WO2012106878A1 - Information security processing method and device - Google Patents

Information security processing method and device Download PDF

Info

Publication number
WO2012106878A1
WO2012106878A1 PCT/CN2011/076998 CN2011076998W WO2012106878A1 WO 2012106878 A1 WO2012106878 A1 WO 2012106878A1 CN 2011076998 W CN2011076998 W CN 2011076998W WO 2012106878 A1 WO2012106878 A1 WO 2012106878A1
Authority
WO
WIPO (PCT)
Prior art keywords
algorithm
code
feature code
device feature
processed
Prior art date
Application number
PCT/CN2011/076998
Other languages
French (fr)
Chinese (zh)
Inventor
马涛
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2011/076998 priority Critical patent/WO2012106878A1/en
Priority to CN2011800011388A priority patent/CN102301381A/en
Publication of WO2012106878A1 publication Critical patent/WO2012106878A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to the field of communication technologies, and more particularly to a method and apparatus for information security processing. Background technique
  • Smart Card or IC Card which widely uses chip identification information, covers communications, financial finance, social insurance, transportation, hospitality, health care, government administration, merchandising, entertainment, school management, and other fields. .
  • the use of smart cards or IC cards brings great convenience to people.
  • Smart cards or IC cards in this area store some confidential data, which is required to be illegally altered.
  • the confidential data described here is different from the user private data.
  • the confidential data is set by the manufacturer or the operator to ensure the interests of the manufacturer, the operator and the user, but the user does not have the authority to modify and shield the data. . Therefore, the device needs to provide a method to ensure the security of the confidential data, and it is necessary to consider the legal authorization modification while ensuring data security.
  • some illegal users have made damage to the interests of manufacturers, operators and users by modifying the tomb, stealing and copying the confidential data on the smart card or IC card for the copying or hacking of the smart card or IC card. Therefore, the existing information security processing method has a low security level and is easily copied or hacked by illegal users. Summary of the invention
  • the invention provides a method and device for information security processing, which can realize a high security level information security processing function.
  • a method for information security processing comprising: storing a device code of a device or a code of a device feature code in a write-once area of a chip of the device to establish a lock between the device and the device feature code Relationship, wherein the change code of the device feature code is a part of the device feature code, the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, and a part of the device feature code processed by the algorithm Or a part of a part of the device feature code processed by the algorithm; checking the locking relationship between the device and the device feature code, when it is verified that the device code or the device code change code does not match the device, the device does not work normally, or When it is verified that the change code of the device feature code or the device feature code matches the device, the device is normally working. Work.
  • an apparatus for information security processing comprising a first storage unit and a verification unit, wherein the first storage unit is configured to store a device signature or a device signature in a write-once area of a chip of the device a change code to establish a locking relationship between the device and the device feature code, wherein the device code change code is a part of the device feature code, the algorithm processed device feature code, a part of the device processed feature code processed by the algorithm, and processed by the algorithm a portion of the device signature, a portion of the algorithm-processed device signature or a portion of the algorithm-processed portion of the device signature; the verification unit is configured to verify the locking relationship between the device and the device signature, when the device signature is verified or When the change code of the device feature code does not match the device, the device does not work normally, or when it is verified that the device code or the device code change code matches the device, the device works normally.
  • the device signature code or the device signature code change code can be stored in the write-once area of the chip of the device, thereby realizing a high security level information security processing function, effectively preventing illegal users from copying or hacking, and protecting the manufacturer. , the interests of operators and users.
  • FIG. 1 is a flow chart of a method of information security processing in accordance with an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of an example of a method of information security processing according to an embodiment of the present invention.
  • 3 is a schematic diagram of another example of a method of information security processing according to an embodiment of the present invention.
  • 4 is a block diagram of an apparatus for information security processing in accordance with an embodiment of the present invention.
  • FIG. 5 is a block diagram of an apparatus for information security processing in accordance with another embodiment of the present invention. detailed description
  • 11 is a change code of a device feature code or a device feature code in a write-once area of a chip of the device to establish a locking relationship between the device and the device feature code, wherein the device code change code is a part of the device A feature code, an algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
  • the write-once area of the chip of the device can be a one-time programmable non-volatile memory module, such as an electrical fuse (Electrical Fuse, EFUSE).
  • an electrical fuse Electrical Fuse, EFUSE
  • the hardware correspondence relationship between the chip and the device signature or the change code of the device signature is established.
  • the device feature code may be a card number of various smart cards or IC cards.
  • an International Mobile Equipment Identity (IMEI) for example, an International Mobile Equipment Identity (IMEI), a user identity module SIM card number , bank card number, traffic card number, social security card number, ID card number, driving 3 history card number or medical insurance card number.
  • IMEI International Mobile Equipment Identity
  • SIM card number for example, a user identity module SIM card number , bank card number, traffic card number, social security card number, ID card number, driving 3 history card number or medical insurance card number.
  • all device feature codes can be stored in the write-once area of the chip of the device.
  • the change code of the device signature can be stored due to the limited storage space of the chip or to further increase the security performance. For example: a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of a portion of the device feature code processed by the algorithm.
  • Algorithm processing involves processing using a hash algorithm or its derived algorithm.
  • the locking relationship between the verification device and the device signature when it is verified that the device signature or the device signature does not match the device, the device does not work normally, or when the device signature or device is verified When the change code of the signature matches the device, the device works normally.
  • the locking relationship between the device and the device signature is verified. If it is verified that the device signature stored in the chip does not match the device, the device does not work properly.
  • the device feature code referred to herein does not match the device.
  • the device feature code does not match the chip of the device. For example, if the device is replaced with a chip, or the device signature stored in the chip or the code of the device signature is changed by the tomb, the locking relationship between the device and the device signature will be broken. If the test passes, the device will work properly.
  • the device signature code or the device code change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, thereby realizing high-security information security processing. , effectively protect the interests of producers, operators and users.
  • a communication carrier sells a designated terminal at a preferential price or service, and Specify the service period for this terminal.
  • the operator needs to activate the lock card function (called SimLock) for the terminal that adopts its subsidy. Specifically, it is to lock the subsidized terminal.
  • SimLock the lock card function
  • the operator identity module Subscriber Identity Module
  • SIM card only the operator identity module (Subscriber Identity Module) is called the SIM card. ) can be used on this terminal.
  • the terminal after SimLock can recognize any SIM card, including SIM cards from other operators.
  • the unlocking of the SIM card after the lock-up period expires is a function required by law.
  • the existing terminal lock card function is poor in security, and the terminal is easily unlocked during the service period, and other services are used, which causes loss to the original operator's interests.
  • the terminal software version is upgraded in order to release SimLock, the operator needs to generate different versions, so that the terminal can re-upgrade the software version, resulting in a large workload for the operator.
  • the present invention provides another method of information security processing.
  • FIG. 2 is a schematic diagram of an example 20 of a method of information security processing in accordance with an embodiment of the present invention.
  • the embodiment of the present invention is described by taking a terminal in the mobile communication technology as an example, but the apparatus that can perform the example 20 in the embodiment of the present invention is not limited thereto.
  • FIG. 21 of FIG. 2 is similar to 11 of FIG. 1, storing a device code of a feature code or a device feature code in a write-once area of a chip of the device to establish a locking relationship between the device and the device feature code, wherein the device feature code
  • the change code is a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
  • IMEI International Mobile Equipment Identity Code. It is an "electronic serial number" consisting of 15 digits, which corresponds to each terminal, and the code is unique worldwide.
  • the IMEI is the device feature code of the terminal. Each terminal will be assigned a globally unique set of numbers after assembly, and this number will be recorded by the manufacturer of the manufacturing from production to delivery.
  • IMEI is a 15-digit value whose structure is TAC (6 digits) + FAC (two digits) + SNR (6 digits) + SP (1 digit).
  • TAC equipment type approval number
  • FAC factory assembly code
  • SNR serial number
  • SP spare code used for backup.
  • CS Customer Information Setting
  • EFUSE is a one-time programmable non-volatile memory module.
  • the IMEI is stored in the chip EFUSE, thus establishing the hardware correspondence between the chip and the IMEI, and implementing the binding processing.
  • the SNR of each mobile phone is different. It can be seen that the most meaningful for a batch of shipments is the SNR field, with a value range of 0-1,000,000.
  • the SNR is converted to hexadecimal, which is expressed as follows.
  • IMEI information for example, hexadecimal IMEI (OxAAAAA) corresponding to each terminal SNR, may be stored in the chip EFUSE.
  • all or a part of the IMEI information may be processed by a hash (HASH) algorithm or a hash algorithm, and the processed value is stored as a change code on the chip EFUSE. Or, a part of the value obtained after the processing is stored as a change code in the chip EFUSE.
  • HASH hash
  • a part of the value obtained after the processing is stored as a change code in the chip EFUSE.
  • lock card key parameter carrying the lock card identification information
  • the lock card key parameter is stored in a non-volatile parameter, file or database set in the non-malidata data area.
  • the lock card identification information indicates that the device is a lock card device, and when the device is successfully unlocked, the lock card identification information is replaced by the decrypted information.
  • the decryption information is generated by performing an encryption algorithm using a device signature or a variation code of the device signature.
  • the encryption and decryption algorithm can adopt a security algorithm, such as Message Digest Alogorithm (MD9).
  • MD9 algorithm generates a unique corresponding decryption information for each IMEI, and the generated decoding information is 8 bytes.
  • an encryption server is configured.
  • each IMEI is read by the MD9 algorithm, and corresponding decryption information is generated and stored on the encryption server.
  • the encryption may also employ an asymmetric encryption and decryption algorithm.
  • the RSA algorithm is a kind of asymmetric encryption and decryption algorithm. The following uses the RSA algorithm as an example to expand the description.
  • RSA algorithm encryption is performed by using a pair of 1024-bit, 128-byte public key (Key-Public) and private key (Key-Private).
  • the RSA algorithm encryption step is divided into the following two steps.
  • the data to be encrypted C is a linear transformation of A (IMEI of the terminal) and B (Key-Public, public key), and the length is 128 bytes.
  • C fl(A, B)
  • D Encrypt(Key-Private, C), through the RSA algorithm, encrypts the data C with Key-Private to obtain the decrypted information D.
  • the decryption information D is used to unlock the terminal lock function, and the length is 128 bytes.
  • the non-volatile value (NV) of the terminal's SimLock includes:
  • the lock status parameter (the cartridge is called CardlockStatus) is used to save whether to support SimLock (lock card function) ( For example, the default value of 2 means that the lock card function is turned off, and 1 means that the lock card function is turned on.
  • the lock card service parameter (CustomizeSimLockPlmnlnfo) is used to configure the start address of the Public Land Mobility Network (PLMN) that needs to be locked.
  • PLMN Public Land Mobility Network
  • the lock card function of multiple PLMN segments is supported. For example, for a specific operator, you can lock the group 135820xxxxx, which means that the number segment at the beginning of 135820 is locked, or 135831xxxxx means that the number segment at the beginning of 135831 is locked.
  • the SIMLock-related content CardlockStatus, CustomizeSimLockPlmnlnfo is saved as confidential data.
  • the confidential data is set by the manufacturer or operator to ensure the interests of the manufacturer, operator and user, but the user does not have the authority to modify and shield the data.
  • CardlockStatus is set to 1 and CustomizeSimLockPlmnlnfo fills in the PLMN number segment that needs to be locked.
  • the terminal Before the device leaves the factory, the terminal stores the lock card identification information to indicate that the device is a lock card terminal.
  • the terminal generates a parameter: the lock card key parameter (the cartridge is called CardLockKey) to carry the lock card identification information.
  • the lock key parameter storage method includes NV, file or database stored in the non-malidata data area, and the size can be reserved according to different encryption and decryption technologies, for example, 8 bytes or 128 bytes, when the SimLock is released. To save the corresponding decryption information of this IMEI. Users can modify or functionally block data on non-critical data areas.
  • CardlockStatus Set 1
  • CustomizeSimLockPlmnlnfo to fill in the PLMN number segment that needs to be locked.
  • CardLockKey to the default value.
  • This default value is also the lock card identification information, for example, an 8-bit full F or a 128-byte full F.
  • the values herein are for illustrative purposes only and may be any other values.
  • the database including the IMEI and the corresponding decrypted information is simultaneously provided to the operator (the contents of the database include the C and D data of each terminal).
  • the database including the IMEI and the corresponding decryption is simultaneously provided to the operator (the content of the database includes the C and D data of each terminal), so that the decryption information is used when the SimLock is released. D replaces the lock card identification information (128 bytes of full F).
  • FIG. 23 of FIG. 2 is similar to 12 of FIG. 1, and the locking relationship between the device and the device feature code is verified.
  • the device code or the device code does not match the device, the device does not work normally, or when the device is inspected.
  • the change code of the device feature code or the device feature code matches the device, the device works normally.
  • the locking relationship between the device and the device signature is checked. If it is verified that the IMEI stored in the chip does not match the chip, the terminal does not work normally. For example, if the device replaces the change code of the IMEI or IMEI stored in the chip or chip, it will destroy the locking relationship between the chip and the IMEI. If the test passes, the terminal can work normally.
  • decryption information is acquired and a decryption algorithm is executed based on the decrypted information.
  • the operator When the operator needs to release the SimLock to the user's terminal, the operator obtains the data C of the terminal (including the IMEI and the public key information, and the operator determines whether the user meets the condition for releasing the SimLock) through the web application (Web UI) of the user interface. At this time, the operator searches the database, obtains the decryption information D (128 bytes) corresponding to the IMEI of the user, and uses the file to be decrypted, for example, by means of mail, data copy, or the like.
  • short decryption information can be printed out, which is convenient for users to carry.
  • Long decryption information can be output in the form of electronic files for use in releasing SimLock.
  • the terminal can acquire the decrypted information D through user input and execute a decryption algorithm.
  • the RSA algorithm decryption steps are as follows:
  • the decrypted information when the decryption algorithm is successfully executed according to the decrypted information, the decrypted information is stored to replace the lock card identification information carried by the lock key parameter.
  • CardLockKey stores the decryption information D. In this way, each time the user turns on the computer, the CardLockKey can be used to release the SimLock.
  • the terminal is processed by the non-locking card terminal, and the operator no longer needs to uninstall the SIMLock for different terminals to upgrade the software version.
  • the decrypted information D input by the user is decrypted by the public key, the result is not equal to C, then the SimLock failure is cancelled, and D is not required to be written into the CardLockKey, and the terminal is processed by the lock card terminal.
  • the device signature or the device signature change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device signature, and use the device signature or the device signature change.
  • the code performs the encryption and decryption algorithm, thereby realizing the high security level information security processing, effectively protecting the interests of the manufacturer, the operator and the user, and when the device lock function is released, the cartridge is easy to operate, reducing the workload of the operator. .
  • FIG. 3 is a schematic diagram of an example 300 of a method of information security processing in accordance with an embodiment of the present invention.
  • the embodiment of the present invention takes a terminal in the communication field as an example.
  • the terminal performs a hardware secure boot (Boot) scheme for booting.
  • Boot hardware secure boot
  • the program in the Onchiprom image cannot be modified.
  • Onchiprom image verification Bootload image correctness
  • Bootload image verification Bootrom image and Vxworks.bin image security.
  • the Vxworks.bin image verification machine requires data security. Ensure that the image and confidential data have not been illegally modified through a layer-by-layer security check.
  • the image represents a binary code module that can be run after compilation
  • CardlockStatus l, that is, YES of 305 in Fig. 3, it means that the lock card function is turned on, and the terminal is considered to be the lock card terminal, and proceeds to 307 of Fig. 3.
  • CardLockKey is found to be all F, that is, YES of 307 in Fig. 3, it is finally determined that the terminal is the terminal that has the function of unlocking the card, and proceeds to 308 of Fig. 3, and is processed by the card terminal.
  • CardLockKey is not all F, that is, "No" of 307 in Fig. 3, proceed to 309 of Fig. 3, and directly use the CardLockKey content for decryption verification.
  • the check indicates that the terminal at this time is the terminal after the SimLock is released, and the terminal is handled as a non-locked card terminal, and proceeds to 306 of FIG.
  • FIG. 4 is a block diagram of an apparatus 40 for information security processing in accordance with an embodiment of the present invention.
  • the device 40 includes a first storage unit 41 and an inspection unit 42.
  • the first storage unit 41 stores the change code of the device feature code or the device feature code in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, wherein the change code of the device feature code is a part of the device.
  • the write-once area of the chip of the device can be a one-time programmable non-volatile memory module, such as an electrical fuse (Electrical Fuse, EFUSE).
  • an electrical fuse Electrical Fuse, EFUSE
  • the hardware correspondence relationship between the chip and the device signature or the change code of the device signature is established.
  • the device feature code may be a card number of various smart cards or IC cards, in view of being a smart card or an IC card
  • Different application fields such as International Mobile Equipment Identity (IMEI), User Identity Module SIM Card Number, Bank Card Number, Traffic Card Number, Social Security Card Number, ID Card Number, Driving History Certificate number or medical insurance card number, etc.
  • IMEI International Mobile Equipment Identity
  • User Identity Module SIM Card Number Bank Card Number, Traffic Card Number, Social Security Card Number, ID Card Number, Driving History Certificate number or medical insurance card number, etc.
  • All device signatures can be stored.
  • the change code of the device signature can be stored. For example: a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
  • Algorithm processing involves processing using a hash algorithm or its derived algorithm.
  • the checking unit 42 checks the locking relationship between the device and the device feature code. When it is checked that the device code or the device code does not match the device, the device does not work normally, or when the device feature code or device feature code is verified. When the change code matches the device, the device works normally.
  • the locking relationship between the device and the device signature is verified. If it is verified that the device signature stored in the chip does not match the device, the device does not work properly.
  • the device feature code referred to herein does not match the device.
  • the device feature code does not match the chip of the device. For example, if the device is replaced with a chip, or the device signature stored in the chip or the code of the device signature is changed by the tomb, the locking relationship between the device and the device signature will be broken. If the test passes, the device will work properly.
  • the device signature code or the device code change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, thereby realizing high-security information security processing. , effectively protect the interests of producers, operators and users.
  • FIG. 5 is a block diagram of an apparatus 50 for information security processing in accordance with another embodiment of the present invention.
  • the first storage unit 51 and the verification unit 52 of the apparatus 50 are the same as or similar to the first storage unit 41 and the inspection unit 42 of the apparatus 40, respectively.
  • the difference is that the apparatus 50 further includes: a generating unit 53, a decrypting unit 54, and a second storing unit 55.
  • the generating unit 53 is configured to generate a lock card key parameter carrying the lock card identification information, and the lock card key parameter is stored in a non-volatile parameter, file or database set in the non-malidata data area.
  • the lock card identification information indicates that the device is a lock card device, and when the device is successfully unlocked, the lock card identification information is replaced by the decrypted information.
  • the decryption information is generated by performing an encryption algorithm using a device signature or a variation code of the device signature.
  • the decryption unit 54 is for acquiring decryption information and executing a decryption algorithm based on the decryption information.
  • the second storage unit 55 is configured to store the decryption information in place of the lock card identification information carried by the lock key parameter when the decryption algorithm is successfully executed according to the decryption information.
  • the device 50 implements the method 10, the example 20, and the example 300. For details, refer to the method 10 and the example 20 and the example 300, and details are not described herein again.
  • the device signature or the device signature change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device signature, and use the device signature or the device signature change.
  • the code performs the encryption and decryption algorithm, thereby realizing the high security level information security processing, effectively protecting the interests of the manufacturer, the operator and the user, and when the device lock function is released, the cartridge is easy to operate, reducing the workload of the operator. .
  • the disclosed systems, devices, and methods may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.
  • the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the present invention The technical solution may be embodied in the form of a software product in essence or in part of the prior art, the computer software product being stored in a storage medium, including a plurality of instructions for causing one
  • the computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Abstract

Provided are an information security processing method and device. The method includes: storing the device feature code or the variation code thereof in the one-time write-in region of the chip of a device so as to establish a locking relationship between the device and the device feature code; and checking the locking relationship between the device and the device feature code, wherein when it is found that the device feature code or the variation code thereof does not accord with the device, the device cannot work normally, or when it is found that the device feature code or the variation code thereof accords with the device, the device works normally. By way of the solution mentioned above, the device feature code or the variation code thereof can be stored in the one-time write-in region of the chip of the device, thus realizing an information security processing function with a high security level, effectively preventing illegal users from copying or stealing numbers and protecting the interests of manufacturers, operators and users.

Description

信息安全处理的方法及装置 技术领域  Method and device for information security processing
本发明涉及通信技术领域, 而且更具体地, 涉及信息安全处理的方法及 装置。 背景技术  The present invention relates to the field of communication technologies, and more particularly to a method and apparatus for information security processing. Background technique
广泛使用芯片标识信息的智能卡( Smart Card )或 IC卡( Intelligent Card ) 领域涉及通信、 金融财务、 社会保险、 交通 ^良游、 医疗卫生、 政府行政、 商 品零售、 休闲娱乐、 学校管理及其它领域。 智能卡或 IC卡的使用给人们带 来了极大的方便。  Smart Card or IC Card, which widely uses chip identification information, covers communications, financial finance, social insurance, transportation, hospitality, health care, government administration, merchandising, entertainment, school management, and other fields. . The use of smart cards or IC cards brings great convenience to people.
该领域的智能卡或 IC卡会存储一些机要数据, 要求这些数据不能被非 法墓改。 这里描述的机要数据和用户私密数据不同, 机要数据是生产商或者 运营商来设定维护, 用于保证生产商、 运营商和用户的利益, 但用户没有权 限对数据进行修改和功能屏蔽。所以装置需要提供一种方法来保证机要数据 的安全, 在保证数据安全的同时需要考虑合法授权修改的情况。 然而, 有些 非法用户通过墓改、 盗取并复制智能卡或 IC卡上的机要数据进行智能卡或 IC卡的复制或盗号, 对生产商、 运营商和用户的利益造成了损害。 因此, 现 有的信息安全处理方法的安全级别太低, 容易被非法用户复制或盗号。 发明内容  Smart cards or IC cards in this area store some confidential data, which is required to be illegally altered. The confidential data described here is different from the user private data. The confidential data is set by the manufacturer or the operator to ensure the interests of the manufacturer, the operator and the user, but the user does not have the authority to modify and shield the data. . Therefore, the device needs to provide a method to ensure the security of the confidential data, and it is necessary to consider the legal authorization modification while ensuring data security. However, some illegal users have made damage to the interests of manufacturers, operators and users by modifying the tomb, stealing and copying the confidential data on the smart card or IC card for the copying or hacking of the smart card or IC card. Therefore, the existing information security processing method has a low security level and is easily copied or hacked by illegal users. Summary of the invention
本发明提供了一种信息安全处理的方法和装置, 能够实现高安全级别的 信息安全处理功能。  The invention provides a method and device for information security processing, which can realize a high security level information security processing function.
一方面, 提供了一种信息安全处理的方法, 该方法包括: 在装置的芯片 的一次性写入区域存储装置特征码或装置特征码的变化码, 以建立装置和装 置特征码之间的锁定关系, 其中装置特征码的变化码是一部分装置特征码、 经算法处理的装置特征码、 经算法处理的一部分装置特征码、 经算法处理的 一部分装置特征码、经算法处理的装置特征码的一部分或经算法处理的一部 分装置特征码的一部分; 检验装置和装置特征码之间的锁定关系, 当检验到 装置特征码或装置特征码的变化码与装置不符时, 则装置不能正常工作, 或 者当检验到装置特征码或装置特征码的变化码与装置相符时, 则装置正常工 作。 In one aspect, a method for information security processing is provided, the method comprising: storing a device code of a device or a code of a device feature code in a write-once area of a chip of the device to establish a lock between the device and the device feature code Relationship, wherein the change code of the device feature code is a part of the device feature code, the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, and a part of the device feature code processed by the algorithm Or a part of a part of the device feature code processed by the algorithm; checking the locking relationship between the device and the device feature code, when it is verified that the device code or the device code change code does not match the device, the device does not work normally, or When it is verified that the change code of the device feature code or the device feature code matches the device, the device is normally working. Work.
另一方面, 提供了一种信息安全处理的装置, 该装置包括第一存储单元 和检验单元, 其中第一存储单元用于在装置的芯片的一次性写入区域存储装 置特征码或装置特征码的变化码, 以建立装置和装置特征码之间的锁定关 系, 其中装置特征码的变化码是一部分装置特征码、 经算法处理的装置特征 码、 经算法处理的一部分装置特征码、 经算法处理的一部分装置特征码、 经 算法处理的装置特征码的一部分或经算法处理的一部分装置特征码的一部 分; 检验单元用于检验装置和装置特征码之间的锁定关系, 当检验到装置特 征码或装置特征码的变化码与装置不符时, 则装置不能正常工作, 或者当检 验到装置特征码或装置特征码的变化码与装置相符时, 则装置正常工作。  In another aspect, an apparatus for information security processing is provided, the apparatus comprising a first storage unit and a verification unit, wherein the first storage unit is configured to store a device signature or a device signature in a write-once area of a chip of the device a change code to establish a locking relationship between the device and the device feature code, wherein the device code change code is a part of the device feature code, the algorithm processed device feature code, a part of the device processed feature code processed by the algorithm, and processed by the algorithm a portion of the device signature, a portion of the algorithm-processed device signature or a portion of the algorithm-processed portion of the device signature; the verification unit is configured to verify the locking relationship between the device and the device signature, when the device signature is verified or When the change code of the device feature code does not match the device, the device does not work normally, or when it is verified that the device code or the device code change code matches the device, the device works normally.
通过上述方案, 可以在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 从而实现了高安全级别的信息安全处理功能, 有效防 止非法用户复制或盗号, 保护生产商、 运营商和用户的利益。 附图说明  Through the above solution, the device signature code or the device signature code change code can be stored in the write-once area of the chip of the device, thereby realizing a high security level information security processing function, effectively preventing illegal users from copying or hacking, and protecting the manufacturer. , the interests of operators and users. DRAWINGS
为了更清楚地说明本发明实施例的技术方案, 下面将对本发明实施例中 所需要使用的附图作筒单地介绍, 显而易见地, 下面所描述的附图仅仅是本 发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的 前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings to be used in the embodiments of the present invention will be briefly described below. Obviously, the drawings described below are only some embodiments of the present invention. Other drawings may also be obtained from those of ordinary skill in the art in view of the drawings.
图 1是根据本发明实施例信息安全处理的方法的流程图。  1 is a flow chart of a method of information security processing in accordance with an embodiment of the present invention.
图 2是根据本发明实施例的信息安全处理的方法的例子的示意图。 图 3是根据本发明实施例信息安全处理的方法的另一例子的示意图。 图 4根据本发明实施例信息安全处理的装置的框图。  2 is a schematic diagram of an example of a method of information security processing according to an embodiment of the present invention. 3 is a schematic diagram of another example of a method of information security processing according to an embodiment of the present invention. 4 is a block diagram of an apparatus for information security processing in accordance with an embodiment of the present invention.
图 5是根据本发明另一实施例信息安全处理的装置的框图。 具体实施方式  Figure 5 is a block diagram of an apparatus for information security processing in accordance with another embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例是本发明的一部分实施例, 而不 是全部实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做出创 造性劳动的前提下所获得的所有其他实施例, 都应属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.
图 1是根据本发明实施例信息安全处理的方法 10的流程图。 图 1的 11 ,在装置的芯片的一次性写入区域存储装置特征码或装置特征 码的变化码, 以建立装置和装置特征码之间的锁定关系, 其中装置特征码的 变化码是一部分装置特征码、 经算法处理的装置特征码、 经算法处理的一部 分装置特征码、经算法处理的装置特征码的一部分或经算法处理的一部分装 置特征码的一部分。 1 is a flow chart of a method 10 of information security processing in accordance with an embodiment of the present invention. 11 is a change code of a device feature code or a device feature code in a write-once area of a chip of the device to establish a locking relationship between the device and the device feature code, wherein the device code change code is a part of the device A feature code, an algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
装置的芯片的一次性写入区域可以是一次性可编程的非易失性存储模 块, 例如芯片的电保险丝 (Electrical Fuse, 筒称 EFUSE )。 在一次性写入区 域存储装置特征码或装置特征码的变化码, 建立了芯片和装置特征码或装置 特征码的变化码的硬件对应关系。  The write-once area of the chip of the device can be a one-time programmable non-volatile memory module, such as an electrical fuse (Electrical Fuse, EFUSE). In the write-once area storage device signature or the change code of the device signature, the hardware correspondence relationship between the chip and the device signature or the change code of the device signature is established.
装置特征码可以是各种智能卡或 IC卡的卡号,鉴于作为智能卡或 IC卡 的应用领域不同, 例如是国际移动设备身份码 ((International Mobile Equipment Identity, 筒称 IMEI)、 用户身份模块 SIM卡卡号、 银行卡卡号、 交通卡卡号、 社保卡卡号、 身份证号码、 驾 3史证号码或医保卡卡号等。  The device feature code may be a card number of various smart cards or IC cards. In view of different application fields of the smart card or the IC card, for example, an International Mobile Equipment Identity (IMEI), a user identity module SIM card number , bank card number, traffic card number, social security card number, ID card number, driving 3 history card number or medical insurance card number.
其中, 可以在装置的芯片的一次性写入区域中存储全部的装置特征码。 此外, 由于芯片的存储空间有限, 或者为进一步增加安全性能, 可以存储装 置特征码的变化码。 例如: 一部分装置特征码、 经算法处理的装置特征码、 经算法处理的一部分装置特征码、经算法处理的装置特征码的一部分或经算 法处理的一部分装置特征码的一部分。  Wherein, all device feature codes can be stored in the write-once area of the chip of the device. In addition, the change code of the device signature can be stored due to the limited storage space of the chip or to further increase the security performance. For example: a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of a portion of the device feature code processed by the algorithm.
算法处理包括使用哈希 (Hash )算法或其衍生算法进行处理。  Algorithm processing involves processing using a hash algorithm or its derived algorithm.
图 1的 12,检验装置和装置特征码之间的锁定关系, 当检验到装置特征 码或装置特征码的变化码与装置不符时, 则装置不能正常工作, 或者当检验 到装置特征码或装置特征码的变化码与装置相符时, 则装置正常工作。  12, the locking relationship between the verification device and the device signature, when it is verified that the device signature or the device signature does not match the device, the device does not work normally, or when the device signature or device is verified When the change code of the signature matches the device, the device works normally.
装置工作时, 会检验装置和装置特征码之间的锁定关系。 如果检验到芯 片内存储的装置特征码与装置不符, 装置不能正常工作。 这里所说的装置特 征码与装置不符可以是装置特征码与装置的芯片不符。 比如说, 装置更换了 芯片, 或者芯片内存储的装置特征码或装置特征码的变化码被墓改, 都会破 坏装置和装置特征码之间的锁定关系。 如果检验通过, 装置可以正常工作。  When the device is in operation, the locking relationship between the device and the device signature is verified. If it is verified that the device signature stored in the chip does not match the device, the device does not work properly. The device feature code referred to herein does not match the device. The device feature code does not match the chip of the device. For example, if the device is replaced with a chip, or the device signature stored in the chip or the code of the device signature is changed by the tomb, the locking relationship between the device and the device signature will be broken. If the test passes, the device will work properly.
通过上述方案, 可以在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 从而实现 了高安全级别的信息安全处理, 有效保护生产商、 运营商和用户的利益。  Through the above solution, the device signature code or the device code change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, thereby realizing high-security information security processing. , effectively protect the interests of producers, operators and users.
作为一种营销手段, 通信运营商以优惠的价格或服务销售指定终端, 并 为此终端指定服务期限。 运营商需要对采用其补贴的终端启动锁卡功能(筒 称 SimLock ), 具体就是对补贴的终端进行锁定功能, 这种情况下只有运营 商指定的用户身份模块(Subscriber Identity Module, 筒称 SIM卡)才能在此 终端上使用。 As a marketing tool, a communication carrier sells a designated terminal at a preferential price or service, and Specify the service period for this terminal. The operator needs to activate the lock card function (called SimLock) for the terminal that adopts its subsidy. Specifically, it is to lock the subsidized terminal. In this case, only the operator identity module (Subscriber Identity Module) is called the SIM card. ) can be used on this terminal.
当服务期限到达的时候, 需要对这些终端进行解除 SimLock, 解除 When the service period arrives, these terminals need to be unlocked. SimLock is released.
SimLock后的终端能够识别任意的 SIM卡, 包括来自其他运营商的 SIM卡。 部分地区如欧盟国家, SIM卡的锁定期到期后的解锁是法律要求的功能。 The terminal after SimLock can recognize any SIM card, including SIM cards from other operators. In some regions, such as the European Union, the unlocking of the SIM card after the lock-up period expires is a function required by law.
现有的终端锁卡功能安全性差, 终端很容易在服务期限内被解锁, 改用 其他服务, 对原运营商的利益造成损失。 当为了解除 SimLock, 终端软件版 本升级时, 需要运营商生成不同版本, 以使终端重新升级软件版本, 导致运 营商的工作量 ί艮大。  The existing terminal lock card function is poor in security, and the terminal is easily unlocked during the service period, and other services are used, which causes loss to the original operator's interests. When the terminal software version is upgraded in order to release SimLock, the operator needs to generate different versions, so that the terminal can re-upgrade the software version, resulting in a large workload for the operator.
通信领域机要数据中的 ΙΜΕΙ, 其主要用于终端防盗使用, 保证终端丟 失后即使更换了 SIM卡也不可以继续使用。对于运营商和用户利益的保护是 保证终端产品锁卡功能的前提。 当终端的 IMEI被盗用、 复制或墓改, 亦或 终端被非法复制时, 也会对生产商、 运营商及用户的利益造成损失。 结合方 法 10, 本发明提供了另一种信息安全处理的方法。  In the data field of the communication field, it is mainly used for theft prevention of the terminal, and it can not be used even if the SIM card is replaced after the terminal is lost. The protection of the interests of operators and users is a prerequisite for ensuring the lock function of the terminal products. When the IMEI of the terminal is stolen, copied or altered, or the terminal is illegally copied, it will also cause losses to the interests of the manufacturer, the operator and the user. In conjunction with method 10, the present invention provides another method of information security processing.
图 2是根据本发明实施例的信息安全处理的方法的例子 20的示意图。 本发明实施例以移动通信技术中的终端为例展开说明,但本发明实施例 可以执行例子 20的装置不限于此。  2 is a schematic diagram of an example 20 of a method of information security processing in accordance with an embodiment of the present invention. The embodiment of the present invention is described by taking a terminal in the mobile communication technology as an example, but the apparatus that can perform the example 20 in the embodiment of the present invention is not limited thereto.
图 2的 21与图 1的 11类似, 在装置的芯片的一次性写入区域存储装置 特征码或装置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 其中装置特征码的变化码是一部分装置特征码、 经算法处理的装置特征码、 经算法处理的一部分装置特征码、经算法处理的装置特征码的一部分或经算 法处理的一部分装置特征码的一部分。  21 of FIG. 2 is similar to 11 of FIG. 1, storing a device code of a feature code or a device feature code in a write-once area of a chip of the device to establish a locking relationship between the device and the device feature code, wherein the device feature code The change code is a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
IMEI是国际移动设备身份码的缩写,是由 15位数字组成的"电子串号", 它与每台终端——对应, 而且该码是全世界唯一的。 IMEI是终端的装置特 征码。 每一只终端在组装完成后都将被赋予一个全球唯一的一组号码, 这个 号码从生产到交付使用都将被制造生产的厂商所记录。  IMEI is an abbreviation of International Mobile Equipment Identity Code. It is an "electronic serial number" consisting of 15 digits, which corresponds to each terminal, and the code is unique worldwide. The IMEI is the device feature code of the terminal. Each terminal will be assigned a globally unique set of numbers after assembly, and this number will be recorded by the manufacturer of the manufacturing from production to delivery.
IMEI为 15位数值, 其组成结构为 TAC ( 6位数字) +FAC (两位数字) +SNR ( 6位数字) +SP ( 1位数字)。 其中, 设备型号核准号码( TAC ), 由 欧洲型号认证中心分配。 工厂装配码(FAC ) 由厂家编码, 通常表示生产厂 家及其装配地。 序号码(SNR )也由厂家分配, 用于识别每个 TAC和 FAC 中的特定设备。 SP备用码, 用来做备用的。 IMEI is a 15-digit value whose structure is TAC (6 digits) + FAC (two digits) + SNR (6 digits) + SP (1 digit). Among them, the equipment type approval number (TAC) is assigned by the European model certification center. Factory assembly code (FAC) is coded by the manufacturer, usually indicating the manufacturer Home and its assembly site. The serial number (SNR) is also assigned by the manufacturer to identify the specific device in each TAC and FAC. SP spare code, used for backup.
在制造终端时, 在客户信息设置 (Customer Information Setting, 筒称 CS )工位, 写入运营商制定信息, 即在终端的一次性写入区域, 例如芯片的 电保险丝(Electrical Fuse, 筒称 EFUSE ) 中存储完整的 IMEI信息。 EFUSE 是一次性可编程的非易失性存储模块。  When manufacturing the terminal, in the Customer Information Setting (CS) station, write the operator to develop information, that is, in the write-once area of the terminal, such as the chip's electric fuse (Electrical Fuse) Store full IMEI information. EFUSE is a one-time programmable non-volatile memory module.
此时将 IMEI存储在芯片 EFUSE中, 这样就建立了芯片和 IMEI的硬件 对应关系, 实现了绑定处理。  At this time, the IMEI is stored in the chip EFUSE, thus establishing the hardware correspondence between the chip and the IMEI, and implementing the binding processing.
从 IMEI的组成得知, 每一部手机的 SNR都不一样。 可以了解到对一批 次出货最有意义的是 SNR字段, 数值范围为 0-1,000,000。 SNR转换到 16 进制, 表示如下。  According to the composition of IMEI, the SNR of each mobile phone is different. It can be seen that the most meaningful for a batch of shipments is the SNR field, with a value range of 0-1,000,000. The SNR is converted to hexadecimal, which is expressed as follows.
1000000=0xF4240  1000000=0xF4240
HEX(SNR)->OxAAAAA (共 20比特 )  HEX(SNR)->OxAAAAA (20 bits total)
作为本发明另一实施例, 由于芯片 EFUSE字段有限,可以将 IMEI信息 的一部分, 例如将每个终端 SNR对应的十六进制 IMEI ( OxAAAAA ), 共 20 比特的信息存储在芯片 EFUSE中。  As another embodiment of the present invention, since the chip EFUSE field is limited, a part of the IMEI information, for example, hexadecimal IMEI (OxAAAAA) corresponding to each terminal SNR, may be stored in the chip EFUSE.
作为本发明又一实施例,可以将 IMEI信息的全部或一部分(例如 SNR ) 经过哈希 (HASH ) 算法或哈希算法的衍生算法处理后, 将处理后得到的值 作为变化码存储在芯片 EFUSE中, 或者将处理后得到的值的一部分作为变 化码存储在芯片 EFUSE中。  As another embodiment of the present invention, all or a part of the IMEI information (for example, SNR) may be processed by a hash (HASH) algorithm or a hash algorithm, and the processed value is stored as a change code on the chip EFUSE. Or, a part of the value obtained after the processing is stored as a change code in the chip EFUSE.
图 2的 22,生成携带锁卡标识信息的锁卡密钥参数,该锁卡密钥参数的 存储方式包括在非机要数据区设置的非易失性参数、 文件或数据库。  22, in FIG. 2, generates a lock card key parameter carrying the lock card identification information, and the lock card key parameter is stored in a non-volatile parameter, file or database set in the non-malidata data area.
其中锁卡标识信息表明本装置是锁卡装置, 在本装置解除锁卡成功时, 锁卡标识信息被解密信息替代。解密信息是通过使用装置特征码或装置特征 码的变化码执行加密算法而生成的。  The lock card identification information indicates that the device is a lock card device, and when the device is successfully unlocked, the lock card identification information is replaced by the decrypted information. The decryption information is generated by performing an encryption algorithm using a device signature or a variation code of the device signature.
加解密算法可以采用安全性强的算法, 诸如消息摘要算法第九版 ( Message Digest Alogorithm, 筒称 MD9 )。 MD9算法对于每一个 IMEI生成 一个唯一对应的解密信息, 生成的解码信息为 8字节。 终端在产线生产时, 配置一台加密服务器, 在产线的 CS工位, 通过 MD9算法, 读取每个 IMEI, 并生成——对应的解密信息, 存放在加密服务器上。 当生产商向运营商提供 终端时, 同时提供包括 IMEI和对应解密信息的数据库。 作为本发明实施例, 加密也可以采用非对称加解密算法。 其中 RSA算 法是非对称加解密算法的一种, 下面以 RSA算法为例展开说明。 The encryption and decryption algorithm can adopt a security algorithm, such as Message Digest Alogorithm (MD9). The MD9 algorithm generates a unique corresponding decryption information for each IMEI, and the generated decoding information is 8 bytes. When the terminal is in production, an encryption server is configured. At the CS station of the production line, each IMEI is read by the MD9 algorithm, and corresponding decryption information is generated and stored on the encryption server. When the manufacturer provides the terminal to the operator, a database including the IMEI and the corresponding decryption information is simultaneously provided. As an embodiment of the present invention, the encryption may also employ an asymmetric encryption and decryption algorithm. The RSA algorithm is a kind of asymmetric encryption and decryption algorithm. The following uses the RSA algorithm as an example to expand the description.
RSA 算法加密是通过采用一对长度为 1024 比特, 128 字节的公钥 ( Key-Public ) 和私钥 (Key-Private ), 进行加密处理。  RSA algorithm encryption is performed by using a pair of 1024-bit, 128-byte public key (Key-Public) and private key (Key-Private).
RSA算法加密步骤分为以下两步。  The RSA algorithm encryption step is divided into the following two steps.
1 )待加密数据 C是 A (终端的 IMEI )和 B ( Key-Public, 公钥 ) 的线 性变换, 长度是 128字节。 C =fl(A, B)  1) The data to be encrypted C is a linear transformation of A (IMEI of the terminal) and B (Key-Public, public key), and the length is 128 bytes. C = fl(A, B)
2 ) D=Encrypt(Key-Private, C), 通过 RSA算法, 用 Key-Private对数据 C进行加密, 得到解密信息 D。 解密信息 D用来解除终端锁卡功能, 长度是 128字节。  2) D=Encrypt(Key-Private, C), through the RSA algorithm, encrypts the data C with Key-Private to obtain the decrypted information D. The decryption information D is used to unlock the terminal lock function, and the length is 128 bytes.
A也可以是如前实施例提及的 IMEI的变化码, 例如 IMEI中的 SNR。 以通信领域的终端为例,终端的 SimLock的非易失性参数 ( Non- Volatile Value, 筒称 NV ) 包括: 锁卡状态参数(筒称 CardlockStatus )用来保存是 否支持 SimLock (锁卡功能)(例如缺省值为 2表示锁卡功能关闭, 1表示锁 卡功能开启)。 锁卡服务参数(筒称 CustomizeSimLockPlmnlnfo )用来配置 需锁网的公共陆地移动网络( Public Land Mobility Network, 筒称 PLMN ) 的起始地址, 目前支持多组 PLMN号段的锁卡功能。 比如对于特定运营商, 可以锁定组 135820xxxxx,表示把 135820开头的号段锁定,或者 135831xxxxx 表示把 135831开头的号段锁定。  A may also be a change code of IMEI as mentioned in the previous embodiment, such as SNR in IMEI. Taking the terminal in the communication field as an example, the non-volatile value (NV) of the terminal's SimLock includes: The lock status parameter (the cartridge is called CardlockStatus) is used to save whether to support SimLock (lock card function) ( For example, the default value of 2 means that the lock card function is turned off, and 1 means that the lock card function is turned on. The lock card service parameter (CustomizeSimLockPlmnlnfo) is used to configure the start address of the Public Land Mobility Network (PLMN) that needs to be locked. Currently, the lock card function of multiple PLMN segments is supported. For example, for a specific operator, you can lock the group 135820xxxxx, which means that the number segment at the beginning of 135820 is locked, or 135831xxxxx means that the number segment at the beginning of 135831 is locked.
将 SimLock相关的内容 CardlockStatus, CustomizeSimLockPlmnlnfo作 为机要数据进行保存。 机要数据是生产商或者运营商来设定维护, 用于保证 生产商、运营商和用户的利益,但用户没有权限对数据进行修改和功能屏蔽。 当终端锁卡时, CardlockStatus设置为 1 , CustomizeSimLockPlmnlnfo填写需 要锁定的 PLMN号段。  The SIMLock-related content CardlockStatus, CustomizeSimLockPlmnlnfo is saved as confidential data. The confidential data is set by the manufacturer or operator to ensure the interests of the manufacturer, operator and user, but the user does not have the authority to modify and shield the data. When the terminal locks the card, CardlockStatus is set to 1 and CustomizeSimLockPlmnlnfo fills in the PLMN number segment that needs to be locked.
在装置出厂前, 终端存储锁卡标识信息, 以表明本装置是锁卡终端。 终端生成一项参数: 锁卡密钥参数(筒称 CardLockKey )以携带锁卡标 识信息。 锁卡密钥参数的存储方式包括在非机要数据区存储的 NV、 文件或 数据库等, 大小可以根据加解密技术的不同预留,例如为 8字节或 128字节, 在解除 SimLock时用来保存此 IMEI的对应的解密信息。 用户可以对非机要 数据区上的数据进行修改或功能屏蔽。  Before the device leaves the factory, the terminal stores the lock card identification information to indicate that the device is a lock card terminal. The terminal generates a parameter: the lock card key parameter (the cartridge is called CardLockKey) to carry the lock card identification information. The lock key parameter storage method includes NV, file or database stored in the non-malidata data area, and the size can be reserved according to different encryption and decryption technologies, for example, 8 bytes or 128 bytes, when the SimLock is released. To save the corresponding decryption information of this IMEI. Users can modify or functionally block data on non-critical data areas.
当运营商需要开启锁卡功能的终端时, 在锁卡终端中, CardlockStatus 设置为 1 , CustomizeSimLockPlmnlnfo填写需要锁定的 PLMN号段。 同时把 CardLockKey设置为缺省值。 此缺省值也就是锁卡标识信息, 例如是 8字节 的全 F或者是 128字节的全 F。 此处的取值仅为举例说明, 可以是任何其他 数值。 When the operator needs to open the terminal with the lock function, in the lock terminal, CardlockStatus Set to 1, CustomizeSimLockPlmnlnfo to fill in the PLMN number segment that needs to be locked. Also set the CardLockKey to the default value. This default value is also the lock card identification information, for example, an 8-bit full F or a 128-byte full F. The values herein are for illustrative purposes only and may be any other values.
当运营商需要关闭锁卡功能的终端时, 在非锁卡终端中, CardlockStatus 设置为 2, CustomizeSimLockPlmnlnfo不需要设置。 同时把 CardLockKey设 置为全 F(8字节的全 F或者是 128字节的全 F)。  When the operator needs to close the terminal of the lock card function, CardlockStatus is set to 2 in the non-locked card terminal, and CustomizeSimLockPlmnlnfo does not need to be set. Also set the CardLockKey to all F (all bytes of 8 bytes or all F of 128 bytes).
生产商向运营商提供终端时, 同时将包括 IMEI和对应解密信息的数据 库同步提供给运营商(数据库的内容包括每个终端的 C和 D数据)。 当生产 商向运营商提供装置锁卡终端产品时, 同时把包括 IMEI和对应解密的数据 库同步提供给运营商(数据库的内容包括每个终端的 C和 D数据 ), 以便解 除 SimLock时使用解密信息 D替代锁卡标识信息 ( 128字节的全 F )。  When the manufacturer provides the terminal to the operator, the database including the IMEI and the corresponding decrypted information is simultaneously provided to the operator (the contents of the database include the C and D data of each terminal). When the manufacturer provides the device lock device terminal product to the operator, the database including the IMEI and the corresponding decryption is simultaneously provided to the operator (the content of the database includes the C and D data of each terminal), so that the decryption information is used when the SimLock is released. D replaces the lock card identification information (128 bytes of full F).
图 2的 23与图 1的 12相似, 检验装置和装置特征码之间的锁定关系, 当检验到装置特征码或装置特征码的变化码与装置不符时, 则装置不能正常 工作, 或者当检验到装置特征码或装置特征码的变化码与装置相符时, 则装 置正常工作。  23 of FIG. 2 is similar to 12 of FIG. 1, and the locking relationship between the device and the device feature code is verified. When it is checked that the device code or the device code does not match the device, the device does not work normally, or when the device is inspected. When the change code of the device feature code or the device feature code matches the device, the device works normally.
终端工作时, 会检验装置和装置特征码之间的锁定关系。 如果检验到芯 片内存储的 IMEI与芯片不符, 则终端不能正常工作。 比如说, 装置更换了 芯片或芯片内存储的 IMEI或 IMEI的变化码被墓改, 都会破坏芯片和 IMEI 之间的锁定关系。 如果检验通过, 则终端可以正常工作。  When the terminal is working, the locking relationship between the device and the device signature is checked. If it is verified that the IMEI stored in the chip does not match the chip, the terminal does not work normally. For example, if the device replaces the change code of the IMEI or IMEI stored in the chip or chip, it will destroy the locking relationship between the chip and the IMEI. If the test passes, the terminal can work normally.
图 2的 24, 获取解密信息并根据解密信息执行解密算法。  At 24 of Fig. 2, decryption information is acquired and a decryption algorithm is executed based on the decrypted information.
当运营商需要给用户的终端解除 SimLock时,运营商通过用户接口的网 页应用 (Web UI )获取到终端的数据 C (包括 IMEI和公钥信息, 运营商用 来确定用户是否满足解除 SimLock的条件), 此时运营商查找数据库,获取到 了此用户 IMEI对应的解密信息 D ( 128字节 ), 并把此解密信息 D用文件的 方式, 例如可以通过邮件、 数据拷贝等方式提供给用户。  When the operator needs to release the SimLock to the user's terminal, the operator obtains the data C of the terminal (including the IMEI and the public key information, and the operator determines whether the user meets the condition for releasing the SimLock) through the web application (Web UI) of the user interface. At this time, the operator searches the database, obtains the decryption information D (128 bytes) corresponding to the IMEI of the user, and uses the file to be decrypted, for example, by means of mail, data copy, or the like.
基于加解密技术的不同, 短的解密信息可以打印出来, 便于用户携带, 长的解密信息可以以电子文件的形式输出, 以供解除 SimLock时使用。  Based on the encryption and decryption technology, short decryption information can be printed out, which is convenient for users to carry. Long decryption information can be output in the form of electronic files for use in releasing SimLock.
终端可以通过用户输入获取解密信息 D并执行解密算法。  The terminal can acquire the decrypted information D through user input and execute a decryption algorithm.
RSA算法解密步骤如下:  The RSA algorithm decryption steps are as follows:
解密处理: C=Decrypt(Key-public, D) ,通过 RSA算法,采用 Key-public 对解密信息 D进行解密处理, 得到数据(。 解密成功, 终端可以按非锁卡终 端工作; 解密失败, 终端仍可以按锁卡终端工作。 Decryption processing: C=Decrypt(Key-public, D), using RSA algorithm, using Key-public Decrypting the decrypted information D to obtain data (. If the decryption is successful, the terminal can work according to the non-locking card terminal; if the decryption fails, the terminal can still work according to the lock card terminal.
图 2的 25 , 当根据解密信息执行解密算法成功时,则存储解密信息以替 代锁卡密钥参数携带的锁卡标识信息。  25 of FIG. 2, when the decryption algorithm is successfully executed according to the decrypted information, the decrypted information is stored to replace the lock card identification information carried by the lock key parameter.
解密成功, CardLockKey存储解密信息 D。 这样每次用户开机后, 就可 以使用此 CardLockKey来解除 SimLock, 终端按非锁卡终端处理, 不再需要 运营商为不同的终端解除 SimLock而升级软件版本。  If the decryption is successful, CardLockKey stores the decryption information D. In this way, each time the user turns on the computer, the CardLockKey can be used to release the SimLock. The terminal is processed by the non-locking card terminal, and the operator no longer needs to uninstall the SIMLock for different terminals to upgrade the software version.
如果用户输入的解密信息 D采用公钥解密后, 结果不等于 C, 则解除 SimLock失败, 同时不必把 D写入 CardLockKey , 终端按锁卡终端处理。  If the decrypted information D input by the user is decrypted by the public key, the result is not equal to C, then the SimLock failure is cancelled, and D is not required to be written into the CardLockKey, and the terminal is processed by the lock card terminal.
通过上述方案, 可以在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 使用装置 特征码或装置特征码的变化码执行加解密算法,从而实现了高安全级别的信 息安全处理, 有效保护生产商、 运营商和用户的利益, 并在解除装置锁卡功 能时, 筒单易行, 减少了运营商的工作量。  Through the above scheme, the device signature or the device signature change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device signature, and use the device signature or the device signature change. The code performs the encryption and decryption algorithm, thereby realizing the high security level information security processing, effectively protecting the interests of the manufacturer, the operator and the user, and when the device lock function is released, the cartridge is easy to operate, reducing the workload of the operator. .
图 3是根据本发明实施例信息安全处理的方法的例子 300的示意图。本 发明实施例以通信领域的终端为例。  3 is a schematic diagram of an example 300 of a method of information security processing in accordance with an embodiment of the present invention. The embodiment of the present invention takes a terminal in the communication field as an example.
图 3的 301 , 终端开机。  In Figure 3, 301, the terminal is powered on.
图 3的 302, 终端执行硬件安全启动 (Boot ) 方案进行引导。 首先从芯 片的 Onchipprom镜像中启动。 Onchiprom镜像里的程序是不可能被修改的。 Onchiprom镜像校验 Bootload镜像正确性, Bootload镜像校验 Bootrom镜像 和 Vxworks.bin镜像的安全性。 Vxworks.bin镜像校验机要数据的安全性。 通 过层层安全校验, 确保映像和机要数据没有被非法修改。 镜像表示经过编译 后, 可运行的一个二进制的代码模块  In 302 of Figure 3, the terminal performs a hardware secure boot (Boot) scheme for booting. First boot from the Onchipprom image of the chip. The program in the Onchiprom image cannot be modified. Onchiprom image verification Bootload image correctness, Bootload image verification Bootrom image and Vxworks.bin image security. The Vxworks.bin image verification machine requires data security. Ensure that the image and confidential data have not been illegally modified through a layer-by-layer security check. The image represents a binary code module that can be run after compilation
如果发现校验失败, 即图 3的 302的 "失败", 则进行到图 3的 304, 代 码停止继续运行, 并提示用户错误原因。  If the verification fails, that is, the "failure" of 302 in Fig. 3, proceed to 304 in Fig. 3, the code stops running, and the user is prompted for the cause of the error.
如果通过, 即图 3的 302的 "通过", 则进行到图 3的 303  If passed, that is, "pass" of 302 of Fig. 3, proceed to 303 of Fig. 3.
图 3的 303 , 当 Vxworks.bin映像运行时,首先对 IMEI和芯片的 EFUSE 值进行校验。  In Figure 3, 303, when the Vxworks.bin image is run, the IMEI and the chip's EFUSE value are first verified.
如果校验失败, 即图 3的 303的 "失败", 则说明终端 IMEI可能被用户 墓改, 此次启动失败, 并提示用户失败原因, 进行到图 3的 304。  If the verification fails, that is, the "failure" of 303 in Fig. 3, it indicates that the terminal IMEI may be modified by the user, the startup fails, and the user is prompted for the failure, and proceeds to 304 of FIG.
如果校验通过, 即图 3的 303的 "通过", 则进行到图 3的 305。 图 3的 305 , 接着检验 SimLock特性, 代码首先查看 CardlockStatus。 如果 CardlockStatus=2, 即图 3的 305的 "否", 表示锁卡功能关闭, 则 此时终端为没有锁卡的终端, 本终端作为非锁卡终端处理, 进行到图 3 的If the check passes, that is, "pass" of 303 of Fig. 3, it proceeds to 305 of Fig. 3. Figure 305, then verify the SimLock feature, the code first looks at CardlockStatus. If CardlockStatus=2, that is, "No" of 305 in Figure 3, indicating that the lock card function is off, then the terminal is a terminal without a lock card, and the terminal is handled as a non-lock card terminal, proceeding to Figure 3
306。 306.
如果 CardlockStatus=l , 即图 3的 305的 "是", 表示锁卡功能开启, 初 步认为此终端为锁卡终端, 进行到图 3的 307。  If CardlockStatus=l, that is, YES of 305 in Fig. 3, it means that the lock card function is turned on, and the terminal is considered to be the lock card terminal, and proceeds to 307 of Fig. 3.
图 3的 307 , 确定 CardLockKey数值 (来判断 SimLock功能是否被解除 了)。  In Figure 3, 307, the CardLockKey value is determined (to determine if the SimLock function has been removed).
如果发现 CardLockKey数值是全 F, 即图 3的 307的 "是", 则最终确 定此终端为开启锁卡功能的终端, 进行到图 3的 308, 按锁卡终端处理。  If the value of CardLockKey is found to be all F, that is, YES of 307 in Fig. 3, it is finally determined that the terminal is the terminal that has the function of unlocking the card, and proceeds to 308 of Fig. 3, and is processed by the card terminal.
如果发现 CardLockKey不是全 F, 即图 3的 307的 "否", 则进行到图 3 的 309, 直接使用 CardLockKey内容进行解密校验。  If it is found that CardLockKey is not all F, that is, "No" of 307 in Fig. 3, proceed to 309 of Fig. 3, and directly use the CardLockKey content for decryption verification.
如果校验通过, 则说明此时的终端是解除 SimLock后的终端, 本终端作 为非锁卡终端处理, 进行到图 3的 306。  If the check is passed, it indicates that the terminal at this time is the terminal after the SimLock is released, and the terminal is handled as a non-locked card terminal, and proceeds to 306 of FIG.
如果校验失败, 则此次解除 SimLock失败, 并提示用户失败原因, 进行 到图 3的 308, 按锁卡终端处理。  If the verification fails, the SimLock failure is cancelled and the user is prompted for the failure. The process proceeds to 308 of Figure 3, and the card terminal is processed.
根据本发明实施例, 通过层层校验, 能够实现高安全级别的信息安全处 理, 有效保护生产商、 运营商和用户的利益, 并在解除装置锁卡功能时, 筒 单易行, 减少了运营商的工作量。  According to the embodiment of the present invention, through layer verification, high-security information security processing can be realized, and the interests of manufacturers, operators, and users are effectively protected, and when the device lock function is released, the cartridge is easy to implement, and the reduction is reduced. The workload of the operator.
图 4根据本发明实施例信息安全处理的装置 40的框图。  4 is a block diagram of an apparatus 40 for information security processing in accordance with an embodiment of the present invention.
装置 40包括第一存储单元 41和检验单元 42。  The device 40 includes a first storage unit 41 and an inspection unit 42.
第一存储单元 41在装置的芯片的一次性写入区域存储装置特征码或装 置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 其中装置特 征码的变化码是一部分装置特征码、 经算法处理的装置特征码、 经算法处理 的一部分装置特征码、经算法处理的装置特征码的一部分或经算法处理的一 部分装置特征码的一部分。  The first storage unit 41 stores the change code of the device feature code or the device feature code in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, wherein the change code of the device feature code is a part of the device. A feature code, an algorithm-processed device feature code, a portion of the device-processed feature code processed by the algorithm, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
装置的芯片的一次性写入区域可以是一次性可编程的非易失性存储模 块, 例如芯片的电保险丝 (Electrical Fuse, 筒称 EFUSE )。 在一次性写入区 域存储装置特征码或装置特征码的变化码, 建立了芯片和装置特征码或装置 特征码的变化码的硬件对应关系。  The write-once area of the chip of the device can be a one-time programmable non-volatile memory module, such as an electrical fuse (Electrical Fuse, EFUSE). In the write-once area storage device signature or the change code of the device signature, the hardware correspondence relationship between the chip and the device signature or the change code of the device signature is established.
装置特征码可以是各种智能卡或 IC卡的卡号,鉴于作为智能卡或 IC卡 的应用领域不同, 例如是国际移动设备身份码 ((International Mobile Equipment Identity, 筒称 IMEI)、 用户身份模块 SIM卡卡号、 银行卡卡号、 交通卡卡号、 社保卡卡号、 身份证号码、 驾 3史证号码或医保卡卡号等。 The device feature code may be a card number of various smart cards or IC cards, in view of being a smart card or an IC card Different application fields, such as International Mobile Equipment Identity (IMEI), User Identity Module SIM Card Number, Bank Card Number, Traffic Card Number, Social Security Card Number, ID Card Number, Driving History Certificate number or medical insurance card number, etc.
可以存储全部的装置特征码。 此外, 由于芯片的存储空间有限, 或者为 进一步增加安全性能, 可以存储装置特征码的变化码。 例如: 一部分装置特 征码、 经算法处理的装置特征码、 经算法处理的一部分装置特征码、 经算法 处理的装置特征码的一部分或经算法处理的一部分装置特征码的一部分。  All device signatures can be stored. In addition, since the storage space of the chip is limited, or to further increase the security performance, the change code of the device signature can be stored. For example: a portion of the device feature code, the algorithm-processed device feature code, a portion of the device-processed feature code, a portion of the algorithm-processed device feature code, or a portion of the algorithm-processed portion of the device feature code.
算法处理包括使用哈希 (Hash )算法或其衍生算法进行处理。  Algorithm processing involves processing using a hash algorithm or its derived algorithm.
检验单元 42检验装置和装置特征码之间的锁定关系, 当检验到装置特 征码或装置特征码的变化码与装置不符时, 则装置不能正常工作, 或者当检 验到装置特征码或装置特征码的变化码与装置相符时, 则装置正常工作。  The checking unit 42 checks the locking relationship between the device and the device feature code. When it is checked that the device code or the device code does not match the device, the device does not work normally, or when the device feature code or device feature code is verified. When the change code matches the device, the device works normally.
装置工作时, 会检验装置和装置特征码之间的锁定关系。 如果检验到芯 片内存储的装置特征码与装置不符, 装置不能正常工作。 这里所说的装置特 征码与装置不符可以是装置特征码与装置的芯片不符。 比如说, 装置更换了 芯片, 或者芯片内存储的装置特征码或装置特征码的变化码被墓改, 都会破 坏装置和装置特征码之间的锁定关系。 如果检验通过, 装置可以正常工作。  When the device is in operation, the locking relationship between the device and the device signature is verified. If it is verified that the device signature stored in the chip does not match the device, the device does not work properly. The device feature code referred to herein does not match the device. The device feature code does not match the chip of the device. For example, if the device is replaced with a chip, or the device signature stored in the chip or the code of the device signature is changed by the tomb, the locking relationship between the device and the device signature will be broken. If the test passes, the device will work properly.
通过上述方案, 可以在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 从而实现 了高安全级别的信息安全处理, 有效保护生产商、 运营商和用户的利益。  Through the above solution, the device signature code or the device code change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, thereby realizing high-security information security processing. , effectively protect the interests of producers, operators and users.
图 5是根据本发明另一实施例信息安全处理的装置 50的框图。  Figure 5 is a block diagram of an apparatus 50 for information security processing in accordance with another embodiment of the present invention.
装置 50的第一存储单元 51和检验单元 52分别与装置 40的第一存储单 元 41和检验单元 42相同或相似。 不同之处在于, 装置 50还包括: 生成单 元 53、 解密单元 54和第二存储单元 55。  The first storage unit 51 and the verification unit 52 of the apparatus 50 are the same as or similar to the first storage unit 41 and the inspection unit 42 of the apparatus 40, respectively. The difference is that the apparatus 50 further includes: a generating unit 53, a decrypting unit 54, and a second storing unit 55.
生成单元 53用于生成携带锁卡标识信息的锁卡密钥参数, 该锁卡密钥 参数的存储方式包括在非机要数据区设置的非易失性参数、 文件或数据库。  The generating unit 53 is configured to generate a lock card key parameter carrying the lock card identification information, and the lock card key parameter is stored in a non-volatile parameter, file or database set in the non-malidata data area.
其中锁卡标识信息表明本装置是锁卡装置, 在本装置解除锁卡成功时, 锁卡标识信息被解密信息替代。解密信息是通过使用装置特征码或装置特征 码的变化码执行加密算法而生成的。  The lock card identification information indicates that the device is a lock card device, and when the device is successfully unlocked, the lock card identification information is replaced by the decrypted information. The decryption information is generated by performing an encryption algorithm using a device signature or a variation code of the device signature.
解密单元 54用于获取解密信息并根据解密信息执行解密算法。  The decryption unit 54 is for acquiring decryption information and executing a decryption algorithm based on the decryption information.
第二存储单元 55用于当根据解密信息执行解密算法成功时, 则存储解 密信息以替代锁卡密钥参数携带的锁卡标识信息。 装置 50实现了方法 10、 例子 20和例子 300, 具体细节参考方法 10和 例子 20和例子 300, 此处不再赘述。 The second storage unit 55 is configured to store the decryption information in place of the lock card identification information carried by the lock key parameter when the decryption algorithm is successfully executed according to the decryption information. The device 50 implements the method 10, the example 20, and the example 300. For details, refer to the method 10 and the example 20 and the example 300, and details are not described herein again.
通过上述方案, 可以在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 以建立装置和装置特征码之间的锁定关系, 使用装置 特征码或装置特征码的变化码执行加解密算法,从而实现了高安全级别的信 息安全处理, 有效保护生产商、 运营商和用户的利益, 并在解除装置锁卡功 能时, 筒单易行, 减少了运营商的工作量。  Through the above scheme, the device signature or the device signature change code can be stored in the write-once area of the chip of the device to establish a locking relationship between the device and the device signature, and use the device signature or the device signature change. The code performs the encryption and decryption algorithm, thereby realizing the high security level information security processing, effectively protecting the interests of the manufacturer, the operator and the user, and when the device lock function is released, the cartridge is easy to operate, reducing the workload of the operator. .
本领域普通技术人员可以意识到, 结合本文中所公开的实施例描述的各 示例的单元及算法步骤, 能够以电子硬件、 或者计算机软件和电子硬件的结 合来实现。 这些功能究竟以硬件还是软件方式来执行, 取决于技术方案的特 定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方 法来实现所描述的功能, 但是这种实现不应认为超出本发明的范围。  Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in a combination of electronic hardware or computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到, 为描述的方便和筒洁, 上述描 述的系统、 装置和单元的具体工作过程, 可以参考前述方法实施例中的对应 过程, 在此不再赘述。  It will be apparent to those skilled in the art that, for the convenience of the description and the cleaning process, the specific operation of the system, the device and the unit described above may be referred to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的系统、 装置和 方法, 可以通过其它的方式实现。 例如, 以上所描述的装置实施例仅仅是示 意性的, 例如, 所述单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可 以有另外的划分方式, 例如多个单元或组件可以结合或者可以集成到另一个 系统, 或一些特征可以忽略, 或不执行。 另一点, 所显示或讨论的相互之间 的耦合或直接耦合或通信连接可以是通过一些接口, 装置或单元的间接耦合 或通信连接, 可以是电性, 机械或其它的形式。  In the several embodiments provided herein, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作 为单元显示的部件可以是或者也可以不是物理单元, 即可以位于一个地方, 或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或 者全部单元来实现本实施例方案的目的。  The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理单元 中, 也可以是各个单元单独物理存在, 也可以两个或两个以上单元集成在一 个单元中。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使 用时, 可以存储在一个计算机可读取存储介质中。 基于这样的理解, 本发明 的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部 分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质 中, 包括若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。 而前 述的存储介质包括: U盘、移动硬盘、只读存储器( ROM , Read-Only Memory )、 随机存取存储器(RAM, Random Access Memory ), 磁碟或者光盘等各种可 以存储程序代码的介质。 The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the present invention The technical solution may be embodied in the form of a software product in essence or in part of the prior art, the computer software product being stored in a storage medium, including a plurality of instructions for causing one The computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限 于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易 想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护 范围应所述以权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种信息安全处理的方法, 其特征在于, 所述方法包括:  A method for information security processing, the method comprising:
在装置的芯片的一次性写入区域存储装置特征码或装置特征码的变化 码, 以建立所述装置和所述装置特征码之间的锁定关系, 其中  A device code or a device code change code is stored in a write-once area of the chip of the device to establish a locking relationship between the device and the device feature code, wherein
所述装置特征码的变化码是一部分所述装置特征码、经算法处理的所述 装置特征码、 经算法处理的一部分所述装置特征码、 经算法处理的所述装置 特征码的一部分或经算法处理的一部分所述装置特征码的一部分;  The change code of the device feature code is a part of the device feature code, the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm or Part of the device feature code processed by the algorithm;
检验所述装置和所述装置特征码之间的锁定关系, 当检验到所述装置特 征码或装置特征码的变化码与装置不符时, 所述装置不能正常工作; 或者 当检验到所述装置特征码或装置特征码的变化码与装置相符时, 则所述 装置正常工作。  Verifying a locking relationship between the device and the device feature code, when the device detects that the device code or the device code does not match the device, the device does not work normally; or when the device is verified When the change code of the feature code or the device feature code matches the device, the device operates normally.
2、 根据权利要求 1所述的方法, 其特征在于, 所述在装置的芯片的一 次性写入区域存储包括:  2. The method according to claim 1, wherein the one-time write area storage of the chip of the device comprises:
在所述装置的芯片的电保险丝 EFUSE中存储。  Stored in the electrical fuse EFUSE of the chip of the device.
3、 根据权利要求 1所述的方法, 其特征在于, 所述经算法处理的所述 装置特征码、 经算法处理的一部分所述装置特征码、 经算法处理的所述装置 特征码的一部分或经算法处理的一部分所述装置特征码的一部分包括: 经哈希算法或哈希算法的衍生算法处理的所述装置特征码, 或 经哈希算法或哈希算法的衍生算法处理的一部分所述装置特征码, 或 经哈希算法或哈希算法的衍生算法处理的所述装置特征码的一部分, 或 经哈希算法或哈希算法的衍生算法处理的一部分所述装置特征码的一 部分。  The method according to claim 1, wherein the device feature code processed by the algorithm, a part of the device feature code processed by an algorithm, a part of the device feature code processed by an algorithm or Part of the apparatus feature code processed by the algorithm comprises: the device feature code processed by a hash algorithm or a derivative algorithm of a hash algorithm, or a part of the processing by a hash algorithm or a hash algorithm a device feature code, or a portion of the device feature code processed by a hash algorithm or a hash algorithm derived algorithm, or a portion of the device feature code processed by a hash algorithm or a hash algorithm derived algorithm.
4、 根据权利要求 1所述的方法, 其特征在于, 所述装置特征码包括: 国际移动设备身份码 IMEI、 用户身份模块 SIM卡卡号、 银行卡卡号、 交通卡卡号、 社保卡卡号、 身份证号码、 驾 3史证号码或医保卡卡号。  The method according to claim 1, wherein the device feature code comprises: an international mobile device identity code IMEI, a user identity module SIM card number, a bank card number, a traffic card number, a social security card number, an ID card Number, driving 3 history card number or medical insurance card number.
5、 根据权利要求 4所述的方法, 其特征在于:  5. The method of claim 4, wherein:
当所述装置特征码是国际移动设备身份码 IMEI时, 所述装置特征码的 变化码是所述国际移动设备身份码 IMEI中的序号码 SNR。  When the device feature code is an international mobile device identity code IMEI, the change code of the device feature code is the sequence number SNR in the international mobile device identity code IMEI.
6、 根据权利要求 1-5 中任一项所述的方法, 其特征在于, 所述方法还 包括:  The method according to any one of claims 1 to 5, wherein the method further comprises:
生成携带锁卡标识信息的锁卡密钥参数, 所述锁卡密钥参数的存储方式 包括在非机要数据区设置的非易失性参数、 文件或数据库, 其中 所述锁卡标识信息表明本装置是锁卡装置, 在所述装置解除锁卡成功 时, 所述锁卡标识信息被解密信息替代, Generating a lock card key parameter carrying the lock card identification information, and storing the lock card key parameter The non-volatile parameter, file or database set in the non-critical data area, wherein the lock card identification information indicates that the device is a lock card device, and the lock card identification information is successful when the device releases the lock card successfully. Replaced by decrypted information,
所述解密信息是通过使用所述装置特征码或所述装置特征码的变化码 执行加密算法而生成的。  The decryption information is generated by performing an encryption algorithm using the device signature or the change code of the device signature.
7、 根据权利要求 6所述的方法, 其特征在于, 所述方法还包括: 获取所述解密信息并根据所述解密信息执行解密算法;  The method according to claim 6, wherein the method further comprises: acquiring the decryption information and executing a decryption algorithm according to the decryption information;
当根据所述解密信息执行解密算法成功时, 则存储所述解密信息以替代 所述锁卡密钥参数携带的锁卡标识信息。  When the decryption algorithm is successfully executed according to the decryption information, the decryption information is stored to replace the lock card identification information carried by the lock card key parameter.
8、 根据权利要求 6或 7所述的方法, 其特征在于, 所述加密算法或所 述解密算法包括:  The method according to claim 6 or 7, wherein the encryption algorithm or the decryption algorithm comprises:
非对称加解密算法或消息摘要算法第九版。  Asymmetric encryption and decryption algorithm or message digest algorithm ninth edition.
9、 一种信息安全处理的装置, 其特征在于, 所述装置包括:  9. An apparatus for information security processing, the apparatus comprising:
第一存储单元, 用于在装置的芯片的一次性写入区域存储装置特征码或 装置特征码的变化码, 以建立所述装置和所述装置特征码之间的锁定关系, 其中  a first storage unit, configured to store a change code of the device feature code or the device feature code in the write-once area of the chip of the device, to establish a locking relationship between the device and the device feature code, where
所述装置特征码的变化码是一部分所述装置特征码、经算法处理的所述 装置特征码、 经算法处理的一部分所述装置特征码、 经算法处理的所述装置 特征码的一部分或经算法处理的一部分所述装置特征码的一部分;  The change code of the device feature code is a part of the device feature code, the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm, a part of the device feature code processed by the algorithm or Part of the device feature code processed by the algorithm;
检验单元, 用于检验所述装置和所述装置特征码之间的锁定关系, 如果 检验到所述装置特征码或装置特征码的变化码与装置不符, 终端不能正常工 作, 如果检验到所述装置特征码或装置特征码的变化码与装置相符, 终端正 常工作。  a verification unit, configured to check a locking relationship between the device and the device feature code, if it is verified that the device code or the device code change code does not match the device, the terminal cannot work normally, if the check is The change code of the device feature code or the device feature code is consistent with the device, and the terminal works normally.
10、 根据权利要求 9所述的装置, 其特征在于:  10. Apparatus according to claim 9 wherein:
所述第一存储单元具体用于在所述装置的芯片的电保险丝 EFUSE中存 储装置特征码或装置特征码的变化码。  The first storage unit is specifically configured to store a device feature code or a change code of the device feature code in the electrical fuse EFUSE of the chip of the device.
11、 根据权利要求 9所述的装置, 其特征在于, 所述经算法处理的所述 装置特征码、 经算法处理的一部分所述装置特征码、 经算法处理的所述装置 特征码的一部分或经算法处理的一部分所述装置特征码的一部分包括: 经哈希算法或哈希算法的衍生算法处理的所述装置特征码, 或 经哈希算法或哈希算法的衍生算法处理的一部分所述装置特征码, 或 经哈希算法或哈希算法的衍生算法处理的所述装置特征码的一部分, 或 经哈希算法或哈希算法的衍生算法处理的一部分所述装置特征码的一 部分。 The device according to claim 9, wherein the device feature code processed by the algorithm, a part of the device feature code processed by an algorithm, a part of the device feature code processed by an algorithm or Part of the apparatus feature code processed by the algorithm comprises: the device feature code processed by a hash algorithm or a derivative algorithm of a hash algorithm, or a part of the processing by a hash algorithm or a hash algorithm Device signature, or A portion of the device signature code processed by a hash algorithm or a hash algorithm derived algorithm, or a portion of the device signature code processed by a hash algorithm or a hash algorithm derived algorithm.
12、 根据权利要求 9所述的装置, 其特征在于, 所述装置特征码包括: 国际移动设备身份码 IMEI、 用户身份模块 SIM卡卡号、 银行卡卡号、 交通卡卡号、 社保卡卡号、 身份证号码、 驾 3史证号码或医保卡卡号。  The device according to claim 9, wherein the device feature code comprises: an international mobile device identity code IMEI, a user identity module SIM card number, a bank card number, a traffic card number, a social security card number, and an ID card. Number, driving 3 history card number or medical insurance card number.
13、 根据权利要求 12所述的装置, 其特征在于:  13. Apparatus according to claim 12 wherein:
当所述装置特征码是国际移动设备身份码 IMEI时, 所述装置特征码的 变化码是所述国际移动设备身份码 IMEI中的序号码 SNR。  When the device feature code is an international mobile device identity code IMEI, the change code of the device feature code is the sequence number SNR in the international mobile device identity code IMEI.
14、 根据权利要求 9-13 中任一项所述的装置, 其特征在于, 所述装置 还包括:  14. Apparatus according to any one of claims 9-13, wherein the apparatus further comprises:
生成单元, 用于生成携带锁卡标识信息的锁卡密钥参数, 所述锁卡密钥 参数的存储方式包括在非机要数据区设置的非易失性参数、 文件或数据库, 其中  a generating unit, configured to generate a lock card key parameter carrying the lock card identification information, where the lock card key parameter is stored in a non-volatile parameter, a file or a database set in the non-malidata data area, where
所述锁卡标识信息表明本装置是锁卡装置, 在所述装置解除锁卡成功 时, 所述锁卡标识信息被解密信息替代,  The lock card identification information indicates that the device is a lock card device, and when the device is successfully unlocked, the lock card identification information is replaced by the decrypted information.
所述解密信息是通过使用所述装置特征码或所述装置特征码的变化码 执行加密算法而生成的。  The decryption information is generated by performing an encryption algorithm using the device signature or the change code of the device signature.
15、 根据权利要求 14所述的装置, 其特征在于, 所述装置还包括: 解密单元, 用于获取所述解密信息并根据所述解密信息执行解密算法; 第二存储单元, 用于当根据所述解密信息执行解密算法成功时, 则存储 所述解密信息以替代所述锁卡密钥参数携带的锁卡标识信息。  The device according to claim 14, wherein the device further comprises: a decrypting unit, configured to acquire the decrypted information and execute a decryption algorithm according to the decrypted information; and a second storage unit, configured to When the decryption information is successful, the decryption information is stored to replace the lock card identification information carried by the lock card key parameter.
16、 根据权利要求 14或 15所述的装置, 其特征在于, 所述加密算法或 所述解密算法包括:  The device according to claim 14 or 15, wherein the encryption algorithm or the decryption algorithm comprises:
非对称加解密算法或消息摘要算法第九版。  Asymmetric encryption and decryption algorithm or message digest algorithm ninth edition.
PCT/CN2011/076998 2011-07-08 2011-07-08 Information security processing method and device WO2012106878A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2011/076998 WO2012106878A1 (en) 2011-07-08 2011-07-08 Information security processing method and device
CN2011800011388A CN102301381A (en) 2011-07-08 2011-07-08 Method and device for processing information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/076998 WO2012106878A1 (en) 2011-07-08 2011-07-08 Information security processing method and device

Publications (1)

Publication Number Publication Date
WO2012106878A1 true WO2012106878A1 (en) 2012-08-16

Family

ID=45360528

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/076998 WO2012106878A1 (en) 2011-07-08 2011-07-08 Information security processing method and device

Country Status (2)

Country Link
CN (1) CN102301381A (en)
WO (1) WO2012106878A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9443270B1 (en) 2013-09-17 2016-09-13 Allstate Insurance Company Obtaining insurance information in response to optical input
US9650007B1 (en) 2015-04-13 2017-05-16 Allstate Insurance Company Automatic crash detection
US10032226B1 (en) 2013-03-08 2018-07-24 Allstate Insurance Company Automatic exchange of information in response to a collision event
US10083551B1 (en) 2015-04-13 2018-09-25 Allstate Insurance Company Automatic crash detection
US10121204B1 (en) 2013-03-08 2018-11-06 Allstate Insurance Company Automated accident detection, fault attribution, and claims processing
US10417713B1 (en) 2013-03-08 2019-09-17 Allstate Insurance Company Determining whether a vehicle is parked for automated accident detection, fault attribution, and claims processing
US10572943B1 (en) 2013-09-10 2020-02-25 Allstate Insurance Company Maintaining current insurance information at a mobile device
US10713717B1 (en) 2015-01-22 2020-07-14 Allstate Insurance Company Total loss evaluation and handling system and method
US10902525B2 (en) 2016-09-21 2021-01-26 Allstate Insurance Company Enhanced image capture and analysis of damaged tangible objects
US10963966B1 (en) 2013-09-27 2021-03-30 Allstate Insurance Company Electronic exchange of insurance information
US11361380B2 (en) 2016-09-21 2022-06-14 Allstate Insurance Company Enhanced image capture and analysis of damaged tangible objects
US11720971B1 (en) 2017-04-21 2023-08-08 Allstate Insurance Company Machine learning based accident assessment

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752754B (en) * 2012-06-21 2016-05-25 华为终端有限公司 Subscriber Identity Module lock data are carried out method and the mobile terminal of safety certification
CN103179567A (en) * 2013-04-22 2013-06-26 东信和平科技股份有限公司 Processing method and device for realizing communication authentication of unified equipment and subscriber identity module (UE-SIM) card
CN103279705A (en) * 2013-05-14 2013-09-04 上海华为技术有限公司 Validation method and validation device of chip with secure booting function
CN104185167B (en) * 2013-05-20 2019-03-01 华为技术有限公司 A kind of method and terminal updating terminal card-locking information
CN104519479B (en) 2013-09-27 2019-06-11 中兴通讯股份有限公司 A kind of method of terminal and its lock network and unlocking locked network
CN105224374A (en) * 2015-11-11 2016-01-06 深圳市捷顺科技实业股份有限公司 A kind of guard method of target execute file, Apparatus and system
CN107451432A (en) * 2016-05-30 2017-12-08 深圳市中兴微电子技术有限公司 A kind of startup program inspection method and device
CN110941843B (en) * 2019-11-22 2022-03-29 北京明略软件系统有限公司 Encryption implementation method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1794852A (en) * 2004-12-22 2006-06-28 Lg电子株式会社 Method and apparatus for preventing hacking of subscriber identitification module in a mobile communication terminal
CN1913679A (en) * 2006-08-25 2007-02-14 华为技术有限公司 Protection method and system for preventing fraudulent use of mobile terminal
CN101437067A (en) * 2008-12-05 2009-05-20 中兴通讯股份有限公司 Mobile terminal and method for implementing network and card locking
CN101888448A (en) * 2010-06-07 2010-11-17 中兴通讯股份有限公司 Method and mobile terminal for locking network and card

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101285848B (en) * 2008-05-28 2010-06-02 炬力集成电路设计有限公司 Method and device for correcting and obtaining reference voltage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1794852A (en) * 2004-12-22 2006-06-28 Lg电子株式会社 Method and apparatus for preventing hacking of subscriber identitification module in a mobile communication terminal
CN1913679A (en) * 2006-08-25 2007-02-14 华为技术有限公司 Protection method and system for preventing fraudulent use of mobile terminal
CN101437067A (en) * 2008-12-05 2009-05-20 中兴通讯股份有限公司 Mobile terminal and method for implementing network and card locking
CN101888448A (en) * 2010-06-07 2010-11-17 中兴通讯股份有限公司 Method and mobile terminal for locking network and card

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10699350B1 (en) 2013-03-08 2020-06-30 Allstate Insurance Company Automatic exchange of information in response to a collision event
US11669911B1 (en) 2013-03-08 2023-06-06 Allstate Insurance Company Automated accident detection, fault attribution, and claims processing
US10032226B1 (en) 2013-03-08 2018-07-24 Allstate Insurance Company Automatic exchange of information in response to a collision event
US11158002B1 (en) 2013-03-08 2021-10-26 Allstate Insurance Company Automated accident detection, fault attribution and claims processing
US10121204B1 (en) 2013-03-08 2018-11-06 Allstate Insurance Company Automated accident detection, fault attribution, and claims processing
US10417713B1 (en) 2013-03-08 2019-09-17 Allstate Insurance Company Determining whether a vehicle is parked for automated accident detection, fault attribution, and claims processing
US11861721B1 (en) 2013-09-10 2024-01-02 Allstate Insurance Company Maintaining current insurance information at a mobile device
US10572943B1 (en) 2013-09-10 2020-02-25 Allstate Insurance Company Maintaining current insurance information at a mobile device
US11783430B1 (en) 2013-09-17 2023-10-10 Allstate Insurance Company Automatic claim generation
US9443270B1 (en) 2013-09-17 2016-09-13 Allstate Insurance Company Obtaining insurance information in response to optical input
US10255639B1 (en) 2013-09-17 2019-04-09 Allstate Insurance Company Obtaining insurance information in response to optical input
US10963966B1 (en) 2013-09-27 2021-03-30 Allstate Insurance Company Electronic exchange of insurance information
US10713717B1 (en) 2015-01-22 2020-07-14 Allstate Insurance Company Total loss evaluation and handling system and method
US11017472B1 (en) 2015-01-22 2021-05-25 Allstate Insurance Company Total loss evaluation and handling system and method
US11682077B2 (en) 2015-01-22 2023-06-20 Allstate Insurance Company Total loss evaluation and handling system and method
US11348175B1 (en) 2015-01-22 2022-05-31 Allstate Insurance Company Total loss evaluation and handling system and method
US11107303B2 (en) 2015-04-13 2021-08-31 Arity International Limited Automatic crash detection
US10083550B1 (en) 2015-04-13 2018-09-25 Allstate Insurance Company Automatic crash detection
US11074767B2 (en) 2015-04-13 2021-07-27 Allstate Insurance Company Automatic crash detection
US10650617B2 (en) 2015-04-13 2020-05-12 Arity International Limited Automatic crash detection
US10083551B1 (en) 2015-04-13 2018-09-25 Allstate Insurance Company Automatic crash detection
US9916698B1 (en) 2015-04-13 2018-03-13 Allstate Insurance Company Automatic crash detection
US10223843B1 (en) 2015-04-13 2019-03-05 Allstate Insurance Company Automatic crash detection
US9767625B1 (en) 2015-04-13 2017-09-19 Allstate Insurance Company Automatic crash detection
US9650007B1 (en) 2015-04-13 2017-05-16 Allstate Insurance Company Automatic crash detection
US10902525B2 (en) 2016-09-21 2021-01-26 Allstate Insurance Company Enhanced image capture and analysis of damaged tangible objects
US11361380B2 (en) 2016-09-21 2022-06-14 Allstate Insurance Company Enhanced image capture and analysis of damaged tangible objects
US11720971B1 (en) 2017-04-21 2023-08-08 Allstate Insurance Company Machine learning based accident assessment

Also Published As

Publication number Publication date
CN102301381A (en) 2011-12-28

Similar Documents

Publication Publication Date Title
WO2012106878A1 (en) Information security processing method and device
FI114416B (en) Method for securing the electronic device, the backup system and the electronic device
US7886355B2 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
JP4668619B2 (en) Device key
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
TWI416932B (en) Device bound flashing/booting for cloning prevention
JP7277270B2 (en) Personalization of Integrated Circuits Generated with Embedded Root of Trust Secrets
US20050283662A1 (en) Secure data backup and recovery
CN110688660B (en) Method and device for safely starting terminal and storage medium
CN104639506B (en) Method, system and the terminal for carrying out management and control are installed to application program
US8392724B2 (en) Information terminal, security device, data protection method, and data protection program
WO2019109968A1 (en) Method for unlocking sim card and mobile terminal
AU2009334099A1 (en) Remote update method for firmware
CN104868998A (en) System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices
CN112468294A (en) Access method and authentication equipment for vehicle-mounted TBOX
KR20070059891A (en) Application authentication security system and method thereof
CN106778227A (en) Applied program processing method, application program launching method and device
CN115150193A (en) Method and system for encrypting sensitive information in data transmission and readable storage medium
CN114491682A (en) Virtual subscriber identity module and virtual smart card
KR100749868B1 (en) Device Keys
CN114650175B (en) Verification method and device
JP5180264B2 (en) Device key
CN115037496A (en) Endpoint customization via online firmware stores
CN115643060A (en) Firmware file execution method and device
CN115037491A (en) Subscription sharing in a group of endpoints with memory devices protected for reliable authentication

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180001138.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11858293

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11858293

Country of ref document: EP

Kind code of ref document: A1