[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106686585A - Binding method and system - Google Patents

Binding method and system Download PDF

Info

Publication number
CN106686585A
CN106686585A CN201611118802.8A CN201611118802A CN106686585A CN 106686585 A CN106686585 A CN 106686585A CN 201611118802 A CN201611118802 A CN 201611118802A CN 106686585 A CN106686585 A CN 106686585A
Authority
CN
China
Prior art keywords
binding
client
service end
digital certificate
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201611118802.8A
Other languages
Chinese (zh)
Inventor
魏为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jinli Communication Equipment Co Ltd
Original Assignee
Shenzhen Jinli Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jinli Communication Equipment Co Ltd filed Critical Shenzhen Jinli Communication Equipment Co Ltd
Priority to CN201611118802.8A priority Critical patent/CN106686585A/en
Publication of CN106686585A publication Critical patent/CN106686585A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/0293Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for accessing web services by means of a binding identification of the management service or element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An embodiment of the invention discloses a binding method and system. The method includes the steps in which, a client acquires device information if detecting a binding request, the device information including a device identification code and a communication number corresponding to an SIM card; the client sends the device information to a server in an encrypted manner so that the server assigns a verification number corresponding to the device information; the server uses the verification number to perform call verification with the client; if the call verification is successful, the server binds the communication number corresponding to the SIM card and the device identification code; and the server returns the binding result to the client. According to the embodiment of the invention, the legitimacy of the binding of the SIM card and the terminal device can be verified by means of call verification, man-in-the-middle attacks and pseudo base station attacks can be effectively prevented, the real-time performance and security of the binding process is also improved, and thus, the use safety of the terminal device is ensured.

Description

A kind of binding method and system
Technical field
The present invention relates to electronic technology field, more particularly to a kind of binding method and system.
Background technology
It is widely available with intelligent terminals such as smart mobile phones, in order to ensure the legal use intelligent terminal of user sets It is standby, generally require to set on client identification module (Subscriber Identification Module, SIM) card and intelligent terminal It is standby to be bound so that SIM legal operation on intelligent terminal.
At present, judge SIM whether on intelligent terminal the method for legal operation mainly by short message verification code and The mode that system interface is called, but the mode real-time of short message verification code is poor, causes poor user experience, while fill in testing manually Card code is also easily caused asks the safety that the identifying code obtained on other intelligent terminals is filled up on this intelligent terminal Topic, and the mode that system interface is called there is also the safety problem that system interface is kidnapped by malicious code, therefore, existing SIM There is potential safety hazard in the binding method of card and intelligent terminal, it is impossible to ensure the communication security of intelligent terminal, cause to get over The security incident for carrying out more intelligent terminals occurs.
The content of the invention
The embodiment of the present invention provides a kind of binding method and system, can be by way of call verification by SIM and end End equipment carries out legal bind, improves binding safety and the safety in utilization of terminal unit.
In a first aspect, embodiments providing a kind of binding method, the binding method includes:
If client detects bind request, facility information is obtained, wherein, the facility information includes equipment mark code With the corresponding communicating number of client identification module card;
The facility information is sent to service end by the client by cipher mode so that the service end distributes institute State the corresponding checking number of facility information;
The service end carries out call verification using the checking number with the client;
If the call verification success, the service end is by the corresponding communicating number of the client identification module card and institute State equipment mark code to be bound;
Binding result is returned to the client by the service end.
On the other hand, a kind of binding system is embodiments provided, the binding system includes client and service end, The client and the service end are attached by network;
The client includes:
Acquiring unit, if for detecting bind request, obtaining facility information, wherein, the facility information includes setting Standby identification code and the corresponding communicating number of client identification module card;
Transmitting element, for the facility information to be sent to into service end by cipher mode;
First authentication unit, for completing call verification with the service end using checking number;
The service end includes:
Allocation unit, for distributing the facility information the corresponding checking number;
Second authentication unit, for carrying out the call verification with the client using the checking number;
Binding unit, if for the call verification success, by the corresponding communicating number of the client identification module card Bound with the equipment mark code;
Returning unit, for binding result to be returned to into the client.
If the client of the embodiment of the present invention detects bind request, acquisition includes that equipment mark code is corresponding with SIM Communicating number facility information, and the facility information is sent to into service end by cipher mode, service end distributes the equipment The corresponding checking number of information, and call verification is carried out using the checking number and client, if call verification success, services End confirms SIM legal operation in the corresponding client of the equipment mark code, by the corresponding termination number of SIM and equipment mark Know code to be bound, and binding result is returned to into client, the side that the technical scheme of the embodiment of the present invention passes through call verification Formula carries out the binding legitimate verification of SIM and terminal unit, can effectively prevent man-in-the-middle attack (Man-in-the- Middle Attack, MITM) and pseudo-base station attack, and real-time and the safety of binding procedure are improved, so as to ensure that terminal sets Standby safety in utilization.
Description of the drawings
In order to be illustrated more clearly that embodiment of the present invention technical scheme, below embodiment will be described needed for be used Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area For logical technical staff, on the premise of not paying creative work, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is a kind of schematic flow diagram of binding method that the embodiment of the present invention one is provided;
Fig. 2 is a kind of schematic flow diagram of binding method that the embodiment of the present invention two is provided;
Fig. 3 is a kind of schematic block diagram of binding system that the embodiment of the present invention three is provided;
Fig. 4 is a kind of binding system terminal schematic block diagram that the embodiment of the present invention four is provided..
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than the embodiment of whole.Based on this Embodiment in bright, the every other enforcement that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
It should be appreciated that when using in this specification and in the appended claims, term " including " and "comprising" are indicated The presence of described feature, entirety, step, operation, element and/or component, but it is not precluded from one or more of the other feature, whole The presence or addition of body, step, operation, element, component and/or its set.
It is also understood that mesh of the term used in this description of the invention merely for the sake of description specific embodiment And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singulative, " one " and " being somebody's turn to do " is intended to include plural form.
It will be further appreciated that, the term "and/or" used in description of the invention and appended claims is Refer to any combinations of one or more in the associated item listed and be possible to combination, and including these combinations.
As in this specification and in the appended claims as use, term " if " can be according to context quilt Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or " if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In implementing, the terminal described in the embodiment of the present invention including but not limited to such as has touch sensitive surface Other of the mobile phone of (for example, touch-screen display and/or touch pad), laptop computer or tablet PC etc are just Portable device.It is to be further understood that in certain embodiments, the equipment not portable communication device, but with touching Touch the desk computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal for including display and touch sensitive surface is described.It is, however, to be understood that It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Terminal supports various application programs, such as it is following in one or more:Drawing application program, demonstration application journey Sequence, word-processing application, website create application program, disk imprinting application program, spreadsheet applications, game application Program, telephony application, videoconference application, email application, instant messaging applications, exercise Support application program, photo management application program, digital camera application program, digital camera application program, web-browsing application Program, digital music player application and/or video frequency player application program.
The various application programs that can be performed in terminal can be public using at least one of such as touch sensitive surface Physical user-interface device.Can adjust among applications and/or in corresponding application programs and/or change and touch sensitive table The corresponding information shown in the one or more functions and terminal in face.So, the public physical structure of terminal (for example, is touched Sensing surface) can support that there are the various application programs of user interface directly perceived and transparent for a user.
Embodiment one:
Refer to Fig. 1, Fig. 1 is a kind of schematic flow diagram of binding method that the embodiment of the present invention one is provided, the present embodiment Executive agent include client and service end, wherein, client can be terminal, and it can be specifically mobile phone or other intelligence The equipment such as energy terminal, service end can be the functional module of server or server.Binding method shown in Fig. 1 can include Following steps:
If S101, client detect bind request, facility information is obtained, wherein, the facility information includes equipment mark Know code and the corresponding communicating number of client identification module card.
Specifically, when user inserts on client identification module (Subscriber Identification Module, SIM) card After entering client, bind request can be triggered, client detects that bind request then obtains equipment mark code and SIM is corresponding Communicating number.
When client is mobile phone terminal, the corresponding communicating number of SIM can be the corresponding phone number of SIM.
It should be noted that equipment mark code can be central processing unit (Central Processing Unit, CPU) Identification code, because each client corresponds to unique CPU identification codes, CPU identification codes can be with unique mark client, therefore can Using with CPU identification codes as equipment mark code.But because client can also include other chips.Such as safety chip, safety By using fixed commercial cipher algorithm, realizing the encryption and decryption to data, for example, safety chip can use state to chip Produce A3 chips.Terminal with safety chip can be encrypted to communication process, it is ensured that communication security, while being stored in safety Information Security in chip is higher, is difficult to be stolen, and each safety chip carries unique serial number when dispatching from the factory, therefore Client can be uniquely corresponding to safety chip, it is also possible to using the serial number of safety chip in client as device identification Code unique mark client, is not limited herein.
Facility information is sent to service end by S102, client by cipher mode so that service end distributes the equipment letter Cease corresponding checking number.
Specifically, the facility information comprising equipment mark code and the corresponding communicating number of SIM is passed through encryption by client Mode be sent to service end, service end is received after the facility information, is that the facility information distributes corresponding checking number.
Multiple checking numbers it should be noted that service end can prestore, after facility information is received, service end can be with A checking number is randomly choosed from the multiple checking numbers for prestoring corresponding with the facility information.
S103, service end carry out call verification using checking number and client.
Specifically, service end carries out call verification using the checking number that step S102 is distributed with client, by client The checking number is dialed at end, and service end completes call verification to the mode that the calling legitimacy of client is verified.
If S104, call verification success, service end is tied up the corresponding communicating number of SIM and equipment mark code It is fixed.
Specifically, if call verification success, service end confirms that SIM is closed in the corresponding client of equipment mark code Method is run, and service end is bound the corresponding communicating number of SIM and equipment mark code, and preserves binding information, the binding Information can include facility information and binding relationship, the binding relationship be the corresponding communicating number of SIM and equipment mark code it Between unique corresponding relation.
If call verification fails, service end assert SIM Hacking Run in the corresponding client of equipment mark code, Bindings are not carried out.
Binding result is returned to client by S105, service end.
Specifically, if the call verification success of step S104, service end returns to the binding result of binding success Client, if the call verification failure of step S104, the binding result of Bind Failed is returned to client by server.
Client is received after binding result, if binding result is binding success, client allows user in this visitor Family end is communicated using the SIM, if binding result is Bind Failed, client thinks that the SIM is illegal, will forbid User is communicated in this client using the SIM.
Knowable to the binding method of above-mentioned Fig. 1 examples, in the present embodiment, if client detects bind request, obtain Including equipment mark code and the facility information of the corresponding communicating number of SIM, and the facility information is sent by cipher mode To service end, service end distributes the facility information corresponding checking number, and is called with client using the checking number Checking, if call verification success, service end confirms SIM legal operation in the corresponding client of the equipment mark code, will The corresponding termination number of SIM and equipment mark code are bound, and binding result is returned to into client, the embodiment of the present invention Technical scheme the binding legitimate verification of SIM and terminal unit is carried out by way of call verification, can effectively prevent Man-in-the-middle attack and pseudo-base station are attacked, and improve real-time and the safety of binding procedure, so as to ensure the use of terminal unit Safety.
Embodiment two:
Refer to Fig. 2, Fig. 2 is a kind of schematic flow diagram of binding method that the embodiment of the present invention two is provided, the present embodiment Executive agent include client and service end, wherein, client can be terminal, and it can be specifically mobile phone or other intelligence The equipment such as energy terminal, service end can be the functional module of server or server.Binding method shown in Fig. 2 can include Following steps:
S201, client generate Binding key pair according to equipment mark code, and the Binding key is to including binding public key and tying up Determine private key.
Specifically, client in starting up, can obtain the equipment mark code of this client, and using the equipment mark Know code to generate Binding key pair by asymmetric key algorithm and preserve, the Binding key is to private including binding public key and binding Key.
It should be noted that equipment mark code can be CPU identification codes, because each client corresponds to unique CPU Identification code, CPU identification codes with unique mark client, therefore can use CPU identification codes as equipment mark code.But due to visitor Family end can also include other chips.Such as safety chip, safety chip is by the way that using fixed commercial cipher algorithm, it is right to realize The encryption and decryption of data, for example, safety chip can use domestic A3 chips.Terminal with safety chip can be to communication Process is encrypted, it is ensured that communication security, while the Information Security being stored in safety chip is higher, is difficult to be stolen, often Individual safety chip all carries unique serial number when dispatching from the factory, therefore client can also may be used with uniquely corresponding to safety chip The serial number of safety chip is not limited herein as equipment mark code unique mark client using in using client.
S202, client are using equipment mark code and bind public key, to service end application digital certificate.
Specifically, client, can be by step to service end application digital certificate using equipment mark code and binding public key Rapid S2021 is completed to step S2024, is described in detail as follows:
Equipment mark code and binding public key are sent to service end by S2021, client.
Specifically, the binding public key that client generates equipment mark code and step S201, is sent to by internet message Service end.
S2022, service end generate digital certificate, the digital certificate bag using the equipment mark code and binding public key for receiving Include equipment mark code and binding public key.
Specifically, service end receives the equipment mark code and binding public key of client transmission, awards to e-business certification Power mechanism (CA, Certificate Authority) application digital certificate, CA will generate public including equipment mark code and binding The digital certificate of key is handed down to service end.
The unique corresponding relation between equipment mark code and digital certificate is saved as the correspondence for prestoring for S2023, service end Relation.
Specifically, service end receives the digital certificate that CA is issued, by equipment mark code preservation corresponding with digital certificate.
The digital certificate of generation is sent to client by S2024, service end.
Specifically, the digital certificate that the CA for receiving is issued is sent to client by service end.
If S203, client detect bind request, facility information is obtained, wherein, the facility information includes equipment mark Know code and the corresponding communicating number of SIM.
Specifically, after SIM is inserted client by user, bind request can be triggered, client detects binding please Ask and then obtain equipment mark code and the corresponding communicating number of SIM.
When client is mobile phone terminal, the corresponding communicating number of SIM can be the corresponding phone number of SIM.
S204, client are signed using the binding private key of the Binding key centering for prestoring to facility information, and will be signed Facility information after name is sent to service end.
Specifically, client is carried out using the facility information that the binding private key that step S201 is generated gets to step S203 Signature, and the facility information after signature is sent to into service end by internet message.
Facility information after signature can by the corresponding communicating number of SIM, the time of bind request, equipment mark code, Random information and signature value are constituted, wherein signature value can by the corresponding communicating number of SIM, the time of bind request, Hash algorithm is carried out after equipment mark code and random information combination to be calculated.
It should be noted that the facility information after signature can be sent to service by client by way of internet message End, it is also possible to facility information is sent to into service end by note or other communication modes, is not limited herein.
S205, service end obtain equipment mark code from the facility information for receiving.
Specifically, secondary section receives the facility information after the signature of client transmission, ties according to the composition of the facility information Structure, from extraction equipment identification code in the facility information and the corresponding communicating number of SIM.
S206, service end obtain the corresponding digital certificate of CPU identification codes from the corresponding relation for prestoring, wherein, prestore Corresponding relation is the unique corresponding relation between equipment mark code and digital certificate.
Specifically, the corresponding numeral card of equipment mark code is obtained in the corresponding relation that service end is preserved according to step S2023 Book,
S207, service end are using the binding public key in the corresponding digital certificate of equipment mark code to the facility information that receives Carry out sign test.
Specifically, according to step S206 obtain digital certificate in comprising equipment mark code and binding public key, service end root Sign test is carried out to the facility information after the signature that receives according to the binding public key.
If S208, sign test success, the corresponding checking number of service end distributing equipment information.
Specifically, if sign test success, service end can confirm that client send message integrity and could not Recognizing property, it was demonstrated that the message is that the corresponding client of the equipment mark code sends, therefore client is right for the facility information distribution The checking number answered, and by distribution checking number, equipment mark code it is corresponding with SIM corresponding communicating number preservation.
Multiple checking numbers it should be noted that service end can prestore, after facility information is received, service end can be with A checking number is randomly choosed from the multiple checking numbers for prestoring corresponding with the facility information.
S209, service end are encrypted to form ciphertext using binding public key to verifying number, and the ciphertext is sent to into visitor Family end.
Specifically, service end is disappeared after being encrypted to the checking number that step S208 is distributed using binding public key by network Breath is sent to client.
S210, client are decrypted using binding private key to the ciphertext for receiving, and obtain checking number, and are tested according to this Card number initiates call request.
Specifically, client is decrypted using the checking number after binding private key pair encryption, obtains the checking number, and Call request is carried out using the checking number.
S211, service end detect call request, obtain the corresponding calling number of the call request and called number.
Specifically, service end detects the call request of client, and the call request is hung up, and according to the call request Message obtains the corresponding calling number of the call request and called number.
If S212, calling number are consistent with the corresponding communicating number of SIM, and called number is consistent with checking number, Then service end confirms call verification success.
Specifically, service end is according to corresponding logical to the checking number, equipment mark code and the SIM that distribute in step 208 The corresponding preservation relation of signal code, if judging that the calling number of call request is consistent with the corresponding communicating number of SIM, while The called number of call request is consistent with the checking number of distribution, then confirm the call verification success.
If S213, call verification success, service end is tied up the corresponding communicating number of SIM and equipment mark code It is fixed.
Specifically, if service end judges call verification success according to step S212, confirm SIM in equipment mark code Legal operation in corresponding client, service end is bound the corresponding communicating number of SIM and equipment mark code, and is preserved Binding information, the binding information can include facility information and binding relationship, and the binding relationship is the corresponding communicating number of SIM Unique corresponding relation and equipment mark code between.
If service end judges that call verification fails according to step S212, assert that SIM is corresponding in equipment mark code Hacking Run in client, does not carry out bindings.
Binding result is returned to client by S214, service end.
Specifically, if service end judges call verification success according to step S212, by the binding result of binding success Client is returned to, if service end judges that call verification fails according to step S212, the binding result of Bind Failed is returned Back to client.
Client is received after binding result, if binding result is binding success, client allows user in this visitor Family end is communicated using the SIM, if binding result is Bind Failed, client thinks that the SIM is illegal, will forbid User is communicated in this client using the SIM.
Knowable to the binding method of above-mentioned Fig. 2 examples, in the present embodiment, client is first in starting up according to equipment Identification code generates the Binding key pair comprising binding public key and binding private key, and using equipment mark code and binding public key to service End application digital certificate, when SIM is inserted client by user, bind request is triggered, if client detects the binding Request, then obtain the facility information for including equipment mark code and the corresponding communicating number of SIM, and using binding private key to equipment Information is signed, and the facility information after signature is sent to into service end, and service end is obtained from the facility information for receiving and set Standby identification code, and the corresponding digital certificate for prestoring is obtained according to the equipment mark code, service end is used in the digital certificate Binding public key carries out sign test to the facility information for receiving, and distributes the facility information corresponding checking number if sign test success; Service end is encrypted to form ciphertext using binding public key to verifying number, and the ciphertext is sent to into client, and client makes The ciphertext for receiving is decrypted with binding private key, obtains checking number, and call request, clothes are initiated according to the checking number Business end detects and obtain after call request the corresponding calling number of the call request and called number, and if judge calling number with The corresponding communicating numbers of SIM are consistent, and called number is consistent with checking number, then confirm call verification success;If calling is tested Demonstrate,prove successfully, then service end confirms SIM legal operation in the corresponding client of the equipment mark code, by SIM corresponding end End number and equipment mark code are bound, and binding result is returned to into client, and the technical scheme of the embodiment of the present invention is led to Crossing the mode of call verification carries out the binding legitimate verification of SIM and terminal unit, can effectively prevent man-in-the-middle attack and Pseudo-base station is attacked, and improves real-time and the safety of binding procedure, so as to ensure the safety in utilization of terminal unit.Meanwhile, By unsymmetrical key Digital Signature Algorithm, facility information is signed and sign test, complete the integrity of data-message with not Falsifiability confirmation, further enhances the safety of the message transmission in binding procedure, by client in each starting up When regenerate Binding key pair and to the mode of service end application digital certificate so that the number used in follow-up binding procedure To with ageing, original Binding key pair and digital certificate will be by after client restarts for word certificate and Binding key Refresh, so as to reduce the risk illegally usurped, further enhance the safety of binding procedure.
Embodiment three:
Fig. 3 is referred to, Fig. 3 is a kind of binding system schematic block diagram that the embodiment of the present invention three is provided.For convenience of description, Illustrate only the part related to the embodiment of the present invention.The security authentication systems 300 of Fig. 3 examples can be that previous embodiment one is carried For a kind of binding method executive agent.The binding system 300 of Fig. 3 examples mainly includes client 31 and server 32, client 31 and server 32 are attached by network.
Client 31 mainly includes:Acquiring unit 311, the authentication unit 313 of transmitting element 312 and first.Each unit is detailed It is described as follows:
Acquiring unit 311, if for detecting bind request, obtaining facility information, wherein, the facility information includes setting Standby identification code and the corresponding communicating number of SIM;
Transmitting element 312, for the facility information that acquiring unit 311 gets to be sent to into service end by cipher mode 32;
First authentication unit 313, the checking number and service end 32 for being distributed using service end 32 completes call verification;
Service end 32 mainly includes:Allocation unit 321, the second authentication unit 322, binding unit 323 and returning unit 324.Each unit describes in detail as follows::
Allocation unit 321, for distributing the corresponding checking number of facility information of the transmission of transmitting element 312;
Second authentication unit 322, checking number and the client 31 for being distributed using allocation unit 321 is carried out calling and is tested Card;
Binding unit 323, if for the call verification success of the second authentication unit 322, by the corresponding messenger of SIM Code and equipment mark code are bound;
Returning unit 324, for the binding result of binding unit 323 to be returned to into client 31.
The each unit of client 31 and server 32 realizes the mistake of respective function in the binding system 300 that the present embodiment is provided Journey, specifically refers to the description of aforementioned embodiment illustrated in fig. 1, and here is omitted.
Knowable to the binding system 300 of above-mentioned Fig. 3 examples, in the present embodiment, if client detects bind request, obtain The facility information including equipment mark code and the corresponding communicating number of SIM is taken, and the facility information is sent out by cipher mode Service end is given, service end distributes the facility information corresponding checking number, and is exhaled with client using the checking number Checking is cried, if call verification success, service end confirms SIM legal operation in the corresponding client of the equipment mark code, The corresponding termination number of SIM and equipment mark code are bound, and binding result is returned to into client, the present invention is implemented The technical scheme of example carries out the binding legitimate verification of SIM and terminal unit by way of call verification, can effectively prevent Only man-in-the-middle attack and pseudo-base station are attacked, and improve real-time and the safety of binding procedure, so as to ensure making for terminal unit Use safety.
Example IV:
Fig. 4 is referred to, Fig. 4 is a kind of binding system schematic block diagram that the embodiment of the present invention four is provided.For convenience of description, Illustrate only the part related to the embodiment of the present invention.The security authentication systems 400 of Fig. 4 examples can be that previous embodiment two is carried For a kind of binding method executive agent.The binding system 400 of Fig. 4 examples mainly includes client 41 and server 42, visitor Family end 41 and server 42 are attached by network.
Client 41 mainly includes:Acquiring unit 411, the authentication unit 413 of transmitting element 412 and first.Each unit is detailed It is described as follows:
Acquiring unit 411, if for detecting bind request, obtaining facility information, wherein, the facility information includes setting Standby identification code and the corresponding communicating number of SIM;
Transmitting element 412, for the facility information that acquiring unit 411 gets to be sent to into service end by cipher mode 42;
First authentication unit 413, the checking number and service end 42 for being distributed using service end 42 completes call verification;
Service end 42 mainly includes:Allocation unit 421, the second authentication unit 422, binding unit 423 and returning unit 424.Each unit describes in detail as follows::
Allocation unit 421, for distributing the corresponding checking number of facility information of the transmission of transmitting element 412;
Second authentication unit 422, checking number and the client 41 for being distributed using allocation unit 421 is carried out calling and is tested Card;
Binding unit 423, if for the call verification success of the second authentication unit 422, by the corresponding messenger of SIM Code and equipment mark code are bound;
Returning unit 424, for the binding result of binding unit 423 to be returned to into client 41.
Further, transmitting element 412 includes:
Signature unit 4121, for using the binding private key of the Binding key centering for prestoring, getting to acquiring unit 411 Facility information signed, and the facility information after signature is sent to into service end 42, wherein, Binding key is to including binding Public key and binding private key;
Allocation unit 421 includes:
Identification code extraction unit 4211, for obtaining equipment mark code in the facility information that sends from transmitting element 412;
Digital certificate acquiring unit 4212, for obtaining the corresponding numeral card of equipment mark code from the corresponding relation for prestoring Book, wherein, the corresponding relation is the unique corresponding relation between equipment mark code and digital certificate, and the digital certificate includes equipment Identification code and binding public key;
Sign test unit 4213, for the binding public key in the digital certificate that got using digital certificate acquiring unit 4212 Sign test is carried out to facility information;
Storage unit 4214, if for the sign test success of sign test unit 4213, the corresponding checking number of distributing equipment information Code.
Further, the second authentication unit 422 includes:
Ciphering unit 4221, to be formed for being encrypted to the checking number that storage unit 4214 is distributed using binding public key Ciphertext, and the ciphertext is sent to into client 41;
Call number acquiring unit 4222, for detecting the call request of the initiation of client 41, obtains the call request Corresponding calling number and called number;
Unit 4223 is proved to be successful, if the calling number obtained for call number acquiring unit 4222 and communicating number one Cause, and the called number that call number acquiring unit 4222 is obtained is consistent with checking number, then confirm call verification success;
First authentication unit 413 includes:
Decryption unit 4131, the ciphertext for being sent using binding private key pair encryption unit 4221 is decrypted, and acquisition is tested Card number, and call request is initiated according to the checking number.
Further, client 41 also includes:
Key to signal generating unit 414, for generating Binding key pair according to equipment mark code;
Applying digital certificate unit 415, for close to the binding that signal generating unit 414 is generated using equipment mark code and key The binding public key of key centering, to service end 42 digital certificate is applied for;
Service end 42 also includes:
Digital certificate processing unit 425, the numeral card that the applying digital certificate unit 415 for processing client 41 sends The application of book.
Further, applying digital certificate unit 415 is additionally operable to:
Equipment mark code and binding public key are sent to into service end 42;
Digital certificate processing unit 425 includes:
Digital certificate signal generating unit 4251, for the equipment mark code that sent using applying digital certificate unit 415 and is tied up Determine public key and generate digital certificate;
Corresponding relation storage unit 4252, for the numeral for generating equipment mark code and digital certificates constructing unit 4251 Unique corresponding relation between certificate saves as the corresponding relation for prestoring;
Digital certificate issuance unit 4253, for the digital certificate that digital certificate signal generating unit 4251 is generated to be sent to into visitor Family end 41.
The each unit of client 41 and server 42 realizes the mistake of respective function in the binding system 400 that the present embodiment is provided Journey, specifically refers to the description of aforementioned embodiment illustrated in fig. 2, and here is omitted.
Knowable to the binding system 400 of above-mentioned Fig. 4 examples, in the present embodiment, client first in starting up according to Equipment mark code generate comprising binding public key and binding private key Binding key pair, and using equipment mark code and binding public key to Service end application digital certificate, when SIM is inserted client by user, bind request is triggered, if client detects this Bind request, then obtain the facility information for including equipment mark code and the corresponding communicating number of SIM, and using binding private key pair Facility information is signed, and the facility information after signature is sent to into service end, and service end is obtained from the facility information for receiving Taking equipment identification code, and the corresponding digital certificate for prestoring is obtained according to the equipment mark code, service end uses the digital certificate In binding public key sign test is carried out to the facility information for receiving, if sign test success if distribute the facility information it is corresponding checking number Code;Service end is encrypted to form ciphertext using binding public key to verifying number, and the ciphertext is sent to into client, client The ciphertext for receiving is decrypted using binding private key, obtains checking number, and call request is initiated according to the checking number, Service end is detected and obtain after call request the corresponding calling number of the call request and called number, and if judgement calling number It is consistent with the corresponding communicating numbers of SIM, and called number is consistent with checking number, then confirm call verification success;If calling It is proved to be successful, then service end confirms SIM legal operation in the corresponding client of the equipment mark code, and SIM is corresponding Termination number and equipment mark code are bound, and binding result is returned to into client, the technical scheme of the embodiment of the present invention The binding legitimate verification of SIM and terminal unit is carried out by way of call verification, man-in-the-middle attack can be effectively prevented Attack with pseudo-base station, and improve real-time and the safety of binding procedure, so as to ensure the safety in utilization of terminal unit.Together When, by unsymmetrical key Digital Signature Algorithm, facility information is signed and sign test, complete the integrity of data-message with Non-repudiation confirmation, further enhances the safety of the message transmission in binding procedure, is opened in start every time by client Binding key pair is regenerated when dynamic and to the mode of service end application digital certificate so that used in follow-up binding procedure Digital certificate and Binding key are to ageing, original Binding key pair and digital certificate general after client restarts It is refreshed, so as to reduce the risk illegally usurped, further enhances the safety of binding procedure.
Those of ordinary skill in the art are it is to be appreciated that the list of each example with reference to the embodiments described herein description Unit and algorithm steps, can with electronic hardware, computer software or the two be implemented in combination in, in order to clearly demonstrate hardware With the interchangeability of software, according to function the composition and step of each example have been generally described in the above description.This A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially Industry technical staff can use different methods to realize described function to each specific application, but this realization is not It is considered as beyond the scope of this invention.
Those skilled in the art can be understood that, for convenience of description and succinctly, foregoing description is The specific work process of system, client, server and unit, may be referred to the corresponding process in preceding method embodiment, here Repeat no more.
In several embodiments provided herein, it should be understood that disclosed system and method, it can be passed through Its mode is realized.For example, system embodiment described above is only schematic, for example, the division of the unit, and only Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied Close or be desirably integrated into another system, or some features can be ignored, or do not perform.In addition, shown or discussed phase Coupling or direct-coupling or communication connection between mutually can be INDIRECT COUPLING or the communication by some interfaces, device or unit Connection, or electricity, machinery or other forms connections.
Step in present invention method can according to actual needs carry out order adjustment, merge and delete.
Unit in embodiment of the present invention terminal can according to actual needs be merged, divides and deleted.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be according to the actual needs selected to realize embodiment of the present invention scheme Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, or two or more units are integrated in a unit.It is above-mentioned integrated Unit both can be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, during a computer read/write memory medium can be stored in.Based on such understanding, technical scheme is substantially Prior art is contributed part in other words, or all or part of the technical scheme can be in the form of software product Embody, the computer software product is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And aforesaid storage medium includes:USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced Change, these modifications or replacement all should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with right The protection domain of requirement is defined.

Claims (10)

1. a kind of binding method, it is characterised in that the binding method includes:
If client detects bind request, facility information is obtained, wherein, the facility information includes equipment mark code and visitor The corresponding communicating number of family identification module card;
The facility information is sent to service end by the client by cipher mode so that set described in the service end distribution The corresponding checking number of standby information;
The service end carries out call verification using the checking number with the client;
If the call verification success, the service end is by the corresponding communicating number of the client identification module card and described sets Standby identification code is bound;
Binding result is returned to the client by the service end.
2. binding method according to claim 1, it is characterised in that the client is by the facility information by encryption Mode is sent to service end so that the service end is distributed the corresponding checking number of the facility information and included:
The client is signed using the binding private key of the Binding key centering for prestoring to the facility information, and will signature The facility information afterwards is sent to the service end, wherein, the Binding key is to private including binding public key and the binding Key;
The service end obtains the equipment mark code from the facility information;
The service end obtains the corresponding digital certificate of the equipment mark code from the corresponding relation for prestoring, wherein, it is described right Should be related to for the unique corresponding relation between the equipment mark code and the digital certificate, the digital certificate includes described setting Standby identification code and the binding public key;
The service end using the digital certificate in the binding public key sign test is carried out to the facility information;
If sign test success, the service end distributes the facility information corresponding checking number.
3. binding method according to claim 2, it is characterised in that the service end using the checking number with it is described Client carries out call verification to be included:
The service end is encrypted to form ciphertext using the binding public key to the checking number, and the ciphertext is sent To the client;
The client is decrypted using the binding private key to the ciphertext, obtains the checking number, and according to described Checking number initiates call request;
The service end detects the call request, obtains the corresponding calling number of the call request and called number;
If the calling number is consistent with the communicating number, and the called number is consistent with the checking number, then institute State service end and confirm the call verification success.
4. the binding method according to any one of claims 1 to 3, it is characterised in that if the terminal detect binding please Ask, then obtain before facility information, the binding method also includes:
The client generates the Binding key pair according to the equipment mark code;
The client uses the equipment mark code and the binding public key, to digital certificate described in the service end application.
5. binding method according to claim 4, it is characterised in that the client uses the equipment mark code and institute Binding public key is stated, is included to digital certificate described in the service end application:
The equipment mark code and the binding public key are sent to the service end by the client;
The service end generates the digital certificate using the equipment mark code and the binding public key;
Unique corresponding relation between the equipment mark code and the digital certificate is saved as described prestoring by the service end Corresponding relation;
The digital certificate is sent to the client by the service end.
6. a kind of binding system, it is characterised in that the binding system includes client and service end, the client and described Service end is attached by network;
The client includes:
Acquiring unit, if for detecting bind request, obtaining facility information, wherein, the facility information includes equipment mark Know code and the corresponding communicating number of client identification module card;
Transmitting element, for the facility information to be sent to into service end by cipher mode;
First authentication unit, the checking number and the service end for being distributed using the service end completes call verification;
The service end includes:
Allocation unit, for distributing the facility information the corresponding checking number;
Second authentication unit, for carrying out the call verification with the client using the checking number;
Binding unit, if for the call verification success, by the corresponding communicating number of the client identification module card and institute State equipment mark code to be bound;
Returning unit, for binding result to be returned to into the client.
7. binding system according to claim 6, it is characterised in that the transmitting element includes:
Signature unit, for being signed to the facility information using the binding private key of the Binding key centering for prestoring, and will The facility information after signature is sent to the service end, wherein, the Binding key is to including binding public key and described tying up Determine private key;
The allocation unit includes:
Identification code extraction unit, for obtaining the equipment mark code from the facility information;
Digital certificate acquiring unit, for obtaining the corresponding digital certificate of the equipment mark code from the corresponding relation for prestoring, Wherein, the corresponding relation is the unique corresponding relation between the equipment mark code and the digital certificate, the numeral card School bag includes the equipment mark code and the binding public key;
Sign test unit, sign test is carried out for the binding public key in using the digital certificate to the facility information;
Storage unit, if for sign test success, distributing the facility information the corresponding checking number.
8. binding system according to claim 7, it is characterised in that second authentication unit includes:
Ciphering unit, for being encrypted to form ciphertext to the checking number using the binding public key, and by the ciphertext It is sent to the client;
Call number acquiring unit, for detecting the call request that the client is initiated, obtains the call request correspondence Calling number and called number;
Be proved to be successful unit, if it is consistent with the communicating number for the calling number, and the called number with it is described Checking number is consistent, then confirm the call verification success;
First authentication unit includes:
Decryption unit, for being decrypted to the ciphertext using the binding private key, obtains the checking number, and according to institute State checking number and initiate call request.
9. the binding system according to any one of claim 6 to 8, it is characterised in that the client also includes:
Key to signal generating unit, for generating the Binding key pair according to the equipment mark code;
Applying digital certificate unit, for using the equipment mark code and the binding public key, to the service end application institute State digital certificate;
The service end also includes:
Digital certificate processing unit, for processing the application of the digital certificate of the client.
10. binding system according to claim 9, it is characterised in that the applying digital certificate unit is additionally operable to:
The equipment mark code and the binding public key are sent to into the service end;
The digital certificate processing unit includes:
Digital certificate signal generating unit, for generating the digital certificate using the equipment mark code and the binding public key;
Corresponding relation storage unit, for the unique corresponding relation between the equipment mark code and the digital certificate to be preserved For the corresponding relation for prestoring;
Digital certificate issuance unit, for the digital certificate to be sent to into the client.
CN201611118802.8A 2016-12-07 2016-12-07 Binding method and system Withdrawn CN106686585A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611118802.8A CN106686585A (en) 2016-12-07 2016-12-07 Binding method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611118802.8A CN106686585A (en) 2016-12-07 2016-12-07 Binding method and system

Publications (1)

Publication Number Publication Date
CN106686585A true CN106686585A (en) 2017-05-17

Family

ID=58867956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611118802.8A Withdrawn CN106686585A (en) 2016-12-07 2016-12-07 Binding method and system

Country Status (1)

Country Link
CN (1) CN106686585A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474592A (en) * 2018-11-08 2019-03-15 蓝信移动(北京)科技有限公司 Public key binding method and system
CN110365705A (en) * 2019-07-31 2019-10-22 中国联合网络通信集团有限公司 Bind the change method and system of mobile terminal number
CN110611563A (en) * 2018-06-15 2019-12-24 富泰华工业(深圳)有限公司 Equipment identification code distribution method and device and Internet of things equipment
CN111355852A (en) * 2018-12-21 2020-06-30 西安佰才邦网络技术有限公司 Method and equipment for acquiring contact number based on block chain
CN115632897A (en) * 2022-10-14 2023-01-20 深圳市凯迪仕智能科技股份有限公司 Communication control method and related device
CN116634384A (en) * 2023-07-21 2023-08-22 广东匠芯创科技有限公司 Terminal equipment searching method, system and storage medium thereof
WO2023246286A1 (en) * 2022-06-23 2023-12-28 中兴通讯股份有限公司 Method, apparatus and system for restricting set-card separation, and storage medium and electronic apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090106551A1 (en) * 2006-04-25 2009-04-23 Stephen Laurence Boren Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
CN104333455A (en) * 2014-11-26 2015-02-04 肖龙旭 Secrete communication system and method for smart phone
CN106027738A (en) * 2016-07-05 2016-10-12 北京奇虎科技有限公司 Method and device for synchronizing call records and mobile terminal
CN106130956A (en) * 2016-06-03 2016-11-16 谢渤 A kind of telephone authentication method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090106551A1 (en) * 2006-04-25 2009-04-23 Stephen Laurence Boren Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
CN104333455A (en) * 2014-11-26 2015-02-04 肖龙旭 Secrete communication system and method for smart phone
CN106130956A (en) * 2016-06-03 2016-11-16 谢渤 A kind of telephone authentication method and apparatus
CN106027738A (en) * 2016-07-05 2016-10-12 北京奇虎科技有限公司 Method and device for synchronizing call records and mobile terminal

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110611563A (en) * 2018-06-15 2019-12-24 富泰华工业(深圳)有限公司 Equipment identification code distribution method and device and Internet of things equipment
CN110611563B (en) * 2018-06-15 2022-09-06 富泰华工业(深圳)有限公司 Equipment identification code distribution method and device and Internet of things equipment
CN109474592A (en) * 2018-11-08 2019-03-15 蓝信移动(北京)科技有限公司 Public key binding method and system
CN111355852A (en) * 2018-12-21 2020-06-30 西安佰才邦网络技术有限公司 Method and equipment for acquiring contact number based on block chain
CN111355852B (en) * 2018-12-21 2024-04-05 西安佰才邦网络技术有限公司 Method and equipment for acquiring contact number based on blockchain
CN110365705A (en) * 2019-07-31 2019-10-22 中国联合网络通信集团有限公司 Bind the change method and system of mobile terminal number
WO2023246286A1 (en) * 2022-06-23 2023-12-28 中兴通讯股份有限公司 Method, apparatus and system for restricting set-card separation, and storage medium and electronic apparatus
CN115632897A (en) * 2022-10-14 2023-01-20 深圳市凯迪仕智能科技股份有限公司 Communication control method and related device
CN116634384A (en) * 2023-07-21 2023-08-22 广东匠芯创科技有限公司 Terminal equipment searching method, system and storage medium thereof
CN116634384B (en) * 2023-07-21 2023-11-03 广东匠芯创科技有限公司 Terminal equipment searching method, system and storage medium thereof

Similar Documents

Publication Publication Date Title
CN106453330B (en) A kind of identity authentication method and system
CN106686585A (en) Binding method and system
CN106850200B (en) A kind of safety method, system and the terminal of digital cash of the use based on block chain
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN106559217B (en) A kind of dynamic encrypting method, terminal, server
CN109472166A (en) A kind of electronic signature method, device, equipment and medium
CN106535184A (en) Key management method and system
CN102843669B (en) Data access method and device
CN109600223A (en) Verification method, Activiation method, device, equipment and storage medium
CN102984115B (en) A kind of network security method and client-server
US20160142210A1 (en) Signatures for near field communications
CN104579649A (en) Identity recognition method and system
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN110620763B (en) Mobile identity authentication method and system based on mobile terminal APP
CN103684797B (en) User and the association authentication method and system of subscriber terminal equipment
CN104967597A (en) Third-party application message authentication method and system based on secure channel
CN102930435A (en) Authentication method and system for mobile payment
CN106790208A (en) A kind of communication encrypting method and device
CN104468099A (en) Dynamic password generating method and device based on CPK (Combined Public Key) and dynamic password authentication method and device based on CPK (Combined Public Key)
CN104660401A (en) Authentication method, authentication system and terminal
CN107995200A (en) A kind of certificate issuance method, identity identifying method and system based on smart card
CN108335105A (en) Data processing method and relevant device
CN108804935A (en) A kind of safety encryption storage system and method based on TrustZone
CN105743651B (en) The card in chip secure domain is using method, apparatus and application terminal
CN105631667A (en) Authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170517

WW01 Invention patent application withdrawn after publication