CN112637855B

CN112637855B - Machine-card binding method based on block chain and server

Info

Publication number: CN112637855B
Application number: CN202011482006.9A
Authority: CN
Inventors: 李张铮; 陈海; 连慧; 洪林梦涵; 陈锋; 潘晓宇; 张雪平
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2020-12-15
Filing date: 2020-12-15
Publication date: 2022-11-29
Anticipated expiration: 2040-12-15
Also published as: CN112637855A

Abstract

The application provides a machine-card binding method and a server based on a block chain. The method comprises the following steps: after acquiring a binding request sent by a terminal, a server determines a first signature message of an SIM card and a first identity public key of the terminal corresponding to the binding request according to the binding request. The first signature message of the SIM card may be generated according to the SIM card information and a first preset hash algorithm. The first identity public key of the terminal can be generated by the terminal feature code through an asymmetric encryption algorithm. And the server generates a new SIM card block by taking the first signature message of the SIM card as the data block identifier and the first identity public key of the terminal as the data block identifier. The server inserts the new SIM card block into the SIM card block chain. The method improves the safety of the machine-card binding information and avoids the problem that the machine-card binding information is tampered.

Description

Machine-card binding method based on block chain and server

Technical Field

The present application relates to the field of communications technologies, and in particular, to a block chain-based machine-card binding method and a server.

Background

In the use of the terminal and the SIM card, the connection is usually unstable, and the terminal can replace the SIM card, and the SIM card can also replace the terminal. Therefore, in some scenarios that require unique binding of the SIM card and the terminal, such as use of a Customer Premise Equipment (CPE), the connection manner between the SIM card and the terminal is not secure.

For this situation, in the prior art, the SIM card and the terminal may be bound by a machine-card binding method. At present, a common machine-card binding method is generally implemented by sending a proactive command to a terminal through a SIM card. And after receiving the active command sent by the SIM card, the terminal sends binding information to the SIM card, thereby realizing the binding of the SIM card and the terminal.

However, the binding mode has the problems of easy tampering and low security.

Disclosure of Invention

The application provides a machine-card binding method and a server based on a block chain, which are used for solving the problems that the binding mode in the prior art is easy to be tampered and the safety is low.

In a first aspect, the present application provides a machine-card binding method based on a block chain, including:

acquiring a first signature message of an SIM card and a first identity public key of a terminal;

generating a new SIM card block according to the first SIM card signature message and the first terminal identity public key, wherein the new SIM card block comprises a data block identifier and data block data, the first SIM card signature message is the data block identifier, and the first terminal identity public key is the data block data;

and inserting the new SIM card block into a SIM card block chain.

Optionally, the method further comprises:

acquiring a first signature message of a terminal and a first identity public key of an SIM card;

generating a new terminal block according to the first terminal signature message and the first SIM card identity public key, wherein the new terminal block comprises a data block identifier and data block data, the first terminal signature message is the data block identifier, and the first SIM card identity public key is the data block data;

inserting the new terminal block into a terminal block chain;

optionally, the method comprises:

generating a first identity private key of the SIM card and a first identity public key of the SIM card according to the SIM card characteristic code;

and generating a first signature message of the SIM card according to the SIM card information and a first preset Hash algorithm, wherein the first signature message of the SIM card is obtained by encrypting the SIM card information through the first preset Hash algorithm.

Optionally, the method comprises:

generating a first terminal identity private key and a first terminal identity public key according to the terminal feature codes;

and generating a first signature message of the terminal according to the terminal information and a second preset hash algorithm, wherein the first signature message of the terminal is obtained by encrypting the terminal information through the second preset hash algorithm.

Optionally, after the machine-card binding is completed, the method includes:

acquiring a second signature message of the SIM card to be verified, a second identity private key of the terminal to be verified and a second signature message of the terminal, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through the first preset hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through the second preset hash algorithm, and the second identity private key of the terminal is generated according to the terminal feature code of the terminal to be verified;

reporting a terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to an SIM card block chain, wherein the terminal digital signature is obtained by digitally signing the terminal second signature message through a terminal second identity private key;

matching the data block identifications of all SIM card block chains with the second signature message of the SIM card, and determining the SIM card block of the SIM card to be verified;

and verifying the terminal digital signature according to the terminal first identity public key and the terminal second signature message in the SIM card block of the SIM card to be verified, and determining a verification result.

Optionally, after the machine-card binding is completed, the method includes:

acquiring a second signature message of an SIM card to be verified, a second identity private key of the SIM card and a second signature message of a terminal to be verified, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset Hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information through a second preset Hash algorithm;

reporting an SIM card digital signature of an SIM card to be verified, a second signature message of the SIM card and the second signature message of the terminal to a terminal block chain, wherein the SIM card digital signature is obtained by digitally signing the second signature message of the SIM card through a second identity private key of the SIM card;

matching the data block identifications of all terminal block chains with the terminal second signature message, and determining the terminal block of the terminal to be verified;

verifying the digital signature of the SIM card according to a first identity public key of the SIM card in the terminal block of the terminal to be verified and the second signature message of the SIM card, and determining a verification result;

optionally, the method further includes:

judging whether the machine and the card are separated or not according to the verification result;

and when the machine card is separated, limiting the access to the network of the terminal to be verified or the SIM card to be verified.

In a second aspect, the present application provides a machine-card binding apparatus based on a block chain, including:

the first acquisition module is used for acquiring a first signature message of the SIM card and a first identity public key of the terminal;

the first generation module is used for generating a new SIM card block according to the first SIM card signature message and the first terminal identity public key, wherein the new SIM card block comprises a data block identifier and data block data, the first SIM card signature message is the data block identifier, and the first terminal identity public key is the data block data;

and the first inserting module is used for inserting the new SIM card block into the SIM card block chain.

Optionally, the apparatus further comprises:

the second acquisition module is used for acquiring the first signature message of the terminal and the first identity public key of the SIM card;

a second generating module, configured to generate a new terminal block according to the first terminal signature message and the first SIM card identity public key, where the new terminal block includes a data block identifier and data block data, the first terminal signature message is the data block identifier, and the first SIM card identity public key is the data block data;

the second insertion module is used for inserting the terminal new block into the terminal block chain;

optionally, the generation process of the SIM card data may include: generating a first identity private key of the SIM card and a first identity public key of the SIM card according to the characteristic code of the SIM card; and generating a first signature message of the SIM card according to the SIM card information and a first preset Hash algorithm, wherein the first signature message of the SIM card is obtained by encrypting the SIM card information through the first preset Hash algorithm.

Optionally, the generating process of the terminal data may include: generating a first terminal identity private key and a first terminal identity public key according to the terminal feature codes; and generating a first signature message of the terminal according to the terminal information and a second preset hash algorithm, wherein the first signature message of the terminal is obtained by encrypting the terminal information through the second preset hash algorithm.

Optionally, after the machine-card binding is completed, the apparatus includes:

a third obtaining module, configured to obtain a second signature message of an SIM card of the SIM card to be verified, a second identity key of the terminal to be verified, and a second signature message of the terminal, where the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through the first preset hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through the second preset hash algorithm, and the second identity key of the terminal is generated according to a terminal feature code of the terminal to be verified;

the first reporting module is used for reporting the terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to an SIM card block chain, wherein the terminal digital signature is obtained by digitally signing the terminal second signature message through the terminal second identity private key;

the first determining module is used for matching the data block identifications of all SIM card block chains with the second signature message of the SIM card and determining the SIM card block of the SIM card to be verified;

and the first verification module is used for verifying the terminal digital signature according to the terminal first identity public key and the terminal second signature message in the SIM card block of the SIM card to be verified and determining a verification result.

a fourth obtaining module, configured to obtain a second signature message of an SIM card of the SIM card to be verified, a second identity private key of the SIM card, and a second signature message of the terminal to be verified, where the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through the first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information through the second preset hash algorithm;

the second reporting module is used for reporting the SIM card digital signature of the SIM card to be verified, the SIM card second signature message and the terminal second signature message to the terminal block chain, wherein the SIM card digital signature is obtained by digitally signing the SIM card second signature message through the SIM card second identity private key;

the second determining module is used for matching the data block identifiers of all terminal block chains with the terminal second signature message and determining the terminal block of the terminal to be verified;

the second verification module is used for verifying the digital signature of the SIM card according to the first identity public key of the SIM card in the terminal block of the terminal to be verified and the second signature message of the SIM card and determining a verification result;

optionally, the apparatus further comprises:

the judging module is used for judging whether the machine card separation occurs according to the verification result;

and the limiting module is used for limiting the access to the network of the terminal to be verified or the SIM card to be verified when the set card is separated.

In a third aspect, the present application provides a server, comprising: the memory is used for storing computer programs, and the processor is used for realizing the machine-card binding method based on the block chain in any one of the possible designs of the first aspect and the first aspect according to the computer programs stored in the memory.

In a fourth aspect, the present application provides a readable storage medium, where an execution instruction is stored, and when at least one processor of a server executes the execution instruction, the server executes the method for machine-card binding based on a blockchain in any one of possible designs of the first aspect and the first aspect.

In a fifth aspect, the present application provides a computer program product, the computer program product including a computer program, which when executed by a processor, implements the method for machine-card binding based on a blockchain in the first aspect and any one of the possible designs of the first aspect.

According to the machine-card binding method and the server based on the block chain, after a binding request sent by a terminal is obtained, a first signature message of an SIM card and a first identity public key of the terminal corresponding to the binding request are determined according to the binding request; the SIM card first signature message can be generated according to the SIM card information and a first preset Hash algorithm; the first identity public key of the terminal can be generated by a terminal feature code through an asymmetric encryption algorithm; generating a new SIM card block by taking the first signature message of the SIM card as a data block identifier and the first identity public key of the terminal as data block data; and the new SIM card block is inserted into the SIM card block chain, so that the safety of the machine-card binding information is improved, and the problem that the machine-card binding information is tampered is solved.

Drawings

In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic diagram of a machine-card binding scenario based on a block chain according to an embodiment of the present application;

fig. 2 is a flowchart of a machine-card binding method based on a block chain according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a new block of a SIM card according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of a block chain according to an embodiment of the present application;

fig. 5 is a flowchart of another machine-card binding method based on a block chain according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a new block of a terminal according to an embodiment of the present application;

fig. 7 is a flowchart of another machine-card binding method based on a block chain according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a machine-card binding apparatus based on a block chain according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of another machine-card binding device based on a block chain according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a machine-card binding system based on a block chain according to an embodiment of the present application;

fig. 11 is a schematic hardware structure diagram of a server according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely with reference to the accompanying drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the use of the terminal and the SIM card, the connection is usually unstable, and the terminal can replace the SIM card, and the SIM card can also replace the terminal. Therefore, in some scenarios where the SIM card needs to be uniquely bound to the terminal, the connection between the SIM card and the terminal is not secure. For example, with the arrival of the 5G era and the vigorous development of private networks of the administrative and enterprise industries, more and more products of the administrative and enterprise industries select 5G wireless access. Customer Premise Equipment (CPE) is one of the important access devices. The CPE is just one device that needs to guarantee unique binding of the SIM card and the terminal. Because the price of the 5G government-enterprise private network package is cheaper than that of the traditional package, the situation that the user pulls out the SIM card in the CPE and puts the SIM card in the mobile phone for continuous use easily occurs. Meanwhile, after the 5G government-enterprise private network signs a long-term contract, the CPE can be used for free generally, but during the use, the user may have the situation of replacing SIM cards of other operators midway. Therefore, in order to guarantee the only binding of the CPE and its SIM, a machine-card binding method needs to be used to guarantee that the CPE uses the SIM card bound to it, or that the SIM card is used in the CPE bound to it.

At present, the common machine-card binding method is usually implemented by sending an active command to the terminal by the SIM card. And after receiving the active command sent by the SIM card, the terminal sends binding information to the SIM card, thereby realizing the binding of the SIM card and the terminal. However, this machine-card binding method requires sending a proactive command through the SIM card. To realize that the SIM card sends the active command, a device for binding the mobile terminal to the SIM card is required to be designed on the SIM card chip. The set of the machine-card binding device has the problem of high requirements on the manufacture and development of an SIM card system. Secondly, the machine-card binding method based on the proactive command usually needs to design a special machine-card interaction protocol signaling flow to ensure correct interaction and binding of the machine card. The set-card interaction protocol signaling flow easily causes additional signaling overhead. Thirdly, the binding direction in the machine-card binding method is unidirectional, and the terminal can only be bound in the SIM card. That is, the SIM card can be used only in the terminal after being bound, but when the terminal changes the SIM card, the terminal can use a new SIM card.

In order to solve the above problems, the present application provides a machine-card binding method based on a block chain. In consideration of binding safety and stability, the block chain is used as a storage mode of the machine-card binding information. According to the method and the device, the public key is enabled to have non-tamper property through the public key storage based on the block chain, so that the safety of the public key is improved, and meanwhile, the validity of verification is improved. In order to guarantee the unique binding of the terminal and the SIM card and avoid the condition that the SIM card is bound with the terminal but the SIM card is not bound with the terminal, the application provides a bidirectional binding method of the machine card. In the application, the server uses the first signature message of the SIM card as the data block identifier, and uses the first identity public key of the terminal as the data block identifier to generate a new SIM card block, which is inserted into the SIM card block chain. And the server also takes the first signature message of the terminal as a data block identifier and takes the first identity public key of the SIM card as data block data to generate a new terminal block and inserts the new terminal block into a terminal block chain. Furthermore, during subsequent boot, the terminal and the SIM card can implement bidirectional authentication through the SIM card block chain or the terminal block chain. In addition, because the registration and verification processes are realized in the server, the requirement on the SIM card system is not high, and an additional machine-card signaling interaction flow is not needed.

In addition, the machine-card binding method based on the block chain can be used for machine-card binding and verification and can also be used for machine-card separation detection.

The technical means of the present application will be described in detail with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.

Fig. 1 shows a schematic diagram of a machine-card binding scenario based on a block chain according to an embodiment of the present application. As shown in fig. 1, the machine-card binding scenario includes a terminal and a server into which a SIM card is inserted. And when a new SIM card is inserted into the terminal or after the new SIM card is inserted into the terminal, the terminal is started and sends a binding request to the server. And the server generates a first terminal identity private key, a first terminal identity public key and a first terminal signature message, as well as the first SIM card identity private key, the first SIM card identity public key and the first SIM card signature message according to the binding request of the terminal and the SIM card. And the server generates an SIM card block and a terminal block according to the information. And the server uploads the SIM card block and the terminal block to an SIM card block chain and a terminal block chain respectively. When the terminal is powered on again, the terminal sends an authentication request to the server. And the server generates a terminal second identity private key, a terminal second signature message and a terminal digital signature according to the verification request of the terminal and the SIM card, and the SIM card second identity private key, the SIM card second signature message and the SIM card digital signature. And the server matches the SIM card blocks from the SIM card block chain according to the second signature message of the SIM card. And after the SIM card block is matched, the server verifies the terminal digital signature according to the first identity public key of the terminal and the second signature message of the terminal. If the digital signature passes the verification, the terminal into which the SIM card is currently inserted is the original terminal. Or the server matches the terminal block from the terminal block chain according to the terminal second signature message. And after the SIM card is matched with the terminal block, the server verifies the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card. And if the digital signature passes the verification, the SIM card used by the terminal is the original SIM card.

In the present application, a server is used as an execution subject to execute the sentence editing method of the following embodiment. Specifically, the execution subject may be a hardware device of the server, or a software application implementing the following embodiments in the server, or a computer-readable storage medium installed with a software application implementing the following embodiments.

Fig. 2 shows a flowchart of a machine-card binding method based on a blockchain according to an embodiment of the present application. Based on the embodiment shown in fig. 1, as shown in fig. 2, with a server as an execution subject, the method of this embodiment may include the following steps:

s101, obtaining a first signature message of the SIM card and a first identity public key of the terminal.

In this embodiment, after acquiring the binding request sent by the terminal, the server determines, according to the binding request, the first signature message of the SIM card and the first identity public key of the terminal that correspond to the server.

The binding request may be sent from the terminal to the server when the terminal is first powered on or the SIM card first applies for network access.

The first signature message of the SIM card and the first identity public key of the terminal may be obtained from the binding request for the server.

Or, the first signature message of the SIM card and the first identity public key of the terminal may also be obtained from the memory for the server. When the first signature message of the SIM card and the first identity public key of the terminal are obtained from the memory by the server, the server may determine the SIM card feature code and the terminal feature code according to the binding request. And the server acquires the pre-stored first signature message of the SIM card and the first identity public key of the terminal from the storage equipment of the server according to the SIM card feature code and the terminal feature code. The SIM card feature code and the terminal feature code are used for uniquely identifying the SIM card and the terminal. The SIM card feature code includes, but is not limited to, IMSI, MSISDN, ICCID, serial number SN, and the like. Wherein, the terminal feature code includes but is not limited to IMEI, MEID, ESN, etc.

Or, the SIM card first signature message and the terminal first identity public key may also be generated by the server according to the SIM card feature code and the SIM card information, and the terminal feature code and the terminal information. The SIM card feature code and the SIM card information as well as the terminal feature code and the terminal information can be acquired by the server according to the binding request. Or the server acquires the SIM card feature code and the terminal feature code from the storage device after determining the SIM card feature code and the terminal feature code according to the binding request. The server generates the SIM card first signature message and the terminal first identity public key according to the SIM card feature code and the SIM card information, and the terminal feature code and the terminal information, by the following examples.

In one example, the generation process of the SIM card parameters may include:

step 1, after obtaining the SIM card characteristic code, the server can generate a first identity private key of the SIM card and a first identity public key of the SIM card according to the SIM card characteristic code.

In this step, the server may generate the first identity private key of the SIM card according to the SIM card feature code based on the asymmetric encryption algorithm. And then, the server generates a first identity public key of the SIM card according to the first identity private key of the SIM card based on the asymmetric encryption algorithm. The asymmetric encryption algorithm may include RSA, elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm), and other existing algorithms, and may also be an improved algorithm.

And 2, after the server acquires the SIM card information, generating a first signature message of the SIM card according to the SIM card information and a first preset Hash algorithm, wherein the first signature message of the SIM card is obtained by encrypting the SIM card information through the first preset Hash algorithm.

In this step, the SIM card information includes, but is not limited to, IMSI, MSISDN, ICCID, serial number SN, and the like. The first preset Hash algorithm may be an existing algorithm such as MD5, HMAC, SHA1, SHA256, or the like, and the Hash algorithm may also be an improved algorithm.

In another example, the generating of the terminal parameter may include:

step 1, after acquiring the terminal feature code, the server can generate a terminal first identity private key and a terminal first identity public key according to the terminal feature code.

In this step, the server may generate the first identity private key of the terminal according to the terminal feature code based on an asymmetric encryption algorithm. And then, the server generates a first identity public key of the terminal according to the first identity private key of the terminal based on the asymmetric encryption algorithm. The asymmetric encryption algorithm may include RSA, elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm), and the like, and may also be implemented for improved computation.

And 2, generating a first signature message of the terminal according to the terminal information and a second preset hash algorithm, wherein the first signature message of the terminal is obtained by encrypting the terminal information through the second preset hash algorithm.

In this step, the terminal information includes, but is not limited to, IMEI, MEID, ESN, and the like. The second preset Hash algorithm may be an existing algorithm such as MD5, HMAC, SHA1, SHA256, or the like, and the Hash algorithm may also be an improved algorithm. The second preset hash algorithm and the first preset hash algorithm may be the same hash algorithm, or the second preset hash algorithm and the first preset hash algorithm may be different hash algorithms, which is not limited in this application.

And S102, generating a new SIM card block according to the first SIM card signature message and the first terminal identity public key, wherein the new SIM card block comprises a data block identifier and data block data, the first SIM card signature message is the data block identifier, and the first terminal identity public key is the data block data.

In this embodiment, the server generates a new SIM card block, which may be as shown in fig. 3. The new block of the SIM card comprises a data block identifier and data block data. And the data block identification content is a first signature message of the SIM card. And the data block data content is a first identity public key of the terminal.

And S103, inserting the SIM card block into the SIM card block chain.

In this embodiment, the SIM card block chain may be as shown in fig. 4, where each block includes five parts, namely an index, a timestamp, a data block, a hash value and a hash value of a previous block. The index is used for uniquely identifying the block in the SIM card block chain. Wherein the timestamp is a time when the block is inserted into the block chain. The content stored in the data block is the content of the SIM card block in S102, that is, the first signature message of the SIM card is used as the data block identifier, and the first identity public key of the terminal is used as the data block content of the data block. The last block hash value is the hash value of the last block of the block in the SIM card block chain, and the last block hash value of the first block is 0.

When a new SIM card block is inserted into the SIM card block chain, the new SIM card block is inserted into the end of the SIM card block chain by using a tail insertion method. The server determines the time stamp of the new block of the SIM card as the insertion time of the new block of the SIM card. And the server determines the index of the new block of the SIM card according to the index of the block chain of the SIM card. The server determines the last block hash value according to the last block of the new block of the SIM card in the SIM card block chain.

The SIM card blockchain may be stored on the server, or the SIM card blockchain may also be stored in a blockchain server. When the SIM card blockchain is stored in the blockchain server, the operation of the blockchain is implemented by the blockchain system.

According to the machine-card binding method based on the block chain, after a server obtains a binding request sent by a terminal, a first signature message of an SIM card and a first identity public key of the terminal corresponding to the server are determined according to the binding request. The first signature message of the SIM card may be generated according to the SIM card information and a first preset hash algorithm. The first identity public key of the terminal can be generated by the terminal feature code through an asymmetric encryption algorithm. And the server generates a new SIM card block by taking the first signature message of the SIM card as the data block identifier and the first identity public key of the terminal as the data block identifier. The server inserts the new SIM card block into the SIM card block chain. According to the method and the device, the SIM card block is generated, the SIM card is bound with the terminal, the SIM card block is inserted into the SIM card block chain, the safety of the machine-card binding information is improved, and the problem that the machine-card binding information is tampered is avoided.

Fig. 5 is a flowchart illustrating another machine-card binding method based on a blockchain according to an embodiment of the present disclosure. On the basis of the embodiments shown in fig. 1 to fig. 4, this embodiment can not only implement the SIM card binding to the terminal, but also implement the terminal binding to the SIM card, thereby implementing the effect of bidirectional binding. As shown in fig. 5, with the server as the execution subject, the method of this embodiment may include the following steps:

s201, acquiring a first signature message of the terminal and a first identity public key of the SIM card.

The terminal first signature message and the SIM card first identity public key may be obtained from the binding request for the server.

Or, the terminal first signature message and the SIM card first identity public key may also be obtained from a memory for the server.

Or, the terminal first signature message and the SIM card first identity public key may also be generated by the server according to the SIM card feature code and the SIM card information, and the terminal feature code and the terminal information. The process of generating the first signature message of the terminal and the first identity public key of the SIM card is similar to the implementation manner of step S101 in the embodiment of fig. 2, and details of this embodiment are not repeated here.

S202, generating a new terminal block according to the first signature message of the terminal and the first identity public key of the SIM card, wherein the new terminal block comprises a data block identifier and data block data, the first signature message of the terminal is the data block identifier, and the first identity public key of the SIM card is the data block data.

In this embodiment, the server generates a new terminal block, which may be as shown in fig. 6. The new block of the terminal comprises a data block identifier and data block data. And the data block identification content is a first signature message of the terminal. And the data block data content is a first identity public key of the SIM card.

And S203, inserting the new terminal block into the terminal block chain.

The chain of termination blocks may be as shown in fig. 4. When the terminal new block is inserted into the terminal block chain, the terminal new block is inserted into the end of the terminal block chain by using a tail insertion method. The server determines the timestamp of the new block of the terminal as the insertion time of the new block of the terminal. And the server determines the index of the new block of the terminal according to the index of the block chain of the terminal. And the server determines the last block hash value according to the last block of the new block of the terminal in the terminal block chain.

According to the machine-card binding method based on the block chain, after a server obtains a binding request sent by a terminal, a first signature message of the terminal and a first identity public key of an SIM card corresponding to the server are determined according to the binding request. The terminal first signature message may be generated according to the terminal information and a second preset hash algorithm. The first identity public key of the SIM card can be generated by the SIM card characteristic code through an asymmetric encryption algorithm. And the server generates a new terminal block by taking the first signature message of the terminal as a data block identifier and taking the first identity public key of the SIM card as data block data. The server inserts the new block of the terminal into the terminal block chain. In the application, the SIM card block is generated, the SIM card is bound with the terminal, the SIM card block is inserted into the SIM card block chain, the safety of the machine-card binding information is improved, and the problem that the machine-card binding information is tampered is avoided. Meanwhile, bidirectional binding is realized through the SIM card block chain and the terminal block chain, and the unique binding effect of the SIM card and the terminal can be better ensured.

For example, in the use of 5G CPE, since the price of a 5G government-enterprise private network package is cheaper than that of a traditional package, in actual use, a situation that a user pulls out a SIM card in the CPE and puts the SIM card in a mobile phone for continuous use easily occurs. To avoid this, the present application implements the binding of the SIM card with the terminal through the embodiment of fig. 2. The server can determine whether the SIM card is stolen or not by inquiring the terminal bound with the SIM card and comparing whether the current terminal is consistent with the bound terminal or not in subsequent use. Meanwhile, since the CPE is used for free after the 5G government-enterprise private network signs a long-term contract, it is easy for the user to replace the SIM card in the CPE with the SIM card of another operator in actual use. To avoid this, the present application implements the binding of the terminal and the SIM card through the embodiment of fig. 5. The server may determine whether the SIM card is replaced by querying the SIM card bound to the terminal in subsequent use and comparing whether the current SIM card is consistent with the bound SIM card.

Fig. 7 is a flowchart illustrating a further method for machine-card binding based on a blockchain according to an embodiment of the present application. On the basis of the embodiments shown in fig. 1 to fig. 6, this embodiment may implement machine-card binding and machine-card verification, so as to determine whether the SIM card is an initial binding SIM card of the terminal or whether the terminal is an initial binding terminal of the SIM card. As shown in fig. 7, with the server as the execution subject, the method of this embodiment may include the following steps:

s301, obtaining a first signature message of the SIM card and a first identity public key of the terminal.

S302, according to the first signature message of the SIM card and the first identity public key of the terminal, a new block of the SIM card is generated, the new block of the SIM card comprises a data block identifier and data block data, the first signature message of the SIM card is the data block identifier, and the first identity public key of the terminal is the data block data.

And S303, inserting the new SIM card block into the SIM card block chain.

Steps S301 to S303 are similar to steps S101 to S103 in the embodiment of fig. 2, and are not described herein again.

S304, obtaining a second signature message of the SIM card to be verified, a second identity private key of the terminal to be verified and a second signature message of the terminal to be verified, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset Hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through a second preset Hash algorithm, and the second identity private key of the terminal is generated according to the terminal feature code of the terminal to be verified.

In this embodiment, after acquiring the verification request sent by the terminal to be verified, the server determines, according to the verification request, the second signature message of the SIM card, the second identity private key of the terminal, and the second signature message of the terminal corresponding to the server.

The authentication request can be sent to the server by the terminal to be authenticated when the terminal is powered on again or requests for network access again.

The second signature message of the SIM card of the terminal to be verified, the second identity private key of the terminal, and the second signature message of the terminal may be obtained from the verification request by the server.

Or, the second signature message of the SIM card, the second identity private key of the terminal, and the second signature message of the terminal may also be obtained from the memory for the server. At this time, the verification request includes the SIM card feature code of the SIM card to be verified and the terminal feature code of the terminal to be verified. And the server directly obtains the SIM card characteristic code and the terminal characteristic code from the memory of the server according to the SIM card characteristic code and the terminal characteristic code.

Or, the second signature message of the SIM card, the second identity private key of the terminal, and the second signature message of the terminal may also be generated by the server according to the SIM card feature code and the SIM card information of the SIM card to be verified and the terminal feature code and the terminal information of the terminal to be verified. The generating process is similar to the implementation manner of step S101 in the embodiment of fig. 2, and details of this embodiment are not repeated here.

S305, reporting a terminal digital signature of the terminal to be verified, a terminal second signature message and an SIM card second signature message to an SIM card block chain, wherein the terminal digital signature is obtained by digitally signing the terminal second signature message through a terminal second identity private key.

In this embodiment, after acquiring the terminal second identity private key and the terminal second signature message, the server performs digital signature on the terminal second signature message by using the terminal second identity private key to obtain a terminal digital signature. And the server reports the terminal digital signature, the terminal second signature message and the SIM card second signature message to the SIM card block chain together.

And S306, matching the data block identifications of all the SIM card block chains with the second signature message of the SIM card, and determining the SIM card block of the SIM card to be verified.

In this embodiment, the block chain matches the SIM card block of the SIM card to be verified in the SIM card block chain corresponding to the second signature message of the SIM card reported by the server. Specifically, the server obtains a data block identifier of each SIM card block in the SIM card block chain. And the server determines the SIM card blocks in the SIM card block chain, which have the same data block identifier as the second signature message of the SIM card, by matching the data block identifier with the second signature message of the SIM card. And the server determines the SIM card block as the SIM card block of the SIM card to be verified.

And S307, verifying the terminal digital signature according to the terminal first identity public key and the terminal second signature message in the SIM card block of the SIM card to be verified, and determining a verification result.

In this embodiment, after determining the SIM card block of the SIM card to be verified, the server obtains data block data of the SIM card block. The data block data is a terminal first identity public key of an original matching terminal of the SIM card to be verified. And the server verifies the digital signature of the terminal according to the first terminal identity public key and the second terminal signature message which are originally matched with the terminal. And if the verification is successful, the terminal to be verified and the original matching terminal are the same terminal. And if the verification fails, the terminal to be verified and the original matching terminal are different terminals.

S308, acquiring a first signature message of the terminal and a first identity public key of the SIM card.

S309, generating a new terminal block according to the first signature message of the terminal and the first identity public key of the SIM card, wherein the new terminal block comprises a data block identifier and data block data, the first signature message of the terminal is the data block identifier, and the first identity public key of the SIM card is the data block data.

And S310, inserting the terminal new block into the terminal block chain.

Steps S308 to S310 are similar to steps S201 to S203 in the embodiment of fig. 5, and are not described again in this embodiment.

S311, obtaining a second signature message of the SIM card to be verified, a second identity private key of the SIM card and a second signature message of the terminal to be verified, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset Hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information through a second preset Hash algorithm.

In this embodiment, after acquiring the verification request sent by the terminal to be verified, the server determines, according to the verification request, the second signature message of the SIM card, the second identity private key of the SIM card, and the second signature message of the terminal that correspond to the server.

The second signature message of the SIM card of the terminal to be verified, the second identity private key of the SIM card, and the second signature message of the terminal may be obtained from the verification request by the server.

Or, the second signature message of the SIM card, the second identity private key of the SIM card, and the second signature message of the terminal may also be obtained from the memory for the server. At this time, the verification request includes the SIM card feature code of the SIM card to be verified and the terminal feature code of the terminal to be verified. And the server directly obtains the SIM card characteristic code and the terminal characteristic code from the memory of the server according to the SIM card characteristic code and the terminal characteristic code.

Or the second signature message of the SIM card, the second identity private key of the SIM card and the second signature message of the terminal may also be generated by the server according to the SIM card feature code and the SIM card information of the SIM card to be verified and the terminal feature code and the terminal information of the terminal to be verified. The generating process is similar to the implementation manner of step S101 in the embodiment of fig. 2, and details of this embodiment are not repeated here.

And S312, reporting the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card and the second signature message of the terminal to a terminal block chain, wherein the SIM card digital signature is obtained by digitally signing the second signature message of the SIM card through a second identity private key of the SIM card.

In this embodiment, after obtaining the second identity private key of the SIM card and the second signature message of the SIM card, the server performs digital signature on the second signature message of the SIM card by using the second identity private key of the SIM card, so as to obtain the digital signature of the SIM card. And the server reports the SIM card digital signature, the SIM card second signature message and the terminal second signature message to the terminal block chain.

And S313, matching the data block identifications of all the terminal block chains with the second signature message of the terminal, and determining the terminal block of the terminal to be verified.

In this embodiment, the block chain matches, in the terminal block chain, the terminal block of the terminal to be verified corresponding to the terminal second signature message reported by the server. Specifically, the server obtains a data block identifier of each terminal block in the terminal block chain. And the server determines the terminal block in the terminal block chain, which has the same data block identifier as the terminal second signature message, by matching the data block identifier with the terminal second signature message. And the server determines that the terminal block is the terminal block of the terminal to be verified.

And S314, verifying the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card in the terminal block of the terminal to be verified, and determining a verification result.

In this embodiment, after determining the terminal block of the terminal to be verified, the server obtains data block data of the terminal block. The data block data is a first identity public key of the SIM card of the terminal to be verified, which is originally matched with the SIM card. And the server verifies the digital signature of the SIM card according to the first identity public key of the SIM card originally matched with the SIM card and the second signature message of the SIM card. If the verification is successful, the SIM card to be verified and the original matched SIM card are the same SIM card. If the verification fails, the SIM card to be verified and the original matched SIM card are different SIM cards.

And S315, judging whether the machine card separation occurs or not according to the verification result.

In this embodiment, the server obtains the verification result determined in S307 or S308. And the server determines whether the SIM card to be verified and the terminal to be verified are the originally matched SIM card and terminal according to the verification result. And if the SIM card to be verified and the terminal to be verified are the originally matched SIM card and terminal, the machine-card separation does not occur. And if the SIM card to be verified and the terminal to be verified are inconsistent with the originally matched SIM card and terminal, machine-card separation occurs.

And S316, when the machine card is separated, limiting the access to the network of the terminal to be verified or the SIM card to be verified.

In this embodiment, when the set-card separation occurs, the server restricts access to the network to the terminal to be verified or the SIM card to be verified, so as to ensure the validity of the set-card binding.

According to the machine-card binding method based on the block chain, the server respectively stores the binding information of the SIM card and the terminal into the SIM card block chain and the terminal block chain, so that the bidirectional binding of the SIM card and the terminal is realized. Meanwhile, the server determines whether the machine-card separation occurs or not by verifying whether the binding terminal of the SIM to be verified is consistent with the terminal to be verified or not and whether the binding SIM card of the terminal to be verified is consistent with the SIM card to be verified or not. And when the server determines that the machine card is separated, the server limits the access to the network of the terminal to be verified or the SIM card to be verified. According to the method and the device, the terminal to be verified or the SIM card to be verified is subjected to bidirectional verification, so that the uniqueness of the binding of the SIM card and the terminal is ensured, the binding reliability is improved, and the validity of the machine-card binding is realized under the condition that the SIM card and the terminal are required to be uniquely bound.

On the basis of the foregoing embodiments, it should be noted that the machine-card binding method based on the digital signature mechanism used in the present application is not limited to generating the SIM card block and the terminal block, and storing them in the corresponding block chain. The machine-card binding method can also generate an SIM card data table and a terminal data table, and store the data table into a corresponding big data table or a corresponding database.

Fig. 8 is a schematic structural diagram of a machine-card binding apparatus based on a block chain according to an embodiment of the present application, and as shown in fig. 8, a machine-card binding apparatus 10 based on a block chain according to this embodiment is used to implement operations corresponding to a server in any of the method embodiments described above, where the machine-card binding apparatus 400 based on a block chain according to this embodiment further includes:

a first obtaining module 401, configured to obtain a first signature message of the SIM card and a first identity public key of the terminal.

The first generating module 402 is configured to generate a new SIM card block according to a first SIM card signature message and a first terminal identity public key, where the new SIM card block includes a data block identifier and data block data, the first SIM card signature message is the data block identifier, and the first terminal identity public key is the data block data.

A first inserting module 403, configured to insert a new SIM card block into the SIM card block chain.

In one example, the generation of the SIM card data may include: and generating a first identity private key of the SIM card and a first identity public key of the SIM card according to the SIM card characteristic code. And generating a first signature message of the SIM card according to the SIM card information and a first preset Hash algorithm, wherein the first signature message of the SIM card is obtained by encrypting the SIM card information through the first preset Hash algorithm.

In another example, the generating of the terminal data may include: and generating a first terminal identity private key and a first terminal identity public key according to the terminal characteristic codes. And generating a first signature message of the terminal according to the terminal information and a second preset hash algorithm, wherein the first signature message of the terminal is obtained by encrypting the terminal information through the second preset hash algorithm.

The block chain-based machine-card binding apparatus 10 provided in the embodiment of the present application may implement the method embodiment, and for details of implementation principles and technical effects, reference may be made to the method embodiment, which is not described herein again.

Fig. 9 shows a schematic structural diagram of another block chain-based machine-card binding apparatus provided in an embodiment of the present application, and as shown in fig. 9, the block chain-based machine-card binding apparatus 10 of this embodiment is used to implement operations corresponding to a server in any of the method embodiments described above, and the block chain-based machine-card binding apparatus 10 of this embodiment further includes:

a second obtaining module 404, configured to obtain the terminal first signature message and the SIM card first identity public key.

A second generating module 405, configured to generate a new terminal block according to the first terminal signature message and the first SIM card public key, where the new terminal block includes a data block identifier and data block data, the first terminal signature message is the data block identifier, and the first SIM card public key is the data block data.

A second inserting module 406, configured to insert the terminal new block into the terminal block chain.

The third obtaining module 407 is configured to obtain a second signature message of the SIM card to be verified, a second terminal identity private key of the terminal to be verified, and a second terminal signature message, where the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through a second preset hash algorithm, and the second terminal identity private key is generated according to the terminal feature code of the terminal to be verified.

The first reporting module 408 is configured to report the terminal digital signature of the terminal to be verified, the terminal second signature message, and the SIM card second signature message to the SIM card block chain, where the terminal digital signature is obtained by digitally signing the terminal second signature message through the terminal second identity private key.

The first determining module 409 is configured to match the data block identifiers of all the SIM card block chains with the second signature message of the SIM card, and determine the SIM card block of the SIM card to be verified.

The first verification module 410 is configured to verify the terminal digital signature according to the terminal first identity public key and the terminal second signature message in the SIM card block of the SIM card to be verified, and determine a verification result.

The fourth obtaining module 411 is configured to obtain a second signature message of the SIM card to be verified, a second identity private key of the SIM card, and a second signature message of the terminal to be verified, where the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information through a second preset hash algorithm.

And a second reporting module 412, configured to report the SIM card digital signature of the SIM card to be verified, the second signature message of the SIM card, and the second signature message of the terminal to the terminal block chain, where the SIM card digital signature is obtained by digitally signing the second signature message of the SIM card through the second identity private key of the SIM card.

The second determining module 413 is configured to match the data block identifiers of all terminal block chains with the terminal second signature message, and determine the terminal block of the terminal to be verified.

And the second verification module 414 is configured to verify the digital signature of the SIM card according to the first identity public key of the SIM card and the second signature message of the SIM card in the terminal block of the terminal to be verified, and determine a verification result.

And a determining module 415, configured to determine whether a machine-card separation occurs according to the verification result.

And the restricting module 416 is configured to restrict access to a network to the terminal to be authenticated or the SIM card to be authenticated when the set card is separated.

The machine-card binding device 10 based on the block chain according to the embodiment of the present application may implement the method embodiment, and specific implementation principles and technical effects thereof may refer to the method embodiment, which is not described herein again.

Fig. 10 shows a schematic structural diagram of a machine-card binding system based on a blockchain according to an embodiment of the present application. As shown in fig. 10, the system 20 for machine-card binding based on a block chain is configured to implement the method for machine-card binding based on a block chain, where the system 20 for machine-card binding based on a block chain according to this embodiment may include: a registration unit 21, an authentication unit 22 and an execution unit 23.

The registration unit 21 is configured to generate a SIM card block or a terminal block when the terminal is turned on for the first time or the SIM card is bound for the first time. The SIM card block takes the first signature message of the SIM card as a data block identifier and takes the first identity public key of the terminal as data block data. The terminal block takes the first signature message of the terminal as a data block identifier, and the first identity public key of the SIM card as data block data. The server inserts the SIM card block into the SIM card block chain and inserts the terminal block into the terminal block chain.

And the verification unit 22 is configured to send, to the server, whether the terminal to be verified and the SIM card to be verified inserted into the terminal to be verified are matched when the terminal is powered on again or requests to access the network again. And the server searches blocks with the same data block identification as the second signature message of the SIM card in the SIM card block chain according to the second signature message of the SIM card, and determines the SIM card block as the SIM card block corresponding to the SIM card to be verified. And the server acquires the first identity public key of the terminal in the SIM card block and verifies the digital signature of the terminal by combining the reported second signature message of the terminal. The server can also retrieve a block with the same data block identifier as the second signature message of the terminal in the terminal block chain according to the interrupted second signature message, and determine that the terminal block is the terminal block of the terminal to be verified. And the server acquires the first identity public key of the SIM card in the terminal block and verifies the digital signature of the SIM card by combining the reported second signature message of the SIM card. The verification unit sends the verification result to the execution unit.

And the execution unit 23 is configured to, when the terminal to be authenticated and the SIM card to be authenticated are separated from each other, execute, by the server, a network access restriction operation on the terminal to be authenticated or the SIM card to be authenticated.

The units may be integrated together or may be separated in different devices. For example, the registration unit 21, the authentication unit 22, and the execution unit 23 are all functional units in the server. Alternatively, the registration unit 21 and the authentication unit 22 are integrated in a server, and the execution unit 23 is a unit in a network device, such as a router.

Fig. 11 shows a hardware structure diagram of a server according to an embodiment of the present application. As shown in fig. 11, the server 30 is configured to implement the operation corresponding to the server in any of the above method embodiments, and the server 30 of this embodiment may include: memory 31, processor 32.

A memory 31 for storing a computer program. The Memory 31 may include a Random Access Memory (RAM), a Non-Volatile Memory (NVM), at least one disk Memory, a usb disk, a removable hard disk, a read-only Memory, a magnetic disk or an optical disk.

The processor 32 is used for implementing the machine-card binding method based on the block chain in the above embodiment according to the computer program stored in the memory. Reference may be made in particular to the description relating to the method embodiments described above.

Alternatively, the memory 31 may be separate or integrated with the processor 32.

When the memory 31 is a device separate from the processor 32, the server 30 may further include:

and a bus 33 for connecting the memory 31 and the processor 32. The bus 33 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (enhanced Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

Optionally, the server 30 may also include a communication interface 34. The communication interface 34 may be connected to the processor 32 via a bus 33. The processor 32 may control the communication interface 34 to enable information interaction between the server 30 and the terminal.

The server provided in this embodiment may be configured to execute the above machine-card binding method based on a block chain, and an implementation manner and a technical effect of the server are similar to each other, which are not described herein again.

The present application further provides a computer-readable storage medium, in which a computer program is stored, and the computer program is used for implementing the methods provided by the above-mentioned various embodiments when being executed by a processor.

The present application also provides a program product comprising execution instructions stored in a computer-readable storage medium. The at least one processor of the device may read the execution instructions from the computer-readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of modules is merely a division of logical functions, and an actual implementation may have another division, for example, a plurality of modules may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.

Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, functional modules in the embodiments of the present application may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit. The unit formed by the modules can be realized in a hardware form, and can also be realized in a form of hardware and a software functional unit.

The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor to execute some steps of the methods according to the embodiments of the present application.

Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. Which when executed performs steps comprising the method embodiments described above. And the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: it is also possible to modify the solutions described in the previous embodiments or to substitute some or all of the technical features. And these modifications or substitutions do not depart from the scope of the technical solutions of the embodiments of the present application.

Claims

1. A machine-card binding method based on a block chain is characterized by comprising the following steps:

inserting the new SIM card block into a SIM card block chain;

after the machine-card binding is completed, the method further comprises the following steps:

acquiring a second signature message of an SIM card to be verified, a second identity private key of a terminal to be verified and a second signature message of the terminal, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through a second preset hash algorithm, and the second identity private key of the terminal is generated according to a terminal feature code of the terminal to be verified;

2. The method of claim 1, further comprising:

and inserting the new terminal block into a terminal block chain.

3. The method according to claim 1 or 2, characterized in that it comprises:

generating a first identity private key of the SIM card and a first identity public key of the SIM card according to the characteristic code of the SIM card;

4. The method according to claim 1 or 2, characterized in that it comprises:

5. The method of claim 2, wherein after the machine-card binding is completed, the method comprises:

acquiring a second signature message of an SIM card of the SIM card to be verified, a second identity private key of the SIM card and a second signature message of a terminal of the terminal to be verified, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset Hash algorithm, the second identity private key of the SIM card is generated according to the terminal feature code of the terminal to be verified, and the second signature message of the terminal is obtained by encrypting the terminal information through a second preset Hash algorithm;

and verifying the digital signature of the SIM card according to the first identity public key of the SIM card in the terminal block of the terminal to be verified and the second signature message of the SIM card, and determining a verification result.

6. The method of claim 1 or 5, further comprising:

7. A device for binding a machine and a card based on a block chain is characterized by comprising:

a first generating module, configured to generate a new SIM card block according to the first SIM card signature message and the first terminal identity public key, where the new SIM card block includes a data block identifier and data block data, the first SIM card signature message is the data block identifier, and the first terminal identity public key is the data block data;

the first inserting module is used for inserting the new SIM card block into a SIM card block chain;

the second obtaining module is used for obtaining a second signature message of an SIM card of the SIM card to be verified, a second terminal identity private key of the terminal to be verified and a second terminal signature message, wherein the second signature message of the SIM card is obtained by encrypting the SIM card information of the SIM card to be verified through a first preset Hash algorithm, the second signature message of the terminal is obtained by encrypting the terminal information of the terminal to be verified through a second preset Hash algorithm, and the second terminal identity private key is generated according to the terminal feature code of the terminal to be verified;

the first reporting module is used for reporting the terminal digital signature of the terminal to be verified, the terminal second signature message and the SIM card second signature message to an SIM card block chain, wherein the terminal digital signature is obtained by digitally signing the terminal second signature message through a terminal second identity private key;

8. A server, characterized in that the server comprises: memory for storing a computer program, and a processor for implementing the blockchain-based machine-card binding method according to any one of claims 1 to 6 according to the computer program stored in the memory.

9. A computer-readable storage medium having stored thereon computer-executable instructions for implementing the blockchain-based machine-card binding method according to any one of claims 1 to 5 when executed by a processor.