CN104994498B - The method and system that a kind of terminal applies are interacted with mobile phone card application - Google Patents
The method and system that a kind of terminal applies are interacted with mobile phone card application Download PDFInfo
- Publication number
- CN104994498B CN104994498B CN201510254694.6A CN201510254694A CN104994498B CN 104994498 B CN104994498 B CN 104994498B CN 201510254694 A CN201510254694 A CN 201510254694A CN 104994498 B CN104994498 B CN 104994498B
- Authority
- CN
- China
- Prior art keywords
- terminal applies
- card
- machine card
- security control
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The invention discloses the method and system that a kind of terminal applies are interacted with mobile phone card application, it is related to Internet technical field, is invented to solve the problems, such as the security of existing exchange method relatively low.This method includes:Machine card interacts the request message of security control middleware receiver and card interactive component, which includes the digital signature of the sign-on ID of terminal applies, the mark of target mobile phones card application and terminal applies;According to the sign-on ID of terminal applies, pre-stored digital signature public key and the document of terminal applies are obtained;By the digital signature of digital signature public key decryptions terminal applies, file destination is obtained;Judge whether file destination is identical with the content of the document of the terminal applies obtained;If identical, being returned to machine card interactive component allows access response message, which is used to represent to allow terminal applies access target mobile phone card application.The present invention is applied during terminal applies are interacted with mobile phone card application.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of method that is interacted with mobile phone card application of terminal applies and
System.
Background technology
At present, user of the mobile phone card (some documents are also referred to as subscriber identification card, smart card) as mobile phone terminal
Identification module (English:Subscriber/User Identity Module, referred to as:SIM/UIM) this information carrier, due to
, with secure data storage capacity, more and more application developers release more money mobile phone cards using mobile phone card as development environment should for it
With.In addition, with the development of mobile Internet and radio RF recognition technology, mobile phone card is applied to be sent out in mobile Internet application
More and more important effect is waved, terminal applies interact also more and more frequently with what mobile phone card was applied, such as:When utilizing Alipay
When terminal applies carry out payment activity, then mobile phone card application can read the bank card information of user by Radio Frequency Identification Technology
The terminal applies such as Alipay are transferred to, without by being manually entered bank card information.
A kind of existing terminal applies mainly include with the method that mobile phone card application interacts:By establishing one in end side
Secure interactive middleware, mobile phone card side establish an interpretation layer;After terminal is successfully selected the interpretation layer of mobile phone card side, instruction is sent
The command list (CLIST) that mobile phone card interpretation layer returns is obtained, security middleware sends the terminal response order for carrying command index, safety
Middleware then sends the terminal response order for carrying downloading data in instruction issues flow, and SIM card application execution is complete corresponding
Returned after operation by interpretation layer and carry the proactive command (DISPLAY TEXT, GET KEY, the GET INPUT that upload data
Deng), terminal is sent to SIM card after interaction cancels selection instruction, releases the selection operation of interpretation layer.In interaction flow,
Terminal applies select corresponding menu entries respectively according to the download of interactive instruction, upload demand, and then perform corresponding operating and take
Obtain required instruction.
In terminal applies and mobile phone card application carry out the above process of data interaction, any terminal applies can be with hand
Machine card application interacts, and the good and bad jumbled together due to terminal applies, and might have malicious application interacts with mobile phone card application,
The malice of user data may be brought to steal, thus existing this terminal applies and the safety of the exchange method of mobile phone card application
Property is relatively low.
The content of the invention
The present invention provides the method and system that a kind of terminal applies are interacted with mobile phone card application, in order to solve in the prior art
When the application of terminal applies and mobile phone card interacts, the problem of security is relatively low.
To reach above-mentioned purpose, the present invention adopts the following technical scheme that:
The method is applied to mobile terminal, and the mobile terminal includes machine card interactive component and the interaction security control of machine card
Middleware, the machine card interaction security control middleware are located in mobile phone card, the described method includes:
Machine card interaction security control middleware receives the terminal applies of the machine card interactive component forwarding to target hand
The request message that the application of machine card is sent, the request message are used for the access for representing that terminal applies are sent to the application of target mobile phones card
Request, the request message include the sign-on ID of the terminal applies, the mark of target mobile phones card application and the end
Hold the digital signature of application;
The machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored numeral
The document of public signature key and the terminal applies;
The machine card interacts numeral of the security control middleware by terminal applies described in the digital signature public key decryptions
Signature, obtains file destination;
File destination and the file of the terminal applies obtained described in the machine card interaction security control middleware judges
Whether the content of summary is identical;
If identical, the machine card, which interacts security control middleware and returns to allow to access to the machine card interactive component, to be rung
Message is answered, the permission access response message is used to represent to allow the terminal applies to access the target mobile phones card application mark
Know.
The system that a kind of terminal applies are interacted with mobile phone card application, the system comprises machine card to interact security control middleware
With machine card interactive component, wherein:
The machine card interacts security control middleware, the request message sent for receiving the machine card interactive component, institute
State request message and be used for the access request for representing that terminal applies are sent to the application of target mobile phones card, the request message includes described
The digital signature of the sign-on ID of terminal applies, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies, acquisition prestores
The digital signature public key of storage and the document of the terminal applies;
The machine card interacts security control middleware, is additionally operable to by terminal applies described in the digital signature public key decryptions
Digital signature, obtain file destination;
The machine card interacts security control middleware, is additionally operable to the terminal applies for judging the file destination with obtaining
Document content it is whether identical;
The machine card interacts security control middleware, is additionally operable to when the file destination and the terminal applies of acquisition
When the content of document is identical, being returned to the machine card interactive component allows access response message, the permission access response
Message is used to represent to allow the terminal applies to access the target mobile phones card application.
The method and system that terminal applies provided by the invention are interacted with mobile phone card application, increase the friendship of machine card in mobile phone card
Mutual security control middleware, when receiving request message, machine card interaction security control middleware being capable of decoding request message
The document of terminal applies is obtained, the summary for decrypting obtained document and the pre-stored terminal applies is compared
To determine whether the terminal applies are valid application, just terminal applies are allowed to access mobile phone card when terminal applies are valid application
Using.The relatively low phase of security that can be interacted and then interact with mobile phone card application with any terminal applies of the prior art
Than the present invention can differentiate terminal applies, only allow valid application to access mobile phone card application, it is thus possible to improve terminal
Using the security interacted with mobile phone card application.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings
Attached drawing.
Fig. 1 is the structure diagram of mobile terminal provided in an embodiment of the present invention;
Fig. 2 is that the flow for the method that a kind of terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application is illustrated
Figure;
Fig. 3 is that the flow for the method that another terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application is illustrated
Figure;
Fig. 4 is the flow diagram of the method for consult session key provided in an embodiment of the present invention;
Fig. 5 is the installation process schematic diagram of terminal applies provided in an embodiment of the present invention;
Fig. 6 is the system structure diagram that a kind of terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application;
Fig. 7 is the structural representation for the system that another terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application
Figure.
Embodiment
Below in conjunction with the attached drawing in the present embodiment, the technical solution in the present embodiment is clearly and completely described,
Obviously, described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.Based in the present invention
Embodiment, those of ordinary skill in the art's all other embodiments obtained without creative efforts, all
Belong to the scope of protection of the invention.
An embodiment of the present invention provides a kind of method that terminal applies are interacted with mobile phone card application, this method is applied to movement
Terminal, is as shown in Figure 1 the logical construction schematic diagram of mobile terminal provided in an embodiment of the present invention, which includes mobile phone
Block, the running environment in mobile terminal can be divided into mobile phone card environment and mobile terminal environment, the two environment according to the mobile phone card
Can regard two environment arranged side by side as, mainly include in mobile phone card machine card interaction security control middleware, key production module with
And various mobile phone card applications;Mainly include machine card interactive component and various terminals application in mobile terminal.In addition, terminal and hand
Interacted between machine card by self-defined machine card interface, wherein the self-defined machine card interface is determined for one kind in GSM11.11 specifications
On the basis of the machine card interactive interface of justice, the machine defined by the implementation extension GSM11.11 specifications from software view is clamped
The function of mouth, meets the interactive interface for the needs of being interacted between terminal applies and card application, its specific implementation process refers to existing
Technology.Some in mobile terminal are applied under mobile phone card environment, some are applied under mobile terminal environment, should in the present embodiment
It is referred to as terminal applies for the application in mobile terminal, is referred to as mobile phone card application applied to the application under mobile phone card environment.
Such as:The application such as common Alipay, wechat, microblogging be that terminal applies, mobile payment application, electronic cash application etc. are applied and are
Mobile phone card application.
At present, the exploitation of terminal applies is more mature, and various applications emerge in an endless stream, thus end-use market is showed and answered
With more than species, quantity but the situation that the good and bad jumbled together, its security are relatively low.With widely used based on linux kernel at present
, can be to appointing in terminal after malicious application obtains system highest authority (root authority) exemplified by Android operation system
What file (including system file) perform it is all the operation such as increase, delete, changing, looking into so that the machine card interface based on terminal is safe
Control program fails, the risk of Height increasing machine card application interaction.Comparatively, mobile phone card environment is cleaner, and due to mobile phone card skill
Art has just fully taken into account security requirement at the beginning of designing, while the safety of mobile phone card has been cooperatively configured from software and hardware view
System, security are far above terminal environments.In view of the security context of mobile phone card, the embodiment of the present invention add machine in mobile phone card
Whether card interaction security control middleware, be valid application for identification terminal application.As shown in Fig. 2, the identification process includes:
201:The request message that machine card interaction security control middleware receiver and card interactive component is sent, the request message
The access request sent for representing terminal applies to the application of target mobile phones card, the request message include the terminal applies
The digital signature of sign-on ID, the mark of target mobile phones card application and the terminal applies.
When terminal applies initiate to access the request of mobile phone card application, the machine card interactive component inside mobile terminal blocks
The access request is cut, and the access request is forwarded to the machine card interaction security control middleware inside mobile phone card.
Wherein, the sign-on ID of terminal applies is that terminal applies developer obtains when registering and apply to operator, the note
Volume is identified as to be formed using preceding 8 bit combination of the application file Hash digest of version before Bao Mingyu.
Each terminal applies possess developer's digital signature of the public and private key pair previously generated including a pair, this
Terminal applies digital signature information in step is the document of terminal applies after the encryption of developer's digital signature private key
Character string.
Target mobile phones card application refers to the mobile phone card application that terminal applies desire access to.
202:Machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored numeral
The document of public signature key and the terminal applies.
Terminal applies initiate mount request, mobile phone card to mobile phone card management platform when mounted, by background application platform
Management platform by the sign-on ID of the terminal applies included in mount request, terminal applies developer's digital signature public key and
The content records such as the document of terminal applies are simultaneously stored to mobile phone card with TLV (Type-length-value) structure.Terminal
The installation process of application sees below literary detailed description.
203:Machine card interacts numeral of the security control middleware by terminal applies described in the digital signature public key decryptions
Signature, obtains file destination.
Signified digital signature is terminal applies by developer's digital signature private key by the text of terminal applies in step 201
The encrypted character string of part summary.And specify in step 202 and protected in the interaction security control middleware of the machine card inside mobile phone card
There is developer's digital signature public key of the terminal applies, uses private key encryption in the present embodiment, the mode of public key decryptions is decrypted
Digital signature.
204:File destination and the file of the terminal applies obtained described in machine card interaction security control middleware judges
Whether the content of summary is identical.
If the file of the document of the terminal applies obtained after decryption and the terminal applies of mobile phone card storage inside
Clip Text is identical, then it is valid application to prove the terminal applies, it is allowed to which the terminal applies access the target mobile phones card application, hold
Row following step 205.
If it is not the same, then machine card interaction security control middleware forbids access response to disappear to the return of machine card interactive component
Breath, and terminal applies are forwarded to forbid terminal applies access target mobile phone card application by machine card interactive component.
205:If identical, machine card, which interacts security control middleware and returned to machine card interactive component, allows access response to disappear
Breath, the permission access response message are used to represent to allow the terminal applies to access the target mobile phones card application.
Machine card interactive component receive after the permission access response message again to terminal applies forward the response message so as to
The target mobile phones card application is accessed in terminal applies.
The method that terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application, increases the friendship of machine card in mobile phone card
Mutual security control middleware, when receiving the request message of terminal of machine card interactive component forwarding, machine card interaction safety control
Middleware processed can decoding request message obtain the summary of terminal applies, obtained summary will be decrypted and the pre-stored terminal should
Summary is compared to determine whether the terminal applies are valid application, is just allowed eventually when terminal applies are valid application
Hold application access mobile phone card application.It can be interacted and then hand over mobile phone card application with any terminal applies of the prior art
Mutual security is relatively low to be compared, and the present invention can differentiate terminal applies, only allows valid application to access mobile phone card application,
The security that terminal applies are interacted with mobile phone card application can thus be improved.
In addition, the executive agent of the present invention interacts security control middleware for the machine card inside mobile phone card, with setting about
The development of machine card technique, the soft hardware performance of communication handset card are improved so that relatively safer mobile phone card environment is more
It is adapted to deployment machine card interface access control mechanisms, can preferably avoids destruction of the Malware for authentication mechanism, and can
The security mechanisms such as the control of authority based on mobile phone card access the controling mechanism for providing multi-layer for interface.
In order to further improve the security of terminal applies access, judging terminal applies to be legal in the embodiment of the present invention
After, it is also necessary to determine whether terminal applies whether possess access the target mobile phones card application access rights, only when
When terminal applies possess access rights, just terminal applies are allowed to access the target mobile phones card application.Thus work as and determine the mesh
After mark file is identical with the document content of the terminal applies of acquisition, as shown in figure 3, this method further includes:
301:Machine card interacts sign-on ID and the target mobile phones card of the security control middleware according to the terminal applies
The mark of application, obtains the access rights of the terminal applies.
The sign-on ID of terminal applies, the access rights of terminal applies in terminal applies registration process also in generating
's.
In terminal applies installation process, mobile phone card applies the sign-on ID of each terminal applies, each mobile phone card
The access rights that mark and terminal applies access mobile phone card application store and are recorded as the catalogue of a rule.
302:After the access rights of terminal applies meet preset condition, machine card interacts security control middleware and is handed over to machine card
Mutual component, which returns, allows access response message, and the permission access response message is used to represent to allow the terminal applies to access institute
State target mobile phones card application.
According to the access rights of the terminal applies got in step 301, the target mobile phones are accessed when terminal applies possess
When blocking the authority of application, it is allowed to which terminal applies access the target mobile phones card application, otherwise it is assumed that terminal applies insufficient permission, refusal
Its interaction request.
When terminal applies are for valid application and after possess the access rights of access target mobile phone card application, terminal applies can be with
Interacted with target mobile phones card application.In order to improve the security in interaction, the monitoring to the instruction of machine card interface is prevented
It is close that machine card interactive component under terminal environments with the machine card in mobile phone card interacts security control middleware consulting session
Key and session authentication index process, using the session key in interaction instruction (both including data command and also including
Command instruction) carry out symmetric cryptography mode realize session encryption.
Thus after allowing the terminal applies to access the target mobile phones card application, this method further includes terminal applies
The process of session key and session authentication index is determined with mobile phone card application negotiation, as shown in figure 4, this method includes:
401:Machine card interactive component generates random number and by random number described in the interface ciphering public key encryption of pre-read, obtains
To the first encryption data.
Wherein, signified interface ciphering public key and hereinafter signified interface ciphering private key are a pair of secret keys pair herein, both
It can be generated by the key production module inside mobile phone card shown in Fig. 1, can also be in the manufacturing process of mobile phone card
Directly pour into card.Machine card interactive component can only read the interface ciphering public key, but can not read interface ciphering private key.When
When being inserted into the starting up of terminal of mobile phone card, the machine card interactive component in terminal can read the interface ciphering public key.
In addition, machine card interactive component will also preserve the random number of generation.For the ease of describing, with S in text1Representing should be with
Machine number.
402:Machine card interactive component sends first encryption data to machine card interaction security control middleware.
In addition to sending first encryption data, machine card interactive component is also needed to machine card interaction security control middleware hair
Send the sign-on ID and target mobile phones card application identities of terminal applies, in order to interact security control middleware easy to machine card
Know which terminal applies is desired access to generate session authentication index in which mobile phone card application and subsequent process and determined
Session authentication index and terminal applies sign-on ID, the one-to-one relationship of target mobile phones card application identities.
403:Machine card interacts security control middleware and decrypts the first encryption number by pre-stored interface ciphering private key
According to obtaining the first ciphertext data.
In theory, step 401 and step 402 are the random numbers produced using interface ciphering public key encryption, and step 403 is
Encrypted random number is decrypted using interface ciphering private key, that obtain should be random number S1。
404:Machine card interaction security control middleware calculates the hashed value of first ciphertext data, and by the hashed value
After first ciphertext data encryption, the second encryption data is obtained.
Machine card interaction security control middleware calls hashing module to calculate the hashed value of the first ciphertext data, is denoted as
S2, then by hashed value S2Bound as session authentication index and terminal applies sign-on ID, target mobile phones card application identities,
S is indexed as the safe identifier for identifying interactive sessions and by currently used session authentication2It is stored in mobile phone card, Zhi Daoben
Secondary conversation end generates new session authentication index;In addition, by S2Machine card interaction group is returned after the encryption of the first ciphertext data
Part.
405:Machine card interacts security control middleware and sends the second encryption data to machine card interactive component.
406:Machine card interactive component uses the second encryption data described in the random nnrber decryption, obtains the second ciphertext data.
407:Machine card interactive component calculates the hashed value of the random number, by the hashed value of the random number and described second
Ciphertext data is compared.
408:, should using the random number as the terminal if the hashed value is identical with second ciphertext data
With the session key applied with the target mobile phones card, the session key is used to encrypt the terminal applies and the target hand
The interaction data of machine card application.In addition, indexed the hashed value of the random number as the session authentication in this interaction, institute
Session authentication index is stated to be used for when multiple terminal applies interact within the same period with mobile phone card application, to distinguish
Which group session key what this was used interchangeably is.It is in a manner of " instruction ciphertext+session authentication index is in plain text " in interaction
Transmission, card end determine which session key to decrypt ciphertext using according to session authentication index.
After session key and session authentication index are consulted successfully, terminal applies can utilize the meeting with mobile phone card application
Words key interacts, which is:
Machine card interactive component is encrypted using session key, by encrypted instruction ciphertext and terminal applies sign-on ID, meeting
Words verification index is sent to machine card by self-defined machine card interface interacts security control middleware.
Machine card interaction security control middleware verification session authentication index is answered with terminal applies sign-on ID, target mobile phones card
After the correspondence of mark is correct, using session key decryption instructions ciphertext corresponding with session authentication index, it will solve
Instruction after close is forwarded to target mobile phones card application.
Machine card interaction security control middleware receives the up-on command that the application of target mobile phones card returns, and encrypted instruction will be close
Text is sent to machine card interactive component by self-defined machine card interface.
The ciphertext that machine card interactive component is received using session key decryption, by the data sending obtained after decryption to terminal
Using.In this way, terminal applies and target mobile phones card are once interacted using completion.
Index, can be weighed in session setup next time with session authentication, it is necessary to reset session key after each conversation end
It is newly-generated.
In order to which clearer explanation step 202 and step 301, the present embodiment additionally provide the installation process of terminal applies,
In the installation process of terminal applies, terminal applies initiate mount request by background application platform to mobile phone card management platform,
And the message in the mount request generates or stores some needed in terminal applies and mobile phone card application interaction process
Information.As shown in figure 5, the process includes:
501:Mobile phone card management platform receives the mount request message of the terminal applies, and the mount request message includes
The sign-on ID of the terminal applies, the target mobile phones card application identify, the digital signature public key of the terminal applies and
Document.
502:Mobile phone card management platform is by the sign-on ID of the terminal applies, the digital signature public key of the terminal applies
With the first memory space in document write-in mobile phone card.
Wherein, which is located in the file system storage space in mobile phone card.
503:Mobile phone card management platform by the sign-on ID of the terminal applies, the target mobile phones card apply mark and
The terminal applies access the second memory space in the access rights write-in mobile phone card of the target mobile phones card application.
Second memory space is similarly positioned in the file system storage space in mobile phone card.
A kind of terminal applies and mobile phone card are additionally provided as the supplement of method and refinement, the present embodiment shown in above-mentioned each figure
Using interactive system, as shown in fig. 6, the system includes machine card interaction security control middleware 601 and machine card interactive component
602, wherein,
The machine card interaction security control middleware 601, the terminal of the forwarding for receiving the machine card interactive component 602
Using the request message sent to the application of target mobile phones card, the request message includes the sign-on ID of the terminal applies, institute
State the mark of target mobile phones card application and the digital signature of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to the sign-on ID according to the terminal applies, obtains pre-
The digital signature public key of storage and the document of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to by terminal described in the digital signature public key decryptions
The digital signature of application, obtains file destination;
The machine card interaction security control middleware 601, is additionally operable to the terminal for judging the file destination with obtaining
Whether the content of the document of application is identical;
The machine card interaction security control middleware 601, is additionally operable to when the file destination should with the terminal obtained
When the content of document is identical, being returned to the machine card interactive component 602 allows access response message, described to allow to visit
Ask response message be used for represent allow the terminal applies access target mobile phones card application.
Further, the machine card interaction security control middleware 601, is additionally operable to the registration mark according to the terminal applies
Know the mark with target mobile phones card application, obtain the access rights of the terminal applies;
The machine card interaction security control middleware 601, is additionally operable to when the access rights of the terminal applies meet to preset
After condition, being returned to the machine card interactive component 602 allows access response message, and the permission access response message is used to represent
The terminal applies are allowed to access the target mobile phones card application.
Further, the machine card interactive component 602, is additionally operable to generation random number and the interface ciphering public affairs for passing through pre-read
Key encrypts the random number, obtains the first encryption data;
The machine card interactive component 602, is additionally operable to send described first to machine card interaction security control middleware 601
Encryption data;
The machine card interaction security control middleware 601, is additionally operable to by described in pre-stored interface ciphering private key decryption
First encryption data, obtains the first ciphertext data;
The machine card interaction security control middleware 601, is additionally operable to calculate the hashed value of first ciphertext data, and will
The hashed value obtains the second encryption data after first ciphertext data encryption;
The machine card interaction security control middleware 601, is additionally operable to send described second to the machine card interactive component 602
Encryption data;
The machine card interactive component 602, is also used for the second encryption data described in the random nnrber decryption, obtains second
Ciphertext data;
The machine card interactive component 602, is additionally operable to calculate the hashed value of the random number, by the hashed value of the random number
Compared with second ciphertext data;
The machine card interactive component 602, is additionally operable to when the digest value is identical with the third value, will be described random
As the terminal applies and the session key of target mobile phones card application, the session key is used to encrypt the terminal number
Using the interaction data applied with the target mobile phones card.
Further, as shown in fig. 7, the system also includes key production module 701, for generating the interface ciphering
Public key and the interface ciphering private key.
The system that terminal applies provided in an embodiment of the present invention are interacted with mobile phone card application, increases the friendship of machine card in mobile phone card
Mutual security control middleware, when receiving request message, machine card interaction security control middleware being capable of decoding request message
The summary of terminal applies is obtained, the summary for decrypting obtained summary and the pre-stored terminal applies is compared to determine to be somebody's turn to do
Whether terminal applies are valid application, just allow terminal applies to access mobile phone card application when terminal applies are valid application.With
Compared with any terminal applies of the prior art can be interacted with mobile phone card application and then the security of interaction is relatively low, this hair
It is bright terminal applies to be differentiated, only allow valid application access mobile phone card application, it is thus possible to improve terminal applies with
The security of mobile phone card application interaction.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can borrow
Software is helped to add the mode of required common hardware to realize, naturally it is also possible to which by hardware, but the former is more preferably in many cases
Embodiment.Based on such understanding, portion that technical scheme substantially in other words contributes the prior art
Dividing can be embodied in the form of software product, which is stored in the storage medium that can be read, and such as be counted
The floppy disk of calculation machine, hard disk or CD etc., including some instructions are used so that computer equipment (can be personal computer,
Server, or network equipment etc.) perform method described in each embodiment of the present invention.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.
Claims (6)
1. a kind of method that terminal applies are interacted with mobile phone card application, it is characterised in that the method is applied to mobile terminal, institute
Stating mobile terminal includes machine card interactive component and machine card interaction security control middleware, and the machine card interacts security control middleware
In mobile phone card, the described method includes:
The machine card interaction security control middleware receives the request message that the machine card interactive component is sent, the request message
The access request sent for representing terminal applies to the application of target mobile phones card, the request message include the terminal applies
The digital signature of sign-on ID, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware according to the sign-on ID of the terminal applies, obtains pre-stored digital signature
The document of public key and the terminal applies;
The machine card interacts digital signature of the security control middleware by terminal applies described in the digital signature public key decryptions,
Obtain file destination;
File destination and the document of the terminal applies obtained described in the machine card interaction security control middleware judges
Content it is whether identical;
If identical, the machine card, which interacts security control middleware and returned to the machine card interactive component, allows access response to disappear
Breath, the permission access response message are used to represent to allow the terminal applies to access the target mobile phones card application;
The machine card interactive component generates random number and by random number described in the interface ciphering public key encryption of pre-read, obtains the
One encryption data;
The machine card interactive component sends first encryption data to machine card interaction security control middleware;
The machine card interaction security control middleware decrypts first encryption data by pre-stored interface ciphering private key, obtains
To the first ciphertext data;
The machine card interaction security control middleware calculates the hashed value of first ciphertext data, and by the hashed value through institute
After stating the encryption of the first ciphertext data, the second encryption data is obtained;
The machine card interacts security control middleware and sends second encryption data to the machine card interactive component;
The machine card interactive component uses the second encryption data described in the random nnrber decryption, obtains the second ciphertext data;
The machine card interactive component calculates the hashed value of the random number, by the hashed value of the random number and the described second decryption
Data are compared;
If the hashed value is identical with second ciphertext data, using the random number as the terminal applies with it is described
The session key of target mobile phones card application, the session key are used to encrypt the terminal applies and the target mobile phones card application
Interaction data.
2. the method that terminal applies according to claim 1 are interacted with mobile phone card application, it is characterised in that
After the document content for determining the terminal applies of the file destination with obtaining is identical, the method is also
Including:
Sign-on ID and the target mobile phones card application of the machine card interaction security control middleware according to the terminal applies
Mark, obtain the access rights of the terminal applies;
After the access rights of the terminal applies meet preset condition, then the machine card interacts security control middleware to described
Machine card interactive component returns to the permission access response message.
3. the method that terminal applies according to claim 1 are interacted with mobile phone card application, it is characterised in that described mobile whole
End further includes the key production module in the mobile phone card, and the machine card interaction security control middleware receives the machine card
The request message that interactive component is sent, before, the method further includes:
The key production module generates the interface ciphering public key and the interface ciphering private key.
4. the system that a kind of terminal applies are interacted with mobile phone card application, it is characterised in that the system comprises machine card interaction safety
Middleware and machine card interactive component are controlled, wherein:
The machine card interacts security control middleware, the request message sent for receiving the machine card interactive component, described to ask
Message is asked to be used for the access request for representing that terminal applies are sent to the application of target mobile phones card, the request message includes the terminal
The digital signature of the sign-on ID of application, the mark of target mobile phones card application and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies, obtains pre-stored
The document of digital signature public key and the terminal applies;
The machine card interacts security control middleware, is additionally operable to the number by terminal applies described in the digital signature public key decryptions
Word is signed, and obtains file destination;
The machine card interacts security control middleware, is additionally operable to judge the file destination and the text of the terminal applies obtained
Whether the content of part summary is identical;
The machine card interacts security control middleware, is additionally operable to when the file destination and the file of the terminal applies obtained
When the content of summary is identical, being returned to the machine card interactive component allows access response message, the permission access response message
For representing to allow the terminal applies to access the target mobile phones card application;
The machine card interactive component, for generating random number and by random number described in the interface ciphering public key encryption of pre-read,
Obtain the first encryption data;
The machine card interactive component, is additionally operable to send first encryption data to machine card interaction security control middleware;
The machine card interacts security control middleware, is additionally operable to decrypt first encryption by pre-stored interface ciphering private key
Data, obtain the first ciphertext data;
The machine card interacts security control middleware, is additionally operable to calculate the hashed value of first ciphertext data, and dissipate described
Train value obtains the second encryption data after first ciphertext data encryption;
The machine card interacts security control middleware, is additionally operable to send second encryption data to the machine card interactive component;
The machine card interactive component, is also used for the second encryption data described in the random nnrber decryption, obtains the second decryption number
According to;
The machine card interactive component, is additionally operable to calculate the hashed value of the random number, by the hashed value of the random number with it is described
Second ciphertext data is compared;
The machine card interactive component, is additionally operable to when the hashed value is identical with second ciphertext data, by the random number
For the terminal applies and the session key of target mobile phones card application, the session key is used to encrypt the terminal applies
With the interaction data of target mobile phones card application.
5. the system that terminal applies according to claim 4 are interacted with mobile phone card application, it is characterised in that
The machine card interacts security control middleware, is additionally operable to the sign-on ID according to the terminal applies and the target mobile phones
Block the mark of application, obtain the access rights of the terminal applies;
The machine card interacts security control middleware, is additionally operable to after the access rights of the terminal applies meet preset condition,
The permission access response message is returned to the machine card interactive component.
6. the system that terminal applies according to claim 4 are interacted with mobile phone card application, it is characterised in that
The system also includes key production module, for generating the interface ciphering public key and the interface ciphering private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510254694.6A CN104994498B (en) | 2015-05-18 | 2015-05-18 | The method and system that a kind of terminal applies are interacted with mobile phone card application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510254694.6A CN104994498B (en) | 2015-05-18 | 2015-05-18 | The method and system that a kind of terminal applies are interacted with mobile phone card application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104994498A CN104994498A (en) | 2015-10-21 |
CN104994498B true CN104994498B (en) | 2018-05-11 |
Family
ID=54306232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510254694.6A Active CN104994498B (en) | 2015-05-18 | 2015-05-18 | The method and system that a kind of terminal applies are interacted with mobile phone card application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104994498B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107358118B (en) * | 2017-07-03 | 2020-06-09 | 中兴通讯股份有限公司 | SFS access control method and system, SFS and terminal equipment |
CN109492421A (en) * | 2017-09-11 | 2019-03-19 | 厦门雅迅网络股份有限公司 | Data processing method, electronic equipment and the storage medium of security middleware based on android system |
CN110138711A (en) * | 2018-02-09 | 2019-08-16 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus for registration |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005104431A1 (en) * | 2004-04-21 | 2005-11-03 | Matsushita Electric Industrial Co., Ltd. | Content providing system, information processing device, and memory card |
CN1866870A (en) * | 2006-02-23 | 2006-11-22 | 华为技术有限公司 | Software validity checking system and method based on device management protocol |
CN101729503A (en) * | 2008-10-23 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
CN103812649A (en) * | 2012-11-07 | 2014-05-21 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
-
2015
- 2015-05-18 CN CN201510254694.6A patent/CN104994498B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005104431A1 (en) * | 2004-04-21 | 2005-11-03 | Matsushita Electric Industrial Co., Ltd. | Content providing system, information processing device, and memory card |
CN1866870A (en) * | 2006-02-23 | 2006-11-22 | 华为技术有限公司 | Software validity checking system and method based on device management protocol |
CN101729503A (en) * | 2008-10-23 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
CN103812649A (en) * | 2012-11-07 | 2014-05-21 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
Also Published As
Publication number | Publication date |
---|---|
CN104994498A (en) | 2015-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9843585B2 (en) | Methods and apparatus for large scale distribution of electronic access clients | |
CN105450406B (en) | The method and apparatus of data processing | |
WO2018213419A1 (en) | Facilitating a fund transfer between user accounts | |
EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
US8483661B2 (en) | Method for loading credentials into a mobile communication device such as a mobile phone | |
TW201610745A (en) | Electronic device, method for establishing and enforcing a security policy associated with an access control element, and secure element | |
WO2013182154A1 (en) | Method, system and terminal for encrypting/decrypting application program on communication terminal | |
CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
CN106452770A (en) | Data encryption method and apparatus, data decryption method and apparatus, and system | |
CN103368735B (en) | Using authentication method, the device and system of access smart card | |
CN105187369A (en) | Data access method and data access device | |
CN104994498B (en) | The method and system that a kind of terminal applies are interacted with mobile phone card application | |
CN106789000A (en) | A kind of secret phone system and method based on TEE technologies and wearable device | |
KR20140058196A (en) | Apparatus and method for protecting mobile message data | |
JP5485452B1 (en) | Key management system, key management method, user terminal, key generation management device, and program | |
KR102053993B1 (en) | Method for Authenticating by using Certificate | |
KR101329789B1 (en) | Encryption Method of Database of Mobile Communication Device | |
KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
CN105635096B (en) | Access method, system and the terminal of data module | |
CN106330897A (en) | Information storage method and system | |
CN114679287B (en) | Data processing method, system, electronic device and storage medium | |
CN117479154B (en) | Office terminal data processing method and system based on unified multi-domain identification authentication | |
EP3202173B1 (en) | Method of sending a data from a secure token to a server | |
KR101289990B1 (en) | Method for switching use mode of mobile device and mobile device using the same | |
CN115860017A (en) | Data processing method and related device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |