[go: up one dir, main page]

CN100401814C - A protection method for PHS mobile communication PIM card authentication data - Google Patents

A protection method for PHS mobile communication PIM card authentication data Download PDF

Info

Publication number
CN100401814C
CN100401814C CNB031131956A CN03113195A CN100401814C CN 100401814 C CN100401814 C CN 100401814C CN B031131956 A CNB031131956 A CN B031131956A CN 03113195 A CN03113195 A CN 03113195A CN 100401814 C CN100401814 C CN 100401814C
Authority
CN
China
Prior art keywords
data
authentication
pim
authorization data
mobile communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB031131956A
Other languages
Chinese (zh)
Other versions
CN1536914A (en
Inventor
卢晓辉
程琼
林强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNB031131956A priority Critical patent/CN100401814C/en
Publication of CN1536914A publication Critical patent/CN1536914A/en
Application granted granted Critical
Publication of CN100401814C publication Critical patent/CN100401814C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

一种对存在PHS移动通信中与移动设备无关的PIM卡中的鉴权数据进行保护的方法,除了PHS移动通信通常的鉴权外,还包括:初始设置用户时的特定的用户数据和鉴权数据写入步骤;发生鉴权时的特定鉴权步骤;定时发生的定时数据检查和恢复步骤;关机过程包括的关机数据检查和恢复步骤。这种鉴权数据保护方法在PIM卡文件中增加CRC校验码、备份了PIM卡鉴权数据、在鉴权中增加的校验和恢复过程,同时增加定时和关机时的数据检查和恢复,可保护存储在PIM卡普通权限文件中的鉴权数据避免被改写和破坏,增加了机卡分离技术的健壮性,便于机卡分离的推广;确保了鉴权数据的完整性,使得鉴权操作能够顺利进行;减少了因鉴权数据损坏而进行维修的次数,既降低网络运营商成本又提供用户以方便。

Figure 03113195

A method for protecting authentication data stored in a PIM card irrelevant to mobile equipment in PHS mobile communication, in addition to the usual authentication of PHS mobile communication, it also includes: specific user data and authentication when initially setting users The data writing step; the specific authentication step when authentication occurs; the timing data inspection and recovery step that occurs regularly; the shutdown data inspection and recovery step included in the shutdown process. This authentication data protection method adds a CRC check code in the PIM card file, backs up the PIM card authentication data, adds a verification and recovery process in the authentication, and increases the data check and recovery when timing and shutdown. It can protect the authentication data stored in the general permission file of the PIM card from being rewritten and destroyed, which increases the robustness of the machine-card separation technology and facilitates the promotion of machine-card separation; ensures the integrity of the authentication data and makes the authentication operation It can be carried out smoothly; the number of repairs due to the damage of authentication data is reduced, which not only reduces the cost of network operators, but also provides convenience for users.

Figure 03113195

Description

一种PHS移动通信PIM卡鉴权数据的保护方法 A protection method for PHS mobile communication PIM card authentication data

技术领域 technical field

本发明涉及移动通信,具体地说,涉及PHS移动通信中与ME设备无关的PIM卡,更具体地说,涉及一种对储存在这种PIM卡中的鉴权数据进行保护的方法。The present invention relates to mobile communication, in particular to a PIM card irrelevant to ME equipment in PHS mobile communication, and more specifically to a method for protecting authentication data stored in the PIM card.

背景技术 Background technique

在PHS移动通信系统中,提供了与ME设备无关的PIM卡,实现了机卡分离。在所述PIM卡中存放了用户的鉴权数据,插入用户任意选择的PHS手机或固定台;而根据现有PHS网络通用的RCR STD-28标准,移动台在开机时先要执行位置登记、鉴权处理,成功后网络为该用户提供签约服务。网络为该用户提供签约服务的过程中,会根据需要要求用户进行登记、鉴权。登记、鉴权的种类包括呼出鉴权、呼入鉴权等很多种,所有这些都会使用存放在PIM卡中的用户鉴权数据。In the PHS mobile communication system, a PIM card that has nothing to do with ME equipment is provided to realize the separation of the machine and the card. The user's authentication data is stored in the PIM card, which is inserted into the PHS mobile phone or fixed station arbitrarily selected by the user; and according to the general RCR STD-28 standard of the existing PHS network, the mobile station will first perform position registration, After the authentication process is successful, the network provides the subscription service for the user. During the process of providing subscription services for the user, the network will require the user to register and authenticate as needed. The types of registration and authentication include outgoing call authentication, incoming call authentication, etc., all of which will use the user authentication data stored in the PIM card.

PIM卡属于一种需要公开数据的智能卡,通过文件存储数据;所述文件包括两类:1、需要高级权限(如文件创建者权限)才能够改写的高级权限文件;2、只需普通权限即可改写的普通权限文件,普通权限的文件有一些空余空间或者保留字节。这种类型智能卡,任何人都可以通过特定的命令和仪器很容易的将存放在PIM卡中的数据读出复制,有权限也能删除和更改。PIM卡的鉴权数据存放在PIM卡的指定文件,目前鉴权数据存放的文件分为上述二种类别:存放在高级权限文件中的部分鉴权数据,PIM卡一旦制造完成交到用户手中,一般用户是没有能力对这部分鉴权数据进行改写的;存放在普通权限文件中的部分鉴权数据,这种文件的写权限比较低,这部分鉴权数据容易被改写、被破坏。The PIM card belongs to a kind of smart card that needs to disclose data, and stores data through files; the files include two types: 1, high-level permission files that need high-level permissions (such as file creator permissions) to be able to rewrite; 2, only ordinary permissions It is a rewritable normal permission file, and the normal permission file has some free space or reserved bytes. With this type of smart card, anyone can easily read and copy the data stored in the PIM card through specific commands and instruments, and can also delete and change it with permission. The authentication data of the PIM card is stored in the specified file of the PIM card. At present, the files stored in the authentication data are divided into the above two categories: part of the authentication data stored in the advanced authority file, once the PIM card is manufactured and handed over to the user, General users do not have the ability to rewrite this part of the authentication data; some of the authentication data stored in the general permission file, the write permission of this file is relatively low, and this part of the authentication data is easy to be rewritten and destroyed.

发明内容 Contents of the invention

本发明要解决的技术问题是,利用PIM卡中普通权限文件的一些空余空间或者保留字节,在传统的鉴权过程中增加数据CRC校验和错误恢复保护过程,提供一种PHS移动通信PIM卡鉴权数据的保护方法,保护部分存储在PIM卡普通权限文件中的鉴权数据,减少被改写和破坏的情况。The technical problem to be solved by the present invention is to provide a PHS mobile communication PIM by using some free space or reserved bytes of the common authority file in the PIM card to increase the data CRC check and error recovery protection process in the traditional authentication process. The method for protecting the card authentication data protects part of the authentication data stored in the ordinary permission file of the PIM card to reduce the situation of being rewritten and destroyed.

本发明上述技术问题这样解决,构造一种PHS移动通信PIM卡鉴权数据的保护方法,包括PHS移动通信通常的鉴权过程,其特征在于,还包括以下步骤:The above-mentioned technical problems of the present invention are solved like this, construct a kind of protection method of PHS mobile communication PIM card authentication data, comprise the usual authentication process of PHS mobile communication, it is characterized in that, also comprise the following steps:

初始处理:初始设置用户时,写入特定的用户数据和鉴权数据;Initial processing: When initially setting up users, write specific user data and authentication data;

鉴权处理:发生鉴权时,进行鉴权;Authentication processing: when authentication occurs, perform authentication;

定时处理:定时进行定时数据检查和恢复;Timing processing: timing data inspection and recovery at regular intervals;

关机处理:关机过程包括关机数据检查和恢复步骤;Shutdown processing: the shutdown process includes shutdown data check and recovery steps;

所述写入特定的用户数据和鉴权数据包括特定的用户数据写入步骤和特定的鉴权数据写入步骤,是指在把用户数据或鉴权数据写入PIM卡时,在PIM ID或鉴权数据中插入校验位,再写入相应文件,同时作多个备份,分开存放。Described writing specific user data and authentication data comprises specific user data writing step and specific authentication data writing step, refers to when user data or authentication data are written into PIM card, in PIM ID or Insert the check digit into the authentication data, then write it into the corresponding file, make multiple backups at the same time, and store them separately.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,所述鉴权处理包括以下步骤:According to the protection method of PHS mobile communication PIM card authentication data provided by the present invention, described authentication processing comprises the following steps:

2.1)发生鉴权时,PHS手机或固定台读取其PIM卡中存放鉴权数据的文件,解析出鉴权数据并进行校验;2.1) When authentication occurs, the PHS mobile phone or fixed station reads the file storing authentication data in its PIM card, parses out the authentication data and performs verification;

2.2)若校验通过,继续执行PHS移动通信通常的鉴权步骤;2.2) If the verification is passed, continue to perform the usual authentication steps of PHS mobile communication;

2.3)若校验没有通过则利用所述初始处理步骤中的备份进行数据恢复操作,若数据恢复失败,结束鉴权过程,返回PIM卡出错信息;2.3) If the check is not passed, then utilize the backup in the initial processing step to carry out the data recovery operation, if the data recovery fails, end the authentication process, and return the PIM card error message;

否则使用恢复的鉴权数据,继续执行PHS移动通信通常的鉴权步骤。Otherwise, use the restored authentication data and continue to execute the usual authentication steps of PHS mobile communication.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,  ME在开机登记的过程中的鉴权处理包括以下步骤:According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, the authentication processing of the ME in the process of power-on registration includes the following steps:

3.1)将PIM卡插入ME,ME开机后向PIM卡发送读取PIM ID文件的请求;3.1) Insert the PIM card into the ME, and after the ME starts up, send a request to read the PIM ID file to the PIM card;

3.2)PIM卡发送PIM ID文件至ME;3.2) PIM card sends PIM ID file to ME;

3.3)解析出PIM ID并进行CRC校验;3.3) Analyze the PIM ID and perform CRC check;

3.4)若CRC校验通过,则执行步骤(3.6),否则进行数据恢复操作;3.4) If the CRC check passes, then perform step (3.6), otherwise perform data recovery operation;

3.5)若数据恢复成功,则执行步骤(3.6),否则说明PIM卡损坏,结束鉴权过程;3.5) If the data recovery is successful, then perform step (3.6), otherwise the PIM card is damaged, and the authentication process is ended;

3.6)ME向CS发送位置登记请求,该请求包括PIM ID;3.6) ME sends a location registration request to CS, the request includes PIM ID;

3.7)CS向ME发送鉴权请求,同时并将鉴权随机数传给ME;3.7) CS sends an authentication request to ME, and at the same time transmits the authentication random number to ME;

3.8)执行鉴权;3.8) Perform authentication;

3.9)鉴权通过,CS将位置登记确认消息传给ME;鉴权失败,CS将位置登记失败消息传给ME。。3.9) If the authentication is passed, the CS sends a location registration confirmation message to the ME; if the authentication fails, the CS sends a location registration failure message to the ME. .

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,在步骤(2.3)所述数据恢复操作包括:According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, the data restoration operation described in step (2.3) comprises:

4.1)读取分开存放在PIM卡不同位置的鉴权数据备份,解析出鉴权数据并进行校验;4.1) Read the authentication data backup stored separately in different locations of the PIM card, parse out the authentication data and verify it;

4.2)若校验没有通过,鉴权数据备份没有读完,返回步骤(4.1);否则返回数据恢复错误;4.2) If the verification fails and the authentication data backup has not been read, return to step (4.1); otherwise return a data recovery error;

4.3)若校验通过,将该鉴权数据对应的CRC校验码写入到被破坏的位置上4.3) If the verification is passed, write the CRC verification code corresponding to the authentication data into the damaged position

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,在步骤(3.4)中所述数据恢复操作包括:According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, the data restoration operation described in step (3.4) comprises:

5.1)存放在PIM卡不同位置的PIM ID备份中的一个,解析出PIMID并进行校验;5.1) One of the PIM ID backups stored in different positions of the PIM card, parse out the PIM ID and verify it;

5.2)校验没有通过,鉴权数据备份没有读完,返回步骤(5.1);否则返回数据恢复错误;5.2) If the verification fails and the authentication data backup has not been read, return to step (5.1); otherwise, return a data recovery error;

5.3)若校验通过,将该PIM ID对应的CRC校验码写入到被破坏的位置上。5.3) If the verification is passed, write the CRC check code corresponding to the PIM ID into the damaged position.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,其特征在于,在所述特定的用户数据和鉴权数据写入步骤中所述文件是普通权限文件。According to the protection method of PHS mobile communication PIM card authentication data provided by the present invention, it is characterized in that, in the step of writing specific user data and authentication data, the file is a common authority file.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,在所述特定的用户数据和鉴权数据写入步骤中所述方法是32位CRC校验,将鉴权数据或PIM ID按照4个字节分组,若不足4个字节则以“0xff”填充,根据公式计算得出的校验位,把校验位放在每一组的后面一个字节,所述公式为f(x)=According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, the method described in the specific user data and the authentication data writing step is 32 CRC checks, and the authentication data or PIM ID is according to 4 byte groups, if less than 4 bytes, fill with "0xff", according to the check digit calculated by the formula, put the check digit in the back byte of each group, the formula is f( x) =

X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0。X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^ 2+X^1+X^0.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,在步骤(2.1)中所述读取分开存放在PIM卡不同位置的鉴权数据备份中的一个,是按照不同位置的优先级顺序依次逐个读取,所述不同位置包括优先级从高到低的不经常使用的文件、某些文件不常使用的记录和某些文件的保留字段的三种位置。According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, described in the step (2.1) reads one of the authentication data backups stored separately in different positions of the PIM card, according to the priority of different positions The sequence is read one by one, and the different positions include the infrequently used files with priority from high to low, the infrequently used records of some files, and the reserved fields of some files.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,所述校验是指将解析出的鉴权数据按照4个字节分组,若不足4个字节则以“0xff”填充,根据公式得出的校验位与所述特定的用户数据和鉴权数据写入步骤中所述的校验位进行比较,相同校验通过;不同校验失败;所述公式为f(x)=According to the protection method of the PHS mobile communication PIM card authentication data provided by the present invention, the verification refers to that the authentication data parsed is grouped according to 4 bytes, if less than 4 bytes, then fill with "0xff", The check digit obtained according to the formula is compared with the check digit described in the specific user data and authentication data writing step, the same check is passed; the different check is failed; the formula is f(x) =

X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0。X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^ 2+X^1+X^0.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,所述定时处理步骤包括定时进行CRC检验找出正确的鉴权数据的步骤和特定的鉴权数据写入步骤。According to the PHS mobile communication PIM card authentication data protection method provided by the present invention, the timing processing step includes the step of regularly performing CRC check to find out the correct authentication data and the specific authentication data writing step.

按照本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,所述关机处理步骤包括ME关机时进行CRC检验找出正确的鉴权数据的步骤和特定的鉴权数据写入步骤。According to the PHS mobile communication PIM card authentication data protection method provided by the present invention, the shutdown processing step includes a step of performing a CRC check to find correct authentication data and a specific authentication data writing step when the ME is shut down.

实施本发明提供的PHS移动通信PIM卡鉴权数据的保护方法,利用在PIM卡文件中增加CRC校验码、多处分布的有冗余的PIM卡鉴权数据、在鉴权过程中增加的校验和恢复过程,同时增加定时和关机时的数据检查和恢复过程,保护了部分存储在PIM卡普通权限文件中的鉴权数据,减少被改写和破坏的情况,进一步在一定程度上增加了机卡分离技术的健壮性,便于机卡分离的推广;确保了鉴权数据的完整性,使得鉴权操作能够顺利进行;减少了因鉴权数据损坏而进行维修的次数,既降低了网络运营商的服务成本又减少了用户的麻烦;同时进一步利用上面相同技术保护PIM ID数据,使PIM卡更为可靠。Implement the protection method of the PHS mobile communication PIM card authentication data that the present invention provides, utilize in the PIM card file to increase the CRC check code, redundant PIM card authentication data distributed in multiple places, increase in the authentication process The verification and recovery process, while increasing the data check and recovery process at the time of timing and shutdown, protects part of the authentication data stored in the normal authority file of the PIM card, reduces the situation of being rewritten and destroyed, and further increases the security to a certain extent. The robustness of the machine-card separation technology facilitates the promotion of machine-card separation; it ensures the integrity of the authentication data, enabling the smooth operation of the authentication operation; it reduces the number of repairs due to damage to the authentication data, which not only reduces network operation The service cost of the provider reduces the user's troubles; at the same time, the same technology as above is further used to protect the PIM ID data, making the PIM card more reliable.

附图说明 Description of drawings

图1是本发明方法使用的鉴权数据的格式示意图。Fig. 1 is a schematic diagram of the format of authentication data used in the method of the present invention.

图2是利用本发明方法对鉴权数据进行检验的流程示意图。Fig. 2 is a schematic flow chart of verifying authentication data by using the method of the present invention.

图3是本发明提供的恢复鉴权数据的流程示意图。Fig. 3 is a schematic flow chart of restoring authentication data provided by the present invention.

图4是以SIM卡为例,利用本发明方法读取鉴权数据备份的流程示意图。Fig. 4 takes the SIM card as an example, and uses the method of the present invention to read the schematic flow chart of authentication data backup.

图5是利用本发明方法定时鉴权数据检查和恢复的流程示意图。Fig. 5 is a schematic flow chart of timing authentication data checking and recovery using the method of the present invention.

图6是利用本发明方法在关机时进行鉴权数据检查和恢复的流程示意图。Fig. 6 is a schematic flow chart of checking and recovering authentication data when the system is turned off by using the method of the present invention.

具体实施方式 Detailed ways

结合附图和实施例,对本发明方法进一步展开。首先,说明发明方法的主要基础点如下:The method of the present invention is further developed in conjunction with the accompanying drawings and embodiments. First, the main basic points for explaining the inventive method are as follows:

(一)CRC校验:(1) CRC check:

①写入PIM ID和鉴权数据,其中,鉴权数据的格式如图1,将鉴权数据写入文件中,由于本实施例采用了32位CRC校验,因此,将要写入的数据按照4个字节分组,若不足4个字节则以“0xff”填充,最后,根据校验码生成公式“f(x)=1. write PIM ID and authentication data, wherein, the format of authentication data is as Fig. 1, and authentication data is written in the file, because the present embodiment has adopted 32 CRC checks, therefore, the data to be written according to 4 byte groups, if less than 4 bytes, fill with "0xff", and finally, according to the check code generation formula "f(x)=

X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0”得出原始校验位放在每一组的后面一个字节。写入PIM ID数据方法与写入鉴权数据方法一致。X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^ 2+X^1+X^0" to get the original check digit placed in the last byte of each group. The method of writing PIM ID data is the same as the method of writing authentication data.

②PIM ID和鉴权数据校验,其过程如图2所示,鉴权数据CRC校验步骤包括:ME鉴权、开机和ME自设的数据检查时需做鉴权数据CRC检验,CRC检验开始,ME读取鉴权数据并判断所读数据是否是鉴权数据(通过设置的鉴权数据标志位判断),不是结束;是,根据所述校验码生成公式产生新的校验位与ME读取鉴权数据同时读入的原始校验位比较,完全相同,返回“检验通过”;否则返回“检验失败”。PIM ID的CRC数据校验步骤与鉴权数据CRC校验步骤类似。② PIM ID and authentication data verification, the process is shown in Figure 2, the authentication data CRC verification steps include: ME authentication, power-on and ME self-set data inspection need to do authentication data CRC verification, CRC verification starts , ME reads the authentication data and judges whether the read data is authentication data (judged by the set authentication data flag bit), it is not the end; yes, a new check digit is generated according to the check code generation formula and ME When the authentication data is read and the original check digits read in are compared, if they are exactly the same, "passed" is returned; otherwise, "failed" is returned. The CRC data verification steps of the PIM ID are similar to the authentication data CRC verification steps.

(二)PIM ID和鉴权数据恢复:(2) PIM ID and authentication data recovery:

①备份PIM ID和鉴权数据,存放在普通权限文件的一些空余空间或者保留字节中。①Backup PIM ID and authentication data, and store them in some free space or reserved bytes of the common permission file.

②当含PIM ID或鉴权数据原始文件被破坏,CRC检验失败,执行数据恢复。如图2,鉴权数据恢复步骤:读取备份在普通权限文件PIM ID和鉴权数据备份,返回有效鉴权数据,用此数据恢复原始文件,否则返回出错信息。如图3,所述鉴权数据恢复步骤中所述读取数据备份,以SIM卡为例,在使用GSM11.11协议GSM系统的SIM卡中,是根据需要依次读取CCP、PLMNsel和SMSS文件中的鉴权数据备份进行CRC检验,检验通过直接返回所述鉴权数据恢复步骤需要的有效鉴权数据,否则继续读取,如果所有数据备份CRC检验都失败,返回出错信息。② When the original file containing PIM ID or authentication data is damaged and the CRC check fails, data recovery is performed. As shown in Figure 2, authentication data recovery steps: read the backup of the PIM ID and authentication data backup in the normal authority file, return valid authentication data, use this data to restore the original file, otherwise return an error message. As shown in Figure 3, the read data backup described in the authentication data recovery step, taking the SIM card as an example, in the SIM card using the GSM11.11 protocol GSM system, read the CCP, PLMNsel and SMSS files sequentially as required The authentication data backup in the CRC check is carried out, and the valid authentication data required by the authentication data recovery step is directly returned through the check, otherwise continue to read, and if all data backup CRC checks fail, an error message is returned.

CCP文件,该文件在PHASE 1和PHASE 2的卡中只有一个缺省的记录,优先级最高;CCP file, which has only one default record in the PHASE 1 and PHASE 2 cards, with the highest priority;

PLMNsel文件,该文件一般只会用到8个记录,缺省只有1个,而且用户一般也不会进行操作。该文件,鉴权数据存放的位置不确定,需要加入额外信息加以标识,优先级其次;PLMNsel file, this file generally only uses 8 records, the default is only 1, and users generally do not operate. In this file, the location where the authentication data is stored is uncertain, and additional information needs to be added to identify it, and the priority is second;

SMSS文件,该文件的保留字段有十个字节,但该字段会在短消息满的时候发生改写,优先级最低。SMSS file, the reserved field of this file has ten bytes, but this field will be rewritten when the short message is full, and the priority is the lowest.

按照本发明提出的PHS移动通信PIM卡鉴权数据的保护方法,对各个步骤逐个说明如下:(ME在CS覆盖范围)According to the protection method of the PHS mobile communication PIM card authentication data that the present invention proposes, each step is explained one by one as follows: (ME is in CS coverage area)

一)ME开机登记:1) ME start-up registration:

1.1)将PIM卡插入PHS移动系统的ME中,开机后ME向PIM卡发送读取存放PIM ID数据原始文件的请求;1.1) Insert the PIM card into the ME of the PHS mobile system, and after turning on the ME, send a request to the PIM card to read and store the original file of the PIM ID data;

1.2) PIM卡发送PIM ID数据原始文件发给ME;1.2) PIM card sends the original file of PIM ID data to ME;

1.3)解析出PIM ID并进行CRC校验;1.3) Analyze the PIM ID and perform CRC check;

1.4)若通过CRC校验,则执行步骤(1.6),否则执行PIM ID数据恢复操作;1.4) if by CRC check, then perform step (1.6), otherwise perform PIM ID data recovery operation;

1.5)若PIM ID数据恢复成功,则执行步骤(1.6),否则结束鉴权过程,返回PIM卡出错信息;1.5) If the PIM ID data recovery is successful, then perform step (1.6), otherwise end the authentication process and return the PIM card error message;

1.6)ME向CS发送位置登记请求,该请求包括PIM ID;1.6) ME sends a location registration request to CS, the request includes PIM ID;

1.7)CS向ME发送鉴权请求,并将随机数传给ME;1.7) CS sends an authentication request to ME, and transmits the random number to ME;

1.8)ME向PIM卡发送读取存放鉴权数据的原始文件的请求;1.8) The ME sends a request to the PIM card to read the original file storing the authentication data;

1.9)PIM卡将鉴权数据原始文件发给ME;1.9) The PIM card sends the original authentication data file to ME;

1.10)解析出鉴权数据并进行CRC校验;1.10) Parse the authentication data and perform CRC check;

1.11)若通过CRC校验,则执行(1.13),否则进行鉴权数据恢复;1.11) If the CRC check is passed, then execute (1.13), otherwise perform authentication data recovery;

1.12)若鉴权数据恢复成功,则执行(1.13),否则结束鉴权过程,返回PIM卡出错信息,ME登记失败;1.12) If the authentication data recovery is successful, then execute (1.13), otherwise end the authentication process, return PIM card error information, and ME registration fails;

1.13)ME根据随机数和解析出的鉴权数据AK执行FEAL算法或STEPHI算法产生鉴权结果;1.13) ME executes the FEAL algorithm or the STEPHI algorithm to generate the authentication result according to the random number and the parsed authentication data AK;

1.14)ME发送鉴权响应给CS,携带其产生的鉴权结果;1.14) ME sends an authentication response to CS, carrying the authentication result generated by it;

1.15)鉴权结果正确,CS将位置登记确认消息传给ME;否则ME登记失败。1.15) If the authentication result is correct, the CS sends the location registration confirmation message to the ME; otherwise, the ME registration fails.

二)ME鉴权:(ME开机登记也有ME鉴权,包含在步骤(1.8)-(1.15))2) ME authentication: (ME power-on registration also has ME authentication, included in steps (1.8)-(1.15))

2.1)发生呼出、呼入等鉴权时,PHS移动系统ME向PIM卡发送读取存放鉴权数据的原始文件的请求;2.1) When authentication such as outgoing calls and incoming calls occurs, the PHS mobile system ME sends a request to the PIM card to read the original file storing the authentication data;

2.2)解析出鉴权数据并进行CRC校验;2.2) Parse the authentication data and perform CRC check;

2.3)若校验通过,则使用鉴权数据在PHS移动系统ME中进行鉴权运算,将运算结果发送到CS。2.3) If the verification is passed, the authentication operation is performed in the PHS mobile system ME by using the authentication data, and the operation result is sent to the CS.

2.4)若校验没有通过则进行鉴权数据恢复操作;2.4) If the verification fails, the authentication data recovery operation is performed;

2.5)若数据恢复失败则结束鉴权过程,返回PIM卡出错信息;否则使用恢复鉴权数据在ME中进行鉴权运算,将运算结果发送到CS。2.5) If the data restoration fails, the authentication process ends and the PIM card error message is returned; otherwise, the authentication operation is performed in the ME using the restored authentication data, and the operation result is sent to the CS.

2.6)CS将ME所发运算结果与自己计算得出的结果比较,相同,鉴权通过;否则鉴权失败。2.6) The CS compares the operation result sent by the ME with the result calculated by itself, and if they are the same, the authentication passes; otherwise, the authentication fails.

三)ME定时数据检查和恢复,如图5所示,ME开机登记鉴权通过后,启动45分钟定时器。每45分钟,当ME在待机状态下时,ME根据需要依次读取鉴权数据和所有备份,经CRC校验找出正确有效的鉴权数据,重新写入鉴权数据和所有备份,如果找不到,返回PIM卡出错信息。3) ME timing data check and recovery, as shown in Figure 5, after the ME is powered on and registered and authenticated, a 45-minute timer is started. Every 45 minutes, when the ME is in the standby state, the ME reads the authentication data and all backups in turn according to the needs, finds out the correct and valid authentication data through CRC check, rewrites the authentication data and all backups, if found If not, return PIM card error information.

四)ME关机数据检查和恢复过程如图6,ME关机时,ME根据需要依次读取鉴权数据和所有备份,经CRC校验找出正确有效的鉴权数据,重新写入鉴权数据和所有备份,如果找不到,返回PIM卡出错信息。4) The ME shutdown data inspection and recovery process is shown in Figure 6. When the ME is shut down, the ME reads the authentication data and all backups in turn according to the needs, finds out the correct and valid authentication data through the CRC check, and rewrites the authentication data and All backups, if not found, return PIM card error message.

Claims (11)

1. the guard method of a PHS mobile communication PIM card authorization data comprises the PHS mobile communication is carried out authentication, it is characterized in that, and is further comprising the steps of:
Initial treatment: during the initial setting up user, write specific user data and authorization data;
Authentication process: when authentication takes place, carry out authentication;
Timing Processing: regularly carry out timing data inspection and recovery;
Shutdown is handled: shutdown process comprises shutdown data checks and recovering step;
User data that said write is specific and authorization data comprise specific user data write step and specific authorization data write step, be meant when user data or authorization data are write the PIM card, in PIM ID or authorization data, insert check digit, write corresponding document again, do a plurality of backups simultaneously, separately deposit.
2. according to the guard method of the described PHS mobile communication of claim 1 PIM card authorization data, it is characterized in that described authentication process may further comprise the steps:
2.1) when authentication took place, PHS mobile phone or fixed station read the file of depositing authorization data in its PIM card, parse authorization data and carry out verification;
2.2) if verification is passed through, continue to carry out the common authentication step of PHS mobile communication;
2.3) if verification not by then utilizing the authorization data backup of leaving the PIM card in to carry out data restore operation, if data are recovered failure, finishes authentication process, return PIM card error message; Otherwise use the authorization data that recovers, continue to carry out the common authentication step of PHS mobile communication.
3. according to the guard method of the described PHS mobile communication of claim 1 PIM card authorization data, it is characterized in that the authentication process of ME in the process of start registration may further comprise the steps:
3.1) the PIM card is inserted ME, ME start back sends the request of reading PIM ID file to the PIM card;
3.2) the PIM card sends PIM ID file to ME;
3.3) parse PIM ID and carry out CRC check;
3.4) if CRC check is passed through execution in step (3.6) then, otherwise carry out data restore operation;
3.5) if data are recovered successfully execution in step (3.6) then, otherwise the damage of explanation PIM card, end authentication process;
3.6) ME sends position register request to CS, this request comprises PIM ID;
3.7) CS sends authentication request to ME, passes to ME simultaneously and with authentication random number;
3.8) the execution authentication;
3.9) authentication passes through, CS passes to ME with the location registers acknowledge message; Failed authentication, CS passes to ME with the location registers failed message.
4. according to the guard method of the described PHS mobile communication of claim 2 PIM card authorization data, it is characterized in that, comprise in data restore operation described in the step (2.3):
4.1) read the authorization data backup of separately leaving PIM card diverse location in, parse authorization data and carry out verification;
4.2) if verification is not passed through, the authorization data backup does not run through, and returns step (4.1); Otherwise return data recovers mistake;
4.3) if verification is passed through, the CRC check sign indicating number of this authorization data correspondence is written on the ruined position.
5. according to the guard method of the described PHS mobile communication of claim 3 PIM card authorization data, it is characterized in that, comprise in data restore operation described in the step (3.4):
5.1) leave in the PIM ID backup of PIM card diverse location in, parse PIM ID and carry out verification;
5.2) verification do not pass through, the authorization data backup does not run through, and returns step (5.1); Otherwise return data recovers mistake;
5.3) if verification is passed through, the CRC check sign indicating number of this PIM ID correspondence is written on the ruined position.
6. according to the guard method of the described PHS mobile communication of claim 1 PIM card authorization data, it is characterized in that, is common authority at file described in described specific user data and the authorization data write step.
7. according to the guard method of the described PHS mobile communication of claim 1 PIM card authorization data; it is characterized in that; in described specific user data and authorization data write step, adopt 32 CRC check; with authorization data or PIM ID according to 4 byte packet; if 4 bytes of less than are then filled with " 0xff "; the check digit that calculates according to formula; check digit is placed on byte in back of each group, and described formula is f (x)=X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+ X^2+X^1+X^0.
8. according to the guard method of the described PHS mobile communication of claim 2 PIM card authorization data; it is characterized in that; reading described in the step (2.1) is one that reads in the authorization data backup of separately leaving PIM card diverse location in; and read one by one successively according to the priority orders of diverse location, described diverse location comprises from high to low the file that does not often use of priority, record that some file seldom uses and the reserved field of some file.
9. according to the guard method of claim 2 or 3 described PHS mobile communication PIM card authorization datas, it is characterized in that, described verification is meant that the authorization data that will parse is according to 4 byte packet, if 4 bytes of less than are then filled with " 0xff ", check digit that draws according to formula and described specific user data and the check digit described in the authorization data write step compare, and identical verification is passed through; The different check failure; Described formula is f (x)=X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+ X^2+X^1+X^0.
10. according to the guard method of the described PHS mobile communication of claim 1 PIM card authorization data, it is characterized in that described Timing Processing step comprises that regularly carrying out the CRC check finds out the step of correct authorization data and specific authorization data write step.
11. the guard method according to the described PHS mobile communication of claim 1 PIM card authorization data is characterized in that, described shutdown treatment step carries out the CRC check and finds out the step of correct authorization data and specific authorization data write step when comprising the ME shutdown.
CNB031131956A 2003-04-10 2003-04-10 A protection method for PHS mobile communication PIM card authentication data Expired - Fee Related CN100401814C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031131956A CN100401814C (en) 2003-04-10 2003-04-10 A protection method for PHS mobile communication PIM card authentication data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031131956A CN100401814C (en) 2003-04-10 2003-04-10 A protection method for PHS mobile communication PIM card authentication data

Publications (2)

Publication Number Publication Date
CN1536914A CN1536914A (en) 2004-10-13
CN100401814C true CN100401814C (en) 2008-07-09

Family

ID=34320001

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031131956A Expired - Fee Related CN100401814C (en) 2003-04-10 2003-04-10 A protection method for PHS mobile communication PIM card authentication data

Country Status (1)

Country Link
CN (1) CN100401814C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026840A (en) * 2007-01-18 2007-08-29 华为技术有限公司 Method for controlling user information for communication terminal and communication terminal executing control
DE102010044858B4 (en) * 2010-09-09 2012-04-19 Siemens Aktiengesellschaft A method for processing messages in a communication network from a plurality of network nodes
EP3319267B1 (en) 2015-07-01 2019-05-08 Hytera Communications Corporation Limited Wireless system access control method and device
CN114138562B (en) * 2021-12-03 2022-09-06 广东电力信息科技有限公司 Method and system for restoring data based on backup system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998031181A2 (en) * 1997-01-11 1998-07-16 Tandem Computers, Incorporated Method and apparatus for providing fraud protection mediation in a mobile telephone system
US6091946A (en) * 1995-05-12 2000-07-18 Nokia Telecommunications Oy Checking the access right of a subscriber equipment
US6138005A (en) * 1997-01-22 2000-10-24 Samsung Electronics Co., Ltd. Method for verifying personalization in mobile radio terminal
EP1083767A2 (en) * 1999-09-09 2001-03-14 Nokia Mobile Phones Ltd. Method and arrangement for controlling a mobile subscription in a mobile communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6091946A (en) * 1995-05-12 2000-07-18 Nokia Telecommunications Oy Checking the access right of a subscriber equipment
WO1998031181A2 (en) * 1997-01-11 1998-07-16 Tandem Computers, Incorporated Method and apparatus for providing fraud protection mediation in a mobile telephone system
US6138005A (en) * 1997-01-22 2000-10-24 Samsung Electronics Co., Ltd. Method for verifying personalization in mobile radio terminal
EP1083767A2 (en) * 1999-09-09 2001-03-14 Nokia Mobile Phones Ltd. Method and arrangement for controlling a mobile subscription in a mobile communication system

Also Published As

Publication number Publication date
CN1536914A (en) 2004-10-13

Similar Documents

Publication Publication Date Title
CN101076168B (en) Management method of intelligent terminal system and intelligent terminal
AU2010353673B2 (en) Managing method, device and terminal for application program
EP3346415A2 (en) Event attestation for an electronic device
CN114116305A (en) BIOS firmware recovery method, system, terminal and storage medium based on PFR
KR101443405B1 (en) Systems and methods for safeguarding data
CN102149074B (en) A kind of method that terminal and smart card are locked or unlock and device
CN101763318B (en) Data dumping method and data dumping device
CN100401814C (en) A protection method for PHS mobile communication PIM card authentication data
CN108256351B (en) File processing method and device, storage medium and terminal
WO2005088448A1 (en) Method and apparatus for reliable in-place update
CN119149292A (en) Program backup and upgrading method for multi-level embedded industrial control system
CN101431815B (en) Method, system and device for mobile terminal data backup and recovery
CN118916048B (en) Copy prevention system and copy prevention method
CN114968312B (en) Method, device and system for changing cap file of smart card
CN100438537C (en) Method and system for reuse and the reformatting of the old card of the mobile communication smart card
CN117131471B (en) A software Licesen verification method
CN113641662B (en) Credit database migration verification method
JP2008542941A (en) ITSOVC2 application monitor
KR101404051B1 (en) Method and apparatus for preventing unauthorized use of digital rights management contents in portable terminals
CN113538754A (en) CTID intelligent door lock authorization data management method and system
CN119004485A (en) UFS firmware upgrading method, system, equipment and medium
CN120935273A (en) BMS protocol adaptation method, system and storage medium based on CSV file
CN113949532A (en) Remote encryption upgrading method and system for Internet of things equipment
CN2852575Y (en) Mobile terminal with information recovery function
CN116149693A (en) Firmware upgrading method and device and terminal equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: ZTE CO., LTD.

Free format text: FORMER OWNER: NANJING BRANCH OF SHENZHEN ZTE CORPORATION

Effective date: 20050715

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20050715

Address after: 518057 Department of law, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen

Applicant after: ZTE Corporation

Address before: 210012, Bauhinia Road, Yuhua District, Jiangsu, Nanjing 68, China

Applicant before: Nanjing Branch Co., Zhongxing Communication Co., Ltd., Shenzen City

C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080709

Termination date: 20140410