CN100473195C - Encrypted card and its application method in mobile terminal - Google Patents

Encrypted card and its application method in mobile terminal Download PDF

Info

Publication number
CN100473195C
CN100473195C CNB011380888A CN01138088A CN100473195C CN 100473195 C CN100473195 C CN 100473195C CN B011380888 A CNB011380888 A CN B011380888A CN 01138088 A CN01138088 A CN 01138088A CN 100473195 C CN100473195 C CN 100473195C
Authority
CN
China
Prior art keywords
encrypted card
authentication
portable terminal
self
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB011380888A
Other languages
Chinese (zh)
Other versions
CN1430442A (en
Inventor
朱龙明
何伟
肖荣建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNB011380888A priority Critical patent/CN100473195C/en
Publication of CN1430442A publication Critical patent/CN1430442A/en
Application granted granted Critical
Publication of CN100473195C publication Critical patent/CN100473195C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Abstract

An encryption card includes a processing unit, a storage unit, a connection interface drive and a connection interface for encryption card. A method of its application used in mobile terminal is to connect encryption card connection interface with mobile terminal as well as storing unit and connection interface drive to be connected with the processing unit through two-way bus. The present invention only adds encryption card connection interface on the existing mobile terminal, then encryption card in different encryption method can be set up and supported with encryption and connection interface to connect both for supporting specialized encryption service. It can make general mobile terminal extend to be an encryption terminal.

Description

A kind of encrypted card and the application process in portable terminal thereof
Technical field
The present invention relates to secure service and mobile communication system, relate in particular to encrypted card and the application process in portable terminal thereof.
Background technology
The major function that the communication system portable terminal provides is voice communication, and the part portable terminal has its communication ability.General portable terminal provides the interface of a SIM or UIM, is used for external SIM or UIM module, and the interface of SIM or UIM perhaps is not provided, direct built-in SIM or UIM module; The part portable terminal provides a data communication interface in addition, supports data communication.
Existing general mobile terminal is not supported coded communication, must be the new terminal of secure service manufacturing specially.Secure service is realized the method for encrypting difference, existing encryption technology all provides special-purpose encryption method, different encryption methods such as frequency hopping, content-encrypt are provided, at the portable terminal of supporting secure service after manufacturing, can not realize the upgrading of encryption method, can not change encryption method, be necessary for the particular type terminal that the encryption method that secure service uses is supported in each secure service manufacturing.In addition, encryption method is solidificated in the portable terminal, can not change encryption method, and illegal user can also analyze encryption method by dissecting portable terminal, and fail safe and confidentiality are not strong.
Summary of the invention
The technical assignment that the present invention will solve provides a kind of encrypted card, can can support coded communication at portable terminal, and have upgradability by carrying out the transmission of data and control with the interface of portable terminal, can support multiple secure service, have strong security, safe and general characteristics.
Another task of the present invention provides the method that encrypted card is used in portable terminal, make portable terminal just not need to customize especially and can realize secure service as required flexibly.
Encrypted card of the present invention comprises that processing unit, memory cell, encrypted card connecting interface drive and the encrypted card connecting interface; Described encrypted card connecting interface connects with portable terminal; Memory cell drives with connecting interface and links to each other with processing unit by bidirectional bus.
Described encrypted card can also comprise the self-destruction control unit, links to each other with processing unit by bidirectional bus, connects memory cell by control line simultaneously.
Encrypted card of the present invention application process in portable terminal mainly comprises:
(1) in the interface of portable terminal, encrypted card is installed;
(2) authentication that conducts interviews;
(3) judge whether to start encrypted card;
(4) if do not need to start, then portable terminal enters common call flow;
(5) start if desired, then encrypted card enters operating state: portable terminal sends to encrypted card to the packet that receives and carries out the encryption and decryption processing, and then receives the result of encrypted card.
Can also comprise between described step (1) and (2): judge whether to start encrypted card and mobile terminal binding, if do not start, execution in step (2) then; If start binding, judge then whether current terminal is the binding terminal, if, execution in step (2) then, if not, then processing unit will be deleted memory cell content, transmitting control commands is given the self-destruction control unit, starts self-destroying function, the disable memory cells input and output.
The access authentication of described step (2) can comprise: if authentication is incorrect, the authentication number of attempt adds 1, if surpass set number of attempt restriction, or above the time of setting, processing unit will be deleted memory cell content, transmitting control commands is given the self-destruction control unit, starts self-destroying function, the disable memory cells input and output.
Shown in step (4) if do not need to start, can also increase to judge: judge whether to need to revise encrypted card; If start and revise authentication; If the modification failed authentication, then processing unit will be deleted memory cell content, and transmitting control commands is given the self-destruction control unit, start self-destroying function, the disable memory cells input and output; If revise the authentication success, then revise the encrypted card parameter according to user's needs, or the algorithm of programming encrypted card, or the upgrading authentication arithmetic.
Compared with prior art, encrypted card of the present invention and the application process in portable terminal thereof, only need increase the encrypted card connecting interface at existing portable terminal, the encrypted card of supporting different encryption methods just can be installed, both link to each other by the encrypted card connecting interface, can support specific secure service.Like this, can use general mobile terminal to expand to the encryption terminal, cost and practicality are guaranteed; Adopt encrypted card in addition, the encrypted card of can programming changes cryptographic algorithm or encryption key, has increased the scope of application of encrypted card, has improved the encrypted card flexibility, can adapt to more application conditions.Further, the method for authenticating that the present invention adopts damaging the encrypted card module under the situation of failure or under the situation about illegally reading, has improved the confidentiality of encryption method.
Description of drawings
Fig. 1 is the encrypted card schematic diagram that the present invention proposes.
Fig. 2 is the encrypted card workflow.
Fig. 3 is to be the application of example explanation encrypted card in portable terminal with the voice encryption business.
Embodiment
Be described in further detail below in conjunction with the enforcement of accompanying drawing technical scheme:
As shown in Figure 1, encrypted card comprises that processing unit, memory cell, encrypted card connecting interface drive and the encrypted card connecting interface.Encrypted card connects with portable terminal by the encrypted card connecting interface, and the encrypted card connecting interface is similar to the interface of SIM or UIM module and portable terminal.The encrypted card connecting interface provides data and the control channel between portable terminal and the encrypted card module, and the power supply of encrypted card module is provided.Simultaneously, the encrypted card connecting interface on the encrypted card is the data channel of visit encrypted card, can revise the parameter of encrypted card by encrypted card connecting interface programming encrypted card.Memory cell comprises: the encrypted card parameter storage unit, be used for the parameter of storage encryption card, and the content, level of type, the processing of encrypted card etc. are described, program storage unit (PSU), storage encryption handling procedure, authentication procedure; The encryption parameter memory cell is used for the parameter that storage encryption uses; Also comprise temporary storage location in addition, the intermediate object program that storage processing unit is handled.Processing unit is the control centre of encrypted card, carries out corresponding program, finishes the processing capacity of various needs, comprises encryption, authentication.The encrypted card interface drives, memory cell links to each other with processing unit by bidirectional bus.
In order to improve the fail safe of encrypted card, can also in encrypted card, increase the self-destruction control unit.The user is essential can to use the setting of encrypted card card parameter region by after the authentication, and the processing of signaling can be provided, finish special secure service foundation, keep and remove.If failed authentication, processing unit will be deleted memory cell content, and transmitting control commands is given the self-destruction control unit, start self-destroying function, the disable memory cells input and output.In addition,, for example, attempt under undelegated situation, to read, revise the content of encrypted card, also can start the damage function, destroy encrypted card automatically for unauthorized access.Further, in order to prevent that unauthorized portable terminal from using encrypted card, encrypted card can and mobile terminal binding, the parameter of encrypted card is set, when starting encrypted card, carry out the portable terminal authentication, if the unbundling portable terminal can be damaged encrypted card, avoid unauthorized portable terminal to use giving away secrets that encrypted card causes.
During the upgrade encryption card, the inner memory cell of encrypted card connecting interface programming be can use, cryptographic algorithm, encryption parameter and encrypted card parameter changed; Can revise, add function by the program memory cell equally.
The encrypted card connecting interface is a low profile interface, and encrypted card module and SIM or UIM module class seemingly are directly installed on portable terminal inside, the chip of encrypted card module directly is encapsulated in inside, the volume ratio of encrypted card module is less, the compact conformation of portable terminal, and big variation does not take place in external form.The encrypted card module is installed in inside, is not rubbed, the influence of external force such as collision, connects reliable.Encrypted card module volume is little, is difficult for partition, helps maintaining secrecy of technology and encrypted card module contents.
As shown in Figure 2, the installation of encrypted card module and the flow process of starting working are, the power supply that at first needs turning-off mobile terminal, the encrypted card module is installed, open the portable terminal power supply then, update mobile terminal software upgrading terminals software at first if desired, set portable terminal according to the needs of encrypted card module then, start the driving of encrypted card, revise business processing flow, the encrypted card module is started working: judge at first whether encrypted card starts portable terminal and encrypted card binding, if binding, judge whether it is the binding terminal, otherwise start damage function, encrypted card self-destruction.If bind terminal or do not start portable terminal and the encrypted card binding, authentication conducts interviews.Wait for user's input, carry out authentication, if not input starts and waits for, wait timeout starts the damage function, the encrypted card self-destruction.If the authentication input is arranged, carry out authentication, authentication is incorrect, and the authentication number of attempt adds 1, if surpass set number of attempt restriction, starts the damage function, the encrypted card self-destruction.If authentication is correct, judge whether it is to start encrypted card, if encrypted card is started working.If not, judge whether to need to revise encrypted card, if start and revise authentication.Wait for user's input, carry out authentication, if not input starts and waits for, wait timeout starts the damage function, the encrypted card self-destruction.If the authentication input is arranged, carry out authentication, authentication is incorrect, and the authentication number of attempt adds 1, if surpass set number of attempt restriction, starts the damage function, the encrypted card self-destruction.After authentication is correct, just can revise the encrypted card parameter, the algorithm of programming encrypted card, upgrading authentication arithmetic or the like.
After the encrypted card module was started working, when bringing into use secure service, portable terminal was needing the data of encryption and decryption to send to encrypted card, reception result.If the encryption function of encrypted card module expansion needs the signaling support, portable terminal can be supported signaling is sent to the encrypted card resume module so, and a result who handles is sent to connecting system carries out Signalling exchange.
Be the use of example explanation encrypted card below with the voice encryption business.As Fig. 3, after successfully starting encrypted card, if calling is arranged, the beginning service negotiation if not the encrypted speech business, distributes the vocoder of portable terminal inside.If the encrypted speech business, start voice encryption, the decipher function of encrypted card so.Portable terminal is needing the VoP of Code And Decode to send to encrypted card by the encrypted card connecting interface, and encrypted card carries out voice encryption, deciphering, the portable terminal reception result.Behind end of calling, stop the work of encrypted card.
Simultaneously, encrypted card inside can built-in portable terminal and the secure service access authentication algorithm of system.When carrying out service negotiation, can carry out the authentication of system encryption service access.If failed authentication can not carry out secure service.Encrypted card is by the failure of portable terminal prompting access authentication.System's access authentication number of attempt adds 1 in the encrypted card of failure back.After system's access authentication number of attempt goes beyond the limit, cannot carry out the authentication that secure service inserts, must revise the access authentication number of attempt of encrypted card and could attempt once more, correct authentication arithmetic is provided, can use secure service by authentication.
In addition, the authentication arithmetic that encrypted card inside can built-in portable terminal be connected with portable terminal provides between the portable terminal authentication end to end.When carrying out service negotiation, can carry out the authentication that portable terminal is connected with portable terminal.If failed authentication, two portable terminals can not connect, and can not carry out secure service.Encrypted card is connected failed authentication by portable terminal prompting portable terminal with portable terminal.Portable terminal is connected the authentication number of attempt and adds 1 in the encrypted card of failure back with portable terminal.After portable terminal is connected number of attempt with portable terminal and goes beyond the limit, cannot apply for secure service, the portable terminal that must revise encrypted card is connected number of attempt could be attempted once more with portable terminal, and correct authentication arithmetic is provided, and can use secure service by authentication.

Claims (6)

1, a kind of encrypted card is characterized in that, comprises that processing unit, memory cell, encrypted card connecting interface drive and the encrypted card connecting interface; Described encrypted card connecting interface connects with portable terminal; Memory cell drives with connecting interface and links to each other with processing unit by bidirectional bus; Also comprise the self-destruction control unit, link to each other with processing unit, connect memory cell by control line simultaneously by bidirectional bus;
Described processing unit is the control centre of encrypted card, carries out corresponding program, finishes the processing capacity of various needs;
Described memory cell comprises: the encrypted card parameter storage unit is used for the parameter of storage encryption card; Program storage unit (PSU), storage encryption handling procedure, authentication procedure; The encryption parameter memory cell is used for the parameter that storage encryption uses;
Described encrypted card connecting interface provides data and the control channel between portable terminal and the encrypted card module, and the power supply of encrypted card module is provided;
Described self-destruction control unit, be used to finish special secure service foundation, keep and remove.
2, encrypted card as claimed in claim 1 application process in portable terminal is characterized in that, mainly comprises:
(1) in the interface of portable terminal, encrypted card is installed;
(2) authentication that conducts interviews;
(3) judge whether to start encrypted card;
(4) if do not need to start, then portable terminal enters common call flow;
(5) start if desired, then encrypted card enters operating state: portable terminal sends to encrypted card to the packet that receives and carries out the encryption and decryption processing, and then receives the result of encrypted card.
3, method as claimed in claim 2 is characterized in that, can also comprise between described step (1) and (2): judge whether to start encrypted card and mobile terminal binding, if do not start, and execution in step (2) then; If start binding, judge then whether current terminal is the binding terminal, if, execution in step (2) then, if not, then processing unit will be deleted memory cell content, transmitting control commands is given the self-destruction control unit, starts self-destroying function, the disable memory cells input and output.
4, method as claimed in claim 2, it is characterized in that, the access authentication of described step (2) can comprise: if authentication is incorrect, the authentication number of attempt adds 1, if surpass set number of attempt restriction, or surpasses the time of setting, processing unit will be deleted memory cell content, transmitting control commands is given the self-destruction control unit, starts self-destroying function, the disable memory cells input and output.
5, method as claimed in claim 3, it is characterized in that, the access authentication of described step (2) can comprise: if authentication is incorrect, the authentication number of attempt adds 1, if surpass set number of attempt restriction, or surpasses the time of setting, processing unit will be deleted memory cell content, transmitting control commands is given the self-destruction control unit, starts self-destroying function, the disable memory cells input and output.
As the described method of one of claim 2-4, it is characterized in that 6, described step (4) can also increase to judge if do not need to start: judge whether to need to revise encrypted card; If start and revise authentication; If the modification failed authentication, then processing unit will be deleted memory cell content, and transmitting control commands is given the self-destruction control unit, start self-destroying function, the disable memory cells input and output; If revise the authentication success, then revise the encrypted card parameter according to user's needs, or the algorithm of programming encrypted card, or the upgrading authentication arithmetic.
CNB011380888A 2001-12-30 2001-12-30 Encrypted card and its application method in mobile terminal Expired - Fee Related CN100473195C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB011380888A CN100473195C (en) 2001-12-30 2001-12-30 Encrypted card and its application method in mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB011380888A CN100473195C (en) 2001-12-30 2001-12-30 Encrypted card and its application method in mobile terminal

Publications (2)

Publication Number Publication Date
CN1430442A CN1430442A (en) 2003-07-16
CN100473195C true CN100473195C (en) 2009-03-25

Family

ID=4674375

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB011380888A Expired - Fee Related CN100473195C (en) 2001-12-30 2001-12-30 Encrypted card and its application method in mobile terminal

Country Status (1)

Country Link
CN (1) CN100473195C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010145337A1 (en) * 2009-11-05 2010-12-23 中兴通讯股份有限公司 Encryption device and method for controlling download and access of mobile terminal

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100352302C (en) * 2005-06-28 2007-11-28 熊猫电子集团有限公司 Mobile terminal having double call functions of public call and privacy call
CN101098540B (en) * 2006-06-27 2012-05-23 国民技术股份有限公司 Encrypting chip based mobile terminal network-locking method
CN101141442B (en) * 2006-09-07 2010-10-06 普天信息技术研究院 System and method for implementing memory card function service
CN102270183A (en) * 2011-07-08 2011-12-07 宇龙计算机通信科技(深圳)有限公司 Method and device for increasing security of data card
CN105653986B (en) * 2015-12-25 2018-11-16 成都三零嘉微电子有限公司 A kind of data guard method and device based on microSD card
CN108449181A (en) * 2018-04-03 2018-08-24 深圳市宝尔爱迪科技有限公司 Terminal device with encryption system and its system start method
CN113645626A (en) * 2020-04-27 2021-11-12 成都鼎桥通信技术有限公司 Method for improving terminal security
CN112507397B (en) * 2020-11-23 2023-03-14 中国人民解放军战略支援部队信息工程大学 Microprocessor firmware information protection method based on information encryption
CN115659421B (en) * 2022-11-10 2023-07-04 北京中航科电测控技术股份有限公司 Multi-architecture special-purpose card compatible platform of computer platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5742756A (en) * 1996-02-12 1998-04-21 Microsoft Corporation System and method of using smart cards to perform security-critical operations requiring user authorization
CN2383149Y (en) * 1999-08-13 2000-06-14 王本中 Encrypt device for computer hard disc
CN1342007A (en) * 2000-09-05 2002-03-27 深圳市中兴集成电路设计有限责任公司 New scrambler

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5742756A (en) * 1996-02-12 1998-04-21 Microsoft Corporation System and method of using smart cards to perform security-critical operations requiring user authorization
CN2383149Y (en) * 1999-08-13 2000-06-14 王本中 Encrypt device for computer hard disc
CN1342007A (en) * 2000-09-05 2002-03-27 深圳市中兴集成电路设计有限责任公司 New scrambler

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010145337A1 (en) * 2009-11-05 2010-12-23 中兴通讯股份有限公司 Encryption device and method for controlling download and access of mobile terminal
US8661239B2 (en) 2009-11-05 2014-02-25 Zte Corporation Encryption device and method for controlling download and access operations performed to a mobile terminal

Also Published As

Publication number Publication date
CN1430442A (en) 2003-07-16

Similar Documents

Publication Publication Date Title
RU2258324C2 (en) Method for activation of pki functions on intellectual card
CN101583124B (en) Authentication method and system of subscriber identity module and terminal
CN101527630B (en) Method, server and system for manufacturing certificate remotely
US6504932B1 (en) Method of transferring information between a subscriber identification module and a radiocommunication mobile terminal, and a corresponding subscriber identification module and mobile terminal
CN101141718B (en) Mobile terminal card-locking method
CN100473195C (en) Encrypted card and its application method in mobile terminal
CN101568119A (en) Mobile terminal with antitheft function and antitheft method thereof
CN102790819A (en) Mobile terminal capable of protecting privacy and method
ES2314298T3 (en) PROCEDURE AND SUBSTANCE TO CONTROL RESOURCES THROUGH A MOBILE TERMINAL, AN ASSOCIATED NETWORK AND A COMPUTER PROGRAM PRODUCT OF THE SAME.
ES2694953T3 (en) Procedure for customizing a security module of a telecommunication terminal device
CN1980428B (en) Method for mobile terminal to automatically encipher and automatically protect subscriber identifying module
CN102149083A (en) Personalized card writing method, system and device
CN105491511A (en) Bluetooth device matching method, Bluetooth device and Bluetooth device matching system
EP0580432B1 (en) Mobile communication terminal device and method of preventing improper rewriting of information
CN102521169B (en) Confidential USB (universal serial bus) memory disk with display screen and security control method of confidential USB memory disk
CN114448727A (en) Information processing method and system based on industrial internet identification analysis system
CN103200562A (en) Communication terminal locking method and communication terminal
KR100628048B1 (en) Method for Changing SIM Lock Information in Wireless Communication Device
CN103119600A (en) Information processing device, method of controlling information processing device, information processing device control program and computer readable recording medium with information processing device control program recorded thereon
CN110349316A (en) A kind of visitor's access control system and control method
CN105787319A (en) Iris recognition-based portable terminal and method for same
JPH08314805A (en) System for preventing portable radio terminal from being illegally used and method for executing the same
CN103379478A (en) Control method, control system, client terminal and server
CN102667806A (en) A chip card, an electronic system, a method being implemented by a chip card and a computer program product
US8533776B2 (en) Method and system for binding a device to a planar

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090325

Termination date: 20131230