A kind of guard method of PHS mobile communication PIM card authorization data
Technical field
The present invention relates to mobile communication, specifically, relate in the PHS mobile communication and the device-independent PIM card of ME, more particularly, relate to a kind of method that the authorization data that is stored in this PIM card is protected.
Background technology
In the PHS mobile communication system, the device-independent PIM card with ME is provided, realized separation between machine and card.In described PIM card, deposit user's authorization data, inserted optional PHS mobile phone of user or fixed station; And according to the existing general RCR STD-28 standard of PHS network, travelling carriage is wanted earlier executing location registration, authentication process when start, and success back network provides subscribed services for this user.Network provides for this user in the process of subscribed services, can require as required that the user registers, authentication.The kind of registration, authentication comprises that exhalation authentication, incoming call authentication etc. are a variety of, and all these all can use the subscription authentication data that leave in the PIM card.
The PIM card belongs to a kind of smart card that needs public data, by the file storage data; Described file comprises two classes: the super-ordinate right file that 1, needs super-ordinate right (as document creation person authority) to rewrite; 2, the common authority that only needs common authority to rewrite, the file of common authority has some clearance spaces or reserve bytes.This type of smart card, anyone can will leave data in the PIM card easily in by specific order and instrument and read and duplicate, and have authority also to delete and change.The authorization data of PIM card leaves the specified file of PIM card in, the file that present authorization data is deposited is divided into above-mentioned two kinds: leave the part authorization data in the super-ordinate right file in, in a single day the PIM card is made to finish and is sent in user's hand, and the general user does not have ability that this part authorization data is rewritten; Leave the part authorization data in the common authority in, the write permission of this file is lower, and this part authorization data is easily by rewriting, destroyed.
Summary of the invention
The technical problem to be solved in the present invention is; utilize some clearance spaces or the reserve bytes of common authority in the PIM card; in traditional authentication process, increase data CRC check and wrong recovery and protection process; a kind of guard method of PHS mobile communication PIM card authorization data is provided; the protection part is stored in the authorization data in the logical authority of PIM Kapp, reduces the situation of being rewritten and destroying.
The above-mentioned technical problem of the present invention solves like this, constructs a kind of guard method of PHS mobile communication PIM card authorization data, comprises the authentication process that the PHS mobile communication is common, it is characterized in that, and is further comprising the steps of:
Initial treatment: during the initial setting up user, write specific user data and authorization data;
Authentication process: when authentication takes place, carry out authentication;
Timing Processing: regularly carry out timing data inspection and recovery;
Shutdown is handled: shutdown process comprises shutdown data checks and recovering step;
User data that said write is specific and authorization data comprise specific user data write step and specific authorization data write step, be meant when user data or authorization data are write the PIM card, in PIM ID or authorization data, insert check digit, write corresponding document again, do a plurality of backups simultaneously, separately deposit.
According to the guard method of PHS mobile communication PIM card authorization data provided by the invention, described authentication process may further comprise the steps:
2.1) when authentication took place, PHS mobile phone or fixed station read the file of depositing authorization data in its PIM card, parse authorization data and carry out verification;
2.2) if verification is passed through, continue to carry out the common authentication step of PHS mobile communication;
2.3) if verification not by then utilizing the backup in the described initial processing step to carry out data restore operation, if data are recovered failure, finishes authentication process, return PIM card error message;
Otherwise use the authorization data that recovers, continue to carry out the common authentication step of PHS mobile communication.
According to the guard method of PHS mobile communication PIM card authorization data provided by the invention, the authentication process of ME in the process of start registration may further comprise the steps:
3.1) the PIM card is inserted ME, ME start back sends the request of reading PIM ID file to the PIM card;
3.2) the PIM card sends PIM ID file to ME;
3.3) parse PIM ID and carry out CRC check;
3.4) if CRC check is passed through execution in step (3.6) then, otherwise carry out data restore operation;
3.5) if data are recovered successfully execution in step (3.6) then, otherwise the damage of explanation PIM card, end authentication process;
3.6) ME sends position register request to CS, this request comprises PIM ID;
3.7) CS sends authentication request to ME, passes to ME simultaneously and with authentication random number;
3.8) the execution authentication;
3.9) authentication passes through, CS passes to ME with the location registers acknowledge message; Failed authentication, CS passes to ME with the location registers failed message.。
Guard method according to PHS mobile communication PIM card authorization data provided by the invention comprises in the described data restore operation of step (2.3):
4.1) read the authorization data backup of separately leaving PIM card diverse location in, parse authorization data and carry out verification;
4.2) if verification is not passed through, the authorization data backup does not run through, and returns step (4.1); Otherwise return data recovers mistake;
4.3) if verification is passed through, the CRC check sign indicating number of this authorization data correspondence is written on the ruined position
Guard method according to PHS mobile communication PIM card authorization data provided by the invention comprises in data restore operation described in the step (3.4):
5.1) leave in the PIM ID backup of PIM card diverse location in, parse PIMID and carry out verification;
5.2) verification do not pass through, the authorization data backup does not run through, and returns step (5.1); Otherwise return data recovers mistake;
5.3) if verification is passed through, the CRC check sign indicating number of this PIM ID correspondence is written on the ruined position.
Guard method according to PHS mobile communication PIM card authorization data provided by the invention is characterized in that, is common authority at file described in described specific user data and the authorization data write step.
Guard method according to PHS mobile communication PIM card authorization data provided by the invention; in method described in described specific user data and the authorization data write step is 32 CRC check; with authorization data or PIM ID according to 4 byte packet; if 4 bytes of less than are then filled with " 0xff "; the check digit that calculates according to formula; check digit is placed on byte in back of each group, described formula be f (x)=
X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0。
Guard method according to PHS mobile communication PIM card authorization data provided by the invention; in reading the authorization data backup of separately leaving PIM card diverse location in described in the step (2.1) one; be that priority orders according to diverse location reads successively one by one, described diverse location comprises three kinds of positions of the reserved field of from high to low the file that does not often use of priority, record that some file seldom uses and some file.
Guard method according to PHS mobile communication PIM card authorization data provided by the invention, described verification is meant that the authorization data that will parse is according to 4 byte packet, if 4 bytes of less than are then filled with " 0xff ", check digit that draws according to formula and described specific user data and the check digit described in the authorization data write step compare, and identical verification is passed through; The different check failure; Described formula be f (x)=
X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0。
According to the guard method of PHS mobile communication PIM card authorization data provided by the invention, described Timing Processing step comprises that regularly carrying out the CRC check finds out the step of correct authorization data and specific authorization data write step.
According to the guard method of PHS mobile communication PIM card authorization data provided by the invention, described shutdown treatment step carries out the CRC check and finds out the step of correct authorization data and specific authorization data write step when comprising the ME shutdown.
Implement the guard method of PHS mobile communication PIM card authorization data provided by the invention, utilization increases redundant PIM card authorization data, the verification that increases and the recovery process of having of CRC check sign indicating number, many places distribution in authentication process in the part of PIM Cavan, data checks and recovery process when increasing simultaneously regularly with shutdown, protected the authorization data that partly is stored in the logical authority of PIM Kapp, the situation that minimizing is rewritten and destroyed, further increase the robustness of separation between machine and card technology to a certain extent, be convenient to the popularization of separation between machine and card; Guarantee the integrality of authorization data, made authentication operations to carry out smoothly; Reduced because of authorization data damages and carried out maintenance times, not only reduced the cost of serving of Virtual network operator but also reduced user's trouble; Constructed protection PIM ID data above further utilizing simultaneously make the PIM card more reliable.
Description of drawings
Fig. 1 is the form schematic diagram of the authorization data of the inventive method use.
Fig. 2 is the schematic flow sheet that utilizes the inventive method that authorization data is tested.
Fig. 3 is the schematic flow sheet of recovery authorization data provided by the invention.
Fig. 4 is to be example with the SIM card, utilizes the inventive method to read the schematic flow sheet of authorization data backup.
Fig. 5 is the schematic flow sheet that utilizes the inventive method timing authorization data inspection and recovery.
Fig. 6 is the schematic flow sheet that utilizes the inventive method to carry out authorization data inspection and recovery when shutdown.
Embodiment
In conjunction with the accompanying drawings and embodiments, the inventive method is further launched.At first, illustrate that the main basic point of inventive method is as follows:
(1) CRC check:
1. write PIM ID and authorization data, wherein, the form of authorization data such as Fig. 1, authorization data is write in the file, because present embodiment has adopted 32 CRC check, therefore, the data that will write are according to 4 byte packet, if 4 bytes of less than are then filled with " 0xff ", last, according to check code generate formula " f (x)=
X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+ X^2+X^1+X^0 " draw byte in back that the original checksums position is placed on each group.Write PIM ID data method and to write the authorization data method consistent.
2. PIM ID and authorization data verification, its process as shown in Figure 2, authorization data CRC check step comprises: ME authentication, start and ME need do authorization data CRC check when the data checks of establishing, CRC checks beginning, ME reads authorization data and judges whether institute's read data is authorization data (judging by the authorization data flag bit that is provided with), is not to finish; Be, generate new check digit and the ME of formula generation according to described check code and read the original checksums bit comparison that authorization data reads in simultaneously, identical, return " upchecking "; Otherwise return " check failure ".CRC data check step and the authorization data CRC check step of PIM ID are similar.
(2) PIM ID and authorization data recover:
1. back up PIM ID and authorization data, leave in some clearance spaces or reserve bytes of common authority.
2. ought contain PIM ID or the authorization data original document is destroyed, CRC checks failure, carries out data and recovers.As Fig. 2, authorization data recovering step: read backup in common authority PIM ID and authorization data backup, return effective authorization data, recover original document with these data, otherwise return error message.As Fig. 3, the backup of reading of data described in the described authorization data recovering step, with the SIM card is example, in the SIM card of using GSM11.11 agreement gsm system, be authorization data backup the carrying out CRC check of reading successively as required in CCP, PLMNsel and the SMSS file, upcheck and directly return effective authorization data that described authorization data recovering step needs, otherwise continue to read, if all data backup CRC checks are all failed, return error message.
CCP file, this document have only a default record in the card of PHASE 1 and PHASE 2, priority is the highest;
The PLMNsel file, this document is general only can use 8 records, and default have only 1, and the user generally can not operate yet.The position that this document, authorization data are deposited is uncertain, needs to add extraneous information and labels, and priority secondly;
SMSS file, the reserved field of this document have ten bytes, but this field can rewrite when short message is full, and priority is minimum.
The guard method of the PHS mobile communication PIM card authorization data that proposes according to the present invention is described as follows one by one to each step: (ME is in the CS coverage)
One) ME start registration:
1.1) the PIM card is inserted among the ME of PHS mobile system, start back ME sends the request of depositing PIM ID data original document of reading to the PIM card;
1.2) the PIM card sends PIM ID data original document and issue ME;
1.3) parse PIM ID and carry out CRC check;
1.4) if by CRC check, execution in step (1.6) then, otherwise carry out PIM ID data restore operation;
1.5) if PIM ID data are recovered successfully execution in step (1.6) then, otherwise the end authentication process returns PIM card error message;
1.6) ME sends position register request to CS, this request comprises PIM ID;
1.7) CS sends authentication request to ME, and random number is passed to ME;
1.8) ME sends the request read the original document of depositing authorization data to the PIM card;
1.9) the PIM card issues ME with the authorization data original document;
1.10) parse authorization data and carry out CRC check;
1.11) if by CRC check, then carry out (1.13), recover otherwise carry out authorization data;
1.12) if authorization data recovers successfully, then carry out (1.13), otherwise finish authentication process, return PIM card error message, the ME registration failure;
1.13) ME carries out the FEAL algorithm according to random number with the authorization data AK that parses or the STEPHI algorithm produces authenticating result;
1.14) ME sends Authentication Response to CS, carries the authenticating result of its generation;
1.15) authenticating result is correct, CS passes to ME with the location registers acknowledge message; Otherwise ME registration failure.
Two) ME authentication: (ME start registration also has the ME authentication, is included in step (1.8)-(1.15))
2.1) breathe out, during authentication such as incoming call, PHS mobile system ME sends the request of reading the original document of depositing authorization data to the PIM card;
2.2) parse authorization data and carry out CRC check;
2.3) if verification is passed through, then use authorization data in PHS mobile system ME, to carry out the authentication computing, operation result is sent to CS.
2.4) if verification does not have by then carrying out the authorization data recovery operation;
2.5) if recovering failure, data then finish authentication process, return PIM card error message; Otherwise use the recovery authorization data in ME, to carry out the authentication computing, operation result is sent to CS.
2.6) CS calculates result and the result's comparison that oneself calculates with ME institute shipping, identical, authentication is passed through; Otherwise failed authentication.
Three) the ME timing data is checked and is recovered, and as shown in Figure 5, after ME start registration authentication is passed through, starts 45 minutes timers.Per 45 minutes, when ME in holding state following time, ME reads authorization data and all backups as required successively, finds out correct effectively authorization data through CRC check, writes authorization data and all backups again, if can not find, returns PIM card error message.
Four) ME shutdown data checks and recovery process such as Fig. 6, during the ME shutdown, ME reads authorization data and all backups as required successively, find out correct effectively authorization data through CRC check, again write authorization data and all backups,, return PIM card error message if can not find.