CN103944715A

CN103944715A - Data processing method based on agreement key

Info

Publication number: CN103944715A
Application number: CN201410171107.2A
Authority: CN
Inventors: 李东声
Original assignee: Tendyron Technology Co Ltd
Current assignee: Tendyron Technology Co Ltd
Priority date: 2014-04-25
Filing date: 2014-04-25
Publication date: 2014-07-23
Anticipated expiration: 2034-04-25
Also published as: CN103944715B; HK1199979A1; WO2015161689A1

Abstract

The invention discloses a data processing method based on an agreement key. The method comprises the steps that by obtaining identification information of a user identity identification card, a mobile phone safety module obtains a public key of the user identity identification card through calculation to obtain a first random factor, the agreement key of the mobile phone safety module end is generated according to the first random factor, and the first random factor is encrypted and signed to be sent to the user identity identification card; the user identity identification card obtains the identification information of the mobile phone safety module to obtain the public key of the mobile phone safety module through calculation, first signature information is verified, first cryptograph information is decrypted to obtain the first random factor, and an agreement key of the user identity identification card end is generated according to the first random factor; information safe transmission between the mobile phone safety module and the user identity identification card is achieved through the agreement key of the mobile phone safety module end and the agreement key of the user identity identification card end. By means of the method, a mobile phone can be used for safely executing internet-based banking services and/or confidential information transmission.

Description

A kind of data processing method based on arranging key

Technical field

The present invention relates to field of information security technology, relate in particular to a kind of data processing method based on arranging key.

Background technology

Along with the very big facility that developing rapidly of network brings, people more and more depend on network and carry out comings and goings, and the transmission of for example network file, internet bank trade all become an indispensable part in people's life, work gradually.Because network is a virtual environment after all, exist too many unsafe factor, and in network environment, will inevitably carry out the network activity of data interaction, especially the network activity as the transmission of Internet-based banking services and confidential information, the safety of network has been proposed to very high requirement, and therefore people start to greatly develop network information security technology.

But along with the develop rapidly of mobile phone technique now, mobile phone terminal is more and more used to replacement computer and uses, can Secure execution Internet-based banking services and/or the solution of confidential information transmission but do not have now a kind of mobile phone terminal.

Summary of the invention

The present invention is intended to solve mobile phone terminal cannot Secure execution Internet-based banking services and/or the problem of confidential information transmission.

Main purpose of the present invention is to provide a kind of data processing method based on arranging key.

For achieving the above object, technical scheme of the present invention is specifically achieved in that

One aspect of the present invention provides a kind of data processing method based on arranging key, comprising:

Mobile phone security module is obtained the identification information of described subscriber identification card;

Described mobile phone security module is getting after the identification information of described subscriber identification card, calculates the PKI of subscriber identification card according to the identification information of the first default PKI computational algorithm and described subscriber identification card;

Described mobile phone security module is obtained the first random factor, generates the arranging key of described mobile phone security module end according to described the first random factor;

Described mobile phone security module, getting after described the first random factor, is encrypted calculating according to the PKI of described subscriber identification card to described the first random factor, obtains the first cipher-text information;

Described mobile phone security module, obtaining after described the first cipher-text information, is signed to described the first cipher-text information according to the private key of described mobile phone security module, obtains the first signing messages, and described the first signing messages is sent to subscriber identification card;

Described subscriber identification card obtains the identification information of described mobile phone security module;

Described subscriber identification card is getting after the identification information of described mobile phone security module, calculates the PKI of mobile phone security module according to the identification information of the second default PKI computational algorithm and described mobile phone security module;

Described subscriber identification card, receiving after described the first signing messages, is verified described the first signing messages according to the PKI of described mobile phone security module;

Described subscriber identification card, after described the first signing messages of checking passes through, is decrypted described the first cipher-text information according to the private key of described subscriber identification card, obtains described the first random factor;

Described subscriber identification card generates the arranging key of described subscriber identification card end according to described the first random factor;

Between described mobile phone security module and described subscriber identification card, carry out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end.

One aspect of the present invention also provides a kind of data processing method based on arranging key, comprising:

Subscriber identification card obtains the identification information of described mobile phone security module;

Described subscriber identification card is getting after the identification information of described mobile phone security module, calculates the PKI of mobile phone security module according to the identification information of the first default PKI computational algorithm and described mobile phone security module;

Described subscriber identification card obtains the first random factor, generates the arranging key of described subscriber identification card end according to described the first random factor;

Described subscriber identification card, getting after described the first random factor, is encrypted calculating according to the PKI of described mobile phone security module to described the first random factor, obtains the first cipher-text information;

Described subscriber identification card, obtaining after described the first cipher-text information, is signed to described the first cipher-text information according to the private key of described subscriber identification card, obtains the first signing messages, and described the first signing messages is sent to mobile phone security module;

Described mobile phone security module is obtained the identification information of described subscriber identification card;

Described mobile phone security module is getting after the identification information of described subscriber identification card, calculates the PKI of subscriber identification card according to the identification information of the second default PKI computational algorithm and described subscriber identification card;

Described mobile phone security module, receiving after described the first signing messages, is verified described the first signing messages according to the PKI of described subscriber identification card;

Described mobile phone security module, after described the first signing messages of checking passes through, is decrypted described the first cipher-text information according to the private key of mobile phone security module, obtains described the first random factor;

Described mobile phone security module generates the arranging key of described mobile phone security module end according to described the first random factor;

The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

Described mobile phone security module is obtained information to be transmitted;

Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information;

The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the 3rd cipher-text information;

Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages.

Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;

The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;

Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;

If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages.

Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information, and described the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the 3rd cipher-text information and described the first check information;

If described subscriber identification card is verified described the first process information, described subscriber identification card is decrypted described the 3rd cipher-text information by the arranging key of described subscriber identification card end, obtains described information to be transmitted;

In addition, at described subscriber identification card, described information to be transmitted is signed, after obtaining the step of the second signing messages, described method also comprises:

Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information;

The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 4th cipher-text information;

Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, and obtains described the second signing messages;

Described mobile phone security module is to the second signing messages outgoing described in major general; Or

Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the second check information;

The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second signing messages and described the second check information;

Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;

If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general; Or

Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information, and described the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 4th cipher-text information and described the second check information;

If described mobile phone security module is verified described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, obtain described the second signing messages;

Described mobile phone security module is to the second signing messages outgoing described in major general.

In addition,, after described mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of described subscriber identification card by described mobile phone security module, described method also comprises:

Described mobile phone security module is extracted the key message in described information to be transmitted;

Key message in the information to be transmitted extracting described in described mobile phone security module control mobile phone display screen shows;

Described mobile phone security module receives the confirmation instruction of cell phone keyboard output;

Receive in described mobile phone security module after the confirmation instruction of described cell phone keyboard output, carry out described mobile phone security module the first process information is sent to the step of described subscriber identification card.

In addition, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.

In addition, described the first PKI computational algorithm is identical with the second PKI computational algorithm.

In addition,, if decipher described the first cipher-text information mistake, return to the first error message;

If decipher described the second cipher-text information mistake, return to the second error message.

As seen from the above technical solution provided by the invention, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.

Brief description of the drawings

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.

The flow chart of the data processing method based on arranging key that Fig. 1 provides for the embodiment of the present invention 1;

The flow chart of the data processing method based on arranging key that Fig. 2 provides for the embodiment of the present invention 2.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.

In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of instructions such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of device or the element of instruction or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Data processing method based on arranging key of the present invention realizes based on mobile phone, and this mobile phone at least comprises a subscriber identification card that possesses safety function, and a mobile phone security module.Wherein:

Subscriber identification card can be following any card: SIM (Subscriber Identity Module, client identification module) card, UIM (User Identity Module) card, usim card, PIM card etc., above card is all on the basis of existing function, expand safety function, to coordinate mobile phone security module of the present invention to realize function of the present invention.

This mobile phone security module can be set to be independent of the independent module outside mobile phone CPU, also can be set to the safety zone in mobile phone CPU, with the independently safety function that ensures that this mobile phone security module can realize, for example: mobile phone security module can independently be carried out safe identity authentication function, and the security control showing, ensure the authenticity of displaying contents etc.

In addition, third party CA can issue the certificate through ca authentication to subscriber identification card, third party CA can also also issue the certificate through ca authentication to mobile phone security module simultaneously, to ensure that both sides can verify the legitimacy of the other side's identity, improves fail safe.

Embodiment 1

Fig. 1 has shown the flow chart of the data processing method based on arranging key that the embodiment of the present invention 1 provides, and referring to Fig. 1, the data processing method based on arranging key of the present invention, comprising:

Step S101, mobile phone security module is obtained the identification information of subscriber identification card;

Concrete, the identification information of subscriber identification card is unique identification information, includes but not limited to: subscriber identification card sequence number, Subscriber Number, MAC Address etc.The identification information of this subscriber identification card can be that mobile phone security module is pre-stored, also can send to mobile phone security module for subscriber identification card.

Mobile phone security module gets the identification information of subscriber identification card, can utilize this unique identification information to carry out the generation of key.

Step S102, mobile phone security module is getting after the identification information of subscriber identification card, calculates the PKI of subscriber identification card according to the identification information of the first default PKI computational algorithm and subscriber identification card;

Concrete, mobile phone security module is preset the first PKI computational algorithm, can calculate according to the identification information of subscriber identification card the PKI of subscriber identification card, the PKI of this subscriber identification card can carry out encrypted transmission information when mutual for follow-up and subscriber identification card, so that the private key of subscriber identification card can be decrypted enciphered message.

Step S103, mobile phone security module is obtained the first random factor, generates the arranging key of mobile phone security module end according to the first random factor;

Concrete, this first random factor can be that this mobile phone security module directly generates, or this first random factor can be subscriber identification card generation, and sends to mobile phone security module to obtain.Certainly, directly generate safer by mobile phone security module; Generate the processing that is sent to mobile phone security module and can reduces mobile phone security module by subscriber identification card, improve treatment effeciency.This first random factor can be one or a string random number, or can be one or a string random character, or the combination in any of a string random number and random combine.

Obtain after this first random factor, mobile phone security module can be used this first random factor to generate arranging key.Certainly, mobile phone security module is used this first random factor to generate the step of arranging key, except carrying out after obtaining the first random factor, can also in follow-up other arbitrary steps, carry out, as long as finally generated the arranging key of mobile phone security module end.

Step S104, mobile phone security module, getting after the first random factor, is encrypted calculating according to the PKI of subscriber identification card to the first random factor, obtains the first cipher-text information;

Concrete, mobile phone security module is encrypted the first random factor according to the PKI of the subscriber identification card calculating, thereby ensures the fail safe of the first random factor transmission.

Step S105, mobile phone security module, obtaining after the first cipher-text information, is signed to the first cipher-text information according to the private key of mobile phone security module, obtains the first signing messages, and the first signing messages is sent to subscriber identification card;

Step S106, subscriber identification card obtains the identification information of mobile phone security module;

Concrete, the identification information of mobile phone security module is unique identification information, includes but not limited to: the sequence number of mobile phone CPU, the MAC Address of mobile phone CPU etc.The identification information of this mobile phone security module can be that subscriber identification card is pre-stored, also can send to subscriber identification card for mobile phone security module.

Subscriber identification card gets the identification information of mobile phone security module, can utilize this unique identification information to carry out the generation of the PKI of mobile phone security module.

Step S107, subscriber identification card is getting after the identification information of mobile phone security module, calculates the PKI of mobile phone security module according to the identification information of the second default PKI computational algorithm and mobile phone security module;

Concrete, subscriber identification card is preset the second PKI computational algorithm, can calculate according to the identification information of mobile phone security module the PKI of mobile phone security module, the PKI of this mobile phone security module can carry out encrypted transmission information when mutual for follow-up and mobile phone security module.

Certainly, this second PKI computational algorithm can be identical with the first PKI computational algorithm, simplifies thus handling process; This second PKI computational algorithm also can be different from the first PKI computational algorithm, prevent thus Brute Force, improve fail safe.

Step S108, subscriber identification card, receiving after the first signing messages, is verified the first signing messages according to the PKI of mobile phone security module;

Concrete, subscriber identification card also uses the PKI of the mobile phone security module of generation to verify the first signing messages, the fail safe of guarantee information transmission and the legitimacy of information source.

Step S109, subscriber identification card, after checking the first signing messages passes through, is decrypted the first cipher-text information according to the private key of subscriber identification card, obtains the first random factor;

Concrete, in subscriber identification card, preset the private key of subscriber identification card, the first cipher-text information that subscriber identification card can send according to the private key deciphering mobile phone security module of subscriber identification card, obtain the first random factor, can ensure thus the fail safe of the first random factor transmission, what in subscriber identification card, get is real the first random factor.

In addition, if now decipher the first cipher-text information mistake, return to the first error message, and re-execute step S101, to again obtain random factor, certainly, re-execute after step S101, this this random factor can be the first random factor, also can be different from for another random factor of the first random factor, to improve fail safe, prevent Replay Attack.

Step S110, subscriber identification card generates the arranging key of subscriber identification card end according to the first random factor;

Concrete, the mode of subscriber identification card generation arranging key should be identical with the mode of mobile phone security module generation arranging key, to ensure can to carry out information interaction by this arranging key between subscriber identification card and mobile phone security module.

Step S111, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.

Concrete, generated the arranging key of mobile phone security module end in mobile phone security module, and subscriber identification card generated after the arranging key of subscriber identification card end, between mobile phone security module and subscriber identification card, carry out the safe transmission of information by the arranging key at two ends.

Now, one of can be in the following way realize the safe transmission of information:

Step S112a, mobile phone security module is obtained information to be transmitted;

Concrete, mobile phone security module is obtained information to be transmitted, and this information to be transmitted can, for needing the confidential information of safe transmission, can be also Transaction Information to be transacted in Net silver.

If the present invention is applied in secure transmission of confidential information, the confidential information that information to be transmitted can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.;

If the present invention is applied in Internet-based banking services, information to be transmitted can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.

Step S113a, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, ensures the fail safe of transmission.Now, arranging key at least comprises an encryption key.

Step S114a, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information;

Step S115a, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Concrete, cross the arranging key of mobile phone security module end due to information exchange to be transmitted and encrypt, now, subscriber identification card receives after the 3rd cipher-text information, be decrypted by the arranging key in subscriber identification card, thereby obtain real information to be transmitted.

Step S116a, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Concrete, subscriber identification card, having obtained after real information to be transmitted, is signed to this information to be transmitted, to ensure information integrity to be transmitted and non repudiation.

Step S117a, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information;

Concrete, subscriber identification card is also encrypted the second signing messages by the arranging key of subscriber identification card end, thereby ensures the opaque transmission of the second signing messages, improves fail safe.

Step S118a, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information;

Step S119a, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the 4th cipher-text information is decrypted, and obtains the second signing messages;

Concrete, mobile phone security module receives after the 4th cipher-text information, also by the arranging key of mobile phone security module end, the 4th cipher-text information is decrypted, and obtains real the second signing messages.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S120a, mobile phone security module is to major general's the second signing messages outgoing.

Concrete, mobile phone security module has been carried out the second signing messages outgoing after signature by treating transmission information.

If the present invention is applied in secure transmission of confidential information, the device of confidential information after signature being sent to confidential information extraction is outward medium;

If the present invention is applied in Internet-based banking services, the Transaction Information after signature is sent to Web bank's server etc.

Mode two:

Step S112b, mobile phone security module is obtained information to be transmitted;

Step S113b, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is carried out verification calculating, thereby ensures information integrity to be transmitted.Now, arranging key at least comprises a verification computation key, and this verification is calculated can be for calculating arbitrary verification modes such as MAC value.

Step S114b, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: information to be transmitted and the first check information;

Step S115b, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Concrete; the arranging key of crossing mobile phone security module end due to information exchange to be transmitted has carried out verification calculating; now; subscriber identification card receives after information to be transmitted and the first check information; treat transmission information by the arranging key in subscriber identification card and carry out equally verification calculating, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the information to be transmitted obtaining is without distorting.

Step S116b, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S117b, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;

Concrete, subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, thereby ensures the integrality of the second signing messages.

Step S118b, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the second check information;

Step S119b, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Concrete; mobile phone security module receives after the second signing messages and the second check information; also by the arranging key of mobile phone security module end, the second signing messages is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the second signing messages obtaining is without distorting.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S120b, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.

Mode three:

Step S112c, mobile phone security module is obtained information to be transmitted;

Step S113c, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, ensures the fail safe of transmission.

Mobile phone security module is carried out verification calculating by the arranging key of the mobile phone security module end of its generation to the 3rd cipher-text information, thereby ensures the integrality of the 3rd cipher-text information.This verification is calculated can be for calculating arbitrary verification modes such as MAC value.

Now, arranging key at least comprises verification computation key of an encryption key.

Step S114c, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S115c, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Concrete; because the 3rd cipher-text information has been carried out verification calculating by the arranging key of mobile phone security module end; now; subscriber identification card receives after the 3rd cipher-text information and the first check information; by the arranging key in subscriber identification card, the 3rd cipher-text information is carried out to verification calculating equally, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the 3rd cipher-text information obtaining is without distorting.

Step S116c, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Concrete, cross the arranging key of mobile phone security module end due to information exchange to be transmitted and encrypt, now, subscriber identification card receives after real the 3rd cipher-text information, be decrypted by the arranging key in subscriber identification card, thereby obtain real information to be transmitted.

Step S117c, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S118c, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the 4th cipher-text information, thereby ensures the integrality of the 4th cipher-text information.

Step S119c, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

Step S120c, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Concrete; mobile phone security module receives after the 4th cipher-text information and the second check information; also by the arranging key of mobile phone security module end, the 4th cipher-text information is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the 4th cipher-text information obtaining is without distorting.

Step S121c, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Concrete, mobile phone security module, having obtained after real the 4th cipher-text information, is also decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains real the second signing messages.

Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S122c, mobile phone security module is to major general's the second signing messages outgoing.

Mode four:

Step S112d, mobile phone security module is obtained information to be transmitted;

Step S113d, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Step S114d, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S115d, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S116d, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Step S117d, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S118d, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information;

Step S119d, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information;

Step S120d, mobile phone security module is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S121d, mobile phone security module is to major general's the second signing messages outgoing.

Mode five:

Step S112e, mobile phone security module is obtained information to be transmitted;

Step S113e, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Step S114e, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S115e, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S116e, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Step S117e, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S118e, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;

Step S119e, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the second check information;

Step S120e, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S121e, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.

Mode six:

Step S112f, mobile phone security module is obtained information to be transmitted;

Step S113f, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information;

Step S114f, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information;

Step S115f, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Step S116f, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S117f, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the first check information;

Step S118f, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information and the first check information;

Step S119f, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S120f, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S121f, mobile phone security module is to major general's the second signing messages outgoing.

Mode seven:

Step S112g, mobile phone security module is obtained information to be transmitted;

Step S113g, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;

Step S114g, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: information to be transmitted and the first check information;

Step S115g, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S116g, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S117g, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Step S118g, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

Step S119g, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S120g, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S121g, mobile phone security module is to major general's the second signing messages outgoing.

Mode eight:

Step S112h, mobile phone security module is obtained information to be transmitted;

Step S113h, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information;

Step S114h, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information;

Step S115h, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Step S116h, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S117h, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the first check information;

Step S118h, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the first check information;

Step S119h, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S120h, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.

Mode nine:

Step S112i, mobile phone security module is obtained information to be transmitted;

Step S113i, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Step S114i, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S115i, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S116i, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Step S117i, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S118i, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information;

Step S119i, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 4th cipher-text information;

Step S120i, mobile phone security module is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S121i, mobile phone security module is to major general's the second signing messages outgoing.

Certainly, with upper type one to mode nine, for to each step of cipher-text information being carried out to verification calculating, all can adopt to the original text of cipher-text information carry out verification calculate substitute, obtaining after check information and cipher-text information, all deciphering obtains the original text of cipher-text information in advance, then carries out the checking of check information.As long as can ensure that the original text of cipher-text information or cipher-text information cannot be tampered.

As can be seen here, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.

In addition, in above-mentioned either type, after mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of subscriber identification card by mobile phone security module, the data processing method based on arranging key also comprises the steps:

Step S1121, mobile phone security module is extracted the key message in information to be transmitted;

Concrete, mobile phone security module will be extracted the key message in information to be transmitted, is confirmed whether it is this information to be shown to user.For example:

If the present invention is applied in secure transmission of confidential information, the key message such as mobile phone security module filename in can extractor confidential information, so that user is confirmed whether to extract these classified papers and carries out Safety output;

If the present invention is applied in Internet-based banking services, mobile phone security module can be extracted the key message in Transaction Information, and whether the key message such as account and dealing money of for example concluding the business is real transaction so that user confirms this transaction.

Step S1122, mobile phone security module control mobile phone display screen shows the key message in the information to be transmitted extracting;

Concrete, the display screen of mobile phone security module control mobile phone shows the key message extracting, so that user confirms the authenticity of key message, thereby ensures the authenticity of information to be transmitted.In addition, display screen by mobile phone security module control mobile phone shows the key message extracting, can also prevent from controlling by mobile phone CPU the problem that mobile phone display screen shows that key message may be tampered, ensure that the content showing by the control of mobile phone security module is real content, improve fail safe.

Step S1123, mobile phone security module receives the confirmation instruction of cell phone keyboard output;

Concrete, when user confirm mobile phone display screen show key message errorless after, press the acknowledgement key on mobile phone, this acknowledgement key can be the hardware button arranging on mobile phone, also can be the virtual key of touch-screen mobile phone, receive in mobile phone security module after the confirmation instruction of cell phone keyboard output, confirm the authenticity of information to be transmitted, carry out the preparation of follow-up safe transmission.

Step S1124, receives in mobile phone security module after the confirmation instruction of cell phone keyboard output, and execution mobile phone security module is sent to the first process information the step of subscriber identification card.

Concrete, only have the information to be transmitted of confirming through user key-press to be just considered to real information to be transmitted, ensure the authenticity of information to be transmitted, thereby improved the authenticity of confidential information output, and the fail safe of Transaction Information output.

Certainly, the embodiment of the present invention 1 can also provide a kind of mobile phone, the data processing method based on arranging key that this mobile phone adopts embodiment 1 to provide, and the mobile phone of the embodiment of the present invention 1 at least comprises: mobile phone security module and subscriber identification card; Wherein, mobile phone security module and subscriber identification card all can be divided into the operational blocks which partition system of the modules such as Transmit-Receive Unit, encryption/decryption element, computing unit, generation unit, signature unit and/or combination in any to complete corresponding function, and this is no longer going to repeat them.

Embodiment 2

The present embodiment 2 and the difference of embodiment 1 are that verification process and the key generative process between mobile phone security module and subscriber identification card is contrary process, this is no longer going to repeat them, and the data processing method based on arranging key only the present embodiment 2 being provided is briefly described.

Fig. 2 shows the flow chart of the data processing method based on arranging key that the embodiment of the present invention 2 provides, and referring to Fig. 2, the data processing method based on arranging key of the embodiment of the present invention 2, comprising:

Step S201, subscriber identification card obtains the identification information of mobile phone security module;

Step S202, subscriber identification card is getting after the identification information of mobile phone security module, calculates the PKI of mobile phone security module according to the identification information of the first default PKI computational algorithm and mobile phone security module;

Step S203, subscriber identification card obtains the first random factor, generates the arranging key of subscriber identification card end according to the first random factor;

Step S204, subscriber identification card, getting after the first random factor, is encrypted calculating according to the PKI of mobile phone security module to the first random factor, obtains the first cipher-text information;

Step S205, subscriber identification card, obtaining after the first cipher-text information, is signed to the first cipher-text information according to the private key of subscriber identification card, obtains the first signing messages, and the first signing messages is sent to mobile phone security module;

Step S206, mobile phone security module is obtained the identification information of subscriber identification card;

Step S207, mobile phone security module is getting after the identification information of subscriber identification card, calculates the PKI of subscriber identification card according to the identification information of the second default PKI computational algorithm and subscriber identification card;

Step S208, mobile phone security module, receiving after the first signing messages, is verified the first signing messages according to the PKI of subscriber identification card;

Step S209, mobile phone security module, after checking the first signing messages passes through, is decrypted the first cipher-text information according to the private key of mobile phone security module, obtains the first random factor;

Step S210, mobile phone security module generates the arranging key of mobile phone security module end according to the first random factor;

Step S211, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.

Wherein, in step S211, between mobile phone security module and subscriber identification card, carry out the process of safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end identical with embodiment 1, do not repeat them here.

Certainly, the embodiment of the present invention 2 also can provide a kind of mobile phone, the data processing method based on arranging key that this mobile phone adopts embodiment 2 to provide, and the mobile phone of the embodiment of the present invention 2 at least comprises: mobile phone security module and subscriber identification card; Wherein, mobile phone security module and subscriber identification card all can be divided into the operational blocks which partition system of the modules such as Transmit-Receive Unit, encryption/decryption element, computing unit, generation unit, signature unit and/or combination in any to complete corresponding function, and this is no longer going to repeat them.

Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.

In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.

The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.

In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.

Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, amendment, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims

1. the data processing method based on arranging key, is characterized in that, comprising:

2. the data processing method based on arranging key, is characterized in that, comprising:

3. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

4. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

5. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

6. according to the method described in claim 3 to 5 any one, it is characterized in that, at described subscriber identification card, described information to be transmitted is signed, after obtaining the step of the second signing messages, described method also comprises:

7. according to the method described in claim 3 to 6 any one, it is characterized in that, after described mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of described subscriber identification card by described mobile phone security module, described method also comprises:

8. according to the method described in claim 1 to 7 any one, it is characterized in that, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.

9. according to the method described in claim 1 to 8 any one, it is characterized in that, described the first PKI computational algorithm is identical with the second PKI computational algorithm.

10. according to the method described in claim 1 to 9 any one, it is characterized in that,

If decipher described the first cipher-text information mistake, return to the first error message;