[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109151823A - The method and system of eSIM card authentication - Google Patents

The method and system of eSIM card authentication Download PDF

Info

Publication number
CN109151823A
CN109151823A CN201811052086.7A CN201811052086A CN109151823A CN 109151823 A CN109151823 A CN 109151823A CN 201811052086 A CN201811052086 A CN 201811052086A CN 109151823 A CN109151823 A CN 109151823A
Authority
CN
China
Prior art keywords
data
esim card
verification information
module
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811052086.7A
Other languages
Chinese (zh)
Other versions
CN109151823B (en
Inventor
王文治
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201811052086.7A priority Critical patent/CN109151823B/en
Publication of CN109151823A publication Critical patent/CN109151823A/en
Application granted granted Critical
Publication of CN109151823B publication Critical patent/CN109151823B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to internet of things field, are related to the method for eSIM card authentication and the system of eSIM card authentication.The method of the eSIM card authentication comprising steps of obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card;Data configuration is carried out to S/N sequence number and No. ISMI respectively, is transformed into the hash data splitting of regular length;Key identification is generated based on data splitting CIPHERING REQUEST, and key identification and data splitting are encrypted respectively;And on the basis of encryption key mark can be decrypted to obtain decruption key corresponding with key identification mark, encrypted combination data are decrypted to obtain data verification information;And data splitting is transmitted, additional encryption and additional decryption, obtain short-message verification information;It is whether consistent with data verification information to compare short-message verification information, to determine that can eSIM card obtain networking license.This method and system can effectively avoid eSIM card information stolen or steal, and eliminate safe hidden trouble, and guarantee the information security of eSIM card.

Description

The method and system of eSIM card authentication
Technical field
The invention belongs to internet of things field, and in particular to a kind of method and eSIM card authentication of eSIM card authentication The system of certification.
Background technique
Currently, Internet of Things develops on an unprecedented scale, various wearable devices, human body monitoring device, car networking, wisdom family, intelligence The application such as household, smart city, smart meter reading, locating and tracking vigorously grows up as emerged rapidly in large numbersBamboo shoots after a spring rain, for these intelligence For energy equipment, communication and networking are undoubtedly basic function, and eSIM card technique is then to be connected into movement from equipment angle The optimal case of network.
ESIM card, i.e. Embedded-SIM, embedded SIM card.It is that traditional SIM card is directly embedded into device chip On, such as on a chip being directly welded on mainboard, be added in equipment, use not as independent removable components Family is without being inserted into physical SIM card.ESIM card is small in size, at low cost, reliable performance, highly-safe, and eSIM card can program, The signing agreement of user and operator are written or wiped by software,
It can turn net between operators.This way will allow the more flexible selection operator set meal of user, or Operator is replaced at any time under the premise of without unlocker device, purchase new equipment.
The following general eSIM card standard establish will be saved for ordinary consumer, enterprise customer more mobile device uses at This, and bring more conveniences, safety.It focusing in industrial application, eSIM card information is possible to be stolen or steal, Cause security risk.
As it can be seen that guaranteeing the information security of eSIM card, become a technical problem to be solved urgently.
Summary of the invention
The technical problem to be solved by the present invention is to for above-mentioned deficiency in the prior art, provide a kind of eSIM card and authenticate to recognize The method of card and the system of eSIM card authentication can effectively avoid eSIM card information stolen or steal, it is hidden to eliminate safety Suffer from, guarantees the information security of eSIM card.
The method that technical solution used by present invention problem is the eSIM card authentication is solved, comprising steps of
Obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card;
Data configuration is carried out to S/N sequence number and No. ISMI respectively, is transformed into the hash data splitting of regular length;
Key identification is generated based on the data splitting CIPHERING REQUEST, and to the key identification and the data splitting point It is not encrypted;Also, it can be decrypted to obtain decruption key mark corresponding with the key identification in encryption key mark On the basis of, encrypted combination data are decrypted to obtain data verification information;
And the data splitting is transmitted, additional encryption and additional decryption, obtain short-message verification information;
Compare the short-message verification information and whether the data verification information consistent, with determine eSIM card can obtain into Net license.
Preferably, key identification is generated based on the data splitting CIPHERING REQUEST, and to the key identification and described Data splitting is encrypted respectively;Also, it can be decrypted to obtain solution corresponding with the key identification in encryption key mark On the basis of close key identification, are decrypted to encrypted combination data the step of obtaining data verification information, comprising:
The transmission for encrypting the data splitting is sent to request;
It is requested to generate key identification according to transmission;
The data splitting and the key identification are encrypted respectively;
It sends and the transmission that the data of encrypted combination and the encryption key mark are decrypted is requested;
The encryption key mark is decrypted;
When the decruption key mark of decryption is consistent with the key identification, the encrypted combination data are carried out Decryption, obtains the data verification information;
The data verification information is stored and sent.
Preferably, S/N sequence number and No. ISMI corresponding HASH value, two HASH value groups are calculated by HASH algorithm Cooperation is that the data splitting is stored;
The key identification is character string, as the authentication information for encrypting, decrypting two-way request;
The data splitting is encrypted by AES encryption algorithm, key identification is added by RES Encryption Algorithm It is close;
Correspondingly, the encryption key mark is decrypted by RES Encryption Algorithm, and in the decruption key mark When knowing consistent with the key identification, the data of encrypted combination are decrypted by AES decipherment algorithm.
Preferably, decryption the decruption key mark with the key identification it is inconsistent when, stop to it is described Encrypted combination data are decrypted, and determine that eSIM card cannot obtain networking license.
Preferably, the data splitting is transmitted, additional encryption and additional decryption, obtains short-message verification information Step, comprising:
Additional encryption is carried out to the data splitting and forms short message ciphertext;
It decrypts the short message ciphertext is additional as the short-message verification information, and the short-message verification information is sent out It send.
Preferably, additional encryption is carried out to the data splitting by MD5 algorithm or DES algorithm;
Correspondingly, carrying out additional decryption to the short message ciphertext by MD5 algorithm or DES algorithm.
Preferably, the short-message verification information is consistent with the data verification information, it is determined that can eSIM card obtain Network license;
Whether the short-message verification information and the data verification information are not consistent, it is determined that eSIM card cannot obtain networking License.
A kind of system of eSIM card authentication, including obtain module, constructing module, the first processing mould group, second processing Mould group and authentication module, in which:
The acquisition module: for obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card, and by S/N sequence Row number and No. ISMI are respectively sent to the constructing module;
The constructing module: for receiving the S/N sequence number for obtaining module and No. ISMI, and to S/N sequence number and No. ISMI carries out data configuration respectively, is transformed into the hash data splitting of regular length;
The first processing mould group, for generating key identification based on the data splitting CIPHERING REQUEST, and to described close Key mark and the data splitting are encrypted respectively;Also, it can be decrypted to obtain and the key in encryption key mark On the basis of identifying corresponding decruption key mark, encrypted combination data are decrypted to obtain data verification information;
The second processing mould group transmits the data splitting, additional encryption and additional decryption, obtains short message and test Demonstrate,prove information;
The authentication module: for receiving the short-message verification information and the data verification information, and it is more described short Believe whether verification information and the data verification information are consistent, to determine that can eSIM card obtain networking license.
Preferably, the first processing mould group includes encrypting module, transmission module, deciphering module, data center, In:
The encrypting module: for receiving the data splitting of the constructing module and the key of the transmission module Mark, encrypts the data splitting and the key identification by Encryption Algorithm respectively, and by encrypted combination number Accordingly and the encryption key mark is sent to the transmission module;
The transmission module: the transmission of the data splitting is requested for receiving the encrypting module, is asked according to transmission It seeks survival into the key identification and is back to the encrypting module;And to encrypted set described in being encrypted through the encrypting module It closes data and the encryption key mark is routed and transmitted, and send transmission request to the deciphering module;
The deciphering module: for receive the transmission module send described in encrypted combination data and described encrypted The encryption key mark is decrypted in key identification;And in the solution decrypted to the encryption key mark When close key identification is consistent with the key identification, the data of encrypted combination are parsed to obtain the number by decipherment algorithm The data center is sent to according to verification information, and by the data verification information;
The data center: for converging and storing all Internet of Things mould groups, the relevant information of eSIM card, and by institute It states data verification information and is sent to the authentication module.
Preferably, the second processing mould group includes Short Message Service Gateway and sms center, in which:
The Short Message Service Gateway: for receiving the data splitting, data splitting progress additional encryption is formed described Short message ciphertext, and the short message ciphertext is sent to the sms center;
The sms center: for receiving the short message ciphertext, additional decrypt of the short message ciphertext is tested for the short message Information is demonstrate,proved, and the short-message verification information is sent to the authentication module.
The beneficial effects of the present invention are:
The method and its system of the eSIM card authentication, while using network and two kinds of short message different channel mode difference Verified and converged, due to short message channel short-message verification information as authentification of message wherein on the one hand, not via net Network, therefore it is not easy obtained by a hacker, it is avoided that eSIM card information is stolen or steals;Compare and matching sms verification information In conjunction with the data verification information via network, it is able to achieve the double authentication of eSIM card, is eliminated safe hidden trouble, guarantees the letter of eSIM card Breath safety.
Detailed description of the invention
Fig. 1 is the flow chart of the method for eSIM card authentication in the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the system of eSIM card authentication in the embodiment of the present invention;
In attached drawing mark:
1- obtains module;2- constructing module;3- encrypting module;4- transmission module;5- deciphering module;6- data center;7- Short Message Service Gateway;8- sms center;9- authentication module.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party Formula is described in further detail the method for eSIM card authentication of the present invention and the system of eSIM card authentication.
Technical concept of the invention is, in order to protect the information security of eSIM card, utilizes S/N sequence number and IMSI number The first element of the uniqueness as verifying, while to S/N
Sequence number and IMSI number progress data combination, which are encrypted and decrypted, (prevents S/N sequence number or IMSI number quilt gram Grand bring errors validity), obtain that treated simultaneously from network data channels and short message channel S/N sequence number and IMSI number, Closed loop authentication is formed, ensure that the safety of eSIM card information.
The present invention provides a kind of method of eSIM card authentication, as shown in Figure 1, the method packet of the eSIM card authentication Include step:
Obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card;
Data configuration is carried out to S/N sequence number and No. ISMI respectively, is transformed into the hash data splitting of regular length;
Key identification is generated based on data splitting CIPHERING REQUEST, and key identification and data splitting are encrypted respectively; Also, on the basis of encryption key mark can be decrypted to obtain decruption key corresponding with key identification mark, to having added Close data splitting is decrypted to obtain data verification information;
And data splitting is transmitted, additional encryption and additional decryption, obtain short-message verification information;
It is whether consistent with data verification information to compare short-message verification information, to determine that can eSIM card obtain networking license.
Wherein, key identification is generated based on data splitting CIPHERING REQUEST, and key identification and data splitting is carried out respectively Encryption;It is right and on the basis of encryption key mark can be decrypted to obtain decruption key corresponding with key identification mark The step of obtaining data verification information is decrypted in encrypted combination data, comprising:
The transmission for encrypting data splitting is sent to request;
It is requested to generate key identification according to transmission;
Data splitting and key identification are encrypted respectively;
Send the transmission request that encrypted combination data and encryption key mark is decrypted;
Encryption key mark is decrypted;
When the decruption key mark of decryption is consistent with key identification, encrypted combination data are decrypted, are counted According to verification information;
Data verification information is stored and sent.
Preferably, S/N sequence number and No. ISMI corresponding HASH value, two HASH value groups are calculated by HASH algorithm Cooperation is that data splitting is stored;
Key identification is character string, as the authentication information for encrypting, decrypting two-way request;
Data splitting is encrypted by AES encryption algorithm, key identification is encrypted by RES Encryption Algorithm;
Correspondingly, encryption key mark is decrypted by RES Encryption Algorithm, and in decruption key mark and key When identifying consistent, encrypted combination data are decrypted by AES decipherment algorithm.
Here it will be understood that stopping when the decruption key mark of decryption is inconsistent with key identification to having encrypted Data splitting is decrypted, and determines that eSIM card cannot obtain networking license.
Wherein, the step of data splitting being transmitted, additional encryption and additional decryption, obtaining short-message verification information, packet It includes:
Additional encryption is carried out to data splitting and forms short message ciphertext;
It decrypts short message ciphertext is additional as short-message verification information, and short-message verification information is sent.
Preferably, additional encryption is carried out to data splitting by MD5 algorithm or DES algorithm;
Correspondingly, carrying out additional decryption to short message ciphertext by MD5 algorithm or DES algorithm.
During determining that can eSIM card obtain networking license, have:
Short-message verification information is consistent with data verification information, it is determined that can eSIM card obtain networking license;
Whether short-message verification information is not consistent with data verification information, it is determined that eSIM card cannot obtain networking license.
In the method for the eSIM card authentication, in the form of different ciphertexts, on the one hand sent by Short Message Service Gateway To sms center, one group of sequence number and mobile identification number are obtained;On the one hand it is carried out by encrypting module and transmission module double Secure transmission tunnel is established to certification and authentication, and by the verifying of key identification, decrypted module is decrypted, and is obtained another Group sequence number and mobile identification number.Two kinds of cryptogram validation mode sequencings regardless of time, can also carry out, here simultaneously Without limitation.
Correspondingly, the present invention also provides a kind of system of eSIM card authentication, including obtain module, constructing module, the One processing mould group, second processing mould group and authentication module, in which:
Obtain module: for obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card, and by S/N sequence number Constructing module is respectively sent to No. ISMI;
Constructing module: for receive obtain module S/N sequence number and No. ISMI, and to S/N sequence number and No. ISMI point Not carry out data configuration, be transformed into the hash data splitting of regular length;
First processing mould group, for generating key identification based on data splitting CIPHERING REQUEST, and to key identification and combination Data are encrypted respectively;And it can be decrypted to obtain decruption key mark corresponding with key identification in encryption key mark On the basis of knowledge, encrypted combination data are decrypted to obtain data verification information;
Second processing mould group transmits data splitting, additional encryption and additional decryption, obtains short-message verification information;
Authentication module: for receiving short-message verification information and data verification information, and compare short-message verification information and data Whether verification information is consistent, to determine that can eSIM card obtain networking license.
Wherein, the first processing mould group includes encrypting module, transmission module, deciphering module, data center, second processing mould group Including Short Message Service Gateway and sms center.Each section of the system to eSIM card authentication is described in detail below.
As shown in Fig. 2, the system of eSIM card authentication includes obtaining module 1, constructing module 2, encrypting module 3, transmission Module 4, deciphering module 5, data center 6, Short Message Service Gateway 7, sms center 8 and authentication module 9, in which:
Obtain module 1: for obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card, and by S/N sequence number Constructing module 2 is respectively sent to No. ISMI.Internet of Things mould group, that is, internet-of-things terminal communication module, is one of terminal device Point.Under normal conditions, the ISMI of the available S/N sequence number and eSIM card including Internet of Things mould group of eSIM card operation system Number, therefore can get No. ISMI (Internat of S/N sequence number (the Seria l Number) and eSIM card of Internet of Things mould group Ional Mobi le Subscriber Ident if icat ion Number, international mobile subscriber identity).ESIM quilt When usurping, thus the case where being inevitably substituted into another terminal device from a terminal device, causes to send out in terminal device The case where raw suspension, power-off, therefore, the method pair of the eSIM card authentication can be started when the eSIM card of terminal device is restarted ESIM card is authenticated.
Constructing module 2: for receive obtain module 1 S/N sequence number and No. ISMI, and to S/N sequence number and No. ISMI Data configuration is carried out respectively, is transformed into the hash data splitting of regular length.For example, calculating S/N sequence by HASH algorithm Number and No. ISMI corresponding HASH value, the combination of two HASH values is stored in constructing module 2 as data splitting.HASH algorithm example Such as any one of method or multiplication rounding method can be rounded for direct remainder method, multiplication.Constructing module 2 is calculated using HASH algorithm Corresponding HASH value is also convenient for Short Message Service Gateway in order to encrypt using Encryption Algorithm to HASH value by encrypting module 3 out 7 carry out subsequent processing.
Encrypting module 3: for receiving the data splitting of constructing module 2 and the key identification of transmission module 4, pass through encryption Algorithm encrypts data splitting and key identification, and encrypted combination data and key identification are sent to transmission mould Block 4.For example, being encrypted by HASH value of the AES encryption algorithm to data splitting, by RES Encryption Algorithm to key identification It is encrypted.As long as encrypting module 3 sends instructions to transmission module 4 and requires triggering key identification, which is character String, as encrypting module 3, an authentication information of the two-way request of deciphering module 5.Except key identification is independently of data splitting, Data splitting will not be had an impact.By key identification, the transmission channel of encrypting module 3 and deciphering module 5 is safer, prevents Hacker's taken intermediate encrypted packet.
Transmission module 4: the transmission of data splitting is requested for receiving encrypting module 3, is requested to generate key according to transmission Mark is back to encrypting module 3;And routing and transmission to encrypted module 3 safety of encrypted combination data progress, and to Deciphering module 5 sends transmission request.The effect of transmission module 4 is equivalent to a router to a certain extent, and encrypting module 3 is sent out Send request to transmission module 4, transmission module 4 with encrypting module 3 establishes safe bidirectional data path after receiving request, raw simultaneously At key identification, key identification is sent to encrypting module 3.And transmission request (Request) is sent by transmission module 4 and is given Deciphering module 5.As where the function of encrypting module 3, after encrypting module 3 receives key identification, key identification is encrypted, And encrypted combination data information is sent to transmission module 4 by encryption key mark and.Then, transmission module 4 is by encrypted set It closes data information and key identification sends deciphering module 5 to.
Deciphering module 5: for receiving the data of encrypted combination and encryption key mark of the transmission of transmission module 4, to Encryption key mark is decrypted;And it is consistent with key identification in the decruption key mark decrypted to encryption key mark When, encrypted combination data are parsed to obtain data verification information by decipherment algorithm, and data verification information is sent to number According to center 6.Encryption key mark parses to be compared with key identification initial before unencryption afterwards, if unanimously, just built Vertical secure transmission tunnel.This key identification is equivalent to one " secret signal ", has this " secret signal ", encrypting module 3 and decryption mould Block 5 just can be carried out safe transmitting-receiving instruction.Here decipherment algorithm is decipherment algorithm corresponding with Encryption Algorithm, such as is passed through Key identification is decrypted in RES Encryption Algorithm, only after key identification completes decryption and identifies unanimously with primary key, Data splitting is decrypted by AES decipherment algorithm.
Data center 6: converging and stores all Internet of Things mould groups, the relevant information of eSIM card, and by data verification information It is sent to authentication module 9.That is, data center 6 is used for memory system data, the S/N sequence number of Internet of Things mould group, type information with And relevant information of eSIM card, such as IMSI number, card number etc..The data center 6 be often deployed in operator management platform and/ Or in the management platform of manufacturer terminal.
Short Message Service Gateway 7: for receiving data splitting, additional encryption is carried out to data splitting and forms short message ciphertext, and will be short Letter ciphertext is sent to sms center 8.Short Message Service Gateway 7 is responsible for providing the interface for connecting sms center 8, lower even constructing module 2, to group The encryption method for closing data for example can be MD5 algorithm or DES algorithm.
Sms center 8: for receiving short message ciphertext, decrypting short message ciphertext is additional as short-message verification information, and by short message Verification information is sent to authentication module 9.Short message ciphertext is sent to sms center 8, and it is laggard that sms center 8 receives short message ciphertext data Row parsing.To short message ciphertext parsing i.e. letter decrypting process, i.e., parsing is carried out to short message ciphertext and be reduced into primary data.Pass through application Additional encryption and additional decrypting process in short message mode, back up the transmission and verifying of data splitting, short message ciphertext Decipherment algorithm corresponds to MD5 algorithm or DES algorithm.
Authentication module 9: be responsible for data matching and authentication function, for receive sms center 8 short-message verification information and The data verification information of data center 6, and whether compare short-message verification information consistent with data verification information, to determine eSIM card Networking license can be obtained.Here, the number that encrypt-decrypt is carried out through different modes that sms center 8 and data center 6 are collected into It is believed that breath is compared, matches and verify S/N sequence number and IMSI number is one-to-one relationship.If short-message verification is believed Breath and data verification information S/N sequence number and IMSI number it is completely the same, then allow eSIM card and carrier network authentication and Certification passes through, and determines that eSIM card can obtain networking license;Otherwise, eSIM card does not pass through with the authentication of carrier network and certification, Determine that eSIM card cannot obtain networking license.
In view of the size of data capacity, data are preferably respectively set in the system of the eSIM card authentication of the present embodiment Center 6 and authentication module 9, to cope with biggish data volume.Data center 6 can converge and store the Internet of Things of all industrial applications Mould group, eSIM card relevant information.It is understood that can will be authenticated in the case where the smaller data volume of system application is little The matching of module 9 is merged into data center 6 with authentication function and carries out, and which is not described herein again.
The above-mentioned each functional module referred to, in addition to Short Message Service Gateway 7, sms center 8 and data center 6 be deployed in operator with Outside, remaining module is arranged in terminal mould group namely Internet of Things mould group.
Preferably, in constructing module 2, S/N sequence number and No. ISMI corresponding HASH are calculated by HASH algorithm Value, two HASH value combinations are stored in constructing module 2 as data splitting;
In transmission module 4, key identification is character string, as encrypting module 3, the certification of the two-way request of deciphering module 5 Information;
In encrypting module 3, data splitting is encrypted by AES encryption algorithm, by RES Encryption Algorithm to key Mark is encrypted;
Correspondingly, encryption key mark is decrypted by RES Encryption Algorithm, and is decrypting in deciphering module 5 When key identification is consistent with key identification, encrypted combination data are decrypted by AES decipherment algorithm.
Likewise, carrying out additional encryption to data splitting by MD5 algorithm or DES algorithm in Short Message Service Gateway 7;
Correspondingly, carrying out additional decryption to short message ciphertext by MD5 algorithm or DES algorithm in sms center 8.
Under normal conditions, card usurps the loss that will lead to user information and the waste of possible rate.ESIM module is by people It steals, it may directly can be in other terminals, if causing letting out for eSIM card information without authenticating and authenticating after stealing The waste (such as being assumed another's name with Custom modules business) of dew (such as being acquired card number or identity information) and rate.In the eSIM In the method and its system of card authentication, by obtaining the sequence number of the S/N of terminal mould group and the IMSI number of eSIM card;With not The form of same ciphertext, is on the one hand sent to sms center by Short Message Service Gateway, obtains First ray S/N1 and first movement CUSTOMER ID IMSI1;On the one hand it is logical safe transmission to be established by encrypting module and transmission module progress two-way authentication and authentication Road, and by the verifying of key identification, decrypted module is decrypted, and obtains the second sequence number S/N2 and the second mobile subscriber knows Other code IMSI2;In turn, the data information of data center is compared with the data information of sms center, SN1=SN2 with And IMSI1=IMSI2 realizes the authentication and certification with operator simultaneously when meeting.
As it can be seen that the method and its system of the eSIM card authentication of the present embodiment, while not using two kinds of network and short message It is verified and is converged respectively with channel mode, due to a wherein side of the short-message verification information as authentification of message of short message channel Face not via network, therefore is not easy obtained by a hacker, is avoided that eSIM card information is stolen or steals;Compare and The data verification information via network is combined with short-message verification information, the double authentication of eSIM card is able to achieve, eliminates safe hidden trouble, Guarantee the information security of eSIM card.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.

Claims (10)

1. a kind of method of eSIM card authentication, which is characterized in that comprising steps of
Obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card;
Data configuration is carried out to S/N sequence number and No. ISMI respectively, is transformed into the hash data splitting of regular length;
Based on the data splitting CIPHERING REQUEST generate key identification, and to the key identification and the data splitting respectively into Row encryption;Also, it can be decrypted to obtain the base of decruption key mark corresponding with the key identification in encryption key mark On plinth, encrypted combination data are decrypted to obtain data verification information;
And the data splitting is transmitted, additional encryption and additional decryption, obtain short-message verification information;
Compare the short-message verification information and whether the data verification information is consistent, is permitted with determining that can eSIM card obtain networking It can.
2. the method for eSIM card authentication according to claim 1, which is characterized in that encrypted based on the data splitting Request generates key identification, and encrypts respectively to the key identification and the data splitting;Also, in encryption key Mark, which can be decrypted, to be obtained on the basis of corresponding with key identification decruption key identifies, to the progress of encrypted combination data The step of decryption obtains data verification information, comprising:
The transmission for encrypting the data splitting is sent to request;
It is requested to generate key identification according to transmission;
The data splitting and the key identification are encrypted respectively;
It sends and the transmission that the data of encrypted combination and the encryption key mark are decrypted is requested;
The encryption key mark is decrypted;
When the decruption key mark of decryption is consistent with the key identification, the data of encrypted combination are solved It is close, obtain the data verification information;
The data verification information is stored and sent.
3. the method for eSIM card authentication according to claim 2, which is characterized in that calculate S/ by HASH algorithm N sequence number and No. ISMI corresponding HASH value, two HASH value combinations are stored as the data splitting;
The key identification is character string, as the authentication information for encrypting, decrypting two-way request;
The data splitting is encrypted by AES encryption algorithm, key identification is encrypted by RES Encryption Algorithm;
Correspondingly, the encryption key mark is decrypted by RES Encryption Algorithm, and decruption key mark with When the key identification is consistent, the data of encrypted combination are decrypted by AES decipherment algorithm.
4. the method for eSIM card authentication according to claim 2, which is characterized in that in the decruption key of decryption When mark is inconsistent with the key identification, the data of encrypted combination are decrypted in stopping, determining that eSIM card cannot obtain It is taken into net license.
5. the method for eSIM card authentication according to claim 1, which is characterized in that passed to the data splitting Defeated, additional encryption and additional the step of decrypting, obtaining short-message verification information, comprising:
Additional encryption is carried out to the data splitting and forms short message ciphertext;
It decrypts the short message ciphertext is additional as the short-message verification information, and the short-message verification information is sent.
6. the method for eSIM card authentication according to claim 5, which is characterized in that pass through MD5 algorithm or DES algorithm Additional encryption is carried out to the data splitting;
Correspondingly, carrying out additional decryption to the short message ciphertext by MD5 algorithm or DES algorithm.
7. the method for eSIM card authentication according to claim 1-6, which is characterized in that
The short-message verification information is consistent with the data verification information, it is determined that can eSIM card obtain networking license;
Whether the short-message verification information and the data verification information are not consistent, it is determined that eSIM card cannot obtain networking and be permitted It can.
8. a kind of system of eSIM card authentication, which is characterized in that including obtain module, constructing module, first processing mould group, Second processing mould group and authentication module, in which:
The acquisition module: for obtain Internet of Things mould group S/N sequence number and No. ISMI of eSIM card, and by S/N sequence number The constructing module is respectively sent to No. ISMI;
The constructing module: for receiving the S/N sequence number for obtaining module and No. ISMI, and to S/N sequence number and ISMI Number data configuration is carried out respectively, be transformed into the hash data splitting of regular length;
The first processing mould group, for generating key identification based on the data splitting CIPHERING REQUEST, and to the key mark Know and the data splitting is encrypted respectively;Also, it can be decrypted to obtain and the key identification in encryption key mark On the basis of corresponding decruption key mark, encrypted combination data are decrypted to obtain data verification information;
The second processing mould group transmits the data splitting, additional encryption and additional decryption, obtains short-message verification letter Breath;
The authentication module: for receiving the short-message verification information and the data verification information, and the short message is tested It demonstrate,proves information and whether the data verification information is consistent, to determine that can eSIM card obtain networking license.
9. the system of eSIM card authentication according to claim 8, which is characterized in that described first, which handles mould group, includes Encrypting module, transmission module, deciphering module, data center, in which:
The encrypting module: for receiving the data splitting of the constructing module and the key mark of the transmission module Know, the data splitting and the key identification are encrypted respectively by Encryption Algorithm, and by encrypted combination data And the encryption key mark is sent to the transmission module;
The transmission module: the transmission of the data splitting is requested for receiving the encrypting module, please be seek survival according to transmission The encrypting module is back at the key identification;And to encrypted combination number described in being encrypted through the encrypting module It is routed and is transmitted according to the encryption key mark, and send transmission request to the deciphering module;
The deciphering module: for receive the transmission module send described in encrypted combination data and the encryption key Mark, is decrypted the encryption key mark;And it is close in the decryption decrypted to the encryption key mark When key mark is consistent with the key identification, the data of encrypted combination are parsed to obtain the data by decipherment algorithm and are tested Information is demonstrate,proved, and the data verification information is sent to the data center;
The data center: for converging and storing all Internet of Things mould groups, the relevant information of eSIM card, and by the number The authentication module is sent to according to verification information.
10. the system of eSIM card authentication according to claim 8, which is characterized in that the second processing mould group packet Include Short Message Service Gateway and sms center, in which:
The Short Message Service Gateway: for receiving the data splitting, additional encryption is carried out to the data splitting and forms the short message Ciphertext, and the short message ciphertext is sent to the sms center;
The sms center: for receiving the short message ciphertext, additional decrypt of the short message ciphertext is believed for the short-message verification Breath, and the short-message verification information is sent to the authentication module.
CN201811052086.7A 2018-09-10 2018-09-10 eSIM card authentication method and system Active CN109151823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811052086.7A CN109151823B (en) 2018-09-10 2018-09-10 eSIM card authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811052086.7A CN109151823B (en) 2018-09-10 2018-09-10 eSIM card authentication method and system

Publications (2)

Publication Number Publication Date
CN109151823A true CN109151823A (en) 2019-01-04
CN109151823B CN109151823B (en) 2021-08-31

Family

ID=64824219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811052086.7A Active CN109151823B (en) 2018-09-10 2018-09-10 eSIM card authentication method and system

Country Status (1)

Country Link
CN (1) CN109151823B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235799A (en) * 2020-10-14 2021-01-15 中国电力科学研究院有限公司 Network access authentication method and system for terminal equipment
CN112995092A (en) * 2019-12-02 2021-06-18 阿里巴巴集团控股有限公司 Data transmission method and device
CN113538814A (en) * 2021-06-22 2021-10-22 华录智达科技股份有限公司 Intelligent bus vehicle-mounted terminal supporting digital RMB payment
CN113808339A (en) * 2021-09-17 2021-12-17 中国银行股份有限公司 Self-service system and verification method of self-service equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102150446A (en) * 2008-09-09 2011-08-10 爱立信电话股份有限公司 Authentication in a communication network
CN103987025A (en) * 2014-06-06 2014-08-13 熊文俊 Roaming communication method based on mobile two-channel virtual card number authentication and roaming communication equipment based on mobile two-channel virtual card number authentication
CN105101167A (en) * 2015-08-31 2015-11-25 联想(北京)有限公司 Data service transmission method and user terminal
CN107318103A (en) * 2017-08-11 2017-11-03 深圳市新国都支付技术有限公司 Anti- based on Internet of Things SIM card cuts machine method and its system
US9814010B1 (en) * 2016-09-14 2017-11-07 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102150446A (en) * 2008-09-09 2011-08-10 爱立信电话股份有限公司 Authentication in a communication network
CN103987025A (en) * 2014-06-06 2014-08-13 熊文俊 Roaming communication method based on mobile two-channel virtual card number authentication and roaming communication equipment based on mobile two-channel virtual card number authentication
CN105101167A (en) * 2015-08-31 2015-11-25 联想(北京)有限公司 Data service transmission method and user terminal
US9814010B1 (en) * 2016-09-14 2017-11-07 At&T Intellectual Property I, L.P. Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests
CN107318103A (en) * 2017-08-11 2017-11-03 深圳市新国都支付技术有限公司 Anti- based on Internet of Things SIM card cuts machine method and its system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995092A (en) * 2019-12-02 2021-06-18 阿里巴巴集团控股有限公司 Data transmission method and device
CN112235799A (en) * 2020-10-14 2021-01-15 中国电力科学研究院有限公司 Network access authentication method and system for terminal equipment
CN112235799B (en) * 2020-10-14 2021-11-16 中国电力科学研究院有限公司 Network access authentication method and system for terminal equipment
CN113538814A (en) * 2021-06-22 2021-10-22 华录智达科技股份有限公司 Intelligent bus vehicle-mounted terminal supporting digital RMB payment
CN113808339A (en) * 2021-09-17 2021-12-17 中国银行股份有限公司 Self-service system and verification method of self-service equipment

Also Published As

Publication number Publication date
CN109151823B (en) 2021-08-31

Similar Documents

Publication Publication Date Title
CN103201998B (en) For the protection of the data processing of the local resource in mobile device
CN106161032B (en) A kind of identity authentication method and device
CN107800539B (en) Authentication method, authentication device and authentication system
EP1787486B1 (en) Bootstrapping authentication using distinguished random challenges
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
CN103415008A (en) Encryption communication method and encryption communication system
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
CN101641976A (en) An authentication method
US10044684B2 (en) Server for authenticating smart chip and method thereof
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN109151823A (en) The method and system of eSIM card authentication
CN101895881B (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN102892102B (en) A kind of method, system and equipment realizing binding machine and card in a mobile network
CN109889669A (en) A kind of unlocked by mobile telephone method and system based on secure cryptographic algorithm
CN108848495A (en) A kind of user identity update method using preset key
CN106506161A (en) Method for secret protection and privacy protection device in vehicle communication
CN103905388A (en) Authentication method, authentication device, smart card, and server
US20210256102A1 (en) Remote biometric identification
CN109756451B (en) Information interaction method and device
CN109451504B (en) Internet of things module authentication method and system
CN107786978B (en) NFC authentication system based on quantum encryption
CN107888376B (en) NFC authentication system based on quantum communication network
CN105554759A (en) Authentication method and authentication system
CN105828324A (en) Method and device of obtaining virtual subscriber identity
CN106603486B (en) Method and system for security authorization of mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant