CN104994498B - The method and system that a kind of terminal applies are interacted with mobile phone card application - Google Patents

The method and system that a kind of terminal applies are interacted with mobile phone card application Download PDF

Info

Publication number
CN104994498B
CN104994498B CN201510254694.6A CN201510254694A CN104994498B CN 104994498 B CN104994498 B CN 104994498B CN 201510254694 A CN201510254694 A CN 201510254694A CN 104994498 B CN104994498 B CN 104994498B
Authority
CN
China
Prior art keywords
terminal applies
card
machine card
security control
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510254694.6A
Other languages
Chinese (zh)
Other versions
CN104994498A (en
Inventor
刘湘华
仇剑书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201510254694.6A priority Critical patent/CN104994498B/en
Publication of CN104994498A publication Critical patent/CN104994498A/en
Application granted granted Critical
Publication of CN104994498B publication Critical patent/CN104994498B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The invention discloses the method and system that a kind of terminal applies are interacted with mobile phone card application, it is related to Internet technical field, is invented to solve the problems, such as the security of existing exchange method relatively low.This method includes:Machine card interacts the request message of security control middleware receiver and card interactive component, which includes the digital signature of the sign-on ID of terminal applies, the mark of target mobile phones card application and terminal applies;According to the sign-on ID of terminal applies, pre-stored digital signature public key and the document of terminal applies are obtained;By the digital signature of digital signature public key decryptions terminal applies, file destination is obtained;Judge whether file destination is identical with the content of the document of the terminal applies obtained;If identical, being returned to machine card interactive component allows access response message, which is used to represent to allow terminal applies access target mobile phone card application.The present invention is applied during terminal applies are interacted with mobile phone card application.

Description

The method and system that a kind of terminal applies are interacted with mobile phone card application
Technical field
The present invention relates to Internet technical field, more particularly to a kind of method that is interacted with mobile phone card application of terminal applies and System.
Background technology
At present, user of the mobile phone card (some documents are also referred to as subscriber identification card, smart card) as mobile phone terminal Identification module (English:Subscriber/User Identity Module, referred to as:SIM/UIM) this information carrier, due to , with secure data storage capacity, more and more application developers release more money mobile phone cards using mobile phone card as development environment should for it With.In addition, with the development of mobile Internet and radio RF recognition technology, mobile phone card is applied to be sent out in mobile Internet application More and more important effect is waved, terminal applies interact also more and more frequently with what mobile phone card was applied, such as:When utilizing Alipay When terminal applies carry out payment activity, then mobile phone card application can read the bank card information of user by Radio Frequency Identification Technology The terminal applies such as Alipay are transferred to, without by being manually entered bank card information.
A kind of existing terminal applies mainly include with the method that mobile phone card application interacts:By establishing one in end side Secure interactive middleware, mobile phone card side establish an interpretation layer;After terminal is successfully selected the interpretation layer of mobile phone card side, instruction is sent The command list (CLIST) that mobile phone card interpretation layer returns is obtained, security middleware sends the terminal response order for carrying command index, safety Middleware then sends the terminal response order for carrying downloading data in instruction issues flow, and SIM card application execution is complete corresponding Returned after operation by interpretation layer and carry the proactive command (DISPLAY TEXT, GET KEY, the GET INPUT that upload data Deng), terminal is sent to SIM card after interaction cancels selection instruction, releases the selection operation of interpretation layer.In interaction flow, Terminal applies select corresponding menu entries respectively according to the download of interactive instruction, upload demand, and then perform corresponding operating and take Obtain required instruction.
In terminal applies and mobile phone card application carry out the above process of data interaction, any terminal applies can be with hand Machine card application interacts, and the good and bad jumbled together due to terminal applies, and might have malicious application interacts with mobile phone card application, The malice of user data may be brought to steal, thus existing this terminal applies and the safety of the exchange method of mobile phone card application Property is relatively low.
The content of the invention
The present invention provides the method and system that a kind of terminal applies are interacted with mobile phone card application, in order to solve in the prior art When the application of terminal applies and mobile phone card interacts, the problem of security is relatively low.
To reach above-mentioned purpose, the present invention adopts the following technical scheme that:
The method is applied to mobile terminal, and the mobile terminal includes machine card interactive component and the interaction security control of machine card Middleware, the machine card interaction security control middleware are located in mobile phone card, the described method includes:
Machine card interaction security control middleware receives the terminal applies of the machine card interactive component forwarding to target hand The request message that the application of machine card is sent, the request message are used for the access for representing that terminal applies are sent to the application of target mobile phones card Request, the request message include the sign-on ID of the terminal applies, the mark of target mobile phones card application and the end Hold the digital signature of application;
The machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored numeral The document of public signature key and the terminal applies;
The machine card interacts numeral of the security control middleware by terminal applies described in the digital signature public key decryptions Signature, obtains file destination;
File destination and the file of the terminal applies obtained described in the machine card interaction security control middleware judges Whether the content of summary is identical;
If identical, the machine card, which interacts security control middleware and returns to allow to access to the machine card interactive component, to be rung Message is answered, the permission access response message is used to represent to allow the terminal applies to access the target mobile phones card application mark Know.
The system that a kind of terminal applies are interacted with mobile phone card application, the system comprises machine card to interact security control middleware With machine card interactive component, wherein:
The machine card interacts security control middleware, the request message sent for receiving the machine card interactive component, institute State request message and be used for the access request for representing that terminal applies are sent to the application of target mobile phones card, the request message includes described The digital signature of the sign-on ID of terminal applies, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies, acquisition prestores The digital signature public key of storage and the document of the terminal applies;
The machine card interacts security control middleware, is additionally operable to by terminal applies described in the digital signature public key decryptions Digital signature, obtain file destination;
The machine card interacts security control middleware, is additionally operable to the terminal applies for judging the file destination with obtaining Document content it is whether identical;
The machine card interacts security control middleware, is additionally operable to when the file destination and the terminal applies of acquisition When the content of document is identical, being returned to the machine card interactive component allows access response message, the permission access response Message is used to represent to allow the terminal applies to access the target mobile phones card application.
The method and system that terminal applies provided by the invention are interacted with mobile phone card application, increase the friendship of machine card in mobile phone card Mutual security control middleware, when receiving request message, machine card interaction security control middleware being capable of decoding request message The document of terminal applies is obtained, the summary for decrypting obtained document and the pre-stored terminal applies is compared To determine whether the terminal applies are valid application, just terminal applies are allowed to access mobile phone card when terminal applies are valid application Using.The relatively low phase of security that can be interacted and then interact with mobile phone card application with any terminal applies of the prior art Than the present invention can differentiate terminal applies, only allow valid application to access mobile phone card application, it is thus possible to improve terminal Using the security interacted with mobile phone card application.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings Attached drawing.
Fig. 1 is the structure diagram of mobile terminal provided in an embodiment of the present invention;
Fig. 2 is that the flow for the method that a kind of terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application is illustrated Figure;
Fig. 3 is that the flow for the method that another terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application is illustrated Figure;
Fig. 4 is the flow diagram of the method for consult session key provided in an embodiment of the present invention;
Fig. 5 is the installation process schematic diagram of terminal applies provided in an embodiment of the present invention;
Fig. 6 is the system structure diagram that a kind of terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application;
Fig. 7 is the structural representation for the system that another terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application Figure.
Embodiment
Below in conjunction with the attached drawing in the present embodiment, the technical solution in the present embodiment is clearly and completely described, Obviously, described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.Based in the present invention Embodiment, those of ordinary skill in the art's all other embodiments obtained without creative efforts, all Belong to the scope of protection of the invention.
An embodiment of the present invention provides a kind of method that terminal applies are interacted with mobile phone card application, this method is applied to movement Terminal, is as shown in Figure 1 the logical construction schematic diagram of mobile terminal provided in an embodiment of the present invention, which includes mobile phone Block, the running environment in mobile terminal can be divided into mobile phone card environment and mobile terminal environment, the two environment according to the mobile phone card Can regard two environment arranged side by side as, mainly include in mobile phone card machine card interaction security control middleware, key production module with And various mobile phone card applications;Mainly include machine card interactive component and various terminals application in mobile terminal.In addition, terminal and hand Interacted between machine card by self-defined machine card interface, wherein the self-defined machine card interface is determined for one kind in GSM11.11 specifications On the basis of the machine card interactive interface of justice, the machine defined by the implementation extension GSM11.11 specifications from software view is clamped The function of mouth, meets the interactive interface for the needs of being interacted between terminal applies and card application, its specific implementation process refers to existing Technology.Some in mobile terminal are applied under mobile phone card environment, some are applied under mobile terminal environment, should in the present embodiment It is referred to as terminal applies for the application in mobile terminal, is referred to as mobile phone card application applied to the application under mobile phone card environment. Such as:The application such as common Alipay, wechat, microblogging be that terminal applies, mobile payment application, electronic cash application etc. are applied and are Mobile phone card application.
At present, the exploitation of terminal applies is more mature, and various applications emerge in an endless stream, thus end-use market is showed and answered With more than species, quantity but the situation that the good and bad jumbled together, its security are relatively low.With widely used based on linux kernel at present , can be to appointing in terminal after malicious application obtains system highest authority (root authority) exemplified by Android operation system What file (including system file) perform it is all the operation such as increase, delete, changing, looking into so that the machine card interface based on terminal is safe Control program fails, the risk of Height increasing machine card application interaction.Comparatively, mobile phone card environment is cleaner, and due to mobile phone card skill Art has just fully taken into account security requirement at the beginning of designing, while the safety of mobile phone card has been cooperatively configured from software and hardware view System, security are far above terminal environments.In view of the security context of mobile phone card, the embodiment of the present invention add machine in mobile phone card Whether card interaction security control middleware, be valid application for identification terminal application.As shown in Fig. 2, the identification process includes:
201:The request message that machine card interaction security control middleware receiver and card interactive component is sent, the request message The access request sent for representing terminal applies to the application of target mobile phones card, the request message include the terminal applies The digital signature of sign-on ID, the mark of target mobile phones card application and the terminal applies.
When terminal applies initiate to access the request of mobile phone card application, the machine card interactive component inside mobile terminal blocks The access request is cut, and the access request is forwarded to the machine card interaction security control middleware inside mobile phone card.
Wherein, the sign-on ID of terminal applies is that terminal applies developer obtains when registering and apply to operator, the note Volume is identified as to be formed using preceding 8 bit combination of the application file Hash digest of version before Bao Mingyu.
Each terminal applies possess developer's digital signature of the public and private key pair previously generated including a pair, this Terminal applies digital signature information in step is the document of terminal applies after the encryption of developer's digital signature private key Character string.
Target mobile phones card application refers to the mobile phone card application that terminal applies desire access to.
202:Machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored numeral The document of public signature key and the terminal applies.
Terminal applies initiate mount request, mobile phone card to mobile phone card management platform when mounted, by background application platform Management platform by the sign-on ID of the terminal applies included in mount request, terminal applies developer's digital signature public key and The content records such as the document of terminal applies are simultaneously stored to mobile phone card with TLV (Type-length-value) structure.Terminal The installation process of application sees below literary detailed description.
203:Machine card interacts numeral of the security control middleware by terminal applies described in the digital signature public key decryptions Signature, obtains file destination.
Signified digital signature is terminal applies by developer's digital signature private key by the text of terminal applies in step 201 The encrypted character string of part summary.And specify in step 202 and protected in the interaction security control middleware of the machine card inside mobile phone card There is developer's digital signature public key of the terminal applies, uses private key encryption in the present embodiment, the mode of public key decryptions is decrypted Digital signature.
204:File destination and the file of the terminal applies obtained described in machine card interaction security control middleware judges Whether the content of summary is identical.
If the file of the document of the terminal applies obtained after decryption and the terminal applies of mobile phone card storage inside Clip Text is identical, then it is valid application to prove the terminal applies, it is allowed to which the terminal applies access the target mobile phones card application, hold Row following step 205.
If it is not the same, then machine card interaction security control middleware forbids access response to disappear to the return of machine card interactive component Breath, and terminal applies are forwarded to forbid terminal applies access target mobile phone card application by machine card interactive component.
205:If identical, machine card, which interacts security control middleware and returned to machine card interactive component, allows access response to disappear Breath, the permission access response message are used to represent to allow the terminal applies to access the target mobile phones card application.
Machine card interactive component receive after the permission access response message again to terminal applies forward the response message so as to The target mobile phones card application is accessed in terminal applies.
The method that terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application, increases the friendship of machine card in mobile phone card Mutual security control middleware, when receiving the request message of terminal of machine card interactive component forwarding, machine card interaction safety control Middleware processed can decoding request message obtain the summary of terminal applies, obtained summary will be decrypted and the pre-stored terminal should Summary is compared to determine whether the terminal applies are valid application, is just allowed eventually when terminal applies are valid application Hold application access mobile phone card application.It can be interacted and then hand over mobile phone card application with any terminal applies of the prior art Mutual security is relatively low to be compared, and the present invention can differentiate terminal applies, only allows valid application to access mobile phone card application, The security that terminal applies are interacted with mobile phone card application can thus be improved.
In addition, the executive agent of the present invention interacts security control middleware for the machine card inside mobile phone card, with setting about The development of machine card technique, the soft hardware performance of communication handset card are improved so that relatively safer mobile phone card environment is more It is adapted to deployment machine card interface access control mechanisms, can preferably avoids destruction of the Malware for authentication mechanism, and can The security mechanisms such as the control of authority based on mobile phone card access the controling mechanism for providing multi-layer for interface.
In order to further improve the security of terminal applies access, judging terminal applies to be legal in the embodiment of the present invention After, it is also necessary to determine whether terminal applies whether possess access the target mobile phones card application access rights, only when When terminal applies possess access rights, just terminal applies are allowed to access the target mobile phones card application.Thus work as and determine the mesh After mark file is identical with the document content of the terminal applies of acquisition, as shown in figure 3, this method further includes:
301:Machine card interacts sign-on ID and the target mobile phones card of the security control middleware according to the terminal applies The mark of application, obtains the access rights of the terminal applies.
The sign-on ID of terminal applies, the access rights of terminal applies in terminal applies registration process also in generating 's.
In terminal applies installation process, mobile phone card applies the sign-on ID of each terminal applies, each mobile phone card The access rights that mark and terminal applies access mobile phone card application store and are recorded as the catalogue of a rule.
302:After the access rights of terminal applies meet preset condition, machine card interacts security control middleware and is handed over to machine card Mutual component, which returns, allows access response message, and the permission access response message is used to represent to allow the terminal applies to access institute State target mobile phones card application.
According to the access rights of the terminal applies got in step 301, the target mobile phones are accessed when terminal applies possess When blocking the authority of application, it is allowed to which terminal applies access the target mobile phones card application, otherwise it is assumed that terminal applies insufficient permission, refusal Its interaction request.
When terminal applies are for valid application and after possess the access rights of access target mobile phone card application, terminal applies can be with Interacted with target mobile phones card application.In order to improve the security in interaction, the monitoring to the instruction of machine card interface is prevented It is close that machine card interactive component under terminal environments with the machine card in mobile phone card interacts security control middleware consulting session Key and session authentication index process, using the session key in interaction instruction (both including data command and also including Command instruction) carry out symmetric cryptography mode realize session encryption.
Thus after allowing the terminal applies to access the target mobile phones card application, this method further includes terminal applies The process of session key and session authentication index is determined with mobile phone card application negotiation, as shown in figure 4, this method includes:
401:Machine card interactive component generates random number and by random number described in the interface ciphering public key encryption of pre-read, obtains To the first encryption data.
Wherein, signified interface ciphering public key and hereinafter signified interface ciphering private key are a pair of secret keys pair herein, both It can be generated by the key production module inside mobile phone card shown in Fig. 1, can also be in the manufacturing process of mobile phone card Directly pour into card.Machine card interactive component can only read the interface ciphering public key, but can not read interface ciphering private key.When When being inserted into the starting up of terminal of mobile phone card, the machine card interactive component in terminal can read the interface ciphering public key.
In addition, machine card interactive component will also preserve the random number of generation.For the ease of describing, with S in text1Representing should be with Machine number.
402:Machine card interactive component sends first encryption data to machine card interaction security control middleware.
In addition to sending first encryption data, machine card interactive component is also needed to machine card interaction security control middleware hair Send the sign-on ID and target mobile phones card application identities of terminal applies, in order to interact security control middleware easy to machine card Know which terminal applies is desired access to generate session authentication index in which mobile phone card application and subsequent process and determined Session authentication index and terminal applies sign-on ID, the one-to-one relationship of target mobile phones card application identities.
403:Machine card interacts security control middleware and decrypts the first encryption number by pre-stored interface ciphering private key According to obtaining the first ciphertext data.
In theory, step 401 and step 402 are the random numbers produced using interface ciphering public key encryption, and step 403 is Encrypted random number is decrypted using interface ciphering private key, that obtain should be random number S1
404:Machine card interaction security control middleware calculates the hashed value of first ciphertext data, and by the hashed value After first ciphertext data encryption, the second encryption data is obtained.
Machine card interaction security control middleware calls hashing module to calculate the hashed value of the first ciphertext data, is denoted as S2, then by hashed value S2Bound as session authentication index and terminal applies sign-on ID, target mobile phones card application identities, S is indexed as the safe identifier for identifying interactive sessions and by currently used session authentication2It is stored in mobile phone card, Zhi Daoben Secondary conversation end generates new session authentication index;In addition, by S2Machine card interaction group is returned after the encryption of the first ciphertext data Part.
405:Machine card interacts security control middleware and sends the second encryption data to machine card interactive component.
406:Machine card interactive component uses the second encryption data described in the random nnrber decryption, obtains the second ciphertext data.
407:Machine card interactive component calculates the hashed value of the random number, by the hashed value of the random number and described second Ciphertext data is compared.
408:, should using the random number as the terminal if the hashed value is identical with second ciphertext data With the session key applied with the target mobile phones card, the session key is used to encrypt the terminal applies and the target hand The interaction data of machine card application.In addition, indexed the hashed value of the random number as the session authentication in this interaction, institute Session authentication index is stated to be used for when multiple terminal applies interact within the same period with mobile phone card application, to distinguish Which group session key what this was used interchangeably is.It is in a manner of " instruction ciphertext+session authentication index is in plain text " in interaction Transmission, card end determine which session key to decrypt ciphertext using according to session authentication index.
After session key and session authentication index are consulted successfully, terminal applies can utilize the meeting with mobile phone card application Words key interacts, which is:
Machine card interactive component is encrypted using session key, by encrypted instruction ciphertext and terminal applies sign-on ID, meeting Words verification index is sent to machine card by self-defined machine card interface interacts security control middleware.
Machine card interaction security control middleware verification session authentication index is answered with terminal applies sign-on ID, target mobile phones card After the correspondence of mark is correct, using session key decryption instructions ciphertext corresponding with session authentication index, it will solve Instruction after close is forwarded to target mobile phones card application.
Machine card interaction security control middleware receives the up-on command that the application of target mobile phones card returns, and encrypted instruction will be close Text is sent to machine card interactive component by self-defined machine card interface.
The ciphertext that machine card interactive component is received using session key decryption, by the data sending obtained after decryption to terminal Using.In this way, terminal applies and target mobile phones card are once interacted using completion.
Index, can be weighed in session setup next time with session authentication, it is necessary to reset session key after each conversation end It is newly-generated.
In order to which clearer explanation step 202 and step 301, the present embodiment additionally provide the installation process of terminal applies, In the installation process of terminal applies, terminal applies initiate mount request by background application platform to mobile phone card management platform, And the message in the mount request generates or stores some needed in terminal applies and mobile phone card application interaction process Information.As shown in figure 5, the process includes:
501:Mobile phone card management platform receives the mount request message of the terminal applies, and the mount request message includes The sign-on ID of the terminal applies, the target mobile phones card application identify, the digital signature public key of the terminal applies and Document.
502:Mobile phone card management platform is by the sign-on ID of the terminal applies, the digital signature public key of the terminal applies With the first memory space in document write-in mobile phone card.
Wherein, which is located in the file system storage space in mobile phone card.
503:Mobile phone card management platform by the sign-on ID of the terminal applies, the target mobile phones card apply mark and The terminal applies access the second memory space in the access rights write-in mobile phone card of the target mobile phones card application.
Second memory space is similarly positioned in the file system storage space in mobile phone card.
A kind of terminal applies and mobile phone card are additionally provided as the supplement of method and refinement, the present embodiment shown in above-mentioned each figure Using interactive system, as shown in fig. 6, the system includes machine card interaction security control middleware 601 and machine card interactive component 602, wherein,
The machine card interaction security control middleware 601, the terminal of the forwarding for receiving the machine card interactive component 602 Using the request message sent to the application of target mobile phones card, the request message includes the sign-on ID of the terminal applies, institute State the mark of target mobile phones card application and the digital signature of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to the sign-on ID according to the terminal applies, obtains pre- The digital signature public key of storage and the document of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to by terminal described in the digital signature public key decryptions The digital signature of application, obtains file destination;
The machine card interaction security control middleware 601, is additionally operable to the terminal for judging the file destination with obtaining Whether the content of the document of application is identical;
The machine card interaction security control middleware 601, is additionally operable to when the file destination should with the terminal obtained When the content of document is identical, being returned to the machine card interactive component 602 allows access response message, described to allow to visit Ask response message be used for represent allow the terminal applies access target mobile phones card application.
Further, the machine card interaction security control middleware 601, is additionally operable to the registration mark according to the terminal applies Know the mark with target mobile phones card application, obtain the access rights of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to when the access rights of the terminal applies meet to preset After condition, being returned to the machine card interactive component 602 allows access response message, and the permission access response message is used to represent The terminal applies are allowed to access the target mobile phones card application.
Further, the machine card interactive component 602, is additionally operable to generation random number and the interface ciphering public affairs for passing through pre-read Key encrypts the random number, obtains the first encryption data;
The machine card interactive component 602, is additionally operable to send described first to machine card interaction security control middleware 601 Encryption data;
The machine card interaction security control middleware 601, is additionally operable to by described in pre-stored interface ciphering private key decryption First encryption data, obtains the first ciphertext data;
The machine card interaction security control middleware 601, is additionally operable to calculate the hashed value of first ciphertext data, and will The hashed value obtains the second encryption data after first ciphertext data encryption;
The machine card interaction security control middleware 601, is additionally operable to send described second to the machine card interactive component 602 Encryption data;
The machine card interactive component 602, is also used for the second encryption data described in the random nnrber decryption, obtains second Ciphertext data;
The machine card interactive component 602, is additionally operable to calculate the hashed value of the random number, by the hashed value of the random number Compared with second ciphertext data;
The machine card interactive component 602, is additionally operable to when the digest value is identical with the third value, will be described random As the terminal applies and the session key of target mobile phones card application, the session key is used to encrypt the terminal number Using the interaction data applied with the target mobile phones card.
Further, as shown in fig. 7, the system also includes key production module 701, for generating the interface ciphering Public key and the interface ciphering private key.
The system that terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application, increases the friendship of machine card in mobile phone card Mutual security control middleware, when receiving request message, machine card interaction security control middleware being capable of decoding request message The summary of terminal applies is obtained, the summary for decrypting obtained summary and the pre-stored terminal applies is compared to determine to be somebody's turn to do Whether terminal applies are valid application, just allow terminal applies to access mobile phone card application when terminal applies are valid application.With Compared with any terminal applies of the prior art can be interacted with mobile phone card application and then the security of interaction is relatively low, this hair It is bright terminal applies to be differentiated, only allow valid application access mobile phone card application, it is thus possible to improve terminal applies with The security of mobile phone card application interaction.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can borrow Software is helped to add the mode of required common hardware to realize, naturally it is also possible to which by hardware, but the former is more preferably in many cases Embodiment.Based on such understanding, portion that technical scheme substantially in other words contributes the prior art Dividing can be embodied in the form of software product, which is stored in the storage medium that can be read, and such as be counted The floppy disk of calculation machine, hard disk or CD etc., including some instructions are used so that computer equipment (can be personal computer, Server, or network equipment etc.) perform method described in each embodiment of the present invention.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.

Claims (6)

1. a kind of method that terminal applies are interacted with mobile phone card application, it is characterised in that the method is applied to mobile terminal, institute Stating mobile terminal includes machine card interactive component and machine card interaction security control middleware, and the machine card interacts security control middleware In mobile phone card, the described method includes:
The machine card interaction security control middleware receives the request message that the machine card interactive component is sent, the request message The access request sent for representing terminal applies to the application of target mobile phones card, the request message include the terminal applies The digital signature of sign-on ID, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored digital signature The document of public key and the terminal applies;
The machine card interacts digital signature of the security control middleware by terminal applies described in the digital signature public key decryptions, Obtain file destination;
File destination and the document of the terminal applies obtained described in the machine card interaction security control middleware judges Content it is whether identical;
If identical, the machine card, which interacts security control middleware and returned to the machine card interactive component, allows access response to disappear Breath, the permission access response message are used to represent to allow the terminal applies to access the target mobile phones card application;
The machine card interactive component generates random number and by random number described in the interface ciphering public key encryption of pre-read, obtains the One encryption data;
The machine card interactive component sends first encryption data to machine card interaction security control middleware;
The machine card interaction security control middleware decrypts first encryption data by pre-stored interface ciphering private key, obtains To the first ciphertext data;
The machine card interaction security control middleware calculates the hashed value of first ciphertext data, and by the hashed value through institute After stating the encryption of the first ciphertext data, the second encryption data is obtained;
The machine card interacts security control middleware and sends second encryption data to the machine card interactive component;
The machine card interactive component uses the second encryption data described in the random nnrber decryption, obtains the second ciphertext data;
The machine card interactive component calculates the hashed value of the random number, by the hashed value of the random number and the described second decryption Data are compared;
If the hashed value is identical with second ciphertext data, using the random number as the terminal applies with it is described The session key of target mobile phones card application, the session key are used to encrypt the terminal applies and the target mobile phones card application Interaction data.
2. the method that terminal applies according to claim 1 are interacted with mobile phone card application, it is characterised in that
After the document content for determining the terminal applies of the file destination with obtaining is identical, the method is also Including:
Sign-on ID and the target mobile phones card application of the machine card interaction security control middleware according to the terminal applies Mark, obtain the access rights of the terminal applies;
After the access rights of the terminal applies meet preset condition, then the machine card interacts security control middleware to described Machine card interactive component returns to the permission access response message.
3. the method that terminal applies according to claim 1 are interacted with mobile phone card application, it is characterised in that described mobile whole End further includes the key production module in the mobile phone card, and the machine card interaction security control middleware receives the machine card The request message that interactive component is sent, before, the method further includes:
The key production module generates the interface ciphering public key and the interface ciphering private key.
4. the system that a kind of terminal applies are interacted with mobile phone card application, it is characterised in that the system comprises machine card interaction safety Middleware and machine card interactive component are controlled, wherein:
The machine card interacts security control middleware, the request message sent for receiving the machine card interactive component, described to ask Message is asked to be used for the access request for representing that terminal applies are sent to the application of target mobile phones card, the request message includes the terminal The digital signature of the sign-on ID of application, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies, obtains pre-stored The document of digital signature public key and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the number by terminal applies described in the digital signature public key decryptions Word is signed, and obtains file destination;
The machine card interacts security control middleware, is additionally operable to judge the file destination and the text of the terminal applies obtained Whether the content of part summary is identical;
The machine card interacts security control middleware, is additionally operable to when the file destination and the file of the terminal applies obtained When the content of summary is identical, being returned to the machine card interactive component allows access response message, the permission access response message For representing to allow the terminal applies to access the target mobile phones card application;
The machine card interactive component, for generating random number and by random number described in the interface ciphering public key encryption of pre-read, Obtain the first encryption data;
The machine card interactive component, is additionally operable to send first encryption data to machine card interaction security control middleware;
The machine card interacts security control middleware, is additionally operable to decrypt first encryption by pre-stored interface ciphering private key Data, obtain the first ciphertext data;
The machine card interacts security control middleware, is additionally operable to calculate the hashed value of first ciphertext data, and dissipate described Train value obtains the second encryption data after first ciphertext data encryption;
The machine card interacts security control middleware, is additionally operable to send second encryption data to the machine card interactive component;
The machine card interactive component, is also used for the second encryption data described in the random nnrber decryption, obtains the second decryption number According to;
The machine card interactive component, is additionally operable to calculate the hashed value of the random number, by the hashed value of the random number with it is described Second ciphertext data is compared;
The machine card interactive component, is additionally operable to when the hashed value is identical with second ciphertext data, by the random number For the terminal applies and the session key of target mobile phones card application, the session key is used to encrypt the terminal applies With the interaction data of target mobile phones card application.
5. the system that terminal applies according to claim 4 are interacted with mobile phone card application, it is characterised in that
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies and the target mobile phones Block the mark of application, obtain the access rights of the terminal applies;
The machine card interacts security control middleware, is additionally operable to after the access rights of the terminal applies meet preset condition, The permission access response message is returned to the machine card interactive component.
6. the system that terminal applies according to claim 4 are interacted with mobile phone card application, it is characterised in that
The system also includes key production module, for generating the interface ciphering public key and the interface ciphering private key.
CN201510254694.6A 2015-05-18 2015-05-18 The method and system that a kind of terminal applies are interacted with mobile phone card application Active CN104994498B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510254694.6A CN104994498B (en) 2015-05-18 2015-05-18 The method and system that a kind of terminal applies are interacted with mobile phone card application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510254694.6A CN104994498B (en) 2015-05-18 2015-05-18 The method and system that a kind of terminal applies are interacted with mobile phone card application

Publications (2)

Publication Number Publication Date
CN104994498A CN104994498A (en) 2015-10-21
CN104994498B true CN104994498B (en) 2018-05-11

Family

ID=54306232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510254694.6A Active CN104994498B (en) 2015-05-18 2015-05-18 The method and system that a kind of terminal applies are interacted with mobile phone card application

Country Status (1)

Country Link
CN (1) CN104994498B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107358118B (en) * 2017-07-03 2020-06-09 中兴通讯股份有限公司 SFS access control method and system, SFS and terminal equipment
CN109492421A (en) * 2017-09-11 2019-03-19 厦门雅迅网络股份有限公司 Data processing method, electronic equipment and the storage medium of security middleware based on android system
CN110138711A (en) * 2018-02-09 2019-08-16 北京京东尚科信息技术有限公司 A kind of method and apparatus for registration

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005104431A1 (en) * 2004-04-21 2005-11-03 Matsushita Electric Industrial Co., Ltd. Content providing system, information processing device, and memory card
CN1866870A (en) * 2006-02-23 2006-11-22 华为技术有限公司 Software validity checking system and method based on device management protocol
CN101729503A (en) * 2008-10-23 2010-06-09 中兴通讯股份有限公司 Method and system for distributing key
CN103812649A (en) * 2012-11-07 2014-05-21 中国电信股份有限公司 Method and system for safety access control of machine-card interface, and handset terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005104431A1 (en) * 2004-04-21 2005-11-03 Matsushita Electric Industrial Co., Ltd. Content providing system, information processing device, and memory card
CN1866870A (en) * 2006-02-23 2006-11-22 华为技术有限公司 Software validity checking system and method based on device management protocol
CN101729503A (en) * 2008-10-23 2010-06-09 中兴通讯股份有限公司 Method and system for distributing key
CN103812649A (en) * 2012-11-07 2014-05-21 中国电信股份有限公司 Method and system for safety access control of machine-card interface, and handset terminal

Also Published As

Publication number Publication date
CN104994498A (en) 2015-10-21

Similar Documents

Publication Publication Date Title
US9843585B2 (en) Methods and apparatus for large scale distribution of electronic access clients
CN105450406B (en) The method and apparatus of data processing
WO2018213419A1 (en) Facilitating a fund transfer between user accounts
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
US8483661B2 (en) Method for loading credentials into a mobile communication device such as a mobile phone
TW201610745A (en) Electronic device, method for establishing and enforcing a security policy associated with an access control element, and secure element
WO2013182154A1 (en) Method, system and terminal for encrypting/decrypting application program on communication terminal
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN106452770A (en) Data encryption method and apparatus, data decryption method and apparatus, and system
CN103368735B (en) Using authentication method, the device and system of access smart card
CN105187369A (en) Data access method and data access device
CN104994498B (en) The method and system that a kind of terminal applies are interacted with mobile phone card application
CN106789000A (en) A kind of secret phone system and method based on TEE technologies and wearable device
KR20140058196A (en) Apparatus and method for protecting mobile message data
JP5485452B1 (en) Key management system, key management method, user terminal, key generation management device, and program
KR102053993B1 (en) Method for Authenticating by using Certificate
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
KR101221728B1 (en) The certification process server and the method for graphic OTP certification
CN105635096B (en) Access method, system and the terminal of data module
CN106330897A (en) Information storage method and system
CN114679287B (en) Data processing method, system, electronic device and storage medium
CN117479154B (en) Office terminal data processing method and system based on unified multi-domain identification authentication
EP3202173B1 (en) Method of sending a data from a secure token to a server
KR101289990B1 (en) Method for switching use mode of mobile device and mobile device using the same
CN115860017A (en) Data processing method and related device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant