CN113162771A - Smart card application management method, device and system - Google Patents
Smart card application management method, device and system Download PDFInfo
- Publication number
- CN113162771A CN113162771A CN202110447523.0A CN202110447523A CN113162771A CN 113162771 A CN113162771 A CN 113162771A CN 202110447523 A CN202110447523 A CN 202110447523A CN 113162771 A CN113162771 A CN 113162771A
- Authority
- CN
- China
- Prior art keywords
- application
- smart card
- information
- application management
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a system for managing application of a smart card, wherein the method comprises the following steps: the smart card receives a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key; the smart card authenticates the first authentication code information by using a second secret key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction; the second key and the first key form a key pair. Therefore, the invention can effectively utilize encryption transmission to realize the management of the application of the intelligent card, thereby improving the safety of the application management in the intelligent card, being beneficial to improving the safety and the stability of the whole communication of the intelligent card and reducing the occurrence of data leakage accidents.
Description
Technical Field
The invention relates to the technical field of smart cards, in particular to a smart card application management method, device and system.
Background
With the development of smart card technology and the popularization of smart card products, smart cards with communication functions are being used in more and more fields, such as the public transportation field, the financial payment field, or the authentication field. With the further expansion of the smart card storage space, more and more functions are integrated into the smart card space, wherein smart card modes that use smart cards to store multiple applications to implement multiple functions are common. However, in the existing multi-application smart card technology, the security problem of data transmission during application management is not considered, so that certain defects exist in the existing technology, and a solution is urgently needed.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method, an apparatus and a system for managing an application of a smart card, which can effectively utilize encrypted transmission to realize management of the application of the smart card, thereby improving security of application management in the smart card, facilitating improvement of security and stability of overall communication of the smart card, and reducing occurrence of data leakage accidents.
In order to solve the above technical problem, a first aspect of the present invention discloses a method for managing an application of a smart card, the method comprising:
the smart card receives a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key;
the smart card authenticates the first authentication code information by using a second secret key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction; the second key and the first key form a key pair.
As an optional implementation manner, in the first aspect of the present invention, before the smart card receives the first application management instruction from the first device, the method further includes:
the smart card receives card authentication information;
the smart card calculates the card authentication information by adopting a third key to obtain second authentication code information, and sends the second authentication code information to the first device; the second authentication code information is used for determining that the smart card is in a communication-allowed state when the authentication by the first device is successful by using a fourth key; the third key and the fourth key form a key pair.
As an optional implementation manner, in the first aspect of the present invention, the first application management instruction is an existing application data updating instruction or an existing application deleting instruction; the first application management information comprises an existing application identifier and/or application update data;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines a target updating application in the smart card from a plurality of applications of the smart card according to the application identification in the first application management information;
the intelligent card updates application data corresponding to the target update application in the card according to the application update data in the first application management information;
and/or the presence of a gas in the gas,
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines an in-card target deletion application from a plurality of applications of the smart card according to the application identification in the first application management information;
and the intelligent card deletes the application data corresponding to the target deletion application in the card.
As an optional implementation manner, in the first aspect of the present invention, the first application management instruction is an application creation instruction or an application update instruction; the first application management information comprises application parameter information and/or application record information;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
and the smart card executes new application creation operation or existing application updating operation in the card space according to the first application management information.
As an optional implementation manner, in the first aspect of the present invention, the first application management information further includes application data key ciphertext information; before the smart card receives the first application management instruction from the first device, the method further includes:
the smart card generates random number information and a temporary key when receiving a random number generation instruction, and sends the random number information and the temporary key to the first device;
encrypting, by the first device, an application data key according to the temporary key to generate the application data key ciphertext information; the application data key is used for encrypting application data information transmitted between the smart card and the first device;
and calculating the application data key ciphertext information and the application parameter information and/or the application record information by using a first key by the first device to obtain the first authentication code information.
As an optional implementation manner, in the first aspect of the present invention, the first application management instruction is an application backup instruction; the first application management information comprises backup application identification information;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines a target backup application in the smart card from a plurality of applications of the smart card according to the backup application identification information in the first application management information;
the intelligent card encrypts backup application data corresponding to the target backup application in the card according to the application data key to obtain an application data ciphertext;
the intelligent card calculates application parameter information, backup application data, the application data key and random number information corresponding to the target backup application in the card according to the application backup/recovery key to obtain a recovery data ciphertext;
the smart card calculates the random number information, the application data ciphertext and the recovery data ciphertext according to the second key to obtain second authentication code information, and sends the second authentication code information, the application data ciphertext and the recovery data ciphertext to the first device; and the second authentication code information is used for enabling the first device to perform subsequent backup operation on the application data ciphertext and the recovery data ciphertext when the authentication of the first device is successful.
As an optional implementation manner, in the first aspect of the present invention, the first application management instruction is an application recovery instruction; the first application management information comprises the recovery data ciphertext and a recovery application identifier;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card decrypts the recovery data cipher text in the first application management information according to the application backup/recovery key to obtain the application parameter information, the backup application data and the application data key;
and the intelligent card executes application recovery operation in the card space according to the application parameter information, the backup application data and the application data key.
The second aspect of the present invention discloses a smart card application management apparatus, which includes:
a receiving module, configured to receive a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key;
the execution module is used for authenticating the first authentication code information by using a second secret key, and acquiring the first application management information when the authentication is successful so as to execute the application management operation corresponding to the first application management instruction; the second key and the first key form a key pair.
As an optional implementation manner, in the second aspect of the present invention, the receiving module is further configured to receive card authentication information; the device further comprises:
the card authentication module is used for calculating the card authentication information by adopting a third key to obtain second authentication code information and sending the second authentication code information to the first device; the second authentication code information is used for determining that the smart card is in a communication-allowed state when the authentication by the first device is successful by using a fourth key; the third key and the fourth key form a key pair.
As an optional implementation manner, in the second aspect of the present invention, the first application management instruction is an existing application data updating instruction or an existing application deleting instruction; the first application management information comprises an existing application identifier and/or application update data;
the executing module authenticates the first authentication code information by using a second key, and when the authentication is successful, the executing module acquires the first application management information to execute the specific mode of the application management operation corresponding to the first application management instruction, and the specific mode comprises the following steps:
the execution module authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the execution module determines an in-card target update application from a plurality of applications of the execution module according to the application identifier in the first application management information;
the execution module updates application data corresponding to the target update application in the card according to the application update data in the first application management information;
and/or the presence of a gas in the gas,
the execution module authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the execution module determines an in-card target deletion application from a plurality of applications of the execution module according to the application identifier in the first application management information;
and the execution module deletes the application data corresponding to the target deletion application in the card.
As an optional implementation manner, in the second aspect of the present invention, the first application management instruction is an application creation instruction or an application update instruction; the first application management information comprises application parameter information and/or application record information;
the executing module authenticates the first authentication code information by using a second key, and when the authentication is successful, the executing module acquires the first application management information to execute the specific mode of the application management operation corresponding to the first application management instruction, and the specific mode comprises the following steps:
the execution module authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
and the execution module executes new application creation operation or existing application updating operation in the card space according to the first application management information.
As an optional implementation manner, in the second aspect of the present invention, the first application management information further includes application data key ciphertext information; the device further comprises:
the generation module is used for generating random number information and a temporary key when a random number generation instruction is received, sending the random number information and the temporary key to the first device, encrypting an application data key according to the temporary key by the first device to generate application data key ciphertext information, and calculating the application data key ciphertext information, the application parameter information and/or the application record information by the first device by using a first key to obtain first authentication code information; the application data key is used to encrypt application data information transmitted between the smart card and the first device.
As an optional implementation manner, in the second aspect of the present invention, the first application management instruction is an application backup instruction; the first application management information comprises backup application identification information;
the executing module authenticates the first authentication code information by using a second key, and when the authentication is successful, the executing module acquires the first application management information to execute the specific mode of the application management operation corresponding to the first application management instruction, and the specific mode comprises the following steps:
the execution module authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the execution module determines a target backup application in the card from a plurality of applications of the execution module according to the backup application identification information in the first application management information;
the execution module encrypts backup application data corresponding to the target backup application in the card according to the application data key to obtain an application data ciphertext;
the execution module calculates application parameter information, the backup application data, the application data key and random number information corresponding to the target backup application in the card according to the application backup/recovery key to obtain a recovery data ciphertext;
the execution module calculates the random number information, the application data ciphertext and the recovery data ciphertext according to the second key to obtain second authentication code information, and sends the second authentication code information, the application data ciphertext and the recovery data ciphertext to the first device; and the second authentication code information is used for enabling the first device to perform subsequent backup operation on the application data ciphertext and the recovery data ciphertext when the authentication of the first device is successful.
As an optional implementation manner, in the second aspect of the present invention, the first application management instruction is an application recovery instruction; the first application management information comprises the recovery data ciphertext and a recovery application identifier;
the executing module authenticates the first authentication code information by using a second key, and when the authentication is successful, the executing module acquires the first application management information to execute the specific mode of the application management operation corresponding to the first application management instruction, and the specific mode comprises the following steps:
the execution module authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the execution module decrypts the recovery data cipher text in the first application management information according to the application backup/recovery key to obtain the application parameter information, the backup application data and the application data key;
and the execution module executes application recovery operation in the card space according to the application parameter information, the backup application data and the application data key.
The third aspect of the present invention discloses another smart card application management apparatus, comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute part or all of the steps of the smart card application management method disclosed in the first aspect of the embodiment of the present invention.
The fourth aspect of the present embodiment discloses a smart card application management system, which includes a smart card and a first device, and the system is configured to perform some or all of the steps in the smart card application management method disclosed in the first aspect of the present embodiment.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the smart card receives a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key; the smart card authenticates the first authentication code information by using a second secret key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction; the second key and the first key form a key pair. Therefore, the invention can effectively utilize encryption transmission to realize the management of the application of the intelligent card, thereby improving the safety of the application management in the intelligent card, being beneficial to improving the safety and the stability of the whole communication of the intelligent card and reducing the occurrence of data leakage accidents.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for managing an application of a smart card according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a smart card application management apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another smart card application management apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in the description and claims of the present invention and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or article.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The invention discloses a method, a device and a system for managing an intelligent card application, which can effectively utilize encryption transmission to realize the management of the intelligent card application, thereby improving the safety of the application management in an intelligent card, being beneficial to improving the safety and the stability of the whole communication of the intelligent card and reducing the occurrence of data leakage accidents. The following are detailed below.
Example one
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a smart card application management method according to an embodiment of the present invention. The method described in fig. 1 may be applied to a corresponding smart card, an application management terminal, an application management device, or a server, where the server may be a local server or a cloud server, and the embodiment of the present invention is not limited thereto. As shown in fig. 1, the smart card application management method may include the following operations:
101. the smart card receives a first application management instruction from a first device.
In the embodiment of the present invention, the smart card may be a card structure having a communication function, such as an IC card.
In the embodiment of the present invention, the first application management instruction includes first application management information and first authentication code information. Specifically, the first authentication code information is generated by the first device through calculation of the first application management information by using the first key.
In this embodiment of the present invention, the first device may include one or more of a smart card reading terminal, a user terminal device, a merchant background server, or a smart card server, which is not limited in the present invention. In this embodiment of the present invention, the first application management instruction may be used to instruct to execute a corresponding application management operation, such as management operations of updating, deleting, creating, backing up, and restoring an application.
102. And the smart card authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful so as to execute the application management operation corresponding to the first application management instruction.
In the embodiment of the invention, the second key and the first key form a key pair. Optionally, the second key and the first key may form a symmetric encryption key pair or an asymmetric encryption key pair, and the two may be preset and stored by the smart card and the first device in advance, or generated through data transmission communication when the first communication connection is established.
Therefore, the method described by the embodiment of the invention can effectively utilize encryption transmission to realize the management of the application of the intelligent card, thereby improving the safety of the application management in the intelligent card, being beneficial to improving the safety and the stability of the whole communication of the intelligent card and reducing the occurrence of data leakage accidents.
In an optional implementation manner, before the smart card in step 101 receives the first application management instruction from the first device, the method further includes:
the smart card receives card authentication information;
the smart card calculates the card authentication information by adopting the third key to obtain second authentication code information, and sends the second authentication code information to the first device.
In the embodiment of the invention, the second authentication code information is used for determining that the smart card is in the communication permission state when the authentication by the first device is successful by using the fourth key.
In the embodiment of the invention, the third key and the fourth key form a key pair. Optionally, the third key and the fourth key may form a symmetric encryption key pair or an asymmetric encryption key pair, and the two may be preset and stored by the smart card and the first device in advance, or generated through data transmission communication when the first communication connection is established.
In the embodiment of the invention, the card authentication information can be transmitted to the smart card by the first device, and can also be transmitted to the smart card by other equipment. Optionally, the first device may perform local authentication on the second authentication code information through a locally stored fourth key, or may perform networking authentication on the second authentication code information through a fourth key in a second device that is networked.
In an optional embodiment, the first apparatus is a terminal device, and the card authentication information is transmitted to the smart card by the terminal device when establishing a communication connection, such as a near field communication connection, with the smart card, where the card authentication information includes one or more of merchant application identification information, terminal random number information, terminal serial number information, data offset information, and data length information. Optionally, after the smart card calculates the second authentication code information, the smart card transmits the second authentication code information and the card parameter information to the terminal device. Optionally, the card parameter information includes one or more of application data, card random data information, and historical communication information.
In a specific implementation manner, a plurality of merchant applications are stored in a smart card, each merchant application corresponds to a merchant maintenance key, and the merchant maintenance key is used for a terminal device and the merchant application in the smart card to complete a bidirectional authentication function, specifically, a communication authentication process and a data reading process of the terminal device and the merchant application in the smart card include:
powering on the smart card, and establishing communication with the terminal equipment;
the terminal equipment selects an application in the smart card, and the smart card returns application information;
the terminal equipment generates card authentication information comprising information such as merchant application ID, terminal random number, terminal serial number, data offset, data length and the like according to the application information and sends the card authentication information to the intelligent card;
the intelligent card calculates merchant application ID, terminal random number, terminal serial number, merchant application serial number, card random number and merchant application data by using a merchant maintenance key to generate a card authentication MAC;
the intelligent card sends the merchant application serial number, the card random number, the merchant application data, the last terminal number, the last terminal serial number and the card authentication MAC to the terminal equipment;
the terminal equipment uses the merchant application key to locally authenticate the card authentication MAC or authenticates the card authentication MAC in an online manner with the merchant background server, and determines that the intelligent card is in a communication permission state after the authentication is successful.
Therefore, by implementing the optional implementation mode, the smart card can calculate the card authentication information by adopting the third secret key to obtain the second authentication code information, and send the second authentication code information to the first device, so that the security of data communication between the smart card and the first device is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
In another alternative embodiment, the first application management instruction is an existing application data update instruction; the first application management information comprises an existing application identification and application updating data; specifically, in step 102, the smart card authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using the second key, and acquires first application management information when the authentication is successful;
the smart card determines a target updating application in the smart card from a plurality of applications of the smart card according to the application identification in the first application management information;
and the intelligent card updates the application data corresponding to the target update application in the card according to the application update data in the first application management information.
Optionally, the smart card may completely or partially cover the application update data with the original application data, or modify the original application data according to a difference between the application update data and the original application data, so as to implement the update.
As discussed in conjunction with the above specific embodiments, one specific embodiment of the data update procedure includes:
the terminal equipment generates a terminal authentication MAC locally or generates a terminal authentication MAC online with a merchant background server; specifically, the terminal equipment calculates a terminal authentication MAC for the merchant application serial number, the card random number and the new merchant application data by using the merchant maintenance key;
the terminal equipment sends the merchant application ID, the new merchant application data and the terminal authentication MAC to the intelligent card;
the smart card verifies the terminal authentication MAC using the merchant maintenance key, updates the application data if the authentication is successful, and returns a result 9000, and returns a corresponding error code if the authentication is failed.
Therefore, by implementing the optional implementation mode, the smart card can determine the target update application in the card according to the application identifier after the authentication is successful, and update the application data corresponding to the target update application in the card according to the application update data, so that the security of the application data update of the smart card is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
In yet another alternative embodiment, the first application management instruction is an application creation instruction or an application update instruction; the first application management information comprises application parameter information and/or application record information; specifically, in step 102, the smart card authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using the second key, and acquires first application management information when the authentication is successful;
the smart card executes a new application creation operation or an existing application update operation in the card space according to the first application management information.
In the embodiment of the present invention, optionally, the smart card may newly create a new application in the card space according to the first application management information, or update the data corresponding to the specific application in the card space according to the first application management information.
In this optional implementation manner, optionally, the first application management information further includes application data key ciphertext information; before the smart card receives the first application management instruction from the first device in step 101, the method further includes:
the smart card generates random number information and a temporary secret key when receiving a random number generation instruction, and sends the random number information and the temporary secret key to the first device;
encrypting the application data key by the first device according to the temporary key to generate application data key ciphertext information;
and calculating the application data key ciphertext information and the application parameter information and/or the application record information by using the first key by the first device to obtain first authentication code information.
In an embodiment of the invention, the application data key is used for encrypting application data information transmitted between the smart card and the first device.
As discussed in conjunction with the above specific embodiments, one specific embodiment of the application creation/update process includes:
the terminal equipment sends a random number generation instruction to the smart card and inputs a background random number;
the smart card generates a card random number and an application temporary maintenance key through the background random number, and sends the card random number, the application list in the card and the application temporary maintenance key to the terminal equipment;
the terminal equipment sends an application creation/update application to a merchant background server, wherein the application comprises an application temporary maintenance key;
the merchant background server encrypts the merchant maintenance key by using the application temporary maintenance key to generate a merchant maintenance key ciphertext;
the smart card background server uses an application management maintenance key to calculate card random number + background random number + merchant application ID + merchant name + initial recording information (fixed length 128 bytes) + merchant maintenance key ciphertext to generate a maintenance MAC; the application management and maintenance key is used for managing the establishment, management and maintenance of the merchant application, such as the establishment, backup, recovery and deletion of the merchant application;
the terminal equipment sends a card instruction and sends the merchant application ID, the merchant name, the initial recording information, the merchant maintenance key ciphertext and the maintenance MAC to the intelligent card;
the smart card authenticates and maintains the MAC by using the application management maintenance key, and decrypts the merchant maintenance key ciphertext by using the application temporary maintenance key when the authentication is successful to obtain a merchant maintenance key;
the intelligent card updates the merchant application ID, the merchant name, the initial record information and the merchant maintenance key to complete the creation/updating of the merchant application.
Therefore, in this optional embodiment, the smart card can perform a new application creation operation or an existing application update operation in the card space according to the first application management information when the authentication is successful, and the first device encrypts the application data key according to the temporary key in advance to generate application data key ciphertext information, so that the smart card can store the application data key corresponding to the application when a new application is performed, thereby ensuring the security of smart card application creation or update through encryption verification, being beneficial to improving the security and stability of the smart card overall communication, and reducing the occurrence of data leakage accidents.
In yet another alternative embodiment, the first application management instruction is an application backup instruction; the first application management information includes backup application identification information; specifically, in step 102, the smart card authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using the second key, and acquires first application management information when the authentication is successful;
the smart card determines a target backup application in the card from a plurality of applications of the smart card according to the backup application identification information in the first application management information;
the intelligent card encrypts backup application data corresponding to the target backup application in the card according to the application data key to obtain an application data ciphertext;
the intelligent card calculates application parameter information, backup application data, an application data key and random number information corresponding to target backup application in the card according to the application backup/recovery key to obtain a recovery data ciphertext;
and the smart card calculates the random number information, the application data ciphertext and the recovery data ciphertext according to the second key to obtain second authentication code information, and sends the second authentication code information, the application data ciphertext and the recovery data ciphertext to the first device.
In the embodiment of the present invention, the second authentication code information is used to enable the first device to perform subsequent backup operations on the application data ciphertext and the recovery data ciphertext when the authentication by the first device is successful. Optionally, after the second authentication code information is successfully authenticated, the first device may locally store the recovery data ciphertext and/or the application data ciphertext, or send the recovery data ciphertext and/or the application data ciphertext to the second device for storage.
In this optional embodiment, after the application backup process is executed, an application deletion process may also be executed, and optionally, in the embodiment of the application deletion process, the first application management instruction is an existing application deletion instruction; the first application management information comprises an existing application identifier; specifically, in step 102, the smart card authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using the second key, and acquires first application management information when the authentication is successful;
the smart card determines a target deletion application from a plurality of applications of the smart card according to the application identification in the first application management information;
and the smart card deletes the application data corresponding to the target deletion application in the card.
In combination with the above specific embodiments, an embodiment of the application backup and deletion process includes:
the smart card background server receives a backup application of the terminal equipment, calculates a card random number, a background random number and a merchant application ID by using an application management maintenance key to obtain a maintenance MAC, and sends the maintenance MAC to the terminal equipment;
the terminal equipment sends a backup application instruction and sends the merchant application ID and the maintenance MAC to the smart card;
the smart card uses an application management maintenance key to authenticate and maintain the MAC;
the smart card encrypts merchant application data by using a merchant maintenance key MAC to obtain a merchant application data ciphertext;
the smart card encrypts a merchant application ID, a merchant name, a merchant application serial number, merchant application data and a merchant maintenance key MAC by using an application backup/recovery key to generate a recovery data ciphertext;
the smart card calculates a card random number, a background random number, a merchant application data ciphertext and a recovery data ciphertext by using an application management maintenance key to obtain a maintenance MAC;
the intelligent card outputs the merchant application data ciphertext, recovers the data ciphertext and maintains the MAC to the terminal equipment so as to submit the MAC to the intelligent card background server through the terminal equipment;
the smart card background server authenticates and maintains the MAC by using the application management maintenance key, and stores the merchant application data ciphertext (or transmits the merchant application data ciphertext to the merchant background server) and recovers the data ciphertext after the authentication is successful;
when receiving an application deletion application of the terminal equipment, the smart card background server calculates a deletion maintenance MAC by using an application management maintenance key to the card random number, the background random number, the merchant application ID and the maintenance MAC returned by the last card, and sends the deletion maintenance MAC to the terminal equipment;
the terminal equipment sends a commercial tenant application deleting instruction to the intelligent card, and inputs a commercial tenant application ID + a deleting maintenance MAC;
and the smart card deletes the maintenance MAC through the authentication of the application management maintenance key, and if the authentication is successful, the merchant application corresponding to the merchant application ID is deleted.
Therefore, in the optional implementation mode, the smart card can execute the application backup operation or the application deletion operation in the card space according to the first application management information when the authentication is successful, so that the security of the application backup or deletion of the smart card is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
In yet another alternative embodiment, the first application management instruction is an application resume instruction; the first application management information comprises a recovery data ciphertext and a recovery application identifier; specifically, in step 102, the smart card authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using the second key, and acquires first application management information when the authentication is successful;
the smart card decrypts a recovery data cipher text in the first application management information according to the application backup/recovery key to obtain application parameter information, backup application data and an application data key;
and the intelligent card executes application recovery operation in the card space according to the application parameter information, the backup application data and the application data key.
As discussed in conjunction with the above specific embodiments, one specific embodiment of the application recovery procedure includes:
the smart card background server receives a backup application of the terminal equipment, calculates and maintains an MAC for the card random number, the background random number, the merchant application ID and the recovery data ciphertext by using an application management maintenance key, and sends the MAC to the terminal equipment;
the terminal equipment sends an application recovery instruction, and sends the merchant application ID, the recovery data ciphertext and the maintenance MAC to the smart card;
the smart card uses the application management maintenance key, and after the authentication is successful, the application backup/recovery key MAC is used for decrypting the recovery data ciphertext to obtain a merchant application ID, a merchant name, a merchant application serial number, merchant application data and a merchant maintenance key;
and the intelligent card newly establishes/allocates a merchant application space, updates the merchant application ID, the merchant name, the merchant application serial number, the merchant application data and the merchant maintenance key, and completes the merchant application recovery.
Therefore, the optional implementation method can calculate the center position of the connecting line corresponding to the candidate virtual circle group conforming to the concentric circle-like rule and the midpoint of the connecting line of the initial position information, and the midpoint of the connecting line is determined as the position information of the home equipment, so that the position information of the home equipment is determined more accurately, the intelligent degree of the intelligent home equipment is further improved, and the improvement of the life experience of a user is facilitated.
Example two
Referring to fig. 2, fig. 2 is a schematic structural diagram of an application management device for a smart card according to an embodiment of the present invention. The apparatus described in fig. 2 may be applied to a corresponding smart card, an application management terminal, an application management device, or a server, where the server may be a local server or a cloud server, and the embodiment of the present invention is not limited thereto. As shown in fig. 2, the apparatus may include:
the receiving module 201 is configured to receive a first application management instruction from a first device.
In the embodiment of the present invention, the first application management instruction includes first application management information and first authentication code information. Specifically, the first authentication code information is generated by the first device through calculation of the first application management information by using the first key.
In this embodiment of the present invention, the first device may include one or more of a smart card reading terminal, a user terminal device, a merchant background server, or a smart card server, which is not limited in the present invention. In this embodiment of the present invention, the first application management instruction may be used to instruct to execute a corresponding application management operation, such as management operations of updating, deleting, creating, backing up, and restoring an application.
The execution module 202 is configured to authenticate the first authentication code information by using the second key, and when the authentication is successful, obtain the first application management information to execute the application management operation corresponding to the first application management instruction.
In the embodiment of the invention, the second key and the first key form a key pair. Optionally, the second key and the first key may form a symmetric encryption key pair or an asymmetric encryption key pair, and the two may be preset and stored by the smart card and the first device in advance, or generated through data transmission communication when the first communication connection is established.
Therefore, the device described by the embodiment of the invention can effectively utilize encryption transmission to realize the management of the application of the intelligent card, thereby improving the safety of the application management in the intelligent card, being beneficial to improving the safety and the stability of the whole communication of the intelligent card and reducing the occurrence of data leakage accidents.
As an optional implementation manner, the receiving module 201 is further configured to receive card authentication information; the device also includes:
and the card authentication module is used for calculating the card authentication information by adopting a third key to obtain second authentication code information and sending the second authentication code information to the first device.
In the embodiment of the invention, the second authentication code information is used for determining that the smart card is in the communication permission state when the authentication by the first device is successful by using the fourth key.
In the embodiment of the invention, the third key and the fourth key form a key pair. Optionally, the third key and the fourth key may form a symmetric encryption key pair or an asymmetric encryption key pair, and the two may be preset and stored by the smart card and the first device in advance, or generated through data transmission communication when the first communication connection is established.
In the embodiment of the invention, the card authentication information can be transmitted to the smart card by the first device, and can also be transmitted to the smart card by other equipment. Optionally, the first device may perform local authentication on the second authentication code information through a locally stored fourth key, or may perform networking authentication on the second authentication code information through a fourth key in a second device that is networked.
In an optional embodiment, the first apparatus is a terminal device, and the card authentication information is transmitted to the smart card by the terminal device when establishing a communication connection, such as a near field communication connection, with the smart card, where the card authentication information includes one or more of merchant application identification information, terminal random number information, terminal serial number information, data offset information, and data length information. Optionally, after the smart card calculates the second authentication code information, the smart card transmits the second authentication code information and the card parameter information to the terminal device. Optionally, the card parameter information includes one or more of application data, card random data information, and historical communication information.
Therefore, by implementing the optional implementation mode, the smart card can calculate the card authentication information by adopting the third secret key to obtain the second authentication code information, and send the second authentication code information to the first device, so that the security of data communication between the smart card and the first device is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
As an optional implementation manner, the first application management instruction is an existing application data updating instruction or an existing application deleting instruction; the first application management information comprises an existing application identifier and/or application update data; specifically, the executing module 202 authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the application management operation corresponding to the first application management instruction in a specific manner, including:
the execution module 202 authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful;
the execution module 202 determines an in-card target update application from the plurality of applications of the execution module 202 according to the application identifier in the first application management information;
the execution module 202 updates the application data corresponding to the target update application in the card according to the application update data in the first application management information.
Optionally, the smart card may completely or partially cover the application update data with the original application data, or modify the original application data according to a difference between the application update data and the original application data, so as to implement the update.
Therefore, by implementing the optional implementation mode, the smart card can determine the target update application in the card according to the application identifier after the authentication is successful, and update the application data corresponding to the target update application in the card according to the application update data, so that the security of the application data update of the smart card is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
Optionally, the executing module 202 authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the specific manner of the application management operation corresponding to the first application management instruction, where the specific manner includes:
the execution module 202 authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful;
the execution module 202 determines an in-card target deletion application from the plurality of applications of the execution module 202 according to the application identifier in the first application management information;
the execution module 202 deletes the application data corresponding to the target deletion application in the card.
As an optional implementation manner, the first application management instruction is an application creation instruction or an application update instruction; the first application management information comprises application parameter information and/or application record information;
the executing module 202 authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the specific manner of the application management operation corresponding to the first application management instruction, including:
the execution module 202 authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful;
the execution module 202 executes a new application creation operation or an existing application update operation in the card space according to the first application management information.
In the embodiment of the present invention, optionally, the smart card may newly create a new application in the card space according to the first application management information, or update the data corresponding to the specific application in the card space according to the first application management information.
As an optional implementation manner, the first application management information further includes application data key ciphertext information; the device also includes:
the generation module is used for generating random number information and a temporary key when a random number generation instruction is received, sending the random number information and the temporary key to the first device, encrypting the application data key according to the temporary key by the first device to generate application data key ciphertext information, and calculating the application data key ciphertext information, the application parameter information and/or the application record information by the first device by using the first key to obtain first authentication code information.
In an embodiment of the invention, the application data key is used for encrypting application data information transmitted between the smart card and the first device.
Therefore, in this optional embodiment, the smart card can perform a new application creation operation or an existing application update operation in the card space according to the first application management information when the authentication is successful, and the first device encrypts the application data key according to the temporary key in advance to generate application data key ciphertext information, so that the smart card can store the application data key corresponding to the application when a new application is performed, thereby ensuring the security of smart card application creation or update through encryption verification, being beneficial to improving the security and stability of the smart card overall communication, and reducing the occurrence of data leakage accidents.
As an optional implementation manner, the first application management instruction is an application backup instruction; the first application management information includes backup application identification information;
the executing module 202 authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the specific manner of the application management operation corresponding to the first application management instruction, including:
the execution module 202 authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful;
the execution module 202 determines a target backup application in the card from the plurality of applications of the execution module 202 according to the backup application identification information in the first application management information;
the execution module 202 encrypts backup application data corresponding to the target backup application in the card according to the application data key to obtain an application data cipher text;
the execution module 202 calculates application parameter information, backup application data, an application data key and random number information corresponding to the target backup application in the card according to the application backup/recovery key to obtain a recovery data ciphertext;
the execution module 202 calculates the random number information, the application data ciphertext and the recovery data ciphertext according to the second key to obtain second authentication code information, and sends the second authentication code information, the application data ciphertext and the recovery data ciphertext to the first device.
In the embodiment of the present invention, the second authentication code information is used to enable the first device to perform subsequent backup operations on the application data ciphertext and the recovery data ciphertext when the authentication by the first device is successful. Optionally, after the second authentication code information is successfully authenticated, the first device may locally store the recovery data ciphertext and/or the application data ciphertext, or send the recovery data ciphertext and/or the application data ciphertext to the second device for storage.
Optionally, after the execution module 202 executes the application backup process, an application deletion process may also be executed, and the step of the application deletion process may refer to the corresponding expression in the first embodiment.
Therefore, in the optional implementation mode, the smart card can execute the application backup operation or the application deletion operation in the card space according to the first application management information when the authentication is successful, so that the security of the application backup or deletion of the smart card is ensured through encryption verification, the security and the stability of the whole communication of the smart card are improved, and the occurrence of data leakage accidents is reduced.
As an optional implementation manner, the first application management instruction is an application recovery instruction; the first application management information comprises a recovery data ciphertext and a recovery application identifier;
the executing module 202 authenticates the first authentication code information by using the second key, and when the authentication is successful, acquires the first application management information to execute the specific manner of the application management operation corresponding to the first application management instruction, including:
the execution module 202 authenticates the first authentication code information by using the second key, and acquires the first application management information when the authentication is successful;
the execution module 202 decrypts the recovery data cipher text in the first application management information according to the application backup/recovery key to obtain application parameter information, backup application data and an application data key;
the execution module 202 executes an application recovery operation in the card space according to the application parameter information, the backup application data, and the application data key.
Therefore, the optional implementation method can calculate the center position of the connecting line corresponding to the candidate virtual circle group conforming to the concentric circle-like rule and the midpoint of the connecting line of the initial position information, and the midpoint of the connecting line is determined as the position information of the home equipment, so that the position information of the home equipment is determined more accurately, the intelligent degree of the intelligent home equipment is further improved, and the improvement of the life experience of a user is facilitated.
EXAMPLE III
Referring to fig. 3, fig. 3 is a schematic structural diagram of another smart card application management apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the apparatus may include:
a memory 301 storing executable program code;
a processor 302 coupled to the memory 301;
the processor 302 calls the executable program code stored in the memory 301 to execute some or all of the steps of the smart card application management method disclosed in the embodiment of the present invention.
Example four
The embodiment of the invention discloses a computer storage medium, which stores computer instructions, and when the computer instructions are called, the computer instructions are used for executing part or all of the steps in the intelligent card application management method disclosed by the embodiment of the invention.
EXAMPLE five
The embodiment of the invention discloses a smart card application management system, which comprises a smart card and a first device, wherein the system is used for executing part or all of the steps in the smart card application management method in the first embodiment of the invention.
In the embodiment of the present invention, the smart card may be a card structure having a communication function, such as an IC card. In this embodiment of the present invention, the first device may include one or more of a smart card reading terminal, a user terminal device, a merchant background server, or a smart card server, which is not limited in the present invention.
The above-described embodiments of the apparatus are merely illustrative, and the modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above detailed description of the embodiments, those skilled in the art will clearly understand that the embodiments may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. Based on such understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, where the storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), a One-time Programmable Read-Only Memory (OTPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc-Read-Only Memory (CD-ROM), or other disk memories, CD-ROMs, or other magnetic disks, A tape memory, or any other medium readable by a computer that can be used to carry or store data.
Finally, it should be noted that: the method, apparatus and system for managing smart card application disclosed in the embodiments of the present invention are only preferred embodiments of the present invention, and are only used for illustrating the technical solutions of the present invention, not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art; the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A smart card application management method, the method comprising:
the smart card receives a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key;
the smart card authenticates the first authentication code information by using a second secret key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction; the second key and the first key form a key pair.
2. The smart card application management method of claim 1, wherein before the smart card receives the first application management instruction from the first device, the method further comprises:
the smart card receives card authentication information;
the smart card calculates the card authentication information by adopting a third key to obtain second authentication code information, and sends the second authentication code information to the first device; the second authentication code information is used for determining that the smart card is in a communication-allowed state when the authentication by the first device is successful by using a fourth key; the third key and the fourth key form a key pair.
3. The smart card application management method according to claim 1, wherein the first application management command is an existing application data update command or an existing application deletion command; the first application management information comprises an existing application identifier and/or application update data;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines a target updating application in the smart card from a plurality of applications of the smart card according to the application identification in the first application management information;
the intelligent card updates application data corresponding to the target update application in the card according to the application update data in the first application management information;
and/or the presence of a gas in the gas,
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines an in-card target deletion application from a plurality of applications of the smart card according to the application identification in the first application management information;
and the intelligent card deletes the application data corresponding to the target deletion application in the card.
4. The smart card application management method according to claim 1, wherein the first application management instruction is an application creation instruction or an application update instruction; the first application management information comprises application parameter information and/or application record information;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
and the smart card executes new application creation operation or existing application updating operation in the card space according to the first application management information.
5. The smart card application management method of claim 4, wherein the first application management information further comprises application data key ciphertext information; before the smart card receives the first application management instruction from the first device, the method further includes:
the smart card generates random number information and a temporary key when receiving a random number generation instruction, and sends the random number information and the temporary key to the first device;
encrypting, by the first device, an application data key according to the temporary key to generate the application data key ciphertext information; the application data key is used for encrypting application data information transmitted between the smart card and the first device;
and calculating the application data key ciphertext information and the application parameter information and/or the application record information by using a first key by the first device to obtain the first authentication code information.
6. The smart card application management method according to claim 5, wherein the first application management command is an application backup command; the first application management information comprises backup application identification information;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card determines a target backup application in the smart card from a plurality of applications of the smart card according to the backup application identification information in the first application management information;
the intelligent card encrypts backup application data corresponding to the target backup application in the card according to the application data key to obtain an application data ciphertext;
the intelligent card calculates application parameter information, backup application data, the application data key and random number information corresponding to the target backup application in the card according to the application backup/recovery key to obtain a recovery data ciphertext;
the smart card calculates the random number information, the application data ciphertext and the recovery data ciphertext according to the second key to obtain second authentication code information, and sends the second authentication code information, the application data ciphertext and the recovery data ciphertext to the first device; and the second authentication code information is used for enabling the first device to perform subsequent backup operation on the application data ciphertext and the recovery data ciphertext when the authentication of the first device is successful.
7. The smart card application management method according to claim 6, wherein the first application management instruction is an application recovery instruction; the first application management information comprises the recovery data ciphertext and a recovery application identifier;
the smart card authenticates the first authentication code information by using a second key, and when the authentication is successful, the smart card acquires the first application management information to execute application management operation corresponding to the first application management instruction, including:
the smart card authenticates the first authentication code information by using a second secret key, and acquires the first application management information when the authentication is successful;
the smart card decrypts the recovery data cipher text in the first application management information according to the application backup/recovery key to obtain the application parameter information, the backup application data and the application data key;
and the intelligent card executes application recovery operation in the card space according to the application parameter information, the backup application data and the application data key.
8. A smart card application management apparatus, wherein the apparatus is adapted for a smart card, the apparatus comprising:
a receiving module, configured to receive a first application management instruction from a first device; the first application management instruction comprises first application management information and first authentication code information; the first authentication code information is generated by the first device through calculation of the first application management information by using a first secret key;
the execution module is used for authenticating the first authentication code information by using a second secret key, and acquiring the first application management information when the authentication is successful so as to execute the application management operation corresponding to the first application management instruction; the second key and the first key form a key pair.
9. A smart card application management apparatus, wherein the apparatus is adapted for a smart card, the apparatus comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute the smart card application management method according to any of claims 1-7.
10. A smart card application management system comprising a smart card and a first device, the system being arranged to perform the smart card application management method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110447523.0A CN113162771B (en) | 2021-04-25 | 2021-04-25 | Smart card application management method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110447523.0A CN113162771B (en) | 2021-04-25 | 2021-04-25 | Smart card application management method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113162771A true CN113162771A (en) | 2021-07-23 |
| CN113162771B CN113162771B (en) | 2022-09-16 |
Family
ID=76870548
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110447523.0A Active CN113162771B (en) | 2021-04-25 | 2021-04-25 | Smart card application management method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113162771B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004094499A (en) * | 2002-08-30 | 2004-03-25 | Ntt Data Corp | Application cooperative management system, ic card and portable terminal |
| WO2011029266A1 (en) * | 2009-09-11 | 2011-03-17 | 中国银联股份有限公司 | Multi-application smart card, and system and method for multi-application management of smart card |
| US20150199213A1 (en) * | 2014-01-10 | 2015-07-16 | Citrix Systems, Inc. | Providing mobile application management functionalities |
| CN104917614A (en) * | 2015-04-21 | 2015-09-16 | 中国建设银行股份有限公司 | Bidirectional verification method and device of intelligent card and acceptance terminal |
| WO2016131272A1 (en) * | 2015-08-03 | 2016-08-25 | 中兴通讯股份有限公司 | Online authentication method based on smart card, smart card and authentication server |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
-
2021
- 2021-04-25 CN CN202110447523.0A patent/CN113162771B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004094499A (en) * | 2002-08-30 | 2004-03-25 | Ntt Data Corp | Application cooperative management system, ic card and portable terminal |
| WO2011029266A1 (en) * | 2009-09-11 | 2011-03-17 | 中国银联股份有限公司 | Multi-application smart card, and system and method for multi-application management of smart card |
| US20150199213A1 (en) * | 2014-01-10 | 2015-07-16 | Citrix Systems, Inc. | Providing mobile application management functionalities |
| CN104917614A (en) * | 2015-04-21 | 2015-09-16 | 中国建设银行股份有限公司 | Bidirectional verification method and device of intelligent card and acceptance terminal |
| WO2016131272A1 (en) * | 2015-08-03 | 2016-08-25 | 中兴通讯股份有限公司 | Online authentication method based on smart card, smart card and authentication server |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113162771B (en) | 2022-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| CN108064440B (en) | FIDO authentication method, device and system based on block chain | |
| US20230353390A1 (en) | Method for upgrading certificate of pos terminal, server, and pos terminal | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| CN109194465B (en) | Method for managing keys, user equipment, management device and storage medium | |
| EP4081921B1 (en) | Contactless card personal identification system | |
| CN109309565A (en) | A kind of method and device of safety certification | |
| CN110784322B (en) | Method, system, equipment and medium for connecting gateway equipment and cloud platform | |
| CN103067402B (en) | The generation method and system of digital certificate | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN101258505A (en) | Secure software updates | |
| EP3684005A1 (en) | Method and system for recovering cryptographic keys of a blockchain network | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| US20210241270A1 (en) | System and method of blockchain transaction verification | |
| CN108696356A (en) | A kind of digital certificate delet method, apparatus and system based on block chain | |
| US10372440B1 (en) | Tokenized mobile device update systems and methods | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN111130798A (en) | Request authentication method and related equipment | |
| US20230325178A1 (en) | Tokenized mobile device update systems and methods | |
| CN111770087A (en) | Service node verification method and related equipment | |
| CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| JP5391743B2 (en) | Payment processing security information distribution method, payment processing security information distribution system, center device thereof, server device, payment terminal, and program | |
| CN111148213B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN113162771B (en) | Smart card application management method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |