CN105825134A - Intelligent card processing method, intelligent card management server and terminal - Google Patents
Intelligent card processing method, intelligent card management server and terminal Download PDFInfo
- Publication number
- CN105825134A CN105825134A CN201610150829.9A CN201610150829A CN105825134A CN 105825134 A CN105825134 A CN 105825134A CN 201610150829 A CN201610150829 A CN 201610150829A CN 105825134 A CN105825134 A CN 105825134A
- Authority
- CN
- China
- Prior art keywords
- application
- smart card
- party application
- card
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides an intelligent card processing method, an intelligent card management server and a terminal. The intelligent card processing method comprises the following steps of obtaining a request through receiving access control data, wherein the obtained request includes a third-party application identifier and intelligent card attribute information; performing query in a database according to the third-party application identifier, and obtaining intelligent card access control data corresponding to the third-party application identifier; sending the intelligent card access control data to the intelligent card attributive terminal corresponding to the intelligent card attribute information, so that the terminal performs authentication operation on the third-party application requiring to operate an intelligent card according to the intelligent card access control data; receiving a data interaction record sent by the terminal, wherein the data interaction record is a record that the terminal performs intelligent card data interaction with the third-party application after the authentication of the third-party application passes. Therefore the data interaction between the third-party application and the intelligent card is realized; the resources of the intelligent card are available for the third-party application; the resource utilization rate of the intelligent card is improved.
Description
Technical field
The present invention relates to smart card techniques, particularly relate to a kind of intelligent card in processing method, intelligence card management server and terminal.
Background technology
Along with the development of network technology, mobile terminal increasingly becomes the indispensable equipment of people's daily life.
Smart card in mobile terminal, as the one of IC-card, is integrated with circuit chip in it, possess storage and operational capability, built-in encryption calculation coprocessor and security logic, possess security control ability.Higher compared to the safety of mobile terminal, meanwhile, smart card low cost, repeatable utilization, personalized, its operating system possessed, can be used for multiple application is installed, it is achieved one card for multiple uses.
But, in prior art, smart card is the most only merely as the identification card during telecom communication being identified user identity, the installation of the application in smart card and distribution are preset by operator's hair fastener, preset application is difficult to the individual demand meeting user to application, therefore, single for current intelligent card function, the problem that utilization rate is the highest, need the ability of open smart card badly, make all kinds of third-party application smart card can be conducted interviews, operate, thus improve the resource utilization of smart card.
Summary of the invention
The intelligent card in processing method of the present invention, intelligence card management server and terminal, in order to realize the data interaction between third-party application and smart card, it is achieved smart card resource opens to third-party application, improve the utilization rate of smart card resource.
First aspect according to embodiments of the present invention, it is provided that a kind of intelligent card in processing method, including: receive and access control data acquisition request, described acquisition request comprises: third-party application mark, smart card attribute information;
Identify according to described third-party application, inquire about in data base, it is thus achieved that the smart card access corresponding with described third-party application mark controls data;
Described smart card access control data are sent in the terminal that the smart card corresponding with described smart card attribute information is belonged to, so that described terminal controls data according to described smart card access, and the third-party application of the request described smart card of operation is carried out authentication operations;
Receiving the data interaction record that described terminal sends, described data interaction record is that described third-party application is authenticated by rear by described terminal, carries out, with described third-party application, the record that intelligent card data is mutual.
Second aspect according to embodiments of the present invention, it is provided that a kind of intelligent card in processing method, including:
Reception application operating is asked, and comprises described third-party application mark in the request of described application operating;
Send to access to intelligence card management server and control data acquisition request, described acquisition request comprises: described third-party application mark, smart card attribute information;
Receive described intelligence card management server to inquire about in data base according to described third-party application mark, it is thus achieved that with described third-party application mark corresponding smart card access control data;
Control data according to described smart card access and described third-party application is carried out authentication operations;
Authentication is by rear, and to carry out intelligent card data mutual with described third-party application, and sends data interaction and recorded described intelligence card management server.
The third aspect according to embodiments of the present invention, it is provided that a kind of intelligence card management server, including:
Receiver module, is used for receiving access and controls data acquisition request, comprise: third-party application mark, smart card attribute information in described acquisition request;Enquiry module, for identifying according to described third-party application, inquires about in data base, it is thus achieved that the smart card access corresponding with described third-party application mark controls data;
Sending module, for described smart card access control data are sent in the terminal that the smart card corresponding with described smart card attribute information is belonged to, so that described terminal controls data according to described smart card access, and the third-party application of the request described smart card of operation is carried out authentication operations;
Described receiver module, is additionally operable to receive the data interaction record that described terminal sends, and described data interaction record is that described third-party application is authenticated by rear by described terminal, carries out, with described third-party application, the record that intelligent card data is mutual.
Fourth aspect according to embodiments of the present invention, it is provided that a kind of terminal, including:
Receiver module, is used for receiving application operating request, comprises described third-party application mark in the request of described application operating;
Sending module, controls data acquisition request for sending to access to intelligence card management server, comprises: described third-party application mark, smart card attribute information in described acquisition request;
Described receiver module, is additionally operable to receive described intelligence card management server and inquires about in data base according to described third-party application mark, it is thus achieved that the smart card access control data corresponding with described third-party application mark;
Authentication module, carries out authentication operations for controlling data according to described smart card access to described third-party application;
Processing module, in authentication by rear, to carry out intelligent card data mutual with described third-party application;
Described sending module, is additionally operable to send data interaction and recorded described intelligence card management server.
The technical scheme that embodiments of the invention are provided can include following beneficial effect:
Control data acquisition request by receiving to access, this acquisition request comprises: third-party application mark, smart card attribute information;And identify according to third-party application, inquire about in data base, it is thus achieved that the smart card access corresponding with third-party application mark controls data;Smart card access controls data be sent in the terminal that the smart card corresponding with smart card attribute information is belonged to, so that terminal controls data according to smart card access, and the third-party application of request operation smart card is carried out authentication operations;And by receiving the data interaction record that terminal sends, data interaction record is that third-party application is authenticated by rear by terminal, carries out, with third-party application, the record that intelligent card data is mutual.It is achieved thereby that the data interaction between third-party application and smart card, make smart card resource open to third-party application, improve the resource utilization of smart card.
It should be appreciated that it is only exemplary and explanatory that above general description and details hereinafter describe, the present invention can not be limited.
Accompanying drawing explanation
Fig. 1 is the flow chart according to a kind of intelligent card in processing method shown in an exemplary embodiment;
Fig. 2 is the flow chart according to a kind of intelligent card in processing method shown in an exemplary embodiment;
Fig. 3 is the flow chart according to a kind of intelligent card in processing method shown in another exemplary embodiment;
Fig. 4 is the block diagram according to a kind of intelligence card management server shown in an exemplary embodiment;
Fig. 5 is the block diagram according to a kind of terminal shown in an exemplary embodiment;
Fig. 6 is the block diagram according to a kind of terminal shown in another exemplary embodiment.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into the scope of protection of the invention.
Fig. 1 is the flow chart according to a kind of intelligent card in processing method shown in an exemplary embodiment.As shown in Figure 1, the intelligent card in processing method of the present embodiment can apply in the system that smart card carries out application process, application management being made up of terminal, smart card, intelligence card management server (platform), third-party application server (platform), this system achieves the application management that telecom intelligent card is main carriers and provides the user the management that card application is relevant, there is provided smart card " card application " enabling capabilities such as download and application management, it is achieved the opening of smart card capabilities and the management to the affiliate providing third-party application.This system achieves by installing smart card client in terminal, it is achieved to the download of application of IC cards, installation, instantiation, individualized flow process, and this ability is supplied to by the way of open interface third party, such as mobile Internet and sector application;On the one hand this system provides application of IC cards administration portal to terminal use, on the other hand provides smart card capabilities to call towards affiliate's (including mobile Internet and sector application).This system can realize the space management to smart card, applies the card from mobile Internet, sector application and carries out security management and control, downloads, installs, realizes unified safe access control.
First introducing the function of the key component of this system, this intelligence card management server can include application of IC cards download and application of IC cards management function;Card applications client can be installed in the terminal loading smart card, and this system can provide the working method of bimodulus download management, to meet the business demand of different cards application.Wherein, intelligence card management server is mainly responsible for the support works such as the download of application of IC cards and application management, it is achieved the access of smart card business and management, has the popularization function of smart card business concurrently simultaneously.Wherein, realization for application of IC cards download function illustrates from the following aspects: intelligence card management server may include that application download module, and this module can realize following functions, and 1, application presents, receive the request of smart card client, it is provided that the information of application.Application message includes: the APK information (download address, bag name etc.) that Apply Names, application introduction, application icon, application are corresponding;2, list of application, accepts client request, can download list of application according to the user reported or card identification feedback, download list of application;Need and Java card platform synchronous applications data herein, be available for, including obtaining from Java card platform, the whole list of application of smart card and the information that intelligent card subscriber is downloaded.3, application download installation and management, accepts client request, applies according to solicited message downloading card, and deletion, more neocaine are applied, and creates security domain and deletes security domain, and the instantiation that card is applied is with individualized.Intelligence card management server can also include: key management module, and this module can realize following functions, 1, card key management, be responsible for card application download, the generation of required key and encryption storage in platform interface and operational control.2, security algorithm management, it is provided that required enciphering and deciphering algorithm in the operation flows such as card application download, includes but not limited to 3DES, RSA1024, SHA-1 scheduling algorithm.Intelligence card management server can also include: the management module to smart card client, is responsible for the access-in management of application of IC cards client, including client registers, accesses legitimacy detection, client state management, client release management etc..Intelligence card management server can also include: application of IC cards management module, this module can realize following functions, application of IC cards management includes application message management, application state management, security domain configuration management and interface authority management, covers the management from the whole operation flow being configured to test.Application management functions of modules is corresponding with application download module function, according to the difference of card application downloading mode, takes corresponding application management pattern.Wherein, application message management: application message should include but not limited to the contents such as Apply Names, application version, application state, applicating category, the scope of business, up/down line time, application ownership, affiliated security domain.Application message is by intelligence card management server unified management, and is synchronized to outside butt tube platform or system.Application message can be checked by user.Application state manage: application state should include but not limited to pending, to be tested, to be released, issue, suspend downloads, suspend use and rolled off the production line.Application state belongs to platform and has information by oneself, platform generate and manage.Platform service manager has the authority of change application state.The chart of application state is as shown in table 1, and the platform in table 1 refers to high in the clouds smart card management server platform, and affiliate is the provider of third-party application.Security domain configuration management: realize the interior main security domain of card and the configuration in auxiliary security territory and management.Main security domain is only directly configured by platform administrator, and other users or affiliate have no right to configure.Auxiliary security territory is optional open to user according to its service attribute, visible in allowed band.Interface authority manages: smart card manages server service manager with " application " as unit, the affiliate of the configuration third-party application authority by this application of interface operation, including: application can be initiated and download request, can initiate to apply removal request, can initiate to configure application state/application version request, the individualized request of application etc..
Table 1, application state table
Intelligence card management server also provides for dual-mode of operation module, relates to two kinds of mode of operations and is respectively entrusted management model and transparent transmission mode, and according to the difference of the attributes such as the safe class that card is applied, application download function role has nothing in common with each other.Dual-mode working mode, while compatible traditional business, can meet the demand of new opplication business, and the suitability is wider, and system is more perfect, it is possible to realize the opening and shares of card ability and card business.Wherein, under entrusted management model, smart card management server capability role is two grades of TSM business polymerization platforms, it is achieved in card, auxiliary security territory creates and management, and completes the work such as the packing of card application data, business triggering, maintenance.Card application can directly be uploaded to intelligence card management server, by intelligence card management server carry out card application data process, maintenance, and the establishment blocking interior auxiliary security territory of card application and management.Create auxiliary security territory and need to obtain the mandate (safety supports) from former intelligent card management platform.New card application is uploaded or during original card application change, and intelligence card management server need to notify original card management platform, and the card list of application after updating is synchronized to original card management platform.In this pattern work process, while ensuring communication safety, card application is zoomed out with original card management platform isolation of system, the while of reducing system loading and the resource occupation of original platform, improve the safety of system, reduce operations risks and access threshold.It is applicable to that safety is relatively low, partnership relatively simple card applied business.Under transparent transmission mode, card application is directly uploaded to intelligence card management server, by intelligence card management server carry out card application data process, maintenance, and the establishment blocking interior auxiliary security territory of card application and management;Card application download management platform accesses existing intelligent card management platform with business hall simulation model, and the work of analog telecommunications business hall POS completes Card Reader, writes the work such as card, instruction transparent transmission, does not deals with the application packet transmitted, black box transparent transmission.New card application is uploaded or during original card application change, and original platform need to notify intelligence card management server, and the card list of application after updating is synchronized to intelligence card management server.It is higher that this pattern is applicable to security requirement, the card applied business that partnership is relative complex.Publisher and the operator of blocking application under this pattern can be managed this card independently and apply the security domain at place.Such as, the intelligent card management server that card application is accessed by it carries out classification according to card application attribute and preserves, and create access download mark, in order to distinguish the download platform of application, applying (download) to be designated one-level as belonged to the card of original card management platform, card application (download) of ownership intelligence card management server is designated two grades.When user asks to install downloading card application, (download) is designated the card application of one-level will select transparent transmission mode of operation, card application is downloaded and installed to system from original card management platform, (download) is designated the card application of two grades will select two grades of TSM working platform patterns, and card application is downloaded and installed to system from card application download management platform.When having new card application to upload or original card application is changed, place platform should update local card list of application, and notify butt tube platform, and docking platform is by synchronized update.Card application (download) identifies optional visible to user.
For realizing application of IC cards management function, intelligence card management server is mainly responsible for access and the deployment of smart card capabilities, mainly includes that the On-premise application of card ability is mutual with outside distribution, card interior data and the safe access control of ability, the synchronization of user data and management etc..Intelligence card management server may include that 1, internal capacity deployment module; this module can realize following functions; the internal control of ability and deployment on smart card; safety such as sensitive information stores; on card, the protection of data maintains secrecy and secure access, the enciphering and deciphering algorithm of security module and key management etc..Internal capacity deployment module makes the management of the interior space of card and card ability the most reasonable effectively.2, the open gateway of ability, is responsible for service-oriented platform (application of IC cards business platform and external business platform) developing intellectual resource card machine cartoon letters function and smart card capabilities calling function.3, safe access control, is responsible for data on card and the safe access control of application.Safety and the confidentiality of smart card are most important during it uses; on card, operating system to data on card and applies corresponding " file " system to protect with security algorithm by security module on card, it is achieved outside to data in card and the safe access control of application.4, data management is with synchronization, data management and the Tong Bu main local management being responsible for intelligent card data and with outside docking platform or the data syn-chronization of system.Intelligent card data is divided into again application data, business datum and user data, and wherein user data includes again card application developer user data and card application user user data.Smart card related data is optional to be preserved according to preset data attributive classification, need to keep Tong Bu with outside docking platform or system, optional by main passive mode, intelligent card data is carried out real-time synchronization or periodic synchronization.
For card applications client, application of IC cards client is arranged on customer mobile terminal, mainly include user from Service Management, as registered, revise, checking, cancellation etc.;Also include card, terminal applies management that the card applied business of correspondence is relevant, as application download, install, delete, renewal etc..Application of IC cards client is interacted with smart card by terminal inner machine card channel OMAPI, docked with intelligence card management server by external interface, jointly complete user registration, log in, inquire about, the behavior command such as transaction, and acquired results is shown in user terminal with the form of man machine interface, man-card interactive is more visualized, hommization, more operability.The behavior command of application of IC cards client answers synchronized update to arrive corresponding docking platform, as user profile, card application version change etc. should be synchronized in the corresponding customer data base of intelligence card management server, the application of IC cards related data of each terminal, platform and other service nodes should keep synchronizing.
Below to be applied in intelligence card management server illustrate operation flow, the method for the present embodiment comprises the following steps:
Step 101, reception access and control data acquisition request.
Concrete, obtain in request and comprise: third-party application mark, smart card attribute information.Before performing this step, third-party application can initiate application individualized operation's request to the application of IC cards client in terminal, application of IC cards client is initiated to access to intelligence card management server and is controlled request of data (AC_Data_Req), third-party application mark is carried in request, this mark indicates the AID information that the card that it is to be accessed is applied, also include the attribute information of this smart card, this attribute information is for indicating the identity information of smart card, so that intelligence card management server can carry out safety verification and access control data return to the terminal at the smart card place specified this smart card.Wherein, the form accessing control request of data (AC_Data_Req) is as shown in table 2.
Table 2, access control request of data (AC_Data_Req)
Step 102, identify according to third-party application, inquire about in data base, it is thus achieved that with third-party application mark corresponding smart card access control data.
Concrete, intelligence card management server carries out internal data library inquiry, and the card of this third-party application accesses the application of IC cards client that control data (AC_Data_Resp) response is sent in terminal.Wherein, the form of smart card access control data (AC_Data_Resp) being sent to terminal is as shown in table 3.
Table 3, access control data response (AC_Data_Resp)
Step 103, smart card access is controlled data it is sent in the terminal that the smart card corresponding with smart card attribute information is belonged to, so that terminal controls, according to smart card access, the third-party application that data operate this smart card to request carries out authentication operations.
Concrete, after terminal receives access control data, can first carry out locally stored, and authenticate this third-party application according to accessing the access rule controlled in data, and the result after authentication is returned to third-party application.
The data interaction record that step 104, reception terminal send.
Concrete, this data interaction record is that third-party application is authenticated by rear by terminal, carries out, with third-party application, the record that intelligent card data is mutual.If authenticating successfully, the client of application of IC cards can send SELECT [byAID] instruction to card, choose the card Applet wanting mutual, the client of application of IC cards and third-party application obtain APDU alternately, and transparent transmission writes card, and card response data is returned to third-party application, wherein, can be through repeatedly mutual, until terminating alternately between client and the third-party application of application of IC cards.
In sum, the intelligent card in processing method that the present embodiment provides, control data acquisition request by receiving to access, this acquisition request comprises: third-party application mark, smart card attribute information;And identify according to third-party application, inquire about in data base, it is thus achieved that the smart card access corresponding with third-party application mark controls data;Smart card access controls data be sent in the terminal that the smart card corresponding with smart card attribute information is belonged to, so that terminal controls data according to smart card access, and the third-party application of request operation smart card is carried out authentication operations;And by receiving the data interaction record that terminal sends, data interaction record is that third-party application is authenticated by rear by terminal, carries out, with third-party application, the record that intelligent card data is mutual.It is achieved thereby that the data interaction between third-party application and smart card, make smart card resource open to third-party application, improve the resource utilization of smart card.
nullOn the basis of above-described embodiment,Further,Smart card attribute information comprise following at least one: integrated circuit card identification code ICCID (Integratecircuitcardidentity,It is called for short " ICCID "),ICCID is solidificated in the smart card of terminal,It it is the unique identification number of this smart card、International mobile subscriber identity IMSI (InternationalMobileSubscriberIdentificationNumber,It is called for short " IMSI ") it is the mark distinguishing mobile subscriber,Store within a smart card、MSISDN(MobileSubscriberInternationalISDN/PSTNnumber,It is called for short " MSISDN ") can uniquely identify the number of mobile subscriber.
Further, third-party application includes: is positioned in terminal, carried out the third-party application that operates by the application programming interfaces API of smart card and smart card, or include: calls, by WebAPI, the remote third party carrying out operating with smart card and apply.
Concrete, when third-party application on user terminal is if it is desired to carry out data interaction with the card of smart card, need to be completed by the api interface calling smart card client open, or, user can also pass through web browser, realizes the data interaction of remote third party application and the smart card in terminal by WebAPI interface.
Fig. 2 is the flow chart according to a kind of intelligent card in processing method shown in an exemplary embodiment.As shown in Figure 2, the intelligent card in processing method of the present embodiment can apply in the system that smart card carries out application process, application management being made up of terminal, smart card, intelligence card management server (platform), third-party application server (platform), below to be applied in terminal illustrate, terminal can be that mobile phone, PAD, POS etc. can load smart card the terminal unit that can conduct interviews smart card.The method of the present embodiment comprises the following steps:
Step 201, reception application operating request.
Concrete, application operating request comprises third-party application mark.The request of this application operating can be sent by third-party application smart card client in terminal, it is also possible to is sent request by user by smart card client, or is pushed to terminal by third-party application server.
Step 202, to intelligence card management server send access control data acquisition request.
Concrete, obtain in request and comprise: third-party application mark, smart card attribute information.Smart card attribute information comprise following at least one: ICCID, IMSI, MSISDN.
Step 203, receive intelligence card management server and inquire about in data base according to third-party application mark, it is thus achieved that with third-party application mark corresponding smart card access control data.
Step 204, according to smart card access control data third-party application is carried out authentication operations.
Step 205, authentication are by rear, and to carry out intelligent card data mutual with third-party application, and send data interaction and recorded intelligence card management server.
In sum, the intelligent card in processing method that the present embodiment provides, ask by receiving application operating, application operating request comprises third-party application mark;And send access control data acquisition request to intelligence card management server, obtain in request and comprise: third-party application mark, smart card attribute information;Receive intelligence card management server to inquire about in data base according to third-party application mark, it is thus achieved that with third-party application mark corresponding smart card access control data;Control data according to smart card access and third-party application is carried out authentication operations;Authentication is by rear, and to carry out intelligent card data mutual with third-party application, and sends data interaction and recorded intelligence card management server.It is achieved thereby that the data interaction between third-party application and smart card, make smart card resource open to third-party application, improve the resource utilization of smart card.
Fig. 3 is the flow chart according to a kind of intelligent card in processing method shown in another exemplary embodiment, as it is shown on figure 3, on the basis of above-described embodiment, the method for the present embodiment comprises the following steps:
The application operating request that step 301, reception third-party application send.
Concrete, application operating request comprises third-party application mark.
Step 302, to intelligence card management server send access control data acquisition request.
Concrete, obtain in request and comprise: third-party application mark, smart card attribute information.
Step 303, receive intelligence card management server and inquire about in data base according to third-party application mark, it is thus achieved that with third-party application mark corresponding smart card access control data.
Step 304, according to smart card access control data third-party application is carried out authentication operations.
Step 305, authentication, by rear, send application according to third-party application mark to smart card and select instruction, to obtain intended application.
Concrete, application selects instruction for choosing the intended application corresponding with third-party application mark within a smart card.Such as, the client of application of IC cards can send SELECT [byAID] instruction to card, and AID is third-party application mark, to choose the card application Applet wanting mutual, i.e. gets intended application.
Step 306, based on Application Protocol Data Unit APDU, make third-party application on smart cards intended application be carried out writing operation by transparent transmission mode.
Step 307, transmission data interaction recorded intelligence card management server.
This data interaction record can be the individualized notice (APP_Pers_Req) of application that application of IC cards client sends to intelligence card management server, and the form of this notice is as shown in table 4.
Table 4, the individualized notice (APP_Pers_Req) of application
After this step, it is also possible to including: the application individualized notice data receiving terminal transmission are achieved by intelligence card management server, and return to terminal and receive confirmation (APP_Pers_Resp) message.This reception confirms that the form of message is as shown in table 5.
Table 5, reception confirm message (APP_Pers_Resp)
Further, application operating request include following at least one: application is downloaded, application is deleted, application locking, application unblocks, application upgrade, application recovery, application is individualized, card image synchronizes, security domain is installed, security domain is deleted, security domain locking, security domain unlock, security domain key renewal.
Fig. 4 be according to shown in an exemplary embodiment a kind of intelligence card management server block diagram, as shown in Figure 4, this intelligence card management server can pass through software, hardware or both be implemented in combination with become the some or all of of electronic equipment.The intelligent card management server that the present embodiment provides specifically can be applied in intelligent card in processing method, and to realize each step of above-mentioned intelligent card in processing method, it implements process and does not repeats them here.
This intelligence card management server may include that
Receiver module 41, is used for receiving access and controls data acquisition request, obtain in request and comprise: third-party application mark, smart card attribute information.
Enquiry module 42, for identifying according to third-party application, inquires about in data base, it is thus achieved that the smart card access corresponding with third-party application mark controls data.
Sending module 43, is sent in the terminal that the smart card corresponding with smart card attribute information is belonged to for smart card access is controlled data, so that terminal controls data according to smart card access, and the third-party application of request operation smart card is carried out authentication operations.
Receiver module 41, is additionally operable to receive the data interaction record that terminal sends, and data interaction record is that third-party application is authenticated by rear by terminal, carries out, with third-party application, the record that intelligent card data is mutual.
The device of the present embodiment, can be used for performing the technical scheme of embodiment of the method shown in Fig. 1, and it is similar with technique effect that it realizes principle, and here is omitted.
In sum, the intelligent card management server that the present embodiment provides, control data acquisition request by receiving to access, this acquisition request comprises: third-party application mark, smart card attribute information;And identify according to third-party application, inquire about in data base, it is thus achieved that the smart card access corresponding with third-party application mark controls data;Smart card access controls data be sent in the terminal that the smart card corresponding with smart card attribute information is belonged to, so that terminal controls data according to smart card access, and the third-party application of request operation smart card is carried out authentication operations;And by receiving the data interaction record that terminal sends, data interaction record is that third-party application is authenticated by rear by terminal, carries out, with third-party application, the record that intelligent card data is mutual.It is achieved thereby that the data interaction between third-party application and smart card, make smart card resource open to third-party application, improve the resource utilization of smart card.
On the basis of above-described embodiment, further, smart card attribute information comprise following at least one: ICCID, IMSI, MSISDN.
Further, third-party application includes: is positioned in terminal, carried out the third-party application that operates by the application programming interfaces API of smart card and smart card, or include: calls, by WebAPI, the remote third party carrying out operating with smart card and apply.
Fig. 5 is the block diagram according to a kind of terminal shown in an exemplary embodiment, as it is shown in figure 5, this terminal can pass through software, hardware or both be implemented in combination with become the some or all of of electronic equipment.The terminal that the present embodiment provides specifically can be applied in intelligent card in processing method, and to realize each step of above-mentioned intelligent card in processing method, it implements process and does not repeats them here.
This terminal may include that
Receiver module 51, for receiving the application operating request that third-party application sends, comprises third-party application mark in application operating request.
Sending module 52, controls data acquisition request for sending to access to intelligence card management server, obtains in request and comprise: third-party application mark, smart card attribute information.
Receiver module 51, is additionally operable to receive intelligence card management server and inquires about in data base according to third-party application mark, it is thus achieved that the smart card access control data corresponding with third-party application mark.
Authentication module 53, carries out authentication operations for controlling data according to smart card access to third-party application.
Processing module 54, in authentication by rear, to carry out intelligent card data mutual with third-party application.
Sending module 52, is additionally operable to send data interaction and recorded intelligence card management server.
The device of the present embodiment, can be used for performing the technical scheme of embodiment of the method shown in Fig. 2, and it is similar with technique effect that it realizes principle, and here is omitted.
Fig. 6 is the block diagram according to a kind of terminal shown in another exemplary embodiment.As shown in Figure 6, on the basis of above-described embodiment, further, processing module 54 includes:
Obtain submodule 541, select instruction, to obtain intended application for sending application according to third-party application mark to smart card;Application selects instruction for choosing the intended application corresponding with third-party application mark within a smart card.
Process submodule 542, for based on Application Protocol Data Unit APDU, make third-party application on smart cards intended application be carried out writing operation by transparent transmission mode.
Further, application operating request include following at least one: application is downloaded, application is deleted, application locking, application unblocks, application upgrade, application recovery, application is individualized, card image synchronizes, security domain is installed, security domain is deleted, security domain locking, security domain unlock, security domain key renewal.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each method embodiment can be completed by the hardware that programmed instruction is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program upon execution, performs to include the step of above-mentioned each method embodiment;And aforesaid storage medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CDs.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to foregoing embodiments, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or the most some or all of technical characteristic is carried out equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (12)
1. an intelligent card in processing method, it is characterised in that including:
Receive to access and control data acquisition request, described acquisition request comprises: third-party application mark, smart card attribute information;
Identify according to described third-party application, inquire about in data base, it is thus achieved that the smart card access corresponding with described third-party application mark controls data;
Described smart card access control data are sent in the terminal that the smart card corresponding with described smart card attribute information is belonged to, so that described terminal controls data according to described smart card access, and the third-party application of the request described smart card of operation is carried out authentication operations;
Receiving the data interaction record that described terminal sends, described data interaction record is that described third-party application is authenticated by rear by described terminal, carries out, with described third-party application, the record that intelligent card data is mutual.
Method the most according to claim 1, it is characterised in that described smart card attribute information comprise following at least one: ICCID, IMSI, MSISDN.
Method the most according to claim 1, it is characterised in that described third-party application includes:
It is positioned in described terminal, carried out the third-party application that operates by the application programming interfaces API of described smart card and described smart card, or include: call, by WebAPI, the remote third party carrying out operating with described smart card and apply.
4. an intelligent card in processing method, it is characterised in that including:
Reception application operating is asked, and comprises described third-party application mark in the request of described application operating;
Send to access to intelligence card management server and control data acquisition request, described acquisition request comprises: described third-party application mark, smart card attribute information;
Receive described intelligence card management server to inquire about in data base according to described third-party application mark, it is thus achieved that with described third-party application mark corresponding smart card access control data;
Control data according to described smart card access and described third-party application is carried out authentication operations;
Authentication is by rear, and to carry out intelligent card data mutual with described third-party application, and sends data interaction and recorded described intelligence card management server.
Method the most according to claim 4, it is characterised in that described and described third-party application carries out intelligent card data and includes alternately:
Send application according to described third-party application mark to smart card and select instruction, to obtain intended application;Described application selects instruction for choosing the described intended application corresponding with described third-party application mark in described smart card;
Based on Application Protocol Data Unit APDU, make described third-party application, on described smart card, described intended application be carried out writing operation by transparent transmission mode.
Method the most according to claim 4, it is characterized in that, the request of described application operating include following at least one: application is downloaded, application is deleted, application locking, application unblocks, application upgrade, application recovery, application is individualized, card image synchronizes, security domain is installed, security domain is deleted, security domain locking, security domain unlock, security domain key renewal.
7. an intelligent card management server, it is characterised in that including:
Receiver module, is used for receiving access and controls data acquisition request, comprise: third-party application mark, smart card attribute information in described acquisition request;Enquiry module, for identifying according to described third-party application, inquires about in data base, it is thus achieved that the smart card access corresponding with described third-party application mark controls data;
Sending module, for described smart card access control data are sent in the terminal that the smart card corresponding with described smart card attribute information is belonged to, so that described terminal controls data according to described smart card access, and the third-party application of the request described smart card of operation is carried out authentication operations;
Described receiver module, is additionally operable to receive the data interaction record that described terminal sends, and described data interaction record is that described third-party application is authenticated by rear by described terminal, carries out, with described third-party application, the record that intelligent card data is mutual.
Server the most according to claim 7, it is characterised in that
Described smart card attribute information comprise following at least one: ICCID, IMSI, MSISDN.
Server the most according to claim 7, it is characterised in that described third-party application includes:
It is positioned in described terminal, carried out the third-party application that operates by the application programming interfaces API of described smart card and described smart card, or include: call, by WebAPI, the remote third party carrying out operating with described smart card and apply.
10. a terminal, it is characterised in that including:
Receiver module, is used for receiving application operating request, comprises described third-party application mark in the request of described application operating;
Sending module, controls data acquisition request for sending to access to intelligence card management server, comprises: described third-party application mark, smart card attribute information in described acquisition request;
Described receiver module, is additionally operable to receive described intelligence card management server and inquires about in data base according to described third-party application mark, it is thus achieved that the smart card access control data corresponding with described third-party application mark;
Authentication module, carries out authentication operations for controlling data according to described smart card access to described third-party application;
Processing module, in authentication by rear, to carry out intelligent card data mutual with described third-party application;
Described sending module, is additionally operable to send data interaction and recorded described intelligence card management server.
11. terminals according to claim 10, it is characterised in that described processing module includes:
Obtain submodule, select instruction, to obtain intended application for sending application according to described third-party application mark to smart card;Described application selects instruction for choosing the described intended application corresponding with described third-party application mark in described smart card;Process submodule, for based on Application Protocol Data Unit APDU, make described third-party application, on described smart card, described intended application be carried out writing operation by transparent transmission mode.
12. terminals according to claim 10, it is characterized in that, the request of described application operating include following at least one: application is downloaded, application is deleted, application locking, application unblocks, application upgrade, application recovery, application is individualized, card image synchronizes, security domain is installed, security domain is deleted, security domain locking, security domain unlock, security domain key renewal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610150829.9A CN105825134A (en) | 2016-03-16 | 2016-03-16 | Intelligent card processing method, intelligent card management server and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610150829.9A CN105825134A (en) | 2016-03-16 | 2016-03-16 | Intelligent card processing method, intelligent card management server and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105825134A true CN105825134A (en) | 2016-08-03 |
Family
ID=56523863
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610150829.9A Pending CN105825134A (en) | 2016-03-16 | 2016-03-16 | Intelligent card processing method, intelligent card management server and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105825134A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108021967A (en) * | 2017-12-05 | 2018-05-11 | 北京小米移动软件有限公司 | Replicate the method, apparatus and computer-readable recording medium of smart card |
| CN110366161A (en) * | 2018-04-11 | 2019-10-22 | 中国移动通信有限公司研究院 | Open chucking method, device, relevant device and storage medium |
| CN113569208A (en) * | 2021-07-27 | 2021-10-29 | 恒宝股份有限公司 | Data management method, smart card and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1659911A (en) * | 2002-05-30 | 2005-08-24 | 阿克萨尔托股份有限公司 | Secure interaction between downloaded application code and a smart card in a mobile communication apparatus |
| CN101231768A (en) * | 2008-01-25 | 2008-07-30 | 北京深思洛克数据保护中心 | Multi-application intelligent card and method for realizing intelligent card multi application |
| CN101742480A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for distributing initial key of slave security domain of intelligent card and mobile terminal |
| CN101917700A (en) * | 2010-05-27 | 2010-12-15 | 大唐微电子技术有限公司 | Method for using service application and user identification module |
| CN103514397A (en) * | 2013-09-29 | 2014-01-15 | 西安酷派软件科技有限公司 | Server, terminal and authority management and permission method |
-
2016
- 2016-03-16 CN CN201610150829.9A patent/CN105825134A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1659911A (en) * | 2002-05-30 | 2005-08-24 | 阿克萨尔托股份有限公司 | Secure interaction between downloaded application code and a smart card in a mobile communication apparatus |
| CN101231768A (en) * | 2008-01-25 | 2008-07-30 | 北京深思洛克数据保护中心 | Multi-application intelligent card and method for realizing intelligent card multi application |
| CN101742480A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method and system for distributing initial key of slave security domain of intelligent card and mobile terminal |
| CN101917700A (en) * | 2010-05-27 | 2010-12-15 | 大唐微电子技术有限公司 | Method for using service application and user identification module |
| CN103514397A (en) * | 2013-09-29 | 2014-01-15 | 西安酷派软件科技有限公司 | Server, terminal and authority management and permission method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108021967A (en) * | 2017-12-05 | 2018-05-11 | 北京小米移动软件有限公司 | Replicate the method, apparatus and computer-readable recording medium of smart card |
| CN110366161A (en) * | 2018-04-11 | 2019-10-22 | 中国移动通信有限公司研究院 | Open chucking method, device, relevant device and storage medium |
| CN113569208A (en) * | 2021-07-27 | 2021-10-29 | 恒宝股份有限公司 | Data management method, smart card and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110855791B (en) | Block link point deployment method and related equipment | |
| US9185554B2 (en) | System and methods to store, retrieve, manage, augment and monitor applications on appliances | |
| US9602474B2 (en) | Controlling mobile device access to secure data | |
| EP2992669B1 (en) | Image analysis and management | |
| CN105308923B (en) | Data management to the application with multiple operating mode | |
| CN100505927C (en) | Dynamic password identification method | |
| EP2741548A2 (en) | Method for changing mno in embedded sim on basis of dynamic key generation and embedded sim and recording medium therefor | |
| CN106031128B (en) | The method and apparatus of mobile device management | |
| GB2457221A (en) | Smart Card Web Server (SCWS) administration within a plurality of security domains | |
| CN108028749B (en) | For virtualizing device, method and the system of the universal integrated circuit chip of Reprogrammable | |
| CN106230843A (en) | A kind of for the smart mobile phone configuration method of cloud virtual mobile phone, server and system | |
| CN107924431B (en) | Anonymous application program packaging | |
| CN108229213A (en) | Access control method, system and electronic equipment | |
| JP6923582B2 (en) | Information processing equipment, information processing methods, and programs | |
| CN105812370B (en) | Intelligent card in processing method, apparatus and system | |
| CN105850155A (en) | System and method for managing application data of contactless card applications | |
| CN105825134A (en) | Intelligent card processing method, intelligent card management server and terminal | |
| CN109040066B (en) | Method and device for docking cloud security management platform with cloud security product | |
| US9363081B2 (en) | License administration device and license administration method | |
| KR101096491B1 (en) | Smart card having multi-SCWS, method thereof and mobile equipment using the same | |
| CN109600220B (en) | Trusted service management method and system for Java card | |
| JP6394068B2 (en) | Service application distribution system, service application distribution method, and service information management server | |
| CN104813333A (en) | Method for downloading at least one software component onto a computing device, and associated computer program product, computing device and computer system | |
| TWI768307B (en) | Open source software integration approach | |
| KR100913976B1 (en) | Use of configurations in device with multiple configurations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160803 |
|
| RJ01 | Rejection of invention patent application after publication |