encryption algorithm selected by itself: the public key and the private key store the public key in the data card side software, and the private key S Stored in the UI software.
  • the UI side of the data card includes a UI side timer module 301, a UI control module 302 (complete coordination and control of each module on the UI side), a random number generator 303 (generating a random number), and a UI side public key algorithm module 304 (security
  • the private key S is stored and the encryption and decryption functions are completed using the private key S.
  • the UI work module 305 completes the basic function of the data card UI side
  • the UI side AT command processing module 306 (responsible for receiving and transmitting the AT from the board side to the board side) Command).
  • the board side of the data card includes a board side AT command processing module 307 (responsible for receiving and sending AT commands from the UI side), a board side public key algorithm module 308 (secure storage public key, and using the public key to complete encryption and decryption functions). ), the board side working module 309 (completes the basic function on the data card board side), the board side timer module 310, and the board side control module 311 (completes coordination and control of each board side panel).
  • the processing flow after the UI side software of the embodiment starts interacting with the data card board side includes the following steps:
  • Step 401 Each module on the UI side completes its own initialization and interacts with the data card board side to process the normal working mode.
  • Step 402 The UI public key encryption algorithm module generates a random number S and sends the random number S to the UI side public key encryption algorithm module.
  • Step 403 The UI side public key encryption algorithm module encrypts the random number with the self key S to obtain the encryption result, and sends the random number S and the encryption result thereof to the UI side AT command processing module.
  • Step 404 UI side AT command processing The module sends the random number S and its encryption result to the data card board side through the AT command mode and starts the timer 7 ⁇
  • Step 405 If the data card board side reports the result of the UI encryption random number to the UI within the timer 7 ⁇ time range, the process proceeds to step 406, otherwise, the process proceeds to step 410.
  • Step 406 The UI side AT command processing module sends the received encrypted random number to the UI side encryption algorithm module.
  • Step 407 The UI side encryption algorithm module decrypts the encrypted random number reported by the data card board side with the key B.
  • Step 408 If the UI control module determines that the encryption result reported by the data card board side is correct, proceed to step 409, otherwise proceed to step 410.
  • Step 409 The UI determines that the data card at this time is a data card bound to it, allows the user to perform other normal operations, and returns to step 402 to start the next verification work.
  • Step 410 The UI determines that the data card at this time is not a data card bound to the data card, and prohibits the user from performing other normal operations.
  • the data card board side in the embodiment is processed after power-on, and includes: Step 501: Each module on the data card board is powered on to complete its initialization and then enters a normal working mode. Step 502: After the data card board side enters the normal working mode, the board side control module starts the timer ⁇ 2 . Step 503: If the data card receives the result of the random number encryption sent by the UI within the timer 7 ⁇ time range, the process proceeds to step 504, otherwise, the process proceeds to step 510.
  • Step 504 The data card board side AT command processing module sends the encrypted random number sent by the received UI to the board side encryption algorithm module.
  • Step 505 The data card board side encryption algorithm module uses the own key to decrypt the encrypted random number sent by the UI.
  • Step 506 The board-side control module determines that if the random number decrypted by the data card board side is consistent with the random number sent by the UI, the process proceeds to step 507, otherwise, the process proceeds to step 510.
  • Step 507 The data card board side encryption algorithm module uses the key to encrypt the random number sent by the UI and sends the encryption result to the board side AT command processing module.
  • Step 508 The board side AT command processing module sends the encryption result to the UI side AT command processing module.
  • Step 509 The board side control module determines that the UI at this time is a UI bound to the UI, allows the user to perform normal operations, and returns to step 502 to start the next verification work.
  • Step 510 The board side control module determines that the UI at this time is not the UI bound to the UI, and prohibits the user from performing normal operations.
  • the technical solution of the present invention enhances the one-to-one correspondence between the UI version and the data card software version.
  • the UI version and the data card software version do not match, the UI and the data card cannot be used normally, and the operator implements the UI version and The data card software version is bundled to fulfill its special business needs.
  • the public key encryption algorithm and its encryption strength and check interval can be modified according to actual needs, which greatly enhances the practicability and confidentiality, and can be used to meet the needs of various customizations.

Abstract

The invention discloses a wireless communication terminal and a method for binding the wireless communication with a user interface (UI). After being working normally, the wireless communication terminal and the UI perform periodic interaction of encryption verification with a preassigned key to verify the validity of the other side. With the technical solution of the invention, the one-to-one correspondence between a UI version and a data card software version is enhanced; the UI or data card can not be used normally when the UI version and the data card software version are not matched, and the requirement of an operator for achieving its special services by realizing the binding of the UI version and the data card software is satisfied. Meanwhile, the public key encryption algorithm, the encryption intensity of the algorithm and the time interval of verification can be modified on practical demands, so the practicability and confidentiality are greatly improved and the differentiated demands for various customizations are satisfied.

Description

无线通信终端及其与用户接口绑定的方法 技术领域  Wireless communication terminal and method thereof for binding to user interface
本发明涉及无线通信技术领域, 更具体地, 涉及无线通信终端及其与 用户接口 (UI, User Interface )绑定 的方法。 背景技术  The present invention relates to the field of wireless communication technologies, and more particularly to a wireless communication terminal and a method thereof for binding to a user interface (UI, User Interface). Background technique
随着无线通信技术的发展, 无线通信终端, 特别是数据卡已经成为一 种重要的移动终端设备, 在现阶段的应用越来越广泛。 UI是数据卡和用户 进行交互的 PC侧软件。 数据卡的相关业务, 例如电话本、 上网、 短信、 彩 信、语音电话业务、视频电话业务等, 都是通过 UI来和用户交互的; 然后, UI通过标准的 AT指令和一些数据卡扩展的 AT指令来和数据卡进行交互, 由数据卡实现这些业务。 在数据卡的实现方案中, UI占着很重要的作用。 其中, AT 即 Attention , AT 指令集是从终端设备 ( TE , Terminal Equipment ) 或数据终端设备 ( DTE, Data Terminal Equipment ), 向终 端适配器 (TA, Terminal Adapter ) 或数据电路终端设备 ( DCE, Data Circuit Terminal Equipment ) 发送的。  With the development of wireless communication technologies, wireless communication terminals, especially data cards, have become an important mobile terminal device, and are increasingly used at present. The UI is a PC-side software that interacts with the data card and the user. Data card related services, such as phone book, Internet access, SMS, MMS, voice telephony, video telephony, etc., all interact with the user through the UI; Then, the UI extends the AT through standard AT commands and some data cards. The instructions interact with the data card, and the data card implements these services. In the implementation of the data card, the UI plays an important role. Among them, AT is Attention, AT command set is from terminal equipment (TE, Terminal Equipment) or data terminal equipment (DTE, Data Terminal Equipment), to terminal adapter (TA, Terminal Adapter) or data circuit terminal equipment (DCE, Data Circuit Terminal Equipment ) sent.
为了更好的显示定制运营商的特色, 许多定制运营商对数据卡的 UI提 出了一系列的定制要求, 有的甚至要求在 UI上显示运营商的广告业务。  In order to better display the characteristics of customized operators, many custom operators have put forward a series of customization requirements for the data card UI, and some even require the display of the operator's advertising business on the UI.
但是, UI与数据卡交互一般是通过标准的 AT指令来完成的, 这样就 会出现这样一些问题:  However, the interaction between the UI and the data card is usually done through standard AT commands, so that there are some problems:
用户使用运营商定制的某类型数据卡, 但却使用了不与之匹配的 UI, 而使用标准的 AT指令, 虽然也能正常使用该数据卡, 但是, 运营商在定制 UI上的某些特色业务, 例如广告业务却无法体现。  The user uses a certain type of data card customized by the operator, but uses a UI that does not match it, and uses the standard AT command. Although the data card can be used normally, some features of the operator in customizing the UI. Business, such as advertising, cannot be reflected.
用户没有使用运营商定制的数据卡, 却使用了定制的数据卡的 UI, 由 于非定制的数据卡不支持 UI 上对应的某些业务, 使用户无法使用定制的The user does not use the carrier's customized data card, but uses the UI of the customized data card. Non-customized data cards do not support certain services on the UI, making it impossible for users to use customized
UI上提供的相关业务。 Related services provided on the UI.
这样就产生了 UI和数据卡互相绑定的需求, 而且运营商也提出了这样 的需求。 UI和数据卡互相绑定要防止任何黑客在可用商业机上, 使用任何 物理或软件方法来解锁数据卡的锁 UI功能。 解决以上问题的有效途径就是 借助于公钥密码体制(PKI )技术。 目前实用的公钥密码体制一般分为三类: 大整数分解问题类-公钥加密(RSA )算法、 离散对数问题类-数字签名算法 ( DSA ) 、 椭圓曲线类-椭圓曲线密码(ECC ) 。 椭圓曲线密码体制是目前 已知公钥密码体制中、 每比特所提供加密强度最高的一种体制; 但是其数 学理论非常深奥和复杂, 在工程应用中比较难于实现, 但它的单位安全强 度相对较高。 RSA算法的特点之一是数学原理简单、 在工程应用中比较易 于实现, 但它的单位安全强度相对较低。 发明内容  This creates the need for the UI and data card to be bound to each other, and the operator has also raised such a need. The UI and data card are bound to each other to prevent any hacker from using any physical or software method to unlock the data card's lock UI function on the available commercial machine. An effective way to solve the above problems is to use the public key cryptosystem (PKI) technology. The current public key cryptosystems generally fall into three categories: large integer decomposition problem class - public key cryptography (RSA) algorithm, discrete logarithm problem class - digital signature algorithm (DSA), elliptic curve class - elliptic curve cryptography ( ECC). The elliptic curve cryptosystem is a system with the highest encryption strength provided by each bit in the public key cryptosystem. However, its mathematical theory is very esoteric and complicated, and it is difficult to implement in engineering applications, but its unit security strength. Relatively high. One of the characteristics of the RSA algorithm is that the mathematical principle is simple and easy to implement in engineering applications, but its unit security strength is relatively low. Summary of the invention
本发明的目的是提出一种无线通信终端及其与 UI绑定的方法, 以解决 上述问题。  SUMMARY OF THE INVENTION An object of the present invention is to provide a wireless communication terminal and a method thereof for binding to a UI to solve the above problems.
为实现上述目的, 本发明提出一种可绑定 UI的无线通信终端, 数据卡 的板侧包括板侧 AT命令处理模块、板侧公开密钥算法模块,和板侧控制模 块, 其中  To achieve the above object, the present invention provides a wireless communication terminal that can be bound to a UI. The board side of the data card includes a board side AT command processing module, a board side public key algorithm module, and a board side control module, wherein
所述板侧 AT命令处理模块, 用于负责从 UI侧接收和向 UI侧发送 AT 命令;  The board side AT command processing module is configured to receive and send an AT command from the UI side to the UI side;
所述板侧公开密钥算法模块,用于安全存储公钥 A以及利用公钥 A完成 加密和解密功能;  The board side public key algorithm module is configured to securely store the public key A and use the public key A to complete the encryption and decryption functions;
所述板侧控制模块, 用于完成板侧各模块的协调和控制。  The board side control module is configured to complete coordination and control of each module on the board side.
进一步地, 与所述数据卡对应的 UI侧包括 UI控制模块、 随机数发生 器、 UI侧公开密钥算法模块和 UI侧 AT命令处理模块, 其中 所述 UI控制模块, 用于完成 UI侧各模块的协调和控制; 所述随机数发生器, 用于生成随机数; Further, the UI side corresponding to the data card includes a UI control module, a random number generator, a UI side public key algorithm module, and a UI side AT command processing module, where The UI control module is configured to complete coordination and control of each module on the UI side; the random number generator is configured to generate a random number;
所述 UI侧公开密钥算法模块, 用于安全存储私钥 B以及利用私钥 B完 成加密和解密功能  The UI side public key algorithm module is configured to securely store the private key B and complete the encryption and decryption functions by using the private key B.
所述 UI侧 AT命令处理模块, 用于负责从板侧接收和向板侧发送 AT 命令。  The UI side AT command processing module is configured to receive and send AT commands from the board side to the board side.
进一步地, 所述无线通信终端还包括板侧定时器模块, 用于判断在定 时器 ^时间范围内上报给 UI加密随机数的结果。  Further, the wireless communication terminal further includes a board-side timer module, configured to determine a result of reporting the encrypted random number to the UI within a time range of the timer.
进一步地, 所述无线终端和 UI的交互过程如下: 在无线通信终端的板 侧, 所述板侧公开密钥算法模块, 具体用于对明文信息通过公钥 A加密得 到密文信息, 密文信息传递到 UI侧; 相应地, 所述 UI侧公开密钥算法模 块, 具体用于对接收到的密文信息经过私钥 B解密, 最终在 UI侧得到明文 信息;  Further, the interaction process between the wireless terminal and the UI is as follows: On the board side of the wireless communication terminal, the board side public key algorithm module is specifically configured to encrypt the plaintext information by using the public key A to obtain ciphertext information, ciphertext The information is transmitted to the UI side. Correspondingly, the UI side public key algorithm module is specifically configured to decrypt the received ciphertext information through the private key B, and finally obtain the plaintext information on the UI side;
在所述 UI侧, 所述 UI侧公开密钥算法模块, 具体用于对明文信息通 过私钥 B加密得到密文信息, 密文信息传递到数据卡板侧; 相应地, 所述 板侧公开密钥算法模块,具体用于对对接收到的密文信息经过公钥 A解密, 最终在数据卡板侧得到明文信息。  On the UI side, the UI side public key algorithm module is specifically configured to encrypt the plaintext information by using the private key B to obtain the ciphertext information, and the ciphertext information is transmitted to the data card board side; correspondingly, the board side is disclosed. The key algorithm module is specifically configured to decrypt the received ciphertext information through the public key A, and finally obtain the plaintext information on the data card board side.
进一步地, 所述 UI侧公开密钥算法模块, 还用于在启动并完成自身初 始化工作并识别到数据卡完成初始化交互流程之后, 转入正常工作模式, 同时产生一个定时器 , 生成一个随机数 S并使用密钥 S对该随机数作加密 运算产生加密结果 (S), 并将 S和 (S)通过 AT指令的方式通知数据卡侧 软件。  Further, the UI side public key algorithm module is further configured to: after starting and completing its own initialization work and identifying that the data card completes the initialization interaction process, transition to a normal working mode, and generate a timer to generate a random number. S uses the key S to encrypt the random number to generate an encryption result (S), and notifies the data card side software by means of the AT command by S and (S).
进一步地, 所述板侧公开密钥算法模块, 还用于在数据卡侧软件启动 之后完成自身初始化工作之后转入正常工作模式, 同时产生一个定时器 ^; 如果数据卡侧软件在定时器7 ^时间范围内接收到 S和 用自身的密钥 A分别加密 S和解密 )得到的结果 )和 D (S)) , 如果 ¾ 和 S 相同, 则数据卡侧软件将 ( 通过 AT指令的方式返回给 UI, 数据卡判断 UI是和数据卡软件对应的 UI, 数据卡侧正常工作, 否则, 数据卡侧进入非 正常工作模式; 所述 UI在定时器7 ^时间范围内接收到 用自身的密钥 s解密得到 (^0^ , 如果1 ^^^》和 相同, UI 判断数据卡是和 UI配套 的数据卡侧软件, UI正常工作, 否则, UI进入非正常工作模式。 Further, the board side public key algorithm module is further configured to switch to a normal working mode after completing the initialization operation after the data card side software starts, and generate a timer ^; if the data card side software is in the timer 7 ^ Receive S and use its own key within the time range A respectively encrypts the result of S and decryption) and D (S)). If 3⁄4 and S are the same, the data card side software will return to the UI by means of the AT command, and the data card judges that the UI corresponds to the data card software. UI, the data card side works normally, otherwise, the data card side enters the abnormal working mode; the UI receives the decryption with its own key s in the timer 7 ^ time range (^0^, if 1 ^^ ^" and the same, the UI judges that the data card is the data card side software that is compatible with the UI, and the UI works normally. Otherwise, the UI enters the abnormal working mode.
另外, 本发明还提出一种无线通信终端与 UI绑定的方法, 其包括无线 通信终端和 UI正常工作后利用预先分配好的密钥对进行定期的加密校验的 交互, 来险证对方的正确性。  In addition, the present invention also provides a method for binding a wireless communication terminal to a UI, which includes a wireless communication terminal and a UI performing a regular encryption and verification interaction using a pre-assigned key pair after the normal operation of the UI, to insure the other party's Correctness.
进一步地,所述无线终端和 UI的交互过程包括:在无线通信终端板侧, 明文信息通过公钥 A加密得到密文信息, 密文信息传递到 UI侧,再经过私 钥 B解密, 最终在 UI侧得到明文信息; 所述 UI侧与数据卡板侧的交互过 程是: 在 UI侧, 明文信息通过私钥 B加密得到密文信息, 密文信息传递到 数据卡板侧, 再经过公钥 A解密, 最终在数据卡板侧得到明文信息。  Further, the interaction process between the wireless terminal and the UI includes: on the side of the wireless communication terminal board, the plaintext information is encrypted by the public key A to obtain the ciphertext information, the ciphertext information is transmitted to the UI side, and then decrypted by the private key B, and finally The UI side obtains the plaintext information; the interaction process between the UI side and the data card board side is: On the UI side, the plaintext information is encrypted by the private key B to obtain the ciphertext information, the ciphertext information is transmitted to the data card board side, and then the public key is passed. A decryption, and finally get the plaintext information on the data card board side.
进一步地, 该方法还包括: 所述 UI在启动并完成自身初始化工作并识 别到数据卡完成初始化交互流程之后转入正常工作模式, 同时产生一个定 时器 , 生成一个随机数 S并使用密钥 S对该随机数作加密运算产生加密结 果 EB , 并将 S和 EB (S)通过 AT指令的方式通知数据卡侧软件。 Further, the method further includes: the UI transitioning to a normal working mode after starting and completing its own initialization work and identifying that the data card completes the initialization interaction process, generating a timer, generating a random number S, and using the key S Encryption operation on the random number produces an encryption result E B , and notifies the data card side software by means of the AT command by S and E B (S).
进一步地, 该方法还包括: 所述数据卡侧软件启动并完成自身初始化 工作之后转入正常工作模式, 同时产生一个定时器 如果数据卡侧软件 在定时器7 ^时间范围内接收到 S和 利用自身的密钥 分别加密 S和解 密 (S)得到的结果 (5)和 如果 和 S相同, 则数据卡侧 软件将 ( 通过 AT指令的方式返回给 UI, 数据卡判断 UI是和数据卡软 件对应的 UI, 数据卡侧正常工作, 否则, 数据卡侧进入非正常工作模式; 所述 UI在定时器7 ^时间范围内接收到 利用自身的密钥 s解密得到 DB (EA (S)) ,如果 ^(^(^和 相同, m 判断数据卡是和 UI配套的数据卡侧 软件, UI正常工作, 否则, UI进入非正常工作模式。 Further, the method further includes: after the data card side software starts and completes its own initialization work, and then transitions to a normal working mode, and generates a timer if the data card side software receives the S in the timer 7 ^ time range and utilizes The result of the own key is encrypted S and decrypted (S) respectively (5) and if it is the same as S, the data card side software will return to the UI through the AT command, and the data card determines that the UI corresponds to the data card software. UI, the data card side works normally, otherwise, the data card side enters the abnormal working mode; The UI receives the decryption using its own key s to obtain D B ( E A (S)) within the timer 7 ^ time range. If ^(^(^ and the same, m determines that the data card is the data associated with the UI) The card side software, the UI works normally, otherwise, the UI enters the abnormal working mode.
综上所述, 通过本发明技术方案, 增强了 UI版本和数据卡软件版本的 ——对应关系, 当 UI版本和数据卡软件版本不匹配时, UI或数据卡无法正 常使用, 满足了运营商实现 UI版本和数据卡软件版本绑定以实现其特殊业 务的需求。 同时, 公开密钥加密算法及其加密强度和校验的时间间隔可以 根据实际需要进行修改, 大大增强了实用性和保密性, 满足了各种定制的 差异化需求。 附图说明  In summary, the technical solution of the present invention enhances the correspondence between the UI version and the data card software version. When the UI version and the data card software version do not match, the UI or the data card cannot be used normally, and the carrier is satisfied. Implement UI binding and data card software version binding to achieve the needs of its special business. At the same time, the public key encryption algorithm and its encryption strength and check interval can be modified according to actual needs, which greatly enhances the practicability and confidentiality, and satisfies various customization requirements. DRAWINGS
图 1是本发明实施例中数据卡板侧到 UI侧加解密过程示意图; 图 2是本发明实施例中数据卡 UI侧到板侧加解密过程示意图; 图 3是本发明实施例中数据卡 UI侧与板侧的各功能模块示意图; 图 4是本发明实施例中 UI和数据卡板侧互相绑定中 UI侧和数据卡侧 开始交互后处理流程图;  1 is a schematic diagram of a data card board side to UI side encryption and decryption process according to an embodiment of the present invention; FIG. 2 is a schematic diagram of a data card UI side to board side encryption and decryption process according to an embodiment of the present invention; FIG. 3 is a data card in an embodiment of the present invention; FIG. 4 is a schematic diagram of processing after the UI side and the data card side begin to interact in the UI and the data card board side in the embodiment of the present invention;
图 5 是本发明实施例中 UI和数据卡板侧互相绑定中数据卡板侧在上 电后处理流程图。 具体实施方式  FIG. 5 is a flowchart of processing after power-on of the data card board side in which the UI and the data card board side are mutually bound in the embodiment of the present invention. detailed description
本发明提供一种无线通信终端及其与 UI进行互相绑定的方法。  The present invention provides a wireless communication terminal and a method thereof for binding to a UI.
实现对应绑定的原理是无线通信终端和 UI正常工作后利用预先分配 好的密钥对进行定期的加密校验的交互, 来验证对方的正确性, 保证 UI和 无线通信终端的——对应性, 实现互相绑定。  The principle of implementing the corresponding binding is that the wireless communication terminal and the UI use the pre-assigned key pair to perform regular encryption and verification interaction after the normal operation, to verify the correctness of the other party, and to ensure the correspondence between the UI and the wireless communication terminal. , achieve mutual binding.
下面结合附图和具体实施例对本发明做详细叙述, 在该实施例中, 所 述无线通信终端以数据卡为例说明。 如图 1和图 2所示,给出了本发明中釆用了公开密钥加密算法的数据卡 板侧到 UI侧和 UI侧到板侧的加解密过程示意图。 The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. In this embodiment, the wireless communication terminal uses a data card as an example for description. As shown in FIG. 1 and FIG. 2, a schematic diagram of the encryption and decryption process from the data card board side to the UI side and the UI side to the board side of the present invention using the public key encryption algorithm is shown.
从图 1可以看出, 数据卡板侧与 UI侧的交互过程是: 在板侧, 明文信 息通过公钥 A加密得到密文信息, 密文信息传递到 UI侧, 再经过私钥 B 解密, 最终在 UI侧得到明文信息。  As can be seen from Figure 1, the interaction between the data card board side and the UI side is: On the board side, the plaintext information is encrypted by the public key A to obtain the ciphertext information, the ciphertext information is transmitted to the UI side, and then decrypted by the private key B. Finally, the plaintext information is obtained on the UI side.
从图 2可以看出, UI侧与数据卡板侧的交互过程是: 在 UI侧, 明文信 息通过私钥 B加密得到密文信息, 密文信息传递到数据卡板侧, 再经过公 钥 A解密, 最终在数据卡板侧得到明文信息。  As shown in Figure 2, the interaction between the UI side and the data card board side is: On the UI side, the plaintext information is encrypted by the private key B to obtain ciphertext information, and the ciphertext information is transmitted to the data card board side, and then the public key A is passed. Decrypt, and finally get the plaintext information on the data card board side.
本发明中, 网络运营商或者数据卡生产商生成一对非对称密钥对, 将 公钥 A存放在数据卡板侧软件中, 将私钥 B存放在 UI软件中。  In the present invention, the network operator or the data card manufacturer generates a pair of asymmetric key pairs, stores the public key A in the software of the data card board side, and stores the private key B in the UI software.
UI在启动之后, 完成自身初始化工作并识别到数据卡完成初始化交互 流程之后转入正常工作模式, 同时产生一个定时器 生成一个随机数 S并 使用密钥 S对该随机数作加密运算产生加密结果 (S) , 并将随机数 S和加 密结果 OS)通过 AT指令的方式通知数据卡侧软件。  After the UI starts, it completes its initialization work and recognizes that the data card completes the initialization interaction process and then switches to the normal working mode. At the same time, a timer is generated to generate a random number S and the random number is encrypted by the key S to generate an encryption result. (S), and the random number S and the encryption result OS) are notified to the data card side software by means of the AT command.
数据卡侧软件启动之后, 完成自身初始化工作之后转入正常工作模式, 同时产生一个定时器 ^;如果数据卡侧软件在定时器 ^时间范围内接收到随 机数 s和加密结果 (s) , 利用自身的公钥 ^分别加密随机数 s和解密 UI侧 产生的加密结果 (S)得到的结果 (S)和 D ,如果 D 和随机数After the data card side software is started, it will enter the normal working mode after completing its own initialization work, and a timer ^ is generated at the same time; if the data card side software receives the random number s and the encryption result (s) within the timer ^ time range, the use The public key of its own ^ encrypts the random number s and decrypts the result (S) and D obtained by the encryption result (S) generated by the UI side, if D and random number
S相同, 则数据卡侧软件将 通过 AT指令的方式返回给 UI, 数据卡判 断 UI是和数据卡软件对应的 UI, 数据卡侧正常工作, 否则, 数据卡侧进入 非正常工作模式。 If S is the same, the data card side software will return to the UI through the AT command. The data card judgment UI is the UI corresponding to the data card software, and the data card side works normally. Otherwise, the data card side enters the abnormal working mode.
UI 在定时器7 ^时间范围内接收到 利用自身的私钥 s解密得到The UI receives the decryption using its own private key s within the timer 7 ^ time range.
DB (£A (S)) ^如果 Α( 0 ^和随机数 S相同, UI 判断数据卡是和 UI配套的数 据卡侧软件, UI正常工作, 否则, UI进入非正常工作模式。 所用的公开密钥加密算法及定时器 ι / 2的定时时间可以根据 UI和数据 卡的定制商的需要进行改变, 满足差异化和个性化的需要。 D B ( £ A (S)) ^ If Α ( 0 ^ and random number S are the same, the UI judges that the data card is the data card side software associated with the UI, and the UI works normally. Otherwise, the UI enters the abnormal working mode. The public key encryption algorithm used and the timing of the timer ι / 2 can be changed according to the needs of the UI and the data card's customizer to meet the needs of differentiation and personalization.
数据卡和 UI在正常工作时在一次校验结束后立即开始下一次的定时校 验工作, 这样保证 UI和数据卡定期校验。  The data card and UI start the next timing check immediately after the end of one calibration during normal operation, thus ensuring regular verification of the UI and data card.
本发明充分利用公开密钥加密算法的公钥和私钥分开保存的特点以及 同时可以进行加密和签名, 来进行信息的防伪和保密的特点, 实现了数据 卡和 UI进行定时的互相加密校验的交互, 以验证了对方的正确性, 保证了 UI和数据卡的——对应性, 实现了互相绑定。 而且实现了绑定的公开密钥 加密算法和校验的时间间隔根据实际需要进行修改, 大大增强了实用性和 保密性; 釆用公开密钥加密算法的加密公钥可以公开的特点, 大大增加了 数据卡和 UI相互校验的安全性和可操作性,满足了各种定制的差异化需求。  The invention fully utilizes the characteristics that the public key and the private key of the public key encryption algorithm are separately stored, and can simultaneously perform encryption and signature to perform the anti-counterfeiting and confidentiality of the information, and realizes the mutual encryption and verification of the data card and the UI. The interaction, to verify the correctness of the other party, to ensure that the UI and the data card - the correspondence, the realization of the mutual binding. Moreover, the time interval of the public key encryption algorithm and the verification of the binding is modified according to actual needs, which greatly enhances the practicability and confidentiality; the feature that the public key encryption algorithm can be publicized by the public key encryption algorithm is greatly increased. The security and operability of data card and UI mutual verification meets the needs of various customizations.
网络运营商或者数据卡生产商利用自己选定的一种公开密钥加密算法 生成一对非对称密钥对: 公钥 和私钥 将公钥 存放在数据卡板侧软件 中, 将私钥 S存放在 UI软件中。  The network operator or data card manufacturer generates a pair of asymmetric key pairs using a public key encryption algorithm selected by itself: the public key and the private key store the public key in the data card side software, and the private key S Stored in the UI software.
如图 3所示,是本实施例中数据卡 UI侧与板侧的各功能模块示意框图。 数据卡的 UI侧包括 UI侧定时器模块 301、 UI控制模块 302 (完成 UI侧各 模块的协调和控制) 、 随机数发生器 303 (生成随机数) 、 UI侧公开密钥 算法模块 304 (安全存储私钥 S以及利用私钥 S完成加密和解密功能) 、 UI 工作模块 305 (完成数据卡 UI侧的基本功能 )和 UI侧 AT命令处理模块 306 (负责从板侧接收和向板侧发送 AT命令) 。  As shown in FIG. 3, it is a schematic block diagram of each functional module on the UI side and the board side of the data card in this embodiment. The UI side of the data card includes a UI side timer module 301, a UI control module 302 (complete coordination and control of each module on the UI side), a random number generator 303 (generating a random number), and a UI side public key algorithm module 304 (security The private key S is stored and the encryption and decryption functions are completed using the private key S. The UI work module 305 (completes the basic function of the data card UI side) and the UI side AT command processing module 306 (responsible for receiving and transmitting the AT from the board side to the board side) Command).
数据卡的板侧包括板侧 AT命令处理模块 307 (负责从 UI侧接收和向 UI侧发送 AT命令)、 板侧公开密钥算法模块 308 (安全存储公钥 以及利 用公钥 完成加密和解密功能)、 板侧工作模块 309 (完成数据卡板侧的基 本功能)、 板侧定时器模块 310和板侧控制模块 311 (完成板侧各模块的协 调和控制) 。 如图 4所示, 是本实施例的 UI侧软件在与数据卡板侧开始交互后的处 理流程, 包括以下步骤: The board side of the data card includes a board side AT command processing module 307 (responsible for receiving and sending AT commands from the UI side), a board side public key algorithm module 308 (secure storage public key, and using the public key to complete encryption and decryption functions). ), the board side working module 309 (completes the basic function on the data card board side), the board side timer module 310, and the board side control module 311 (completes coordination and control of each board side panel). As shown in FIG. 4, the processing flow after the UI side software of the embodiment starts interacting with the data card board side includes the following steps:
步骤 401 : UI侧各模块完成自身初始化及其与数据卡板侧交互处理流 程后转入正常工作模式.  Step 401: Each module on the UI side completes its own initialization and interacts with the data card board side to process the normal working mode.
步骤 402: UI公开密钥加密算法模块产生随机数 S并将随机数 S发送到 UI侧公开密钥加密算法模块。  Step 402: The UI public key encryption algorithm module generates a random number S and sends the random number S to the UI side public key encryption algorithm module.
步骤 403: UI侧公开密钥加密算法模块釆用自身密钥 S加密随机数得 到加密结果, 并将随机数 S及其加密结果发送给 UI侧 AT命令处理模块. 步骤 404: UI侧 AT命令处理模块将随机数 S及其加密结果通过 AT命令 方式下发给数据卡板侧并启动定时器7^ Step 403: The UI side public key encryption algorithm module encrypts the random number with the self key S to obtain the encryption result, and sends the random number S and the encryption result thereof to the UI side AT command processing module. Step 404: UI side AT command processing The module sends the random number S and its encryption result to the data card board side through the AT command mode and starts the timer 7 ^
步骤 405: 如果数据卡板侧在定时器7 ^时间范围内上报给 UI加密随机数 的结果, 进入步骤 406, 否则进入步骤 410。 Step 405: If the data card board side reports the result of the UI encryption random number to the UI within the timer 7 ^ time range, the process proceeds to step 406, otherwise, the process proceeds to step 410.
步骤 406: UI侧 AT命令处理模块将接收到的加密随机数发送到 UI侧加 密算法模块。  Step 406: The UI side AT command processing module sends the received encrypted random number to the UI side encryption algorithm module.
步骤 407: UI侧加密算法模块用密钥 B解密数据卡板侧上报的加密随机 数。  Step 407: The UI side encryption algorithm module decrypts the encrypted random number reported by the data card board side with the key B.
步骤 408: 如果 UI控制模块判断数据卡板侧上报的加密结果正确, 则进 入步骤 409 , 否则进入步骤 410。  Step 408: If the UI control module determines that the encryption result reported by the data card board side is correct, proceed to step 409, otherwise proceed to step 410.
步骤 409: UI判断此时的数据卡是与其绑定的数据卡, 允许用户进行其 他正常操作, 并返回步骤 402开始下一次的校验工作。  Step 409: The UI determines that the data card at this time is a data card bound to it, allows the user to perform other normal operations, and returns to step 402 to start the next verification work.
步骤 410: UI判断此时的数据卡不是与其绑定的数据卡, 禁止用户进行 其他正常操作。  Step 410: The UI determines that the data card at this time is not a data card bound to the data card, and prohibits the user from performing other normal operations.
如图 5所示, 是本实施例中的数据卡板侧在上电后处理流程, 包括: 步骤 501 : 数据卡板侧各模块上电完成自身初始化后转入正常工作模 式。 步骤 502: 数据卡板侧转入正常工作模式后, 板侧控制模块启动定时器 τ2 。 步骤 503: 如果数据卡在定时器7 ^时间范围内收到 UI下发的随机数加密 的结果, 进入步骤 504, 否则进入步骤 510。 As shown in FIG. 5, the data card board side in the embodiment is processed after power-on, and includes: Step 501: Each module on the data card board is powered on to complete its initialization and then enters a normal working mode. Step 502: After the data card board side enters the normal working mode, the board side control module starts the timer τ 2 . Step 503: If the data card receives the result of the random number encryption sent by the UI within the timer 7 ^ time range, the process proceeds to step 504, otherwise, the process proceeds to step 510.
步骤 504:数据卡板侧 AT命令处理模块将接收到的 UI下发的加密随机数 发送给板侧加密算法模块。  Step 504: The data card board side AT command processing module sends the encrypted random number sent by the received UI to the board side encryption algorithm module.
步骤 505: 数据卡板侧加密算法模块利用自身密钥 解密 UI下发的加密 随机数。  Step 505: The data card board side encryption algorithm module uses the own key to decrypt the encrypted random number sent by the UI.
步骤 506:板侧控制模块判断如果数据卡板侧解密的随机数和 UI下发的 随机数一致, 则进入步骤 507, 否则进入步骤 510。  Step 506: The board-side control module determines that if the random number decrypted by the data card board side is consistent with the random number sent by the UI, the process proceeds to step 507, otherwise, the process proceeds to step 510.
步骤 507: 数据卡板侧加密算法模块利用密钥 加密 UI下发的随机数并 将加密结果发送到板侧 AT命令处理模块。  Step 507: The data card board side encryption algorithm module uses the key to encrypt the random number sent by the UI and sends the encryption result to the board side AT command processing module.
步骤 508:板侧 AT命令处理模块将加密结果发送到 UI侧 AT命令处理模 块。  Step 508: The board side AT command processing module sends the encryption result to the UI side AT command processing module.
步骤 509: 板侧控制模块判断此时的 UI是与其绑定的 UI, 允许用户进 行正常操作, 并返回步骤 502开始下一次的校验工作。  Step 509: The board side control module determines that the UI at this time is a UI bound to the UI, allows the user to perform normal operations, and returns to step 502 to start the next verification work.
步骤 510: 板侧控制模块判断此时的 UI不是与其绑定的 UI, 禁止用户 进行正常操作。  Step 510: The board side control module determines that the UI at this time is not the UI bound to the UI, and prohibits the user from performing normal operations.
通过本发明技术方案, 增强了 UI版本和数据卡软件版本的一对一对应 性, 当 UI版本和数据卡软件版本不匹配时, UI和数据卡无法正常使用, 满 足了运营商实现 UI版本和数据卡软件版本绑定来实现其特殊业务的需求。  The technical solution of the present invention enhances the one-to-one correspondence between the UI version and the data card software version. When the UI version and the data card software version do not match, the UI and the data card cannot be used normally, and the operator implements the UI version and The data card software version is bundled to fulfill its special business needs.
同时, 公开密钥加密算法及其加密强度和校验的时间间隔可以根据实 际需要进行修改, 大大增强了实用性和保密性, 可以用来满足了各种定制 的差异化需求。  At the same time, the public key encryption algorithm and its encryption strength and check interval can be modified according to actual needs, which greatly enhances the practicability and confidentiality, and can be used to meet the needs of various customizations.
当然, 本发明还可有多种实施方式, 在不背离本发明精神及其实质的
Figure imgf000012_0001
Of course, the invention may be embodied in a variety of embodiments without departing from the spirit and scope of the invention.
Figure imgf000012_0001
但凡在本发明的精神和原则之内所作的任何修改、 等同替换、 改进, 均应 包含在本发明的保护范围之内。 All modifications, equivalent substitutions and improvements made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权利要求书 Claim
1、 一种无线通信终端, 其特征在于, 数据卡的板侧包括板侧 AT命令 处理模块、 板侧公开密钥算法模块, 和板侧控制模块, 其中,  A wireless communication terminal, wherein the board side of the data card comprises a board side AT command processing module, a board side public key algorithm module, and a board side control module, wherein
板侧 AT命令处理模块, 用于负责从应胡接口 UI侧接收和向 UI侧发 送 AT命令;  The board side AT command processing module is configured to receive and send an AT command from the UI side of the interface and to the UI side;
板侧公开密钥算法模块,用于安全存储公钥 A以及利用公钥 完成加密 和解密功能;  A board-side public key algorithm module for securely storing the public key A and using the public key to perform encryption and decryption functions;
板侧控制模块, 用于完成板侧各模块的协调和控制。  The board side control module is used to complete the coordination and control of each module on the board side.
2、 如权利要求 1所述的无线通信终端, 其特征在于: 与所述数据卡对 应的 UI侧包括 UI控制模块、 随机数发生器、 UI侧公开密钥算法模块和 UI 侧 AT命令处理模块, 其中,  2. The wireless communication terminal according to claim 1, wherein: the UI side corresponding to the data card comprises a UI control module, a random number generator, a UI side public key algorithm module, and a UI side AT command processing module. , among them,
UI控制模块, 用于完成 UI侧各模块的协调和控制;  a UI control module, configured to complete coordination and control of each module on the UI side;
随机数发生器, 用于生成随机数;  a random number generator for generating a random number;
UI侧公开密钥算法模块, 用于安全存储私钥 s以及利用私钥 S完成加 密和解密功能;  The UI side public key algorithm module is configured to securely store the private key s and use the private key S to complete the encryption and decryption functions;
UI侧 AT命令处理模块, 用于负责从板侧接收和向板侧发送 AT命令。  The UI side AT command processing module is configured to receive and send AT commands from the board side to the board side.
3、 如权利要求 1或 2所述的无线通信终端, 其特征在于: 所述无线通 信终端还包括板侧定时器模块, 用于判断在定时器7 ^时间范围内上报给 UI 加密随机数的结果。 The wireless communication terminal according to claim 1 or 2, wherein: the wireless communication terminal further includes a board-side timer module, configured to determine that the UI encrypted random number is reported in a timer 7 ^ time range. result.
4、 如权利要求 2所述的无线通信终端, 其特征在于: 在无线通信终端 的板侧, 所述板侧公开密钥算法模块, 具体用于对明文信息通过公钥 A加 密得到密文信息, 密文信息传递到 UI侧; 相应地, 所述 UI侧公开密钥算 法模块, 具体用于对接收到的密文信息经过私钥 B解密, 最终在 UI侧得到 明文信息;  The wireless communication terminal according to claim 2, wherein: on the board side of the wireless communication terminal, the board side public key algorithm module is specifically configured to encrypt the plaintext information by using the public key A to obtain the ciphertext information. The ciphertext information is transmitted to the UI side. Correspondingly, the UI side public key algorithm module is specifically configured to decrypt the received ciphertext information through the private key B, and finally obtain the plaintext information on the UI side;
在所述 UI侧, 所述 UI侧公开密钥算法模块, 具体用于对明文信息通 过私钥 B加密得到密文信息, 密文信息传递到数据卡板侧; 相应地, 所述 板侧公开密钥算法模块,具体用于对对接收到的密文信息经过公钥 A解密, 最终在数据卡板侧得到明文信息。 On the UI side, the UI side public key algorithm module is specifically configured to use the plaintext information The private key B is encrypted to obtain the ciphertext information, and the ciphertext information is transmitted to the data card board side. Correspondingly, the board side public key algorithm module is specifically configured to decrypt the received ciphertext information through the public key A. Finally, the plaintext information is obtained on the data card board side.
5、 如权利要求 3所述的无线通信终端, 其特征在于: 所述 UI侧公开 密钥算法模块, 还用于在启动并完成自身初始化工作并识别到数据卡完成 初始化交互流程之后, 转入正常工作模式, 同时产生一个定时器 生成一 个随机数 s并使用密钥 β对该随机数作加密运算产生加密结果 (s) ,并将 s 和 通过 AT指令的方式通知数据卡侧软件。  The wireless communication terminal according to claim 3, wherein: the UI side public key algorithm module is further configured to: after starting and completing its own initialization work and identifying that the data card completes the initialization interaction process, In the normal working mode, a timer is generated to generate a random number s and the random number is encrypted by using the key β to generate an encryption result (s), and the data card side software is notified by s and by the AT command.
6、 如权利要求 3所述的无线通信终端, 其特征在于: 所述板侧公开密 钥算法模块, 还用于在数据卡侧软件启动之后完成自身初始化工作之后转 入正常工作模式, 同时产生一个定时器 如果数据卡侧软件在定时器 ^时 间范围内接收到 S和 用自身的密钥 分别加密 S和解密 得到的 结果 OS)和 ¾( 09)) , 如果 ¾( 09))和 相同, 则数据卡侧软件将 O ^通 过 AT指令的方式返回给 UI, 数据卡判断 UI是和数据卡软件对应的 UI, 数据卡侧正常工作, 否则, 数据卡侧进入非正常工作模式; 所述 UI在定时 器 T、时间范围内接收到 ^ W, 用自身的密钥 S解密得到 DKSy> , 如果 A( (S》和 S相同, 判断数据卡是和 UI配套的数据卡侧软件, UI正常 工作, 否则, UI进入非正常工作模式。 The wireless communication terminal according to claim 3, wherein: the board side public key algorithm module is further configured to switch to a normal working mode after the data card side software starts to complete its own initialization work, and simultaneously generate A timer if the data card side software receives S in the timer ^ time range and encrypts S with its own key and decrypts the result OS) and 3⁄4 ( 09)), if 3⁄4 ( 09)) and the same, Then, the data card side software returns O^ to the UI through the AT command, and the data card determines that the UI is the UI corresponding to the data card software, and the data card side works normally; otherwise, the data card side enters the abnormal working mode; In the timer T , the time range received ^ W, decrypted with its own key S to get D KSy>, if A ((S) and S are the same, judge the data card is the data card side software associated with the UI, the UI is normal Work, otherwise, the UI enters an abnormal working mode.
7、 一种无线通信终端与 UI绑定的方法, 其特征在于, 包括无线通信 终端和 UI正常工作后, 利用预先分配好的密钥对进行定期的加密校验的交 互, 来险证对方的正确性。  A method for binding a wireless communication terminal to a UI, characterized in that, after the wireless communication terminal and the UI are working normally, the interaction of the encryption and verification is performed by using a pre-assigned key pair to authenticate the other party. Correctness.
8、 如权利要求 7所述的方法, 其特征在于: 所述无线终端和 UI的交 互包括: 在无线通信终端板侧, 明文信息通过公钥 A加密得到密文信息, 密文信息传递到 UI侧, 再经过私钥 B解密, 最终在 UI侧得到明文信息; 所述 UI侧与数据卡板侧的交互过程是: 在 UI侧, 明文信息通过私钥 B加 密得到密文信息, 密文信息传递到数据卡板侧, 再经过公钥 A解密, 最终 在数据卡板侧得到明文信息。 8. The method according to claim 7, wherein: the interaction between the wireless terminal and the UI comprises: on the side of the wireless communication terminal board, the plaintext information is encrypted by the public key A to obtain ciphertext information, and the ciphertext information is transmitted to the UI. Side, then decrypted by the private key B, and finally get the plaintext information on the UI side; The interaction between the UI side and the data card board side is: On the UI side, the plaintext information is encrypted by the private key B to obtain the ciphertext information, the ciphertext information is transmitted to the data card board side, and then decrypted by the public key A, and finally in the data. The card side receives plaintext information.
9、 如权利要求 7 所述的方法, 其特征在于: 该方法还包括: 所述 UI 在启动并完成自身初始化工作并识别到数据卡完成初始化交互流程之后, 转入正常工作模式, 同时产生一个定时器 , 生成一个随机数 S并使用密钥 S对该随机数作加密运算产生加密结果 (S) , 并将 S和 (S)通过 AT指令 的方式通知数据卡侧软件。  9. The method according to claim 7, wherein the method further comprises: after the UI starts and completes its initialization work and recognizes that the data card completes the initialization interaction process, and then transitions to a normal working mode, and simultaneously generates a The timer generates a random number S and encrypts the random number using the key S to generate an encryption result (S), and notifies the data card side software by means of the AT command by S and (S).
10、 如权利要求 7所述的方法, 其特征在于: 该方法还包括: 所述数 据卡侧软件启动并完成自身初始化工作之后转入正常工作模式, 同时产生 一个定时器  10. The method according to claim 7, wherein: the method further comprises: the data card side software starting and completing its own initialization work, then transferring to a normal working mode, and generating a timer
如果数据卡侧软件在定时器7 ^时间范围内接收到 S和 利用自身 的密钥 分别加密 S和解密 EB、S、得到的结果 W和 DA (E S , 如果 ( 09))和 相同 ,则数据卡侧软件将 (S)通过 AT指令的方式返回给 UI, 数据卡判断 UI是和数据卡软件对应的 UI, 数据卡侧正常工作, 否则, 数据 卡侧进入非正常工作模式; If the data card side software receives S in the timer 7 ^ time range and encrypts S and decrypts E B, S respectively using its own key, the obtained results W and D A ( ES , if (09)) and the same, Then, the data card side software returns (S) to the UI through the AT command, and the data card determines that the UI is the UI corresponding to the data card software, and the data card side works normally; otherwise, the data card side enters the abnormal working mode;
所述 UI在定时器7 ^时间范围内接收到 利用自身的密钥 s解密得 到 (^0^ ,如果 Α( 0 ^和 S相同, UI 判断数据卡是和 UI配套的数据卡 侧软件, UI正常工作, 否则, UI进入非正常工作模式。 The UI receives the decryption using its own key s in the timer 7 ^ time range (^0^, if Α (0 ^ and S are the same, the UI determines that the data card is the data card side software associated with the UI, UI) Normal work, otherwise, the UI enters an abnormal working mode.
PCT/CN2010/077053 2010-07-28 2010-09-17 Wireless communication terminal and method for binding wireless communication terminal with user interface WO2012012964A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010239536.0 2010-07-28
CN201010239536.0A CN101958969B (en) 2010-07-28 2010-07-28 Wireless communication terminal and method thereof for binding with user interface (UI)

Publications (1)

Publication Number Publication Date
WO2012012964A1 true WO2012012964A1 (en) 2012-02-02

Family

ID=43486068

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/077053 WO2012012964A1 (en) 2010-07-28 2010-09-17 Wireless communication terminal and method for binding wireless communication terminal with user interface

Country Status (2)

Country Link
CN (1) CN101958969B (en)
WO (1) WO2012012964A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094062A (en) * 2006-06-21 2007-12-26 普天信息技术研究院 Method for implementing safe distribution and use of digital content by using memory card
CN101150397A (en) * 2007-10-25 2008-03-26 宇龙计算机通信科技(深圳)有限公司 Method and mobile terminal for secure communication between mobile terminal and computer
WO2009041804A2 (en) * 2007-09-26 2009-04-02 Mimos Berhad Secure instant messaging
CN101572748A (en) * 2009-06-15 2009-11-04 北京握奇数据系统有限公司 Mobile phone card, mobile phone and method for starting mobile phone
CN101751212A (en) * 2009-12-16 2010-06-23 中兴通讯股份有限公司 Method and system for interlocking UI and data card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094062A (en) * 2006-06-21 2007-12-26 普天信息技术研究院 Method for implementing safe distribution and use of digital content by using memory card
WO2009041804A2 (en) * 2007-09-26 2009-04-02 Mimos Berhad Secure instant messaging
CN101150397A (en) * 2007-10-25 2008-03-26 宇龙计算机通信科技(深圳)有限公司 Method and mobile terminal for secure communication between mobile terminal and computer
CN101572748A (en) * 2009-06-15 2009-11-04 北京握奇数据系统有限公司 Mobile phone card, mobile phone and method for starting mobile phone
CN101751212A (en) * 2009-12-16 2010-06-23 中兴通讯股份有限公司 Method and system for interlocking UI and data card

Also Published As

Publication number Publication date
CN101958969B (en) 2014-02-05
CN101958969A (en) 2011-01-26

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
US9071426B2 (en) Generating a symmetric key to secure a communication link
CN109672539A (en) SM2 algorithm collaboration signature and decryption method, apparatus and system
US6263437B1 (en) Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
EP1610202B1 (en) Using a portable security token to facilitate public key certification for devices in a network
US20070083766A1 (en) Data transmission links
US20030210789A1 (en) Data transmission links
EP2678799B1 (en) Method and apparatus for encoding and decoding data transmitted to an authentication token
US8601267B2 (en) Establishing a secured communication session
CN109150897B (en) End-to-end communication encryption method and device
US8750512B2 (en) Authenticating an ephemeral Diffie-Hellman using a trusted third party
CN103036681B (en) A kind of password safety keyboard device and system
JP2005515701A6 (en) Data transmission link
CN104836784B (en) A kind of information processing method, client and server
CN104917807A (en) Resource transfer method, apparatus and system
US20100223479A1 (en) Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal
WO2014012468A1 (en) Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium
CN114900304A (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN105933118A (en) Communication method and system, PCI password card and remote management medium
US9154481B1 (en) Decryption of a protected resource on a cryptographic device using wireless communication
CN109246156B (en) Login authentication method and device, login method and device, and login authentication system
WO2012012964A1 (en) Wireless communication terminal and method for binding wireless communication terminal with user interface
CN110249334B (en) System and method for efficient secure communication between devices
Asaduzzaman et al. An auspicious secure processing technique for near field communication systems
CN1215677C (en) Random generating technology for large prime number on internet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10855192

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10855192

Country of ref document: EP

Kind code of ref document: A1