WO2010045823A1 - Cryptographic-key updating method and system - Google Patents

Cryptographic-key updating method and system Download PDF

Info

Publication number
WO2010045823A1
WO2010045823A1 PCT/CN2009/073419 CN2009073419W WO2010045823A1 WO 2010045823 A1 WO2010045823 A1 WO 2010045823A1 CN 2009073419 W CN2009073419 W CN 2009073419W WO 2010045823 A1 WO2010045823 A1 WO 2010045823A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
management platform
card
issuer management
key
Prior art date
Application number
PCT/CN2009/073419
Other languages
French (fr)
Chinese (zh)
Inventor
贾倩
马景旺
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010045823A1 publication Critical patent/WO2010045823A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices

Definitions

  • NFC Near Field Communication
  • Radio Frequency Identification Radio Frequency Identification
  • the main security i or Issuer Security Domain, called ISD
  • ISD Issuer Security Domain
  • issuer security i or is the primary security domain enforced by the card issuer, which can be used to represent the current card, the primary security domain is included for support Secure channel protocol operation and security domain key for card content management.
  • the security domain key includes a primary security domain key for ensuring integrity and confidentiality of application data during initialization and use of the secure channel, and for implementing mutual authentication of the card and the external entity.
  • Each security domain (including the primary security domain) has at least one set of keys, which are Secure Channel-Encryption (S-ENC), Secure Channel Information-Symbol Encryption Key (Secure Channel) -Message Authentication Code, called "S-MAC” and Data Encryption Key (DEK), which are used to generate the corresponding session key during the initialization and use of the secure channel. And use the session key.
  • S-ENC Secure Channel-Encryption
  • S-MAC Secure Channel Information-Symbol Encryption Key
  • DEK Data Encryption Key
  • the card issuer management platform must update the primary security domain key when the primary security domain key is about to expire, leak, or is assessed to be at risk of leakage.
  • the primary security domain key update includes scheduled updates and forced updates, where the scheduled update is based on the set primary security domain update cycle, and the primary security domain key is updated before the primary security domain key is about to expire; Update is in the primary security domain
  • the primary security domain key is forced to update if the key is compromised or if it is assessed that the key is at risk of leakage.
  • updating the key security domain key of the smart card is an important means to ensure the security of the electronic payment application on the smart card.
  • the key security domain key update of the smart card has not been specifically proposed. Therefore, there is an urgent need for a technical solution that can quickly and easily update the smart card primary security domain key.
  • the present invention has been made in view of the problem in the related art that there is no specific scheme for updating a smart card master security domain key through a mobile communication network.
  • the main object of the present invention is to provide a key update method and system.
  • a key update method is provided for updating a smart card primary security domain key of a mobile terminal.
  • the key update method includes: in the case that the smart card primary security domain key has not expired, the card issuer management platform notifies the smart card to update the primary security domain key; the smart card establishes a connection with the card issuer management platform Establish a secure channel through the connection; the smart card and card issuer management platform performs the update of the primary security domain key through the secure channel.
  • the method further includes: establishing a secure channel between the card issuer management platform and the over-the-air server.
  • the specific processing of the card issuer management platform notifying the smart card to update the primary security domain key is: after the secure connection between the card issuer management platform and the over-the-air server is established, the notification of the key update is sent to the smart card through the over-the-air server. Message; In response to the notification message, the smart card initiates a primary security i or key update procedure. After the secure connection between the card issuer management platform and the over-the-air server is established, the specific processing of sending the notification message for the key update to the smart card through the over-the-air server is: The card issuer management platform sends the key update to the over-the-air server.
  • the service request in response to the key update service request, the over-the-air server encapsulates the key update service request and transmits the encapsulated data to the mobile terminal; the mobile terminal transparently transmits the data to the smart card through the predetermined data format.
  • the specific process of establishing a connection between the smart card and the card issuer management platform is: the smart card and the mobile terminal establish a Bearer Independent Protocol (BIP) connection; the mobile terminal is connected to the air download server through the packet data service channel;
  • BIP Bearer Independent Protocol
  • the over-the-air server and card issuer management platform are connected by a dedicated line connection or via the Internet, and the over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol.
  • the specific process of establishing a connection between the smart card and the card issuer management platform is: the short message is communicated between the smart card and the over-the-air server; the over-the-air server and the card issuer management platform are connected by a dedicated line or through the Internet, and The over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol.
  • the method further includes: the card issuer management platform selects a primary security domain of the smart card.
  • the specific processing of the smart card and the card issuer management platform to establish a secure channel through the connection is as follows:
  • the card issuer management platform establishes a secure channel with the smart card according to a predetermined secure channel protocol, and at the same time as establishing a secure channel, the card issuer management platform and the smart card Perform identity authentication and session key negotiation.
  • the foregoing method further includes: attaching the command and response in the key update process as a data body to the channel data of the active command supported by the bearer-independent protocol, or attaching to the upper and lower
  • the data information of the short message is passed between the smart card and the card issuer management platform.
  • the specific processing of the smart card and card issuer management platform performing the smart card primary security domain key update operation is:
  • the card issuer management platform encrypts the new primary security key with the current primary security domain key, and encrypts The latter primary security key is encapsulated in a predetermined command;
  • the card issuer management platform encapsulates the predetermined command as data and sends it to the smart card through the over-the-air server;
  • the smart card receives the encapsulated predetermined command using the bearer-independent protocol command,
  • the data is parsed to obtain a new primary security domain key, and the primary security domain key update operation is performed on the obtained command;
  • the smart card encapsulates the response command of the predetermined command according to the channel data of the bearer-independent protocol command, and sends the response command to the mobile terminal.
  • the mobile terminal sends a response command to the card issuer management platform through the over-the-air server; the card issuer management platform sends a key update completion command to the smart card.
  • the specific processing of the smart card and card issuer management platform performing the smart card primary security domain key update operation is:
  • the card issuer management platform encrypts the new primary security key with the current primary security domain key, and encrypts
  • the new primary security key is encapsulated in a predetermined command;
  • the platform encapsulates the predetermined command as data, and sends the downlink short message to the smart card through the over-the-air server.
  • the smart card receives the encapsulated predetermined command from the downlink short message, and parses the data to obtain a new primary security domain secret.
  • the smart card encapsulates the response command of the predetermined command in the form of a short message and sends it to the mobile terminal; the mobile terminal responds by downloading the server over the air The command is sent to the card issuer management platform; the card issuer management platform sends a key update completion command to the smart card.
  • a key update system is provided.
  • the key update system comprises: a card issuer management platform for managing and maintaining a smart card primary security domain key, and notifying the smart card to perform a primary security domain key if the smart card primary security domain key has not expired
  • the update the smart card is used to update the primary security domain key
  • the smart card located at the mobile terminal, is used to establish a connection with the card issuer management platform, establish a secure channel through the connection, and communicate with the card issuer management platform through the secure channel.
  • An update operation of the security domain key an over-the-air server for establishing a secure channel with the card issuer management platform, connecting with the mobile terminal, and providing a download service for the mobile terminal.
  • FIG. 1 is a block diagram of a key update system according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a key update method according to an embodiment of the present invention
  • FIG. 3 is an embodiment of the present invention. Signaling flowchart for detailed processing of the smart card master security or key update based on the BIP technology of the key update method
  • FIG. 4 is a signaling flowchart of detailed processing of updating a smart card primary security domain based on an OTA short message technology according to a key update method according to an embodiment of the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Currently, in the related art, a specific scheme for key update of a smart card primary security domain has not been proposed. Therefore, the present invention provides a key update method and system for moving high-speed data through a mobile network.
  • the channel and the Bearer Independent Protocol implement the update of the primary security domain key, and the OTA technology is used to update the smart card master security i or key by means of short messages.
  • BIP Bearer Independent Protocol
  • the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • the preferred embodiments of the present invention are described with reference to the accompanying drawings, and the preferred embodiments of the present invention are intended to illustrate and explain the invention.
  • System Embodiment According to an embodiment of the present invention, a key update system is provided.
  • the mobile terminal electronic payment system is mainly composed of a card issuer management platform, an application provider management platform and a mobile terminal, and multiple application provider management platforms may exist in the system.
  • the smart terminal has a smart card supporting electronic payment.
  • the smart card needs to establish communication with the card issuer management platform and the application provider management platform, and the smart card can use the mobile terminal to move. Communication is established between the communication network and the management platform.
  • the over-the-air (Over The Air) technology is generally used to implement communication between the smart card and the management platform.
  • the mobile terminal electronic payment system based on the near field communication technology supports a multi-electronic payment application, that is, a plurality of electronic payment applications can be installed on the smart card.
  • the smart card adopts
  • a key update system is provided, and Fig. 1 is a block diagram of a key update system in accordance with an embodiment of the present invention. As shown in Fig.
  • the above key update system includes a card issuer management platform 10, an over-the-air download server 12, a mobile communication network 14, a mobile terminal 16, and a smart card (the smart card is located in the terminal 16, not shown in the figure).
  • the above key update system will be described in detail below.
  • the card issuer management platform 10, controlled by the card issuer is responsible for the issuance and management of the card, and manages the resources and life cycle, keys, certificates and applications of the card, and can also be said that the card issuer management platform 10
  • the smart card master security domain key can be managed and maintained.
  • the card issuer management platform 10 also informs that the smart card primary security domain key has not expired, that is, a time point before the smart card's primary security domain key expires.
  • the smart card performs the update of the primary security domain key (i.e., when the card issuer management platform detects that the primary security domain key is about to expire, the primary security domain key is triggered to be updated by the mobile communication network). After the smart card initiates the primary security domain key update process, the smart card performs an update operation of the primary security domain key.
  • the over-the-air server 12 is configured to establish a secure channel with the card issuer management platform 10, connect with the mobile terminal 16, and provide download services for the mobile terminal 16.
  • the mobile terminal 16 is a client that performs wireless download.
  • the smart card is located at the mobile terminal 16 for establishing a connection with the card issuer management platform 10, establishing a secure channel through the connection, and performing an update operation of the primary security domain key with the card issuer management platform 10 through the secure channel;
  • smart card refers to the Global Platform Card Specification V2.1.1
  • the IC chip or smart card of the V2.2 specification can be physically (U) SIM card, pluggable smart memory card or IC chip integrated on the mobile terminal.
  • the use of the session key effectively ensures the security of the local key, in addition to the MAC
  • the calculation uses the associated integrity check value (Integrity Check Value, called ICV) to ensure the continuity of the communication command.
  • ICV Integral Check Value
  • communication between the smart card and the card issuer management platform 10 is accomplished by means of a mobile network OTA.
  • the interaction between the mobile terminal 16 and the smart card increases the support for the BIP command, and adopts a higher-speed and more secure general-purpose unlimited packet service (General Pocket Radio Service, called GPRS) or a universal mobile communication system (for data transmission). Universal Mobile Telecommunication System, called UMTS) Mobile high-speed packet service channel.
  • GPRS General Pocket Radio Service
  • UMTS Universal Mobile Telecommunication System
  • the BIP conference can be called 7
  • the supported high-speed channels include: GPRS, Enhanced Datarates for Global Evolution (RFID) and UMTS, etc., also supports five active commands (specifically For: OPEN CHANNEL, CLOSE CHANNEL, RECEIVE DATA, SEND DATA, GET CHANNEL STATUS ) and two events (specifically: Data available and Channel status ), enabling the smart card to utilize the carrying capacity of the mobile terminal 16 to establish a relationship with the remote server Connection-oriented data channel. Specifically, the smart card can instruct the mobile terminal 16 to connect to the OTA server 12 through the packet data service channel through the OPEN CHANNEL command of the BIP, thereby establishing a connection between the smart card and the OTA server 12.
  • active commands specifically For: OPEN CHANNEL, CLOSE CHANNEL, RECEIVE DATA, SEND DATA, GET CHANNEL STATUS
  • two events specifically: Data available and Channel status
  • the OTA server 12 and the card issuer management platform 10 are connected by a dedicated line or through the Internet, and the OTA server 12 can implement secure communication with the card issuer management platform 10 through the relevant protocols.
  • the GP-compliant commands and responses involved in the primary security domain key update process are attached as data bodies to the channel data of the active commands supported by the BIP, in the smart card.
  • the card issuer management platform 10 can remotely manage the smart card by transferring between the card issuer management platform 10 and the card issuer management platform 10.
  • the card issuer management platform 10 encapsulates the command as data and sends it to the mobile terminal 16 through the OTA server 12.
  • the smart card After receiving the data available event (data available) sent by the mobile terminal 16, the smart card uses the BIP command-RECEIVE.
  • DATA receives the data, parses the data, obtains a new primary security domain key, performs an update operation, and after the operation is completed, encapsulates the command response in the form of channel data of the BIP command—SEND DATA, and sends it to the mobile.
  • the terminal 16 is then sent to the card issuer management platform 10 via the OTA server 12.
  • the APDU commands involved in the primary security domain key update process include: primary security domain selection (SELECT command), security authentication between the smart card and the card issuer management platform (ie, establishment of the SCP02 secure channel) command. And the key update ( PUT KEY ) command.
  • the data transmission between the OTA server and the mobile terminal and the smart card can be based on two ways, one is through the mobile communication network GPRS gateway or the 3G gateway (ie, through the packet data service channel), based on the BIP protocol, the above manner is oriented connection The data interaction between the two parties is started only after the connection is successfully established.
  • the manner of updating the smart card primary security domain has been described in detail in the above system embodiment.
  • Another way is to update the smart card's primary security domain key by means of a short message through the short message gateway of the mobile communication network, using the data communication between the OTA server and the smart card, in the case that the mobile terminal does not support the packet data service,
  • the 0TA can be implemented using a short message channel to update the primary security domain key.
  • the short message gateway through the mobile communication network uses a short message to implement a key update system for the primary security domain update by using a short message method for data communication between the OTA server and the smart card.
  • DETAILED DESCRIPTION It should be noted that the key update system of the present invention is part of the above-described near field communication based mobile payment electronic payment system.
  • the key update system includes a card issuer management platform 10, a server 12, and a smart card located at the mobile terminal 16.
  • the card issuer management platform 10 is configured to establish a secure channel with the 0TA server 12, and send a key update service request to the smart card through the 0TA server 12 in a predetermined format, and after selecting the smart card primary security domain, through the 0TA server 12 Between short form and smart card The security authentication and the session key are negotiated. After the new primary security domain key is encrypted using the current primary security domain key, the new primary security key is sent to the smart card by the 0TA server 12 in the form of a short message.
  • the OTA server 12 is configured to send the command sent by the card issuer management platform 10 as a data body to the smart card in the data information of the downlink short message, and send the command response of the smart card to return the short message to the card issuer management platform.
  • the smart card is located at the mobile terminal 16, and the mobile terminal is configured to transparently transmit the short message to the smart card, and the smart card is used to receive and execute the command of the card issuer management platform 10, and attach the return command as the data body to the data information of the uplink short message. It is sent to the 0TA server 12 and forwarded by the 0TA server 12 to the card issuer management platform 10.
  • a key update method for updating a smart card primary security domain key of a mobile terminal.
  • 2 is a flowchart of a key update method according to an embodiment of the present invention.
  • the following processing is included (step S202 to step S206): Step S202, when the smart card primary security domain key has not expired
  • the card issuer management platform notifies the smart card to update the primary security domain key; further, in step S202, before the card issuer management platform notifies the smart card to update the primary security domain key, it first needs to be managed by the card issuer.
  • a secure channel is established between the platform and the over-the-air server.
  • the specific processing of the card issuer management platform notifying the smart card to update the primary security domain key is:
  • the card issuer management platform sends a notification message of the key update to the smart card; wherein the card issuer management platform sends the notification message of the key update to the smart card through the mobile network as follows:
  • the card issuer management platform downloads to the air
  • the server sends a key update service request; in response to the key update service request, the over-the-air server encapsulates the key update service request and transmits the encapsulated data to the mobile terminal; the mobile terminal transparently passes the data through the predetermined data format Transfer to the smart card.
  • the smart card In response to the notification message, the smart card initiates a primary security domain key update procedure.
  • the smart card establishes a connection with the card issuer management platform, and establishes a secure channel through the connection.
  • the specific process of establishing a connection between the smart card and the card issuer management platform is as follows: 1.
  • the smart card and the mobile terminal establish 7
  • the mobile terminal is connected to the over-the-air download server through the packet data service channel; 3.
  • the over-the-air server and the card issuer management platform are connected through a dedicated line or through the Internet, and the over-the-air download server is implemented by a predetermined protocol. Secure communication with the card issuer management platform.
  • step S204 the specific processing of establishing a connection between the smart card and the card issuer management platform is as follows: 1. The short message is communicated between the smart card and the over-the-air download server; 2. The air download server and the card issuer management The platform is connected by a dedicated line connection or via the Internet, and the over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol.
  • the card issuer management platform also needs to select the primary security domain of the smart card.
  • step S204 the specific process of establishing a secure channel by the smart card and the card issuer management platform is as follows:
  • the card issuer management platform establishes a secure channel with the smart card according to a predetermined secure channel protocol, and manages the card issuer while establishing a secure channel.
  • the platform and the smart card perform identity authentication and session key negotiation.
  • the two-way authentication may be performed by using explicit authentication or implicit authentication.
  • the command and response in the key update process are also required to be attached as data bodies to the channel data of the active command supported by the bearer-independent protocol, or to the uplink and downlink short messages.
  • the data information is passed between the smart card and the card issuer management platform.
  • Step S206 the smart card and the card issuer management platform perform the update operation of the primary security domain key through the secure channel.
  • the specific processing of step S206 is: 1.
  • the card issuer management platform encrypts the new primary security key by using the current primary security domain key, and encapsulates the encrypted primary security key in a predetermined command; 2.
  • the card issuer management platform encapsulates the predetermined command as data and sends it to the smart card through the over-the-air server; 3.
  • the smart card uses the bearer-independent protocol command to receive the encapsulated predetermined command, parses the data therein, and decrypts the new data.
  • the primary security domain key performs the primary security domain key update operation on the obtained command; 4.
  • the smart card encapsulates the response command of the predetermined command according to the channel data of the bearer-independent protocol command, and sends the response command to the mobile terminal; Terminal pass The over-the-air download server sends a response command to the card issuer management platform; 6.
  • the card issuer management platform sends a key update completion command to the smart card.
  • the specific processing of step S206 may further be: 1.
  • the card issuer management platform encrypts the new primary security key by using the current primary security domain key, and encapsulates the encrypted new primary security key in the card. In the predetermined command; 2.
  • the card issuer management platform encapsulates the predetermined command as data, and sends the downlink short message to the smart card through the over-the-air server; 3.
  • the smart card receives the encapsulated predetermined command from the downlink short message, The data is parsed to obtain a new primary security domain key, and the primary security domain key update operation is performed according to the new primary security domain key. 4.
  • the smart card encapsulates the response command of the predetermined command in the form of a short message. And sending to the mobile terminal; 5.
  • the mobile terminal sends a response command to the card issuer management platform through the over-the-air download server; 6.
  • the card issuer management platform sends the key update completion command to the smart card.
  • the card issuer management platform is responsible for the management of the key, which completes the update of the primary security domain key on the smart card via the OTA server via the mobile communication network. As shown in Figure 3, the following processing is included:
  • the card issuer management platform sends a key update service request to the OTA server; the OTA server encapsulates the key update service request according to the format of the data short message, and sends the data short message to the mobile terminal; the mobile terminal transparently the data short message Transfer to the smart card (can pass the ENVELOPE (SMS-PP DOWNLOAD) command) (corresponding to step S202 in Figure 2);
  • the smart card parses the data short message and initiates a BIP connection with the mobile terminal.
  • the smart card establishes a BIP connection to the mobile terminal by sending a BIP command -OPEN CHANNEL.
  • the smart card specifies BIP connection parameters, including supported transport protocol types (for example, Transmission Control Protocol (TCP), etc.), data buffer size, OTA server network address, channel number, etc.
  • the mobile terminal establishes a BIP connection with the smart card, and establishes a TCP/IP (Transmission Control Protocol/Internet Protocol) connection with the OTA server according to the OTA server address and the transport protocol type in the OPEN CHANNEL command; 5.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the specific primary security domain selection process includes: The card issuer management platform encapsulates the SELECT command according to the command format specified in the Global Platform specification, and populates the primary security i or the SELECT command.
  • the mobile terminal receives data from the OTA server over a TCP/IP connection and notifies the smart card with the "data available event" (via the ENVELOPE Data available command)
  • the smart card drags 4 data from the mobile terminal, send a BIP command-RECEIVE DATA; the smart card parses the data, and selects the primary security domain according to the SELECT command.
  • the smart card sends the SELECT response data through the BIP command -SEND DATA, and the mobile terminal sends the data to the OTA server through the previously established TCP/IP connection;
  • the card issuer management platform After receiving the SELECT response, the card issuer management platform establishes a secure communication channel with the smart card according to the provisions of Appendix E Secure Channel Protocol 02 in Global Platform V2.2.
  • the card issuer management platform The smart card needs to be authenticated in both directions, and the authentication mode uses explicit authentication.
  • the command used to establish the secure channel is transmitted in the same manner as the SELECT command.
  • the command for the transmission of the secure channel can be referred to the above-mentioned primary security domain selection process (corresponding to the figure).
  • the card issuer management platform uses the current primary security domain key to force the new primary security i or key.
  • Secret according to the PUT KEY command format specification package PUT KEY command, and then send the PUT KEY command to the smart card; after receiving the PUT KEY command, the smart card decrypts to obtain a new primary security domain key, and performs the primary security domain key update operation; After the key update is completed, the smart card sends a PUT KEY response (including the key version number, key check value, etc.) to the card issuer management platform; the PUT KEY command is transmitted in the same manner as the aforementioned SELECT command, that is, the above-mentioned primary security domain. Selection processing (corresponding to step S206 in Fig. 2);
  • the card issuer management platform After receiving the PUT KEY response message, the card issuer management platform will send a key update completion command to the smart card, and the command is transmitted in the same manner as the foregoing SELECT command, that is, the above-mentioned main security domain selection process;
  • the smart card After receiving the key update completion command, the smart card can send a BIP command-CLOSE CHANNEL to close the BIP connection between the smart card and the mobile terminal; if there is a subsequent application download based on the mobile communication network, the BIP connection can be closed without further Application download
  • an update of an application or data on a card through a mobile network may also be employed.
  • FIG. 4 is a flowchart of detailed processing for updating the smart card primary security domain key by using the OTA short message technology according to an embodiment of the present invention. As shown in FIG. 4, the following processing is included:
  • the card issuer management platform sends a key update service request to the OTA server; the OTA server encapsulates the key update service request according to the format of the data short message, and sends the data short message to the mobile terminal, and the mobile terminal transparently transmits the data short message. Transfer to the smart card (corresponding to step S202 in Fig. 2);
  • the smart card parses the data short message and returns a confirmation short message
  • the card issuer management platform selects the smart card master security domain (corresponding to step S204 in FIG. 2), and specifically includes the following processing:
  • the card issuer management platform encapsulates the SELECT command according to the command format specification in the Global Platform specification, in the SELECT command. Fill the main security i or AID (Application ID), and then send the encapsulated SELECT command as data to the OTA server;
  • the OTA server sends the encapsulated SELECT command as a data body to the smart card in the data information of the downlink short message; the smart card parses the data, and selects the primary security domain according to the SELECT command. After executing the command, the command response is appended to the data information of the uplink short message and sent to the OTA server;
  • the card issuer management platform After receiving the SELECT response, the card issuer management platform performs security authentication and session key negotiation with the smart card.
  • the process of transmitting the command can be referred to the above-mentioned primary security domain selection process (corresponding to FIG. 2). Step S206);
  • the card issuer management platform encrypts the new primary security domain key using the primary security domain key, encapsulates the PUT KEY command according to the PUT KEY command format specification, and then sends the PUT KEY command to the smart card; the smart card receives the PUT KEY After the command, decrypt the new primary security domain key and perform the primary security domain key update operation. After the key update is completed, the smart card sends a PUT KEY response (including the key version number, key check value, etc.) to the card issue.
  • Business management platform; the transfer process of the PUT KEY command can be referred to the above-mentioned main security domain selection process; 7.
  • the card issuer management platform After receiving the PUT KEY response message, the card issuer management platform will send a key update completion command to the smart card, and the card issuer management platform sends the command to the OTA server in a predetermined format, and the OTA server uses the command as the data body. Attached to the data message of the downlink short message is sent to the smart card.
  • the smart card is updated by using the mobile network, and the specific solution in the related art that does not update the smart card primary security domain key is solved, and the mobile communication network can be fast, Real-time, convenient and secure implementation of the smart card master security domain key update fills the gap in the related technology.

Abstract

A cryptographic-key updating method and system, the method includes that: a card issuer management platform informs a smart card to update an issuer security domain cryptographic-key in the case of that the issuer security domain cryptographic-key of the smart card is unexpired (S202); the smart card establishes a connection with the card issuer management platform, and establishes a secure channel through the connection (S204); the smart card and the card issuer management platform implement the updating operation of the issuer security domain cryptographic-key through the secure channel (S206). The updating of the smart card issuer security domain can be high-speed, real-time and safely implemented through the above technical solution.

Description

密钥更新方法和系统  Key update method and system
技术领域 本发明涉及通信领域, 并且特别地, 涉及一种密钥更新方法和系统。 背景技术 在相关技术中 , 近场通信技术 ( Near Field Communication , 筒称为 NFC ) 是工作于 13.56MHz 的一种近距离无线通信技术, 该技术由射频识别 (Radio Frequency Identification, 筒称为 RFID ) 技术及互连技术融合演变而来。 手机 等移动通信终端在集成 NFC技术后 , 可以模拟非接触式 IC卡, 用于电子支付 的相关应用, 并且, 手机应用于电子支付领域, 会进一步扩大手机的使用范围, 给人们的生活带来便捷, 存在着广阔的应用前景。 在相关技术中 , 为实现基于 NFC技术的移动电子支付, 需要建立移动终 端电子支付系统, 并通过该系统实现对移动终端电子支付的管理, 其中, 移动 终端电子支付系统包括: 智能卡的发行、 电子支付应用的下载、安装和个人化、 以及采用相关技术和管理策略实现电子支付的安全等。 主安全 i或 ( Issuer Security Domain , 筒称为 ISD ) , 又称为发行者安全 i或 , 是卡片发行商强制分配的主要安全域, 其可以用于代表当前卡片, 主安全域包 含用于支持安全通道协议运作以及卡内容管理的安全域密钥。 具体地,安全域密钥包括主安全域密钥, 用于在安全信道的初始化和使用 过程中保证应用程序数据的完整性和机密性, 以及用于实现卡和卡外实体的互 认证。 每个安全域(包括主安全域)拥有至少一组密钥, 分别是安全信道加密 密钥 ( Secure Channel-Encryption, 筒称为 S-ENC )、 安全信道信息 -险证编码密 钥 ( Secure Channel-Message Authentication Code, 筒称为 S-MAC )和数据力口密 密钥( Data Encryption Key, 筒称为 DEK ), 在安全信道的初始化和使用过程中 用这些密钥生成相应的会话密钥, 并使用该会话密钥。 当主安全域密钥即将过期、 泄漏或者经评估确认存在泄漏风险时,卡片发 行商管理平台必须对主安全域密钥进行更新。 主安全域密钥更新包括按计划更 新和强制更新, 其中, 按计划更新是按照设置的主安全域的更新周期, 在主安 全域密钥即将过期之前, 对主安全域密钥进行更新; 强制更新是在主安全域密 钥出现泄露或者经过评估确认密钥存在泄漏风险的情况下, 对主安全域密钥进 行强制更新。 从上面的描述可以看出,对智能卡的主安全域密钥进行更新是确保智能卡 上的电子支付应用安全的一个重要手段, 但是, 目前, 对于智能卡的主安全域 密钥更新还没有提出具体的方案, 因此, 急需一种能够方便快速的对智能卡主 安全域密钥进行更新的技术方案。 发明内容 考虑到相关技术中没有通过移动通信网络对智能卡主安全域密钥进行更 新的具体方案的问题而提出本发明, 为此, 本发明的主要目的在于提供一种密 钥更新方法和系统, 以解决相关技术中存在的上述问题。 根据本发明的一个方面,提供了一种密钥更新方法, 用于对移动终端的智 能卡主安全域密钥进行更新。 才艮据本发明的密钥更新方法包括: 在智能卡主安全域密钥未过期的情况 下, 卡片发行商管理平台通知智能卡进行主安全域密钥的更新; 智能卡与卡片 发行商管理平台建立连接, 通过连接建立安全通道; 智能卡与卡片发行商管理 平台通过安全通道进行主安全域密钥的更新操作。 此外 , 在卡片发行商管理平台通知智能卡进行主安全域密钥的更新之前 , 上述方法进一步包括: 在卡片发行商管理平台与空中下载服务器之间建立安全 信道。 其中,卡片发行商管理平台通知智能卡进行主安全域密钥的更新的具体处 理为: 卡片发行商管理平台与空中下载服务器之间建立安全信道后, 通过空中 下载服务器向智能卡发送密钥更新的通知消息; 响应于通知消息, 智能卡发起 主安全 i或密钥更新过程。 其中,卡片发行商管理平台与空中下载服务器之间建立安全信道后, 通过 空中下载服务器向智能卡发送进行密钥更新的通知消息的具体处理为: 卡片发 行商管理平台向空中下载服务器发送密钥更新业务请求; 响应于密钥更新业务 请求, 空中下载服务器对密钥更新业务请求进行封装, 并将封装后的数据发送 到移动终端; 移动终端将数据通过预定数据格式透明传输到智能卡。 优选地, 智能卡与卡片发行商管理平台建立连接的具体处理为: 智能卡与 移动终端建立 载无关协议 ( Bearer Independent Protocol, 筒称为 BIP ) 连接; 移动终端通过分组数据业务通道连接到空中下载服务器; 空中下载服务器和卡 片发行商管理平台通过专线连接或通过因特网进行连接, 并且空中下载服务器 通过预定协议实现与卡片发行商管理平台之间的安全通信。 优选地, 智能卡与卡片发行商管理平台建立连接的具体处理为: 智能卡与 空中下载服务器之间通过短消息方式进行通信; 空中下载服务器和卡片发行商 管理平台通过专线连接或通过因特网进行连接, 并且空中下载服务器通过预定 协议实现与卡片发行商管理平台之间的安全通信。 此外,智能卡与卡片发行商管理平台建立连接之后,上述方法进一步包括: 卡片发行商管理平台选择智能卡的主安全域。 其中, 智能卡与卡片发行商管理平台通过连接建立安全通道的具体处理 为: 卡片发行商管理平台按照预定安全信道协议与智能卡建立安全通道, 并在 建立安全通道的同时, 卡片发行商管理平台与智能卡进行身份认证和会话密钥 协商。 此外,在智能卡与卡片发行商管理平台建立连接之后, 上述方法进一步包 括: 将密钥更新过程中的命令和响应作为数据体附加在承载无关协议支持的主 动命令的通道数据中 , 或者附加在上下行短消息的数据信息中 , 在智能卡和卡 片发行商管理平台之间传递。 优选地 ,智能卡与卡片发行商管理平台执行智能卡主安全域密钥更新操作 的具体处理为: 卡片发行商管理平台采用当前的主安全域密钥对新的主安全密 钥进行加密, 并将加密后的主安全密钥封装在预定命令中; 卡片发行商管理平 台将预定命令作为数据进行封装, 并通过空中下载服务器发送到智能卡; 智能 卡使用承载无关协议命令接收封装后的预定命令, 对其中的数据进行解析, 得 到新的主安全域密钥, 对得到的命令执行主安全域密钥更新操作; 智能卡根据 承载无关协议命令的通道数据的形式对预定命令的响应命令进行封装, 并发送 到移动终端; 移动终端通过空中下载服务器将响应命令发送到卡片发行商管理 平台; 卡片发行商管理平台将密钥更新完成命令发送至智能卡。 优选地 ,智能卡与卡片发行商管理平台执行智能卡主安全域密钥更新操作 的具体处理为: 卡片发行商管理平台采用当前的主安全域密钥对新的主安全密 钥进行加密, 并将加密后的新的主安全密钥封装在预定命令中; 卡片发行商管 理平台将预定命令作为数据进行封装, 并通过空中下载服务器的下行短消息发 送到智能卡; 智能卡从下行短消息中接收封装后的预定命令, 对其中的数据进 行解析 , 得到新的主安全域密钥 , 并根据新的主安全域密钥执行主安全域密钥 更新操作; 智能卡以上行短消息的形式对预定命令的响应命令进行封装, 并发 送到移动终端; 移动终端通过空中下载服务器将响应命令发送到卡片发行商管 理平台; 卡片发行商管理平台将密钥更新完成命令发送至智能卡。 才艮据本发明的另一方面, 提供了一种密钥更新系统。 根据本发明的密钥更新系统包括: 卡片发行商管理平台 , 用于管理和维护 智能卡主安全域密钥, 并在智能卡主安全域密钥未过期的情况下, 通知智能卡 进行主安全域密钥的更新, 与智能卡进行主安全域密钥的更新操作; 智能卡, 位于移动终端,用于与卡片发行商管理平台建立连接,通过连接建立安全通道, 并与卡片发行商管理平台通过安全通道进行主安全域密钥的更新操作; 空中下 载服务器, 用于与卡片发行商管理平台建立安全信道, 与移动终端进行连接, 并为移动终端提供下载服务。 借助于本发明的技术方案, 通过使用移动网络对智能卡进行更新,解决了 相关技术中没有对智能卡主安全域密钥进行更新的具体方案的问题, 能够通过 移动通信网络高速、 实时、 方便、 安全地实现智能卡主安全域密钥的更新, 填 补了相关技术中的空白。 本发明的其它特征和优点将在随后的说明书中阐述, 并且,部分地从说明 书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优点可 通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实现和获 得。 附图说明 附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本发 明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1是才艮据本发明实施例的密钥更新系统的框图; 图 2是根据本发明实施例的密钥更新方法的流程图; 图 3是才艮据本发明实施例的密钥更新方法的基于 BIP技术对智能卡主安 全或密钥进行更新的详细处理的信令流程图; 图 4是才艮据本发明实施例的密钥更新方法的基于 OTA短消息技术对智能 卡主安全域进行更新的详细处理的信令流程图。 具体实施方式 功能相克述 目前,在相关技术中 ,还没有提出对于智能卡主安全域密钥更新的具体方 案, 因此, 本发明提供了一种密钥更新方法和系统, 通过移动网络的移动高速 数据通道和基于 载无关协议 ( Bearer Independent Protocol, 筒称为 BIP )实现 主安全域密钥的更新, 以及采用 OTA技术通过短消息的方式对智能卡主安全 i或密钥进行更新。 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 以下结合附图对本发明的优选实施例进行说明,应当理解, 此处所描述的 优选实施例仅用于说明和解释本发明, 并不用于限定本发明。 系统实施例 根据本发明的实施例, 提供了一种密钥更新系统, 目前, 基于近场通信的 移动终端电子支付系统的才 架要求满足由环球平台 (Global Platform, 筒称为 GP ) 组织制定的环球平台卡规范 2.1.1 或 2.2 版本 ( Global Platform Card Specification V2.1.1或 V2.2 ), 如果该系统支持 GP2.1.1规范, 则安全通道协议 就需要支持基于对称密钥 ( Security Channel Protocol 02, 筒称为 SCP02 ); 如 果该系统支持 GP2.2规范, 安全通道协议需要支持 SCP02和基于非对称密钥 ( Security Channel Protocol 10, 筒称为 SCP10 ), 并且, 卡片发行商、 应用提 供商可以根据安全策略的需求进行选择。 移动终端电子支付系统主要由卡片发行商管理平台、应用提供商管理平台 和移动终端组成, 系统中可以存在多个应用提供商管理平台。 移动终端中具备支持电子支付的智能卡,为了实现智能卡的安全性管理和 支付应用的下载、 安装等, 智能卡需要和卡发行商管理平台以及应用提供商管 理平台建立通信, 智能卡可以通过移动终端使用移动通信网络与管理平台之间 建立通信, 具体地, 一般采用空中下载 (Over The Air, 筒称为 OTA ) 技术实 现智能卡和管理平台的通信。 基于近场通信技术的移动终端电子支付系统支持多电子支付应用, 即,在 智能卡上可以安装多个电子支付应用。 为了实现支付应用的安全, 智能卡采用TECHNICAL FIELD The present invention relates to the field of communications, and in particular, to a key update method and system. BACKGROUND OF THE INVENTION In the related art, Near Field Communication (NFC) is a short-range wireless communication technology operating at 13.56 MHz, which is defined by radio frequency identification (Radio Frequency Identification). The convergence of technology and interconnection technologies has evolved. After integrating NFC technology, mobile communication terminals such as mobile phones can simulate contactless IC cards for related applications of electronic payment, and mobile phones are used in the field of electronic payment, which will further expand the use of mobile phones and bring people's lives. Convenient, there is a broad application prospect. In the related art, in order to implement mobile electronic payment based on NFC technology, it is necessary to establish an electronic payment system for a mobile terminal, and implement management of electronic payment for the mobile terminal through the system, wherein the electronic payment system of the mobile terminal includes: distribution of the smart card, and electronic Download, install, and personalize payment applications, and use related technologies and management strategies to secure electronic payments. The main security i or ( Issuer Security Domain, called ISD), also known as the issuer security i or, is the primary security domain enforced by the card issuer, which can be used to represent the current card, the primary security domain is included for support Secure channel protocol operation and security domain key for card content management. Specifically, the security domain key includes a primary security domain key for ensuring integrity and confidentiality of application data during initialization and use of the secure channel, and for implementing mutual authentication of the card and the external entity. Each security domain (including the primary security domain) has at least one set of keys, which are Secure Channel-Encryption (S-ENC), Secure Channel Information-Symbol Encryption Key (Secure Channel) -Message Authentication Code, called "S-MAC" and Data Encryption Key (DEK), which are used to generate the corresponding session key during the initialization and use of the secure channel. And use the session key. The card issuer management platform must update the primary security domain key when the primary security domain key is about to expire, leak, or is assessed to be at risk of leakage. The primary security domain key update includes scheduled updates and forced updates, where the scheduled update is based on the set primary security domain update cycle, and the primary security domain key is updated before the primary security domain key is about to expire; Update is in the primary security domain The primary security domain key is forced to update if the key is compromised or if it is assessed that the key is at risk of leakage. As can be seen from the above description, updating the key security domain key of the smart card is an important means to ensure the security of the electronic payment application on the smart card. However, at present, the key security domain key update of the smart card has not been specifically proposed. Therefore, there is an urgent need for a technical solution that can quickly and easily update the smart card primary security domain key. SUMMARY OF THE INVENTION The present invention has been made in view of the problem in the related art that there is no specific scheme for updating a smart card master security domain key through a mobile communication network. To this end, the main object of the present invention is to provide a key update method and system. To solve the above problems in the related art. According to an aspect of the present invention, a key update method is provided for updating a smart card primary security domain key of a mobile terminal. The key update method according to the present invention includes: in the case that the smart card primary security domain key has not expired, the card issuer management platform notifies the smart card to update the primary security domain key; the smart card establishes a connection with the card issuer management platform Establish a secure channel through the connection; the smart card and card issuer management platform performs the update of the primary security domain key through the secure channel. In addition, before the card issuer management platform notifies the smart card to update the primary security domain key, the method further includes: establishing a secure channel between the card issuer management platform and the over-the-air server. The specific processing of the card issuer management platform notifying the smart card to update the primary security domain key is: after the secure connection between the card issuer management platform and the over-the-air server is established, the notification of the key update is sent to the smart card through the over-the-air server. Message; In response to the notification message, the smart card initiates a primary security i or key update procedure. After the secure connection between the card issuer management platform and the over-the-air server is established, the specific processing of sending the notification message for the key update to the smart card through the over-the-air server is: The card issuer management platform sends the key update to the over-the-air server. The service request; in response to the key update service request, the over-the-air server encapsulates the key update service request and transmits the encapsulated data to the mobile terminal; the mobile terminal transparently transmits the data to the smart card through the predetermined data format. Preferably, the specific process of establishing a connection between the smart card and the card issuer management platform is: the smart card and the mobile terminal establish a Bearer Independent Protocol (BIP) connection; the mobile terminal is connected to the air download server through the packet data service channel; The over-the-air server and card issuer management platform are connected by a dedicated line connection or via the Internet, and the over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol. Preferably, the specific process of establishing a connection between the smart card and the card issuer management platform is: the short message is communicated between the smart card and the over-the-air server; the over-the-air server and the card issuer management platform are connected by a dedicated line or through the Internet, and The over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol. In addition, after the smart card establishes a connection with the card issuer management platform, the method further includes: the card issuer management platform selects a primary security domain of the smart card. The specific processing of the smart card and the card issuer management platform to establish a secure channel through the connection is as follows: The card issuer management platform establishes a secure channel with the smart card according to a predetermined secure channel protocol, and at the same time as establishing a secure channel, the card issuer management platform and the smart card Perform identity authentication and session key negotiation. In addition, after the smart card establishes a connection with the card issuer management platform, the foregoing method further includes: attaching the command and response in the key update process as a data body to the channel data of the active command supported by the bearer-independent protocol, or attaching to the upper and lower The data information of the short message is passed between the smart card and the card issuer management platform. Preferably, the specific processing of the smart card and card issuer management platform performing the smart card primary security domain key update operation is: The card issuer management platform encrypts the new primary security key with the current primary security domain key, and encrypts The latter primary security key is encapsulated in a predetermined command; the card issuer management platform encapsulates the predetermined command as data and sends it to the smart card through the over-the-air server; the smart card receives the encapsulated predetermined command using the bearer-independent protocol command, The data is parsed to obtain a new primary security domain key, and the primary security domain key update operation is performed on the obtained command; the smart card encapsulates the response command of the predetermined command according to the channel data of the bearer-independent protocol command, and sends the response command to the mobile terminal. The mobile terminal sends a response command to the card issuer management platform through the over-the-air server; the card issuer management platform sends a key update completion command to the smart card. Preferably, the specific processing of the smart card and card issuer management platform performing the smart card primary security domain key update operation is: The card issuer management platform encrypts the new primary security key with the current primary security domain key, and encrypts The new primary security key is encapsulated in a predetermined command; The platform encapsulates the predetermined command as data, and sends the downlink short message to the smart card through the over-the-air server. The smart card receives the encapsulated predetermined command from the downlink short message, and parses the data to obtain a new primary security domain secret. Key, and performing a primary security domain key update operation according to the new primary security domain key; the smart card encapsulates the response command of the predetermined command in the form of a short message and sends it to the mobile terminal; the mobile terminal responds by downloading the server over the air The command is sent to the card issuer management platform; the card issuer management platform sends a key update completion command to the smart card. According to another aspect of the present invention, a key update system is provided. The key update system according to the present invention comprises: a card issuer management platform for managing and maintaining a smart card primary security domain key, and notifying the smart card to perform a primary security domain key if the smart card primary security domain key has not expired The update, the smart card is used to update the primary security domain key; the smart card, located at the mobile terminal, is used to establish a connection with the card issuer management platform, establish a secure channel through the connection, and communicate with the card issuer management platform through the secure channel. An update operation of the security domain key; an over-the-air server for establishing a secure channel with the card issuer management platform, connecting with the mobile terminal, and providing a download service for the mobile terminal. By means of the technical solution of the present invention, the smart card is updated by using the mobile network, and the specific solution in the related art that does not update the smart card primary security domain key is solved, and the mobile communication network can be high-speed, real-time, convenient, and secure. The implementation of the smart card master security domain key update fills the gap in the related technology. Other features and advantages of the invention will be set forth in the description which follows, and The objectives and other advantages of the invention will be realized and attained by the <RTI The drawings are intended to provide a further understanding of the invention, and are intended to be a part of the description of the invention. In the drawings: FIG. 1 is a block diagram of a key update system according to an embodiment of the present invention; FIG. 2 is a flowchart of a key update method according to an embodiment of the present invention; FIG. 3 is an embodiment of the present invention. Signaling flowchart for detailed processing of the smart card master security or key update based on the BIP technology of the key update method; FIG. 4 is a signaling flowchart of detailed processing of updating a smart card primary security domain based on an OTA short message technology according to a key update method according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Currently, in the related art, a specific scheme for key update of a smart card primary security domain has not been proposed. Therefore, the present invention provides a key update method and system for moving high-speed data through a mobile network. The channel and the Bearer Independent Protocol (BIP) implement the update of the primary security domain key, and the OTA technology is used to update the smart card master security i or key by means of short messages. The embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The preferred embodiments of the present invention are described with reference to the accompanying drawings, and the preferred embodiments of the present invention are intended to illustrate and explain the invention. System Embodiment According to an embodiment of the present invention, a key update system is provided. Currently, a talent requirement of a mobile terminal electronic payment system based on near field communication is satisfied by a global platform (Global Platform) Global Platform Card Specification 2.1.1 or 2.2 (Global Platform Card Specification V2.1.1 or V2.2), if the system supports the GP2.1.1 specification, the secure channel protocol needs to support symmetric key based (Security Channel Protocol 02) , the cartridge is called SCP02); if the system supports the GP2.2 specification, the secure channel protocol needs to support SCP02 and the asymmetric key (Security Channel Protocol 10, called SCP10), and the card issuer and application provider can Choose according to the needs of the security policy. The mobile terminal electronic payment system is mainly composed of a card issuer management platform, an application provider management platform and a mobile terminal, and multiple application provider management platforms may exist in the system. The smart terminal has a smart card supporting electronic payment. In order to realize the security management of the smart card and the downloading and installation of the payment application, the smart card needs to establish communication with the card issuer management platform and the application provider management platform, and the smart card can use the mobile terminal to move. Communication is established between the communication network and the management platform. Specifically, the over-the-air (Over The Air) technology is generally used to implement communication between the smart card and the management platform. The mobile terminal electronic payment system based on the near field communication technology supports a multi-electronic payment application, that is, a plurality of electronic payment applications can be installed on the smart card. In order to realize the security of the payment application, the smart card adopts
Global Platform Card Specification V2. 2.2规范, 智能卡被分隔为若干个独立 的安全域, 以保证多个应用相互之间的隔离以及独立性, 各个应用提供商管理 各自的安全域以及应用、 应用数据等。 下面, 基于上述的系统构架, 对通过移动通信网络 GPRS网关或 3G网关 (即, 通过分组数据业务通道)、 且基于 BIP协议实现的密钥更新的系统进行 详细的说明 , 需要说明的是, 本发明的密钥更新系统为上述基于近场通信的移 动终端电子支付系统的一部分。 根据本发明的实施例 ,提供了一种密钥更新系统, 图 1是根据本发明实施 例的密钥更新系统的框图。 如图 1所示, 上述密钥更新系统包括卡片发行商管 理平台 10、 空中下载服务器 12、 移动通信网络 14、 移动终端 16和智能卡(智 能卡位于终端 16内, 在图中未示出)。 下面将对上述密钥更新系统进行详细的 说明。 卡片发行商管理平台 10, 由卡片发行商控制, 用于负责卡的发行和管理, 对卡的资源和生命周期、 密钥、 证书及应用等进行管理, 也可以说, 卡片发行 商管理平台 10 可以管理和维护智能卡主安全域密钥, 此外, 卡片发行商管理 平台 10还在智能卡主安全域密钥未过期的情况下, 即, 智能卡的主安全域密 钥过期前的一个时间点, 通知智能卡进行主安全域密钥的更新 (一^:来说, 当 卡片发行商管理平台检测到主安全域密钥即将过期时, 会通过移动通信网络触 发主安全域密钥的更新 ), 在由智能卡发起主安全域密钥更新过程后 , 与智能 卡进行主安全域密钥的更新操作。 空中下载服务器 12, 用于与卡片发行商管理平台 10建立安全信道, 与移 动终端 16进行连接, 并为移动终端 16提供下载 务。 移动通信网络 14, 用于提供数据通道, 确保移动终端 16和 OTA服务器According to the Global Platform Card Specification V2. 2.2 specification, smart cards are separated into several independent security domains to ensure the isolation and independence of multiple applications. Each application provider manages its own security domain and applications, application data, and so on. In the following, based on the system architecture described above, a detailed description of a system for key update via a mobile communication network GPRS gateway or a 3G gateway (ie, through a packet data service channel) and based on the BIP protocol is described. The inventive key update system is part of the above-described near field communication based mobile payment electronic payment system. According to an embodiment of the present invention, a key update system is provided, and Fig. 1 is a block diagram of a key update system in accordance with an embodiment of the present invention. As shown in Fig. 1, the above key update system includes a card issuer management platform 10, an over-the-air download server 12, a mobile communication network 14, a mobile terminal 16, and a smart card (the smart card is located in the terminal 16, not shown in the figure). The above key update system will be described in detail below. The card issuer management platform 10, controlled by the card issuer, is responsible for the issuance and management of the card, and manages the resources and life cycle, keys, certificates and applications of the card, and can also be said that the card issuer management platform 10 The smart card master security domain key can be managed and maintained. In addition, the card issuer management platform 10 also informs that the smart card primary security domain key has not expired, that is, a time point before the smart card's primary security domain key expires. The smart card performs the update of the primary security domain key (i.e., when the card issuer management platform detects that the primary security domain key is about to expire, the primary security domain key is triggered to be updated by the mobile communication network). After the smart card initiates the primary security domain key update process, the smart card performs an update operation of the primary security domain key. The over-the-air server 12 is configured to establish a secure channel with the card issuer management platform 10, connect with the mobile terminal 16, and provide download services for the mobile terminal 16. Mobile communication network 14, for providing data channels, ensuring mobile terminal 16 and OTA server
12之间的通信。 移动终端 16, 是进行无线下载的客户端。 智能卡, 位于移动终端 16, 用于与卡片发行商管理平台 10建立连接, 通 过连接建立安全通道, 并与卡片发行商管理平台 10 通过安全通道进行主安全 域密钥的更新操作; 需要说明的是, 智能卡指的是符合 Global Platform Card Specification V2.1.1 V2.2规范的 IC芯片或智能卡, 从物理形式上可以为 ( U ) SIM卡、 可插拔的智能存储卡或者集成在移动终端上的 IC芯片。 在实际应用中, 为了实现智能卡的密钥的更新, 首先需要在智能卡和卡片 发行商管理平台 10之间建立连接, 然后通过该连接建立安全通道执行密钥更 新操作, 这里采用对称密钥管理方式, 智能卡和卡片发行商管理平台 10之间 采用显式的安全认证机制 , 安全信道协议采用安全信道协议 (Secure Channel Protocol , 筒称为 SCP02) , SCP02 是在 Global Platform Card Specification V2.1.1/V2.2规范中附录 E Secure Channel Protocol 02中规定的安全信道协议。 这种显式安全认证的好处在于: 通过双向认证, 即保证了卡片发行商管理平台 的合法性, 又保证了智能卡的合法性, 会话密钥的使用有效保证本地密钥的安 全,此外 MAC的计算采用了前后相关联的完整性校验值( Integrity Check Value, 筒称为 ICV ), 保证了通信指令的连续性。 此外,智能卡和卡片发行商管理平台 10之间的通信通过移动网络 OTA的 方式实现。 移动终端 16与智能卡之间的交互增加了对 BIP指令的支持, 在数 据传输方面采用速率更高、 更安全的通用无限分组业务( General Pocket Radio Service , 筒称为 GPRS ) 或通用 移动通讯系 统 ( Universal Mobile Telecommunication System, 筒称为 UMTS ) 等移动高速分组业务通道。 并且, 在实际应用中 , 在移动终端 16和 OTA服务器 12之间可以使用不同的协议, 以使得在使用承载无关协议时实现对 OTA服务器 12的透明数据传输。 外, BIP†办议可称为 7|c载无关 ¼、议或者载体无关 ¼、议, 是在第三代移动 通讯伙伴计划 ( 3rd Generation partnership project, 筒称为 3GPP ) 规范中提出 的一种面向连接的传输协议, 可支持的高速通道包括: GPRS , 全球增强型数 据提升率( Enhanced Datarates for Global Evolution, 筒称为 EDGE )以及 UMTS 等, jt匕夕卜, 还支持五个主动命令 (具体为: OPEN CHANNEL、 CLOSE CHANNEL, RECEIVE DATA, SEND DATA, GET CHANNEL STATUS ) 及两 种事件 (具体为: Data available和 Channel status ), 使智能卡能利用移动终端 16的承载能力建立与远端服务器之间的面向连接的数据通道。 具体地, 智能卡可通过 BIP的 OPEN CHANNEL命令指示移动终端 16通 过分组数据业务通道连接到 OTA服务器 12, 从而建立智能卡和 OTA服务器 12之间的连接。 OTA月 务器 12和卡片发行商管理平台 10通过专线连接或通 过 Internet连接, OTA服务器 12可以通过有关协议实现与卡片发行商管理平台 10之间的安全通信。 在建立智能卡和卡片发行商管理平台 10的连接后, 主安全域密钥更新过 程中涉及的、 符合 GP规范的命令和响应作为数据体附加在 BIP所支持的主动 命令的通道数据中, 在智能卡和卡片发行商管理平台 10之间传递, 通过这种 方法即可实现卡片发行商管理平台 10对智能卡的远程管理。 其中, 卡片发行 商管理平台 10将命令作为数据进行封装, 并通过 OTA服务器 12发送给移动 终端 16, 智能卡在收到移动终端 16发来的数据可用 ( Data available ) 事件后, 使用 BIP命令一 RECEIVE DATA去接收数据, 并对数据进行解析, 得到新的 主安全域密钥, 执行更新操作, 在操作完成后, 再将命令响应按 BIP 命令 —SEND DATA的通道数据的形式进行封装, 发送到移动终端 16, 再通过 OTA 服务器 12发送到卡片发行商管理平台 10。 需要说明的是, 主安全域密钥更新 过程中涉及的 APDU命令包括, 主安全域选择(SELECT命令)、 智能卡与卡 片发行商管理平台之间的安全认证(即, SCP02安全通道的建立)命令以及密 钥更新 ( PUT KEY )命令。 通过上述技术方案 , 解决了智能卡主安全域密钥更新的问题。 OTA 服务器与移动终端及智能卡之间的数据传输可基于两种方式, 一种 是通过移动通信网络 GPRS网关或 3G网关(即, 通过分组数据业务通道 ), 基 于 BIP协议实现, 上述方式是面向连接, 只有当连接成功建立后才开始通信双 方的的数据交互。 上述更新智能卡主安全域的方式已经在上述的系统实施例中 进行了详细的说明。 另一种方式是通过移动通信网络的短消息网关, 使用 OTA 服务器与智能卡之间的数据通信采用短消息的方式更新智能卡的主安全域密 钥 , 在移动终端不支持分组数据业务的情况下 , 可以采用短消息通道实现 0TA, 从而进行主安全域密钥的更新。 下面,基于移动终端近场通信电子支付系统的框架,对通过移动通信网络 的短消息网关, 使用 OTA服务器与智能卡之间的数据通信采用短消息的方式 实现主安全域更新的密钥更新系统进行详细的说明, 需要说明的是, 本发明的 密钥更新系统为上述基于近场通信的移动终端电子支付系统的一部分。 可以参 照图 1进行本实施例。根据本发明的密钥更新系统包括卡片发行商管理平台 10、 务器 12、 以及位于移动终端 16的智能卡。 下面对上述系统进行详细的 说明。 卡片发行商管理平台 10 , 用于建立与 0TA服务器 12之间的安全信道, 并 通过 0TA服务器 12采用预定格式发送密钥更新业务请求给智能卡, 并在选择 智能卡主安全域后, 通过 0TA服务器 12采用短消息的形式与智能卡之间进行 安全认证和会话密钥的协商, 在使用当前主安全域密钥对新的主安全域密钥进 行加密后, 通过 0TA服务器 12采用短消息的形式将新主安全密钥发送到智能 卡。 Communication between 12. The mobile terminal 16 is a client that performs wireless download. The smart card is located at the mobile terminal 16 for establishing a connection with the card issuer management platform 10, establishing a secure channel through the connection, and performing an update operation of the primary security domain key with the card issuer management platform 10 through the secure channel; , smart card refers to the Global Platform Card Specification V2.1.1 The IC chip or smart card of the V2.2 specification can be physically (U) SIM card, pluggable smart memory card or IC chip integrated on the mobile terminal. In practical applications, in order to implement the update of the key of the smart card, it is first necessary to establish a connection between the smart card and the card issuer management platform 10, and then establish a secure channel through the connection to perform a key update operation, where a symmetric key management method is adopted. An explicit security authentication mechanism is adopted between the smart card and the card issuer management platform 10, the secure channel protocol uses a Secure Channel Protocol (SCP02), and the SCP02 is in the Global Platform Card Specification V2.1.1/V2. 2 The secure channel protocol specified in Appendix E Secure Channel Protocol 02 of the specification. The advantages of this explicit security authentication are: through two-way authentication, which guarantees the legitimacy of the card issuer management platform, and ensures the legitimacy of the smart card. The use of the session key effectively ensures the security of the local key, in addition to the MAC The calculation uses the associated integrity check value (Integrity Check Value, called ICV) to ensure the continuity of the communication command. In addition, communication between the smart card and the card issuer management platform 10 is accomplished by means of a mobile network OTA. The interaction between the mobile terminal 16 and the smart card increases the support for the BIP command, and adopts a higher-speed and more secure general-purpose unlimited packet service (General Pocket Radio Service, called GPRS) or a universal mobile communication system (for data transmission). Universal Mobile Telecommunication System, called UMTS) Mobile high-speed packet service channel. Also, in practical applications, different protocols may be used between the mobile terminal 16 and the OTA server 12 to enable transparent data transmission to the OTA server 12 when using bearer-independent protocols. In addition, the BIP conference can be called 7|c, which is irrelevant, or the carrier is not related to the conference. It is a kind proposed in the 3rd Generation Partnership Project (3rd Generation Partnership Project). For connection-oriented transport protocols, the supported high-speed channels include: GPRS, Enhanced Datarates for Global Evolution (RFID) and UMTS, etc., also supports five active commands (specifically For: OPEN CHANNEL, CLOSE CHANNEL, RECEIVE DATA, SEND DATA, GET CHANNEL STATUS ) and two events (specifically: Data available and Channel status ), enabling the smart card to utilize the carrying capacity of the mobile terminal 16 to establish a relationship with the remote server Connection-oriented data channel. Specifically, the smart card can instruct the mobile terminal 16 to connect to the OTA server 12 through the packet data service channel through the OPEN CHANNEL command of the BIP, thereby establishing a connection between the smart card and the OTA server 12. The OTA server 12 and the card issuer management platform 10 are connected by a dedicated line or through the Internet, and the OTA server 12 can implement secure communication with the card issuer management platform 10 through the relevant protocols. After establishing the connection between the smart card and the card issuer management platform 10, the GP-compliant commands and responses involved in the primary security domain key update process are attached as data bodies to the channel data of the active commands supported by the BIP, in the smart card. The card issuer management platform 10 can remotely manage the smart card by transferring between the card issuer management platform 10 and the card issuer management platform 10. The card issuer management platform 10 encapsulates the command as data and sends it to the mobile terminal 16 through the OTA server 12. After receiving the data available event (data available) sent by the mobile terminal 16, the smart card uses the BIP command-RECEIVE. DATA receives the data, parses the data, obtains a new primary security domain key, performs an update operation, and after the operation is completed, encapsulates the command response in the form of channel data of the BIP command—SEND DATA, and sends it to the mobile. The terminal 16 is then sent to the card issuer management platform 10 via the OTA server 12. It should be noted that the APDU commands involved in the primary security domain key update process include: primary security domain selection (SELECT command), security authentication between the smart card and the card issuer management platform (ie, establishment of the SCP02 secure channel) command. And the key update ( PUT KEY ) command. Through the above technical solution, the problem of key update of the smart card primary security domain is solved. The data transmission between the OTA server and the mobile terminal and the smart card can be based on two ways, one is through the mobile communication network GPRS gateway or the 3G gateway (ie, through the packet data service channel), based on the BIP protocol, the above manner is oriented connection The data interaction between the two parties is started only after the connection is successfully established. The manner of updating the smart card primary security domain has been described in detail in the above system embodiment. Another way is to update the smart card's primary security domain key by means of a short message through the short message gateway of the mobile communication network, using the data communication between the OTA server and the smart card, in the case that the mobile terminal does not support the packet data service, The 0TA can be implemented using a short message channel to update the primary security domain key. In the following, based on the framework of the mobile terminal near field communication electronic payment system, the short message gateway through the mobile communication network uses a short message to implement a key update system for the primary security domain update by using a short message method for data communication between the OTA server and the smart card. DETAILED DESCRIPTION It should be noted that the key update system of the present invention is part of the above-described near field communication based mobile payment electronic payment system. This embodiment can be carried out with reference to FIG. 1. The key update system according to the present invention includes a card issuer management platform 10, a server 12, and a smart card located at the mobile terminal 16. The above system will be described in detail below. The card issuer management platform 10 is configured to establish a secure channel with the 0TA server 12, and send a key update service request to the smart card through the 0TA server 12 in a predetermined format, and after selecting the smart card primary security domain, through the 0TA server 12 Between short form and smart card The security authentication and the session key are negotiated. After the new primary security domain key is encrypted using the current primary security domain key, the new primary security key is sent to the smart card by the 0TA server 12 in the form of a short message.
OTA服务器 12,用于将卡片发行商管理平台 10发送的命令作为数据体附 加在下行短消息的数据信息中发给智能卡 , 并将智能卡以上行短消息返回的命 令响应发给卡片发行商管理平台 10。 智能卡, 位于移动终端 16 , 移动终端用于将短消息透明传输给智能卡, 智能卡用于接收并执行卡片发行商管理平台 10 的命令, 并将返回命令作为数 据体附加在上行短消息的数据信息中发给 0TA服务器 12 , 并由 0TA服务器 12 转发给卡片发行商管理平台 10。 方法实施例 才艮据本发明的实施例 ,提供了一种密钥更新方法 , 用于对移动终端的智能 卡主安全域密钥进行更新。图 2是才艮据本发明实施例的密钥更新方法的流程图 , 如图 2所示 , 包括以下处理 (步骤 S202到步骤 S206 ): 步骤 S202, 在智能卡主安全域密钥未过期的情况下, 卡片发行商管理平 台通知智能卡进行主安全域密钥的更新; 此外, 在步骤 S202中, 在卡片发行商管理平台通知智能卡进行主安全域 密钥的更新之前, 首先需要在卡片发行商管理平台与空中下载服务器之间建立 安全信道。 并且, 在步骤 S202中, 卡片发行商管理平台通知智能卡进行主安全域密 钥的更新的具体处理为: The OTA server 12 is configured to send the command sent by the card issuer management platform 10 as a data body to the smart card in the data information of the downlink short message, and send the command response of the smart card to return the short message to the card issuer management platform. 10. The smart card is located at the mobile terminal 16, and the mobile terminal is configured to transparently transmit the short message to the smart card, and the smart card is used to receive and execute the command of the card issuer management platform 10, and attach the return command as the data body to the data information of the uplink short message. It is sent to the 0TA server 12 and forwarded by the 0TA server 12 to the card issuer management platform 10. Method Embodiment According to an embodiment of the present invention, a key update method is provided for updating a smart card primary security domain key of a mobile terminal. 2 is a flowchart of a key update method according to an embodiment of the present invention. As shown in FIG. 2, the following processing is included (step S202 to step S206): Step S202, when the smart card primary security domain key has not expired Next, the card issuer management platform notifies the smart card to update the primary security domain key; further, in step S202, before the card issuer management platform notifies the smart card to update the primary security domain key, it first needs to be managed by the card issuer. A secure channel is established between the platform and the over-the-air server. Moreover, in step S202, the specific processing of the card issuer management platform notifying the smart card to update the primary security domain key is:
1、 卡片发行商管理平台向智能卡发送密钥更新的通知消息; 其中,卡片发行商管理平台通过移动网络向智能卡发送进行密钥更新的通 知消息的具体处理为: 卡片发行商管理平台向空中下载月 务器发送密钥更新业 务请求; 响应于密钥更新业务请求, 空中下载服务器对密钥更新业务请求进行 封装, 并将封装后的数据发送到移动终端; 移动终端将数据通过预定数据格式 透明传输到智能卡。 1. The card issuer management platform sends a notification message of the key update to the smart card; wherein the card issuer management platform sends the notification message of the key update to the smart card through the mobile network as follows: The card issuer management platform downloads to the air The server sends a key update service request; in response to the key update service request, the over-the-air server encapsulates the key update service request and transmits the encapsulated data to the mobile terminal; the mobile terminal transparently passes the data through the predetermined data format Transfer to the smart card.
2、 响应于通知消息, 智能卡发起主安全域密钥更新过程。 步骤 S204, 智能卡与卡片发行商管理平台建立连接, 通过连接建立安全 通道; 优选地, 在步骤 S204中, 智能卡与卡片发行商管理平台建立连接的具体 处理为: 1、 智能卡与移动终端建立 7|c载无关协议连接; 2、 移动终端通过分组 数据业务通道连接到空中下载服务器; 3、 空中下载服务器和卡片发行商管理 平台通过专线连接或通过因特网连接, 并且空中下载月 务器通过预定协议实现 与卡片发行商管理平台之间的安全通信。 优选地, 在步骤 S204中, 智能卡与卡片发行商管理平台建立连接的具体 处理为: 1、 智能卡与空中下载月 务器之间通过短消息方式进行通信; 2、 空中 下载服务器和卡片发行商管理平台通过专线连接或通过因特网进行连接, 并且 空中下载服务器通过预定协议实现与卡片发行商管理平台之间的安全通信。 此外, 在步骤 S204之后, 卡片发行商管理平台还需要选择智能卡的主安 全域。 在步骤 S204中, 智能卡与卡片发行商管理平台通过连接建立安全通道的 具体处理为: 卡片发行商管理平台按照预定安全信道协议与智能卡建立安全通 道, 并在建立安全通道的同时, 卡片发行商管理平台与智能卡进行身份认证和 会话密钥协商, 优选地, 可以采用显性认证或隐性认证的方式进行双向认证。 并且,在智能卡与卡片发行商管理平台建立连接之后,还需要将密钥更新 过程中的命令和响应作为数据体附加在承载无关协议支持的主动命令的通道 数据中、 或者附加在上下行短消息的数据信息中, 在智能卡和卡片发行商管理 平台之间传递。 步骤 S206, 智能卡与卡片发行商管理平台通过安全通道进行主安全域密 钥的更新操作。 优选地, 步骤 S206 的具体处理为: 1、 卡片发行商管理平台采用当前的 主安全域密钥对新的主安全密钥进行加密, 并将加密后的主安全密钥封装在预 定命令中; 2、 卡片发行商管理平台将预定命令作为数据进行封装, 并通过空 中下载服务器发送到智能卡; 3、 智能卡使用承载无关协议命令接收封装后的 预定命令, 对其中的数据进行解析, 解密得到新的主安全域密钥, 对得到的命 令执行主安全域密钥更新操作; 4、 智能卡根据承载无关协议命令的通道数据 的形式对预定命令的响应命令进行封装, 并发送到移动终端; 5、 移动终端通 过空中下载服务器将响应命令发送到卡片发行商管理平台; 6、 卡片发行商管 理平台将密钥更新完成命令发送至智能卡。 优选地, 步骤 S206 的具体处理还可以为: 1、 卡片发行商管理平台采用 当前的主安全域密钥对新的主安全密钥进行加密 , 并将加密后的新的主安全密 钥封装在预定命令中; 2、 卡片发行商管理平台将预定命令作为数据进行封装, 并通过空中下载服务器的下行短消息发送到智能卡; 3、 智能卡从下行短消息 中接收封装后的预定命令, 对其中的数据进行解析, 得到新的主安全域密钥, 并才艮据新的主安全域密钥执行主安全域密钥更新操作; 4、 智能卡以上行短消 息的形式对预定命令的响应命令进行封装, 并发送到移动终端; 5、 移动终端 通过空中下载服务器将响应命令发送到卡片发行商管理平台; 6、 卡片发行商 管理平台将密钥更新完成命令发送至智能卡。 下面,结合实例,对本发明的上述技术方案进行详细的说明,如图 3所示, 图 3是根据本发明实施例的密钥更新方法的详细处理过程的信令流程图 , 需要 说明的是,尽管下面将以图 1所示的移动终端电子支付系统架构为例进行描述, 但本发明的应用场景不限于图 1所示移动终端电子支付系统架构。 在图 1的构 架中, 卡片发行商管理平台负责密钥的管理, 它通过 OTA服务器经移动通信 网络完成对智能卡上主安全域密钥的更新。 如图 3所示, 包括以下处理: 2. In response to the notification message, the smart card initiates a primary security domain key update procedure. In step S204, the smart card establishes a connection with the card issuer management platform, and establishes a secure channel through the connection. Preferably, in step S204, the specific process of establishing a connection between the smart card and the card issuer management platform is as follows: 1. The smart card and the mobile terminal establish 7| C-independent protocol connection; 2. The mobile terminal is connected to the over-the-air download server through the packet data service channel; 3. The over-the-air server and the card issuer management platform are connected through a dedicated line or through the Internet, and the over-the-air download server is implemented by a predetermined protocol. Secure communication with the card issuer management platform. Preferably, in step S204, the specific processing of establishing a connection between the smart card and the card issuer management platform is as follows: 1. The short message is communicated between the smart card and the over-the-air download server; 2. The air download server and the card issuer management The platform is connected by a dedicated line connection or via the Internet, and the over-the-air server implements secure communication with the card issuer management platform through a predetermined protocol. In addition, after step S204, the card issuer management platform also needs to select the primary security domain of the smart card. In step S204, the specific process of establishing a secure channel by the smart card and the card issuer management platform is as follows: The card issuer management platform establishes a secure channel with the smart card according to a predetermined secure channel protocol, and manages the card issuer while establishing a secure channel. The platform and the smart card perform identity authentication and session key negotiation. Preferably, the two-way authentication may be performed by using explicit authentication or implicit authentication. Moreover, after the smart card establishes a connection with the card issuer management platform, the command and response in the key update process are also required to be attached as data bodies to the channel data of the active command supported by the bearer-independent protocol, or to the uplink and downlink short messages. The data information is passed between the smart card and the card issuer management platform. Step S206, the smart card and the card issuer management platform perform the update operation of the primary security domain key through the secure channel. Preferably, the specific processing of step S206 is: 1. The card issuer management platform encrypts the new primary security key by using the current primary security domain key, and encapsulates the encrypted primary security key in a predetermined command; 2. The card issuer management platform encapsulates the predetermined command as data and sends it to the smart card through the over-the-air server; 3. The smart card uses the bearer-independent protocol command to receive the encapsulated predetermined command, parses the data therein, and decrypts the new data. The primary security domain key performs the primary security domain key update operation on the obtained command; 4. The smart card encapsulates the response command of the predetermined command according to the channel data of the bearer-independent protocol command, and sends the response command to the mobile terminal; Terminal pass The over-the-air download server sends a response command to the card issuer management platform; 6. The card issuer management platform sends a key update completion command to the smart card. Preferably, the specific processing of step S206 may further be: 1. The card issuer management platform encrypts the new primary security key by using the current primary security domain key, and encapsulates the encrypted new primary security key in the card. In the predetermined command; 2. The card issuer management platform encapsulates the predetermined command as data, and sends the downlink short message to the smart card through the over-the-air server; 3. The smart card receives the encapsulated predetermined command from the downlink short message, The data is parsed to obtain a new primary security domain key, and the primary security domain key update operation is performed according to the new primary security domain key. 4. The smart card encapsulates the response command of the predetermined command in the form of a short message. And sending to the mobile terminal; 5. The mobile terminal sends a response command to the card issuer management platform through the over-the-air download server; 6. The card issuer management platform sends the key update completion command to the smart card. The foregoing technical solution of the present invention is described in detail with reference to an example, as shown in FIG. 3, which is a signaling flowchart of a detailed processing procedure of a key update method according to an embodiment of the present invention. Although the mobile terminal electronic payment system architecture shown in FIG. 1 will be described below as an example, the application scenario of the present invention is not limited to the mobile terminal electronic payment system architecture shown in FIG. 1. In the framework of Figure 1, the card issuer management platform is responsible for the management of the key, which completes the update of the primary security domain key on the smart card via the OTA server via the mobile communication network. As shown in Figure 3, the following processing is included:
1、 建立卡片发行商管理平台与 OTA服务器之间的安全信道; 1. Establish a secure channel between the card issuer management platform and the OTA server;
2、 卡片发行商管理平台发送密钥更新业务请求给 OTA服务器; OTA服 务器对密钥更新业务请求按照数据短消息的格式进行封装, 将数据短消息发送 给移动终端; 移动终端将数据短消息透明传输给智能卡(可以通过 ENVELOPE ( SMS-PP DOWNLOAD ) 命令 ) (对应于图 2中步骤 S202 ); 2. The card issuer management platform sends a key update service request to the OTA server; the OTA server encapsulates the key update service request according to the format of the data short message, and sends the data short message to the mobile terminal; the mobile terminal transparently the data short message Transfer to the smart card (can pass the ENVELOPE (SMS-PP DOWNLOAD) command) (corresponding to step S202 in Figure 2);
3、 智能卡对数据短消息进行解析, 启动与移动终端的 BIP连接。 智能卡 通过发送 BIP命令— -OPEN CHANNEL到移动终端建立 BIP连接。 在 OPEN CHANNEL命令中, 智能卡指定 BIP连接参数, 这些参数包括支持的传输协议 类型 (例如, 传输控制协议 ( TCP ) 等)、 数据緩冲区大小、 OTA 服务器的网 络地址, 信道号等; 3. The smart card parses the data short message and initiates a BIP connection with the mobile terminal. The smart card establishes a BIP connection to the mobile terminal by sending a BIP command -OPEN CHANNEL. In the OPEN CHANNEL command, the smart card specifies BIP connection parameters, including supported transport protocol types (for example, Transmission Control Protocol (TCP), etc.), data buffer size, OTA server network address, channel number, etc.
4、 移动终端与智能卡建立 BIP连接, 并且按照 OPEN CHANNEL命令中 的 OTA服务器地址和传输协议类型建立与 OTA服务器之间的 TCP/IP (传输控 制协议 /因特网协议) 连接; 5、 连接建立后, 将选择智能卡主安全域, 具体的主安全域选择处理包括: 卡片发行商管理平台按照 Global Platform规范中的命令格式规定封装 SELECT 命令, 在 SELECT命令中填充主安全 i或的 AID ( Application ID, 即应用 ID ), 然后将封装的 SELECT命令作为数据发送给 OTA服务器;移动终端通过 TCP/IP 连接从 OTA 服务器接收数据, 并用 "数据可用事件" 通知智能卡 (通过 ENVELOPE Data available命令) 来取数据, 当智能卡从移动终端拖4 数据时 发送 BIP命令一RECEIVE DATA; 智能卡对数据进行解析,按照 SELECT命令 选择主安全域。执行命令后 ,智能卡通过 BIP命令 -SEND DATA发送 SELECT 响应数据,移动终端将该数据通过前面建立的 TCP/IP连接发送给 OTA服务器; 4. The mobile terminal establishes a BIP connection with the smart card, and establishes a TCP/IP (Transmission Control Protocol/Internet Protocol) connection with the OTA server according to the OTA server address and the transport protocol type in the OPEN CHANNEL command; 5. After the connection is established, the smart card primary security domain will be selected. The specific primary security domain selection process includes: The card issuer management platform encapsulates the SELECT command according to the command format specified in the Global Platform specification, and populates the primary security i or the SELECT command. AID (Application ID), and then send the encapsulated SELECT command as data to the OTA server; the mobile terminal receives data from the OTA server over a TCP/IP connection and notifies the smart card with the "data available event" (via the ENVELOPE Data available command) To retrieve data, when the smart card drags 4 data from the mobile terminal, send a BIP command-RECEIVE DATA; the smart card parses the data, and selects the primary security domain according to the SELECT command. After executing the command, the smart card sends the SELECT response data through the BIP command -SEND DATA, and the mobile terminal sends the data to the OTA server through the previously established TCP/IP connection;
6、卡片发行商管理平台接收到 SELECT响应后,按照 Global Platform V2.2 中附录 E Secure Channel Protocol 02的规定建立与智能卡之间的安全通信信道, 在建立安全通信信道时 , 卡片发行商管理平台和智能卡需要进行双向认证 , 认 证方式采用显式认证, 建立安全信道所用的命令的传递方式同前述的 SELECT 命令, 安全信道所用的命令的传递过程可参见上述的主安全域选择处理(对应 于图 2中的步骤 S204 ); 6. After receiving the SELECT response, the card issuer management platform establishes a secure communication channel with the smart card according to the provisions of Appendix E Secure Channel Protocol 02 in Global Platform V2.2. When establishing a secure communication channel, the card issuer management platform The smart card needs to be authenticated in both directions, and the authentication mode uses explicit authentication. The command used to establish the secure channel is transmitted in the same manner as the SELECT command. The command for the transmission of the secure channel can be referred to the above-mentioned primary security domain selection process (corresponding to the figure). Step S204)
7、 安全信道建立完成后, 卡片发行商管理平台采用当前主安全域密钥对 新的主安全 i或密钥进行力。密, 按照 PUT KEY的命令格式规范封装 PUT KEY 命令, 然后将 PUT KEY命令发送给智能卡; 智能卡收到 PUT KEY命令后, 解 密得到新的主安全域密钥, 执行主安全域密钥更新操作; 密钥更新完成后, 智 能卡发送 PUT KEY响应 (包括密钥版本号、 密钥校验值等) 给卡片发行商管 理平台; PUT KEY命令的传递方式同前述的 SELECT命令, 即上述的主安全 域选择处理 (对应于图 2中的步骤 S206 ); 7. After the security channel is established, the card issuer management platform uses the current primary security domain key to force the new primary security i or key. Secret, according to the PUT KEY command format specification package PUT KEY command, and then send the PUT KEY command to the smart card; after receiving the PUT KEY command, the smart card decrypts to obtain a new primary security domain key, and performs the primary security domain key update operation; After the key update is completed, the smart card sends a PUT KEY response (including the key version number, key check value, etc.) to the card issuer management platform; the PUT KEY command is transmitted in the same manner as the aforementioned SELECT command, that is, the above-mentioned primary security domain. Selection processing (corresponding to step S206 in Fig. 2);
8、 卡片发行商管理平台在收到 PUT KEY响应消息后, 将发送密钥更新 完成命令给智能卡, 此命令的传递方式同前述的 SELECT命令, 即上述的主安 全域选择处理; 8. After receiving the PUT KEY response message, the card issuer management platform will send a key update completion command to the smart card, and the command is transmitted in the same manner as the foregoing SELECT command, that is, the above-mentioned main security domain selection process;
9、 智能卡接收到密钥更新完成命令后, 可以发送 BIP 命令 -CLOSE CHANNEL关闭智能卡和移动终端间的 BIP连接; 如有后续的基于移动通信网 络的应用下载, 可以不关闭 BIP连接, 继续进行其他应用下载; 9. After receiving the key update completion command, the smart card can send a BIP command-CLOSE CHANNEL to close the BIP connection between the smart card and the mobile terminal; if there is a subsequent application download based on the mobile communication network, the BIP connection can be closed without further Application download
10、 断开 OTA服务器和终端之间的 PCT/IP连接。 根据本发明的实施例,通过移动网络对卡上应用或数据的更新也可以采用10. Disconnect the PCT/IP connection between the OTA server and the terminal. According to an embodiment of the present invention, an update of an application or data on a card through a mobile network may also be employed.
OTA的短消息技术, 通过该技术, 以短消息为通道更新卡上的应用和数据, 由 于上述方法采用的是存储转发技术, 即无连接的技术, 所以, 通信双方不用建 立连接, 直接通过短信方式传输数据; 下面, 结合附图, 对采用 OTA短消息 技术对智能卡主安全域密钥进行更新的技术方案进行详细的说明, 图 4是根据 本发明实施例的采用 OTA短消息技术对智能卡主安全域密钥进行更新的详细 处理的流程图, 如图 4所示, 包括以下处理: OTA's short message technology, through which the application and data on the card are updated with the short message as the channel. The above method adopts the store-and-forward technology, that is, the connectionless technology. Therefore, the two parties do not need to establish a connection, and directly transmit data by using a short message method. Hereinafter, the key security domain key of the smart card is adopted by using OTA short message technology with reference to the accompanying drawings. The technical solution for updating is described in detail. FIG. 4 is a flowchart of detailed processing for updating the smart card primary security domain key by using the OTA short message technology according to an embodiment of the present invention. As shown in FIG. 4, the following processing is included:
1、 建立卡片发行商管理平台与 OTA服务器之间的安全信道; 1. Establish a secure channel between the card issuer management platform and the OTA server;
2、 卡片发行商管理平台发送密钥更新业务请求给 OTA服务器; OTA服 务器对密钥更新业务请求按照数据短消息的格式进行封装, 将数据短消息发送 给移动终端, 移动终端将数据短消息透明传输给智能卡(对应于图 2中的步骤 S202 ); 2. The card issuer management platform sends a key update service request to the OTA server; the OTA server encapsulates the key update service request according to the format of the data short message, and sends the data short message to the mobile terminal, and the mobile terminal transparently transmits the data short message. Transfer to the smart card (corresponding to step S202 in Fig. 2);
3、 智能卡对数据短消息进行解析, 返回确认短消息; 3. The smart card parses the data short message and returns a confirmation short message;
4、卡片发行商管理平台选择智能卡主安全域(对应于图 2中的步骤 S204 ), 具体包括以下处理: 卡片发行商管理平台按照 Global Platform 规范中的命令格式规定封装 SELECT命令 , 在 SELECT命令中填充主安全 i或的 AID(Application ID) , 然后 将封装的 SELECT命令作为数据发送给 OTA月 务器; 4. The card issuer management platform selects the smart card master security domain (corresponding to step S204 in FIG. 2), and specifically includes the following processing: The card issuer management platform encapsulates the SELECT command according to the command format specification in the Global Platform specification, in the SELECT command. Fill the main security i or AID (Application ID), and then send the encapsulated SELECT command as data to the OTA server;
OTA服务器把封装好的 SELECT命令作为数据体附加在下行短消息的数 据信息中发给智能卡; 智能卡对数据进行解析, 按照 SELECT命令选择主安全域。 执行命令后, 把命令响应作为数据体附加在上行短消息的数据信息中发送给 OTA服务器; The OTA server sends the encapsulated SELECT command as a data body to the smart card in the data information of the downlink short message; the smart card parses the data, and selects the primary security domain according to the SELECT command. After executing the command, the command response is appended to the data information of the uplink short message and sent to the OTA server;
5、 卡片发行商管理平台接收到 SELECT响应后, 进行与智能卡之间的安 全认证和会话密钥的协商, 所用的命令的传递过程可参见上述的主安全域选择 处理 (对应于图 2中的步骤 S206 ); 5. After receiving the SELECT response, the card issuer management platform performs security authentication and session key negotiation with the smart card. The process of transmitting the command can be referred to the above-mentioned primary security domain selection process (corresponding to FIG. 2). Step S206);
6、卡片发行商管理平台采用主安全域密钥对新的主安全域密钥进行加密, 按照 PUT KEY的命令格式规范封装 PUT KEY命令, 然后将 PUT KEY命令发 送给智能卡; 智能卡收到 PUT KEY命令后 , 解密得到新的主安全域密钥, 执 行主安全域密钥更新操作; 密钥更新完成后, 智能卡发送 PUT KEY响应 (包 括密钥版本号、 密钥校验值等) 给卡片发行商管理平台; PUT KEY命令的传 递过程可参见上述的主安全域选择处理; 7、 卡片发行商管理平台在收到 PUT KEY响应消息后, 将发送密钥更新 完成命令给智能卡, 卡片发行商管理平台按预定格式把此命令发给 OTA服务 器 , OTA服务器把此命令作为数据体附加在下行短消息的数据信息中发给智能 卡。 综上所述,借助于本发明的技术方案 , 通过使用移动网络对智能卡进行更 新, 解决了相关技术中没有对智能卡主安全域密钥进行更新的具体方案的问 题, 能够通过移动通信网络高速、 实时、 方便、 安全地实现智能卡主安全域密 钥的更新, 填补了相关技术中的空白。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明,对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则 之内, 所作的任何修改、 等同替换、 ?丈进等, 均应包含在本发明的保护范围之 内。 6. The card issuer management platform encrypts the new primary security domain key using the primary security domain key, encapsulates the PUT KEY command according to the PUT KEY command format specification, and then sends the PUT KEY command to the smart card; the smart card receives the PUT KEY After the command, decrypt the new primary security domain key and perform the primary security domain key update operation. After the key update is completed, the smart card sends a PUT KEY response (including the key version number, key check value, etc.) to the card issue. Business management platform; the transfer process of the PUT KEY command can be referred to the above-mentioned main security domain selection process; 7. After receiving the PUT KEY response message, the card issuer management platform will send a key update completion command to the smart card, and the card issuer management platform sends the command to the OTA server in a predetermined format, and the OTA server uses the command as the data body. Attached to the data message of the downlink short message is sent to the smart card. In summary, by using the technical solution of the present invention, the smart card is updated by using the mobile network, and the specific solution in the related art that does not update the smart card primary security domain key is solved, and the mobile communication network can be fast, Real-time, convenient and secure implementation of the smart card master security domain key update fills the gap in the related technology. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalents, and modifications made within the spirit and principles of the present invention. It should be included in the scope of protection of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种密钥更新方法, 用于对移动终端的智能卡主安全域密钥进行更新, 其特征在于, 所述方法包括: A key update method, configured to update a smart card primary security domain key of a mobile terminal, where the method includes:
在所述智能卡主安全域密钥未过期的情况下 ,卡片发行商管理平台 通知所述智能卡进行主安全域密钥的更新;  The card issuer management platform notifies the smart card to update the primary security domain key if the smart card primary security domain key has not expired;
所述智能卡与所述卡片发行商管理平台建立连接,通过所述连接建 立安全通道;  The smart card establishes a connection with the card issuer management platform, and establishes a secure channel through the connection;
所述智能卡与所述卡片发行商管理平台通过所述安全通道进行主 安全域密钥的更新操作。  The smart card and the card issuer management platform perform an update operation of the primary security domain key through the secure channel.
2. 根据权利要求 1所述的方法, 其特征在于, 在所述卡片发行商管理平台 通知所述智能卡进行主安全域密钥的更新之前 , 所述方法进一步包括: 在所述卡片发行商管理平台与空中下载服务器之间建立安全信道。 2. The method according to claim 1, wherein before the card issuer management platform notifies the smart card to update the primary security domain key, the method further comprises: managing at the card issuer A secure channel is established between the platform and the over-the-air server.
3. 根据权利要求 2所述的方法, 其特征在于, 所述卡片发行商管理平台通 知所述智能卡进行主安全域密钥的更新的具体处理为: The method according to claim 2, wherein the card issuer management platform notifies the smart card that the update of the primary security domain key is:
所述卡片发行商管理平台与所述空中下载服务器之间建立安全信 道后 ,通过所述空中下载服务器向所述智能卡发送密钥更新的通知消息; 响应于所述通知消息 , 所述智能卡发起主安全域密钥更新过程。  After establishing a security channel between the card issuer management platform and the over-the-air server, sending, by the over-the-air server, a notification message of a key update to the smart card; in response to the notification message, the smart card initiates a master Security domain key update process.
4. 才艮据权利要求 3所述的方法, 其特征在于, 所述卡片发行商管理平台与 所述空中下载月 务器之间建立安全信道后 , 通过所述空中下载月 务器向 所述智能卡发送进行密钥更新的所述通知消息的具体处理为: 4. The method according to claim 3, wherein after the card issuer management platform establishes a secure channel with the over-the-air download server, the over-the-air download server The specific processing of the notification message sent by the smart card to perform key update is:
所述卡片发行商管理平台向所述空中下载服务器发送密钥更新业 务请求;  The card issuer management platform sends a key update service request to the air download server;
响应于所述密钥更新业务请求,所述空中下载 ^^务器对所述密钥更 新业务请求进行封装, 并将封装后的数据发送到移动终端;  Responding to the key update service request, the over-the-air server encapsulates the key update service request, and sends the encapsulated data to the mobile terminal;
所述移动终端将所述数据通过预定数据格式透明传输到所述智能 卡。 The mobile terminal transparently transmits the data to the smart card through a predetermined data format.
5. 根据权利要求 2所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台建立连接包括: The method according to claim 2, wherein the establishing, by the smart card, the card issuer management platform comprises:
所述智能卡与所述移动终端建立 7|c载无关协议连接; 所述移动终端通过分组数据业务通道连接到所述空中下载 务器; 所述空中下载服务器和所述卡片发行商管理平台通过专线连接或 通过因特网进行连接, 并且所述空中下载月 务器通过预定协议实现与所 述卡片发行商管理平台之间的安全通信。  The smart card establishes a 7|c-independent protocol connection with the mobile terminal; the mobile terminal is connected to the air download server through a packet data service channel; and the air download server and the card issuer management platform pass a dedicated line Connecting or connecting via the Internet, and the over-the-air downloader implements secure communication with the card issuer management platform via a predetermined protocol.
6. 根据权利要求 2所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台建立连接包括: The method according to claim 2, wherein the establishing a connection between the smart card and the card issuer management platform comprises:
所述智能卡与所述空中下载服务器之间通过短消息方式进行通信; 所述空中下载服务器和所述卡片发行商管理平台通过专线连接或 通过因特网进行连接, 并且所述空中下载月 务器通过预定协议实现与所 述卡片发行商管理平台之间的安全通信。  Communicating between the smart card and the over-the-air server by means of a short message; the over-the-air server and the card issuer management platform are connected by a dedicated line or via the Internet, and the over-the-air download server is scheduled The protocol implements secure communication with the card issuer management platform.
7. 根据权利要求 1所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台建立所述连接之后, 所述方法进一步包括: The method according to claim 1, wherein after the smart card establishes the connection with the card issuer management platform, the method further includes:
所述卡片发行商管理平台选择所述智能卡的主安全域。  The card issuer management platform selects a primary security domain of the smart card.
8. 根据权利要求 1所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台通过所述连接建立所述安全通道的具体处理为: The method according to claim 1, wherein the specific processing of the smart card and the card issuer management platform to establish the secure channel through the connection is:
所述卡片发行商管理平台按照预定安全信道协议与所述智能卡建 立所述安全通道, 并在建立所述安全通道的同时, 所述卡片发行商管理 平台与所述智能卡进行身份认证和会话密钥协商。  The card issuer management platform establishes the secure channel with the smart card according to a predetermined secure channel protocol, and the card issuer management platform performs identity authentication and session key with the smart card while establishing the secure channel Negotiation.
9. 根据权利要求 1所述的方法, 其特征在于, 在所述智能卡与所述卡片发 行商管理平台建立连接之后, 所述方法进一步包括: The method according to claim 1, wherein after the smart card establishes a connection with the card issuer management platform, the method further includes:
将密钥更新过程中的命令和响应作为数据体附加在 7|载无关协议 支持的主动命令的通道数据中、 或者附加在上 /下行短消息的数据信息 中, 在所述智能卡和所述卡片发行商管理平台之间传递。 The command and the response in the key update process are added as data bodies in the channel data of the active command supported by the 7-independent protocol, or in the data information of the uplink/downlink short message, in the smart card and the card Passed between publisher management platforms.
10. 根据权利要求 5所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台执行所述智能卡主安全域密钥更新操作的具体处理为: The method according to claim 5, wherein the specific processing of the smart card and the card issuer management platform to perform the smart card primary security domain key update operation is:
所述卡片发行商管理平台采用当前的主安全域密钥对新的主安全 密钥进行加密, 并将加密后的所述新的主安全密钥封装在预定命令中; 所述卡片发行商管理平台将所述预定命令作为数据进行封装,并通 过空中下载服务器发送到所述智能卡;  The card issuer management platform encrypts the new primary security key with the current primary security domain key, and encapsulates the encrypted new primary security key in a predetermined command; the card issuer management The platform encapsulates the predetermined command as data and sends the smart card to the smart card through an over-the-air server;
所述智能卡使用承载无关协议命令接收封装后的所述预定命令 ,对 其中的数据进行解析, 得到所述新的主安全域密钥, 并才艮据所述新的主 安全域密钥执行主安全域密钥更新操作;  The smart card receives the encapsulated predetermined command by using a bearer-independent protocol command, parses the data therein, obtains the new primary security domain key, and executes the master according to the new primary security domain key. Secure domain key update operation;
所述智能卡才艮据承载无关协议命令的通道数据的形式对所述预定 命令的响应命令进行封装, 并发送到所述移动终端;  And the smart card encapsulates the response command of the predetermined command according to the channel data of the bearer-independent protocol command, and sends the response command to the mobile terminal;
所述移动终端通过所述空中下载 务器将所述响应命令发送到所 述卡片发行商管理平台;  Sending, by the mobile terminal, the response command to the card issuer management platform by using the airmail server;
所述卡片发行商管理平台将密钥更新完成命令发送至所述智能卡。  The card issuer management platform sends a key update completion command to the smart card.
11. 根据权利要求 6所述的方法, 其特征在于, 所述智能卡与所述卡片发行 商管理平台执行所述智能卡主安全域密钥更新操作包括: The method according to claim 6, wherein the smart card and the card issuer management platform perform the smart card master security domain key update operation, including:
所述卡片发行商管理平台采用当前的主安全域密钥对新的主安全 密钥进行加密, 并将加密后的所述新的主安全密钥封装在预定命令中; 所述卡片发行商管理平台将所述预定命令作为数据进行封装,并通 过空中下载服务器的下行短消息发送到所述智能卡;  The card issuer management platform encrypts the new primary security key with the current primary security domain key, and encapsulates the encrypted new primary security key in a predetermined command; the card issuer management The platform encapsulates the predetermined command as data, and sends the downlink short message to the smart card through an over-the-air download server;
所述智能卡从所述下行短消息中接收封装后的所述预定命令,对其 中的数据进行解析, 得到所述新的主安全域密钥, 并才艮据所述新的主安 全域密钥执行主安全域密钥更新操作;  Receiving, by the smart card, the encapsulated predetermined command from the downlink short message, parsing the data therein, obtaining the new primary security domain key, and querying the new primary security domain key Perform the primary security domain key update operation;
所述智能卡以上行短消息的形式对所述预定命令的响应命令进行 封装, 并发送到所述移动终端;  The smart card encapsulates the response command of the predetermined command in the form of a short message, and sends the response command to the mobile terminal;
所述移动终端通过所述空中下载 务器将所述响应命令发送到所 述卡片发行商管理平台;  Sending, by the mobile terminal, the response command to the card issuer management platform by using the airmail server;
所述卡片发行商管理平台将密钥更新完成命令发送至所述智能卡。 The card issuer management platform sends a key update completion command to the smart card.
12. 一种密钥更新系统, 其特征在于, 包括: 12. A key update system, comprising:
卡片发行商管理平台, 用于管理和维护智能卡主安全域密钥, 并在 所述智能卡主安全域密钥未过期的情况下 , 通知所述智能卡进行主安全 域密钥的更新 , 与所述智能卡进行主安全域密钥的更新操作;  a card issuer management platform, configured to manage and maintain a smart card primary security domain key, and notify the smart card to update the primary security domain key if the smart card primary security domain key has not expired The smart card performs an update operation of the primary security domain key;
所述智能卡, 位于移动终端, 用于与所述卡片发行商管理平台建立 连接, 通过所述连接建立安全通道, 并与所述卡片发行商管理平台通过 所述安全通道进行主安全域密钥的更新操作;  The smart card is located at the mobile terminal, configured to establish a connection with the card issuer management platform, establish a secure channel through the connection, and perform a primary security domain key with the card issuer management platform through the secure channel. Update operation
空中下载服务器, 用于与所述卡片发行商管理平台建立安全信道, 与所述移动终端进行连接, 并为所述移动终端提供下载 务。  An over-the-air server for establishing a secure channel with the card issuer management platform, connecting with the mobile terminal, and providing downloading services for the mobile terminal.
PCT/CN2009/073419 2008-10-22 2009-08-21 Cryptographic-key updating method and system WO2010045823A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810173411.5 2008-10-22
CN2008101734115A CN101729247B (en) 2008-10-22 2008-10-22 Method and system for updating key

Publications (1)

Publication Number Publication Date
WO2010045823A1 true WO2010045823A1 (en) 2010-04-29

Family

ID=42118937

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073419 WO2010045823A1 (en) 2008-10-22 2009-08-21 Cryptographic-key updating method and system

Country Status (2)

Country Link
CN (1) CN101729247B (en)
WO (1) WO2010045823A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014060482A1 (en) * 2012-10-19 2014-04-24 Plug-Up International System and method for securing data exchange, portable user object and remote device for downloading data

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103260157B (en) * 2012-05-07 2015-12-16 中国交通通信信息中心 Towards Subscriber Management System and the using method thereof of satellite communications services
CN103747019B (en) * 2014-02-12 2017-11-10 中国联合网络通信集团有限公司 A kind of method and device of data transfer
CN104639317A (en) * 2015-02-13 2015-05-20 胡文东 System and method for key update of smart card based on app (Application) module
US10673629B2 (en) * 2015-04-30 2020-06-02 Nippon Telegraph And Telephone Corporation Data transmission and reception method and system
CN106533659A (en) * 2015-09-14 2017-03-22 北京中质信维科技有限公司 Secret key updating method and system
CN106856465B (en) * 2015-12-08 2019-06-28 中国电信股份有限公司 For realizing the methods, devices and systems of mobile authentication
CN106709727A (en) * 2016-12-07 2017-05-24 深圳市久和久科技有限公司 Intelligent card management method and system thereof, terminal and card service management apparatus
CN107222306A (en) * 2017-01-22 2017-09-29 天地融科技股份有限公司 A kind of key updating method, apparatus and system
CN113724424A (en) * 2021-10-28 2021-11-30 云丁网络技术(北京)有限公司 Control method and device for equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1304101A (en) * 2000-01-07 2001-07-18 索尼公司 Information processing system, portable electronic device and its access device and memory space
US20080049940A1 (en) * 1998-07-02 2008-02-28 Kocher Paul C Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks
CN101164086A (en) * 2005-03-07 2008-04-16 诺基亚公司 Methods, system and mobile device capable of enabling credit card personalization using a wireless network
CN101179377A (en) * 2006-11-09 2008-05-14 中兴通讯股份有限公司 Cipher key distributing and updating system of multimedia broadcasting service
CN101257358A (en) * 2008-04-17 2008-09-03 中兴通讯股份有限公司 Method and system for updating user cipher key

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100344160C (en) * 2004-07-21 2007-10-17 华为技术有限公司 Method for realizing acquisition of user on-line information

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080049940A1 (en) * 1998-07-02 2008-02-28 Kocher Paul C Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks
CN1304101A (en) * 2000-01-07 2001-07-18 索尼公司 Information processing system, portable electronic device and its access device and memory space
CN101164086A (en) * 2005-03-07 2008-04-16 诺基亚公司 Methods, system and mobile device capable of enabling credit card personalization using a wireless network
CN101179377A (en) * 2006-11-09 2008-05-14 中兴通讯股份有限公司 Cipher key distributing and updating system of multimedia broadcasting service
CN101257358A (en) * 2008-04-17 2008-09-03 中兴通讯股份有限公司 Method and system for updating user cipher key

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014060482A1 (en) * 2012-10-19 2014-04-24 Plug-Up International System and method for securing data exchange, portable user object and remote device for downloading data
FR2997209A1 (en) * 2012-10-19 2014-04-25 Titan Germany Ii Gp SYSTEM AND METHOD FOR SECURING DATA EXCHANGES, USER PORTABLE OBJECT, AND REMOTE DATA DOWNLOAD DEVICE

Also Published As

Publication number Publication date
CN101729247A (en) 2010-06-09
CN101729247B (en) 2012-07-18

Similar Documents

Publication Publication Date Title
US10965470B2 (en) Technique for managing profile in communication system
WO2010045823A1 (en) Cryptographic-key updating method and system
CN111052777B (en) Method and apparatus for supporting inter-device profile transfer in a wireless communication system
US10885198B2 (en) Bootstrapping without transferring private key
CN108028758B (en) Method and apparatus for downloading profiles in a communication system
WO2010096994A1 (en) System and method for downloading application
WO2017091959A1 (en) Data transmission method, user equipment and network side device
US20090217038A1 (en) Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
CN112566073A (en) Apparatus and method for profile installation in a communication system
KR20160124648A (en) Method and apparatus for downloading and installing a profile
JP2005525758A5 (en)
US11422786B2 (en) Method for interoperating between bundle download process and eSIM profile download process by SSP terminal
KR20150051568A (en) Security supporting method and system for proximity based service device to device discovery and communication in mobile telecommunication system environment
WO2008035183A2 (en) Method, server and mobile station for transfering data from the server to the mobile station.
WO2012075814A1 (en) Method and system for application key management for mtc group devices
CN113785532A (en) Method and apparatus for managing and verifying certificates
KR20190062063A (en) Apparatus and method for managing events in communication system
KR102462366B1 (en) APPRATUS AND METHOD FOR NEGOTIATING eUICC VERSION
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
WO2010124569A1 (en) Method and system for user access control
KR20200145775A (en) Method and apparatus for providing communication service
WO2009149666A1 (en) Method, device and system for negotiating algorithm
KR101485801B1 (en) Method and system for supporting authentication and security protected non-access stratum protocol in mobile telecommunication system
CN115280803A (en) Multimedia broadcast multicast service authentication method, device, equipment and medium
EP3955607B1 (en) Method for transmitting and/or for using a profile information or at least parts thereof, system, client communication device, server entity, program and computer program product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09821544

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09821544

Country of ref document: EP

Kind code of ref document: A1