CN108684034B - Data transmission method and device - Google Patents

Data transmission method and device Download PDF

Info

Publication number
CN108684034B
CN108684034B CN201810469651.3A CN201810469651A CN108684034B CN 108684034 B CN108684034 B CN 108684034B CN 201810469651 A CN201810469651 A CN 201810469651A CN 108684034 B CN108684034 B CN 108684034B
Authority
CN
China
Prior art keywords
operator
data
ciphertext data
semantic
prefix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810469651.3A
Other languages
Chinese (zh)
Other versions
CN108684034A (en
Inventor
仇剑书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201810469651.3A priority Critical patent/CN108684034B/en
Publication of CN108684034A publication Critical patent/CN108684034A/en
Application granted granted Critical
Publication of CN108684034B publication Critical patent/CN108684034B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data transmission method and a device, wherein the method comprises the following steps: obtaining first data from a smart card to be transmitted to an operator; acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data; and transmitting the first ciphertext data to an application corresponding to the operator, so that the application sends the first ciphertext data to the operator. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.

Description

Data transmission method and device
Technical Field
The present application relates to the field of communications, and in particular, to a data transmission method and apparatus.
Background
In recent years, eSIM technology has been rapidly developed, and its application range is expanded from internet of things devices to public mobile devices, and GSMA has issued corresponding international standards (sgp.22). The application and popularization of the eSIM enable users to realize downloading, updating and replacing of personal data through terminals, operators providing services do not need to spend time to go to entity business halls to handle related services, and great convenience is brought to the users.
However, data in the embedded card belongs to security information related to user privacy, and potential safety hazards of malicious tampering and card data copying by third-party application exist, so that data exchange is established between the current GSMA standard and the embedded card without opening a terminal application. Therefore, for the embedded card at present, the user still needs to carry the identity document to a business hall for handling when establishing the subscription relationship with the operator for the first time, and the subscription process is complicated.
Disclosure of Invention
The application provides a data transmission method and device, which are used for conveniently and quickly realizing subscription.
A first aspect of the present application provides a data transmission method, including: obtaining first data from a smart card to be transmitted to an operator; acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data; and transmitting the first ciphertext data to an application corresponding to the operator, so that the application sends the first ciphertext data to the operator.
A second aspect of the present application provides a data transmission apparatus, including: the first transmission module is used for obtaining first data needing to be transmitted to an operator from the intelligent card; the processing module is used for acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data; and the second transmission module is used for transmitting the first ciphertext data to an application corresponding to the operator so that the application sends the first ciphertext data to the operator.
According to the data transmission method and device, data needing to be transmitted to an operator are obtained from the smart card based on the access right of the smart card, the data are encrypted by using a public key certificate of the operator and then transmitted to the application corresponding to the operator, the application corresponding to the operator sends the data to the operator, and data transmission between the smart card and the operator is completed on the premise that data safety is guaranteed. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1-fig. 2 are schematic flow charts illustrating a data transmission method according to an embodiment of the present application;
fig. 3-4 are schematic flow charts of a data transmission method according to a second embodiment of the present application;
fig. 5 is a schematic structural diagram of a data transmission device according to a third embodiment of the present application;
fig. 6 is an architecture implementation diagram of a data transmission device according to a fifth embodiment of the present application;
fig. 7 is a schematic structural diagram of a data transmission device according to a sixth embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims. The embodiments in the present application may be implemented individually or in combination without conflict.
Fig. 1 is a schematic flow chart of a data transmission method provided in an embodiment of the present application, and referring to fig. 1, a data transmission method provided in this embodiment is used for conveniently and quickly implementing a subscription, specifically, the data transmission method is applied to a data transmission device in this embodiment for example, and the method includes:
101. obtaining first data from a smart card to be transmitted to an operator;
102. acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data;
103. and transmitting the first ciphertext data to an application corresponding to the operator, so that the application sends the first ciphertext data to the operator.
In practical applications, the execution main body of the embodiment may be a data transmission device, and the data transmission device may be a driver, application software, or a medium storing a related computer program, such as a usb disk; alternatively, the data transmission device may also be a physical device, such as a chip, an intelligent terminal, a computer, etc., integrated with or installed with the relevant computer program. As an example, the data transfer device may be a terminal application with smart card access rights.
Combining the actual scene for example: in practical applications, an embedded smart card (eUICC) is a hardware carrier defined by the GSMA sgp.22 standard, and is used for installing card data provided by an operator, so that the embedded smart card implements the functions of an SIM card. According to the standard definition, a Local Profile Assistant (LPA) on the terminal is a terminal application that can directly access the eUICC. The data transmission apparatus in this embodiment may be implemented as an LPA.
Specifically, the data transmission device obtains first data from the smart card to be transmitted to the operator. In connection with the actual scenario of the subscription, this first data may include, but is not limited to, an identification (e.g., EID) of the eUICC. In addition, in order to further ensure data security, the scheme also encrypts the data to be transmitted based on the public key certificate of the operator. Specifically, the data transmission device obtains a public key certificate of an operator who signs a contract as required, and encrypts the first data by using the public key certificate.
Optionally, there are various methods for determining the data transmission object, and still taking a subscription scenario as an example, an operator needing subscription is the data transmission object. As an example, on the basis of the first embodiment, before 101, the method may further include:
and receiving an operator identification input by a user, and determining the operator according to the operator identification.
Specifically, taking the data transmission device as an LPA, for example, a user may open an interactive interface of an LPA application, where the interactive interface provides an interface for selecting an operator that needs to sign up. Accordingly, the user may select the operator that wishes to sign up under the interface. The data transmission device determines the data transmission object according to the operator selected by the user.
In another example, on the basis of the first embodiment, before 101, the method may further include:
receiving an operator identifier sent by an application corresponding to an operator, and determining the operator according to the operator identifier.
Specifically, in practical applications, the terminal may be installed with applications corresponding to operators, optionally, each application corresponds to one operator, and the operators corresponding to different applications may be the same or different. The application corresponding to the operator is the official application of the operator, so that the safety can be ensured. Correspondingly, the user can also trigger the subscription under the application interactive interface of the operator, and the application of the operator transmits the corresponding operator identifier to the data transmission device under the trigger of the user, so that the data transmission device determines the data transmission object according to the operator identifier.
The two implementation modes can determine the object of data transmission, thereby realizing convenient and rapid signing.
In addition, the data to be transmitted needs to be encrypted based on the object of the data transmission. Optionally, in the present solution, a public key certificate of an operator needing to be signed is used to encrypt data that needs to be transmitted to the operator. Preferably, on the basis of the first embodiment, the obtaining, by the first application in 102, the public key certificate of the first operator may specifically include:
detecting whether a public key certificate of the first operator exists in a local public key certificate;
and if the public key certificate exists, reading the public key certificate of the first operator, otherwise, accessing a certificate management platform and downloading the public key certificate of the first operator.
Specifically, the data transmission device may be preset with a public key certificate of an operator, and a network address of the certificate management platform. The certificate management platform is a public platform and stores public key certificates of various operators. In practical applications, the data transmission device is usually a terminal application installed in a terminal, and the number of preset public key certificates is limited, so that fewer public key certificates can be preset. For example, only public key certificates of operators in the terminal, in which their associated applications are installed, may be provisioned. And the certificate management platform can comprehensively store public key certificates of all operators. The operator saves the own public key certificate to the platform in advance, and the operator identification can be used as the index of the public key certificate.
Taking the data transmission device as an LPA for example, if a public key certificate of a selected operator is preset in LPA software, the certificate can be used; if the public key certificate of the selected operator is not preset, the LPA software accesses the certificate management platform through the network, and downloads the public key certificate of the operator by taking the identifier of the operator as an index.
In addition, the public key certificates of various operators are comprehensively stored on the certificate management platform, so that the data encryption for different operators is carried out, and the safety and the reliability of data transmission are ensured.
In the scheme, after the data transmission device obtains the public key certificate of the operator, the public key certificate can be used for encrypting the data to be transmitted to the operator. And the data transmission device transmits the encrypted data to an application corresponding to an operator and sends the encrypted data to the operator through the application corresponding to the operator.
Optionally, the transmission of the encrypted data to the application corresponding to the operator may be implemented in various ways.
As an implementation manner, the data transmission device may provide an API interface for data exchange to an application corresponding to the operator, and accordingly, the data transmission device may directly transmit the encrypted data to the application corresponding to the operator based on the API interface.
As another implementable manner, as shown in fig. 2, on the basis of the first embodiment, 103 may specifically include:
1031. converting the format of the first ciphertext data into a printable string;
1032. adding a first semantic prefix to the first ciphertext data, and storing the first semantic prefix to a system clipboard, so that when an application corresponding to the operator runs, if it is detected that the first ciphertext data carrying the first semantic prefix is stored in the current system clipboard, the first ciphertext data is transmitted to the application corresponding to the operator.
Specifically, the data transmission device encrypts data to be transmitted to the operator using a public key certificate of the operator, and then obtains ciphertext data. Then, the data transmission device converts the format of the ciphertext data into a printable string (for example, first performs base64 encoding, and then performs URL encode). And adding a semantic prefix to the ciphertext data subjected to format conversion to obtain the ciphertext data carrying the semantic prefix. In practical applications, the semantic prefix may represent a direction of data transmission, for example, the data needs to be transmitted to an operator, or the data needs to be transmitted to a smart card, and the semantic prefixes in different transmission directions may be different, and the semantic prefixes may be predefined. Taking data to be transmitted to a certain operator as an example, the ciphertext data structure carrying the first semantic prefix obtained based on the processing flow may be: esim-eid:// < operator identification >/< eid ciphertext data >.
And after obtaining the ciphertext data carrying the semantic prefix, storing the ciphertext data carrying the semantic prefix to a system shear plate. Subsequently, when the application corresponding to the operator runs, the system clipboard is automatically detected, and if ciphertext data carrying the first semantic prefix (representing that the data needs to be transmitted to the operator) is stored, the data is sent to the operator, so that the data transmission from the smart card to the operator is realized. In practical applications, before sending data, an application corresponding to an operator may first determine whether a transmission object of the data is consistent with the operator corresponding to the application, and if so, the application corresponding to the operator parses ciphertext data from the ciphertext data carrying the semantic prefix and sends the ciphertext data to the operator (for example, an operator IT support system to start a subscription process).
According to the data transmission method, data needing to be transmitted to an operator are obtained from the smart card based on the access authority of the smart card, the data are encrypted by using a public key certificate of the operator and then transmitted to the application corresponding to the operator, the application corresponding to the operator sends the data to the operator, and data transmission between the smart card and the operator is completed on the premise that data safety is guaranteed. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.
In practical application, in combination with a signing scene, after data is transmitted from the smart card to an operator based on the scheme, the operator decrypts the received ciphertext data according to a preset private key corresponding to a public key certificate of the operator, and signs. The specific steps of the subscription process are not described in detail herein. After signing is completed, the eSIM management platform distributes an electronic card for the intelligent card and binds the electronic card with the intelligent card. At the same time, the eSIM management platform generates an activation code (whose format is defined in the GSMA standard) for downloading the electronic card, which is sent to the operator. Subsequently, the operator needs to transmit the activation code to the data transmission device.
Fig. 3 is a schematic flow chart of a data transmission method provided in the second embodiment of the present application, and referring to fig. 3, a data transmission method provided in this embodiment is used for conveniently and quickly implementing a subscription, specifically, the present embodiment is still exemplified by applying the data transmission method to a data transmission device, and on the basis of the first embodiment, the method further includes:
201. acquiring second ciphertext data transmitted by an application corresponding to an operator, wherein the second ciphertext data comprises second data which is sent to the application by the operator and needs to be transmitted to a smart card;
202. acquiring a public key certificate of the operator, and decrypting the second ciphertext data by using the public key certificate to acquire the second data;
203. transmitting the second data to the smart card.
Combining the actual scene for example: in connection with the actual scenario of the subscription, this second data may include, but is not limited to, an activation code, electronic card data, etc. In order to further ensure data security, in this embodiment, before the operator sends data to the corresponding application, the operator first uses the private key of the operator to encrypt the data to be transmitted, so as to obtain second ciphertext data. And the application corresponding to the operator transmits the received second ciphertext data to the data transmission device. The data transmission device determines a transmission party of the second ciphertext data, namely an operator sending the ciphertext data, decrypts the ciphertext data by using a public key certificate of the operator to obtain corresponding data, and the data can be data required to be transmitted to the smart card. Taking a subscription scene as an example, the activation code may be transmitted to the data transmission device through the above scheme, and after the activation code is obtained, the electronic card downloading and installation process is started, where the process is a gsm a eSIM standard process and is not described in detail herein.
Optionally, the transmitting of the encrypted data to the data transmission device by the application corresponding to the operator may be implemented in various ways.
As an implementable manner, the data transmission device may provide an API interface for data exchange, and accordingly, the application corresponding to the operator may directly transmit the second ciphertext data to the data transmission device based on the API interface.
As another implementable manner, as shown in fig. 4, on the basis of the second embodiment, 201 may specifically include:
2011. detecting whether second ciphertext data carrying a second semantic prefix exists in a current system clipboard, wherein the second ciphertext data carrying the second semantic prefix is obtained by converting the format of the second ciphertext data received from an operator into a printable character string and adding the second semantic prefix to the printable character string by an application corresponding to the operator;
2012. and if second ciphertext data carrying a second semantic prefix exists in the current system clipboard, analyzing the second ciphertext data from the second ciphertext data.
Specifically, the application corresponding to the operator converts the format of the received second ciphertext data, and specifically converts the format into a printable string (for example, first performing base64 encoding, and then performing URL encode). And adding a semantic prefix to the ciphertext data subjected to format conversion to obtain the ciphertext data carrying the semantic prefix. In practical applications, the semantic prefix may represent a direction of data transmission, for example, the data needs to be transmitted to an operator, or the data needs to be transmitted to a smart card, and the semantic prefixes in different transmission directions may be different, and the semantic prefixes may be predefined. Taking data to be transmitted to the smart card as an example, the ciphertext data structure carrying the semantic prefix obtained based on the processing flow may be: esim-ac:// < operator identification >/< activation code ciphertext >.
After the application corresponding to the operator obtains the ciphertext data carrying the second semantic prefix, the ciphertext data carrying the second semantic prefix is stored in the system clipboard. Subsequently, when the data transmission device runs, the system shear plate is automatically detected, if ciphertext data carrying a second semantic prefix (representing that the ciphertext data needs to be transmitted to the smart card) is stored, an operator identifier is analyzed, a public key certificate of the operator is obtained, the ciphertext data is decrypted by using the public key certificate, the data obtained by decryption is sent to the smart card, and data transmission from the operator to the smart card is achieved.
According to the data transmission method, based on the access authority of the intelligent card, the ciphertext data which is required to be transmitted and is acquired through the application corresponding to the operator is decrypted by using the public key certificate of the operator and then transmitted to the intelligent card, and on the premise that data safety is guaranteed, data transmission between the intelligent card and the operator is completed. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.
Fig. 5 is a schematic structural diagram of a data transmission device provided in a third embodiment of the present application, and referring to fig. 5, the data transmission device provided in this embodiment is used for conveniently and quickly implementing a subscription, and specifically, the data transmission device includes:
a first transmission module 51, configured to obtain, from the smart card, first data to be transmitted to the operator;
the processing module 52 is configured to obtain a public key certificate of the operator, and encrypt the first data using the public key certificate to obtain first ciphertext data;
the second transmission module 53 is configured to transmit the first ciphertext data to an application corresponding to the operator, so that the application sends the first ciphertext data to the operator.
In practical applications, the data transmission device may be a driver, application software, or a medium storing a related computer program, such as a usb disk; alternatively, the data transmission device may also be a physical device, such as a chip, an intelligent terminal, a computer, etc., integrated with or installed with the relevant computer program. As an example, the data transmission apparatus may be a terminal application having a smart card access right, and the data transmission apparatus in this embodiment may be implemented as an LPA.
Combining the actual scene for example: in particular, the first transmission module 51 obtains from the smart card first data that needs to be transmitted to the operator. In combination with the actual signing scenario, the first data may include, but is not limited to, an identifier (e.g., EID) of the eUICC, the processing module 52 obtains a public key certificate of an operator who needs to sign a contract according to the operator, and encrypts the first data using the public key certificate, and accordingly, based on the scheme, after receiving the encrypted data, the operator decrypts the encrypted data using a corresponding private key, so as to obtain the transmitted data.
Optionally, there are various methods for determining the data transmission object, and still taking a subscription scenario as an example, an operator needing subscription is the data transmission object. As an example, on the basis of the third embodiment, the apparatus may further include:
and the interaction module is used for receiving an operator identifier input by a user and determining the operator according to the operator identifier.
In another example, on the basis of the third embodiment, the second transmission module 53 is further configured to receive an operator identifier sent by an application corresponding to an operator, and determine the operator according to the operator identifier.
The two implementation modes can determine the object of data transmission, thereby realizing convenient and rapid signing.
In addition, the data to be transmitted needs to be encrypted based on the object of the data transmission. Optionally, in the present solution, a public key certificate of an operator needing to be signed is used to encrypt data that needs to be transmitted to the operator. Preferably, on the basis of the third embodiment, the processing module 52 may specifically include:
the searching unit is used for detecting whether the public key certificate of the first operator exists in a local public key certificate;
and the acquisition unit is used for reading the public key certificate of the first operator if the public key certificate exists, and otherwise, accessing the certificate management platform and downloading the public key certificate of the first operator.
In addition, the public key certificates of various operators are comprehensively stored on the certificate management platform, so that the data encryption for different operators is carried out, and the safety and the reliability of data transmission are ensured.
In the scheme, after the data transmission device obtains the public key certificate of the operator, the public key certificate can be used for encrypting the data to be transmitted to the operator. And the data transmission device transmits the encrypted data to an application corresponding to an operator and sends the encrypted data to the operator through the application corresponding to the operator.
Optionally, the transmission of the encrypted data to the application corresponding to the operator may be implemented in various ways.
As an implementation manner, the data transmission apparatus may provide an API interface for data exchange to an application corresponding to the operator, and accordingly, the second transmission module 53 may directly transmit the encrypted data to the application corresponding to the operator based on the API interface.
As another implementable manner, on the basis of the third embodiment, the second transmission module 53 includes:
the conversion unit is used for converting the format of the first ciphertext data into a printable character string;
and the processing unit is used for adding a first semantic prefix to the first ciphertext data and storing the first semantic prefix to a system clipboard, so that when the application corresponding to the operator runs, if the fact that the first ciphertext data carrying the first semantic prefix is stored in the current system clipboard is detected, the first ciphertext data is sent to the operator.
The data transmission device provided by the application obtains data needing to be transmitted to an operator from the smart card based on the access authority of the smart card, transmits the data to the application corresponding to the operator after the data is encrypted by utilizing a public key certificate of the operator, and transmits the data to the operator by the application corresponding to the operator, so that the data transmission between the smart card and the operator is completed on the premise of ensuring the data safety. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.
A fourth embodiment of the present application provides a data transmission device, which is used to implement a subscription conveniently and quickly, and specifically, on the basis of the third embodiment,
the second transmission module 53 is further configured to obtain second ciphertext data transmitted by the application corresponding to the operator, where the second ciphertext data includes second data that the operator sends to the application and needs to be transmitted to the smart card;
the processing module 52 is further configured to obtain a public key certificate of the operator, and decrypt the second ciphertext data by using the public key certificate to obtain the second data;
the first transmission module 51 is further configured to transmit the second data to the smart card.
Optionally, the transmitting of the encrypted data to the data transmission device by the application corresponding to the operator may be implemented in various ways.
As an implementable manner, the data transmission device may provide an API interface for data exchange, and accordingly, the application corresponding to the operator may directly transmit the second ciphertext data to the second transmission module 53 based on the API interface.
As another implementable manner, on the basis of the fourth embodiment, the second transmission module 53 includes:
the detection unit is used for detecting whether second ciphertext data carrying a second semantic prefix exists in the current system clipboard, wherein the second ciphertext data carrying the second semantic prefix is obtained by converting the format of the second ciphertext data received from an operator into a printable character string and adding the second semantic prefix to the printable character string by an application corresponding to the operator;
and the analysis unit is used for analyzing the second ciphertext data from the current system clipboard if the second ciphertext data carrying the second semantic prefix exists in the current system clipboard.
The application provides a data transmission device, based on the access authority to the smart card, will pass through the ciphertext data that needs the transmission that the application that the operator corresponds obtained, use the public key certificate of this operator to transmit for the smart card after the decryption, under the prerequisite of guaranteeing data security, accomplish the data transmission between smart card and the operator. According to the scheme, the data transmission device with the smart card access authority is utilized to realize data transmission between the application corresponding to the operator and the smart card, and data are transmitted only through the application of the trusted operator, so that data safety can be guaranteed, a user does not need to go to a business hall for handling, and signing can be conveniently and quickly realized.
The above embodiments may be implemented individually or in combination without conflict. Alternatively, the modules may be separately or integrally arranged, for example, modules performing the same or similar functions may be implemented by the same module, and the division of the modules in the foregoing embodiments is only one example.
Fig. 6 is an architecture implementation diagram of a data transmission apparatus according to a fifth embodiment of the present disclosure, as shown in the figure, in this embodiment, the data transmission apparatus is an LPA, which is responsible for accessing the smart card, the certificate management platform, and the eSIM management platform, and performs data transmission with an operator application (operator APP). The operator APP is responsible for data transfer with the operator (e.g., operator IT support system).
Fig. 7 is a schematic structural diagram of a data transmission device according to a sixth embodiment of the present application, where the data transmission device includes: a memory and at least one processor.
A memory for storing a computer program. The memory may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory. The at least one processor executes the computer program stored by the memory to implement the method in the above-described embodiments.
The processor may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Optionally, in a specific implementation, if the communication interface, the memory, and the processor are implemented independently, the communication interface, the memory, and the processor may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Optionally, in a specific implementation, if the communication interface, the memory and the processor are integrated on a chip, the communication interface, the memory and the processor may complete the same communication through an internal interface.
An embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium may include: various media capable of storing computer programs, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer programs are stored in the computer readable storage medium and used in the method in the foregoing embodiments.
It is clear to those skilled in the art that for the convenience and brevity of description, the specific working process of the above described apparatus may refer to the corresponding process in the foregoing method embodiments.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (8)

1. A method of data transmission, comprising:
obtaining first data from a smart card to be transmitted to an operator;
acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data;
transmitting the first ciphertext data to an application corresponding to the operator, so that the application sends the first ciphertext data to the operator;
the transmitting the first ciphertext data to an application corresponding to the operator so that the application sends the first ciphertext data to the operator includes:
converting the format of the first ciphertext data into a printable string;
adding a first semantic prefix to the first ciphertext data, storing the first semantic prefix to a system clipboard, and sending the first ciphertext data to the operator if the fact that the first ciphertext data carrying the first semantic prefix is stored in the current system clipboard is detected when an application corresponding to the operator runs.
2. The method of claim 1, wherein prior to obtaining the first data from the smart card for transmission to the operator, further comprising:
receiving an operator identification input by a user, and determining the operator according to the operator identification; alternatively, the first and second electrodes may be,
receiving an operator identifier sent by an application corresponding to an operator, and determining the operator according to the operator identifier.
3. The method of claim 1, further comprising:
acquiring second ciphertext data transmitted by an application corresponding to an operator, wherein the second ciphertext data comprises second data which is sent to the application by the operator and needs to be transmitted to a smart card;
acquiring a public key certificate of the operator, and decrypting the second ciphertext data by using the public key certificate to acquire the second data;
transmitting the second data to the smart card.
4. The method of claim 3, wherein the obtaining second ciphertext data transmitted by the application corresponding to the operator comprises:
detecting whether second ciphertext data carrying a second semantic prefix exists in a current system clipboard, wherein the second ciphertext data carrying the second semantic prefix is obtained by converting the format of the second ciphertext data received from an operator into a printable character string and adding the second semantic prefix to the printable character string by an application corresponding to the operator;
and if second ciphertext data carrying a second semantic prefix exists in the current system clipboard, analyzing the second ciphertext data from the second ciphertext data.
5. A data transmission apparatus, comprising:
the first transmission module is used for obtaining first data needing to be transmitted to an operator from the intelligent card;
the processing module is used for acquiring a public key certificate of the operator, and encrypting the first data by using the public key certificate to acquire first ciphertext data;
the second transmission module is used for transmitting the first ciphertext data to an application corresponding to the operator so that the application sends the first ciphertext data to the operator;
the second transmission module includes:
the conversion unit is used for converting the format of the first ciphertext data into a printable character string;
and the processing unit is used for adding a first semantic prefix to the first ciphertext data and storing the first semantic prefix to a system clipboard, so that when the application corresponding to the operator runs, if the fact that the first ciphertext data carrying the first semantic prefix is stored in the current system clipboard is detected, the first ciphertext data is sent to the operator.
6. The apparatus of claim 5, further comprising:
the interaction module is used for receiving an operator identifier input by a user and determining the operator according to the operator identifier; alternatively, the first and second electrodes may be,
the second transmission module is further configured to receive an operator identifier sent by an application corresponding to an operator, and determine the operator according to the operator identifier.
7. The apparatus of claim 5,
the second transmission module is further configured to acquire second ciphertext data transmitted by an application corresponding to an operator, where the second ciphertext data includes second data that the operator sends to the application and needs to be transmitted to the smart card;
the processing module is further configured to obtain a public key certificate of the operator, and decrypt the second ciphertext data using the public key certificate to obtain the second data;
the first transmission module is further configured to transmit the second data to the smart card.
8. The apparatus of claim 7, wherein the second transmission module comprises:
the detection unit is used for detecting whether second ciphertext data carrying a second semantic prefix exists in the current system clipboard, wherein the second ciphertext data carrying the second semantic prefix is obtained by converting the format of the second ciphertext data received from an operator into a printable character string and adding the second semantic prefix to the printable character string by an application corresponding to the operator;
and the analysis unit is used for analyzing the second ciphertext data from the current system clipboard if the second ciphertext data carrying the second semantic prefix exists in the current system clipboard.
CN201810469651.3A 2018-05-16 2018-05-16 Data transmission method and device Active CN108684034B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810469651.3A CN108684034B (en) 2018-05-16 2018-05-16 Data transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810469651.3A CN108684034B (en) 2018-05-16 2018-05-16 Data transmission method and device

Publications (2)

Publication Number Publication Date
CN108684034A CN108684034A (en) 2018-10-19
CN108684034B true CN108684034B (en) 2021-03-30

Family

ID=63806391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810469651.3A Active CN108684034B (en) 2018-05-16 2018-05-16 Data transmission method and device

Country Status (1)

Country Link
CN (1) CN108684034B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017041306A1 (en) * 2015-09-11 2017-03-16 华为技术有限公司 Profile processing method, profile processing apparatus, user terminal and euicc
CN106851628A (en) * 2013-12-05 2017-06-13 华为终端有限公司 Download the method and apparatus of the file of operator
CN106899540A (en) * 2015-12-17 2017-06-27 中国电信股份有限公司 The update method of user contracting data, management system, eUICC and terminal
CN107113320A (en) * 2016-01-29 2017-08-29 华为技术有限公司 A kind of method, relevant device and system for downloading signed instrument

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106851628A (en) * 2013-12-05 2017-06-13 华为终端有限公司 Download the method and apparatus of the file of operator
WO2017041306A1 (en) * 2015-09-11 2017-03-16 华为技术有限公司 Profile processing method, profile processing apparatus, user terminal and euicc
CN106899540A (en) * 2015-12-17 2017-06-27 中国电信股份有限公司 The update method of user contracting data, management system, eUICC and terminal
CN107113320A (en) * 2016-01-29 2017-08-29 华为技术有限公司 A kind of method, relevant device and system for downloading signed instrument

Also Published As

Publication number Publication date
CN108684034A (en) 2018-10-19

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
US10924268B2 (en) Key distribution method, and related device and system
CN107801165B (en) Business short message pushing method and device, computer equipment and storage medium
CN107248984B (en) Data exchange system, method and device
AU2012367314B2 (en) Secure peer discovery and authentication using a shared secret
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
US10009760B2 (en) Providing network credentials
RU2683853C1 (en) Method for improving gprs key, sgsn device, user device, hlr / hss and gprs system
CN104602238A (en) Wireless network connecting method, device and system
CN107948170B (en) Interface request parameter encryption method, device, equipment and readable storage medium
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
CN101917700B (en) Method for using service application and user identification module
CN109194701B (en) Data processing method and device
CN101150851A (en) Method, server and mobile station for transmitting data from server to mobile station
CN103701586A (en) Method and device for acquiring secret key
CN112383897A (en) Information transmission method, device, medium and electronic equipment based on intelligent network connection
CN104917718A (en) Method and terminal for fast authentication of mobile terminal user and application server
CN111049789B (en) Domain name access method and device
CN109152046B (en) Uplink resource configuration method and related equipment
CN103428176A (en) Mobile user accessing mobile Internet application method and system and application server
CN108684034B (en) Data transmission method and device
CN104737571B (en) Protecting payloads sent in a communication network
CN107729345B (en) Website data processing method and device, website data processing platform and storage medium
CN115004634B (en) Information processing method, device, equipment and storage medium
CN116830525A (en) Data transmission method, device, system, electronic equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant