CN114244887A - Channel management method and device and electronic equipment - Google Patents

Channel management method and device and electronic equipment Download PDF

Info

Publication number
CN114244887A
CN114244887A CN202111544528.1A CN202111544528A CN114244887A CN 114244887 A CN114244887 A CN 114244887A CN 202111544528 A CN202111544528 A CN 202111544528A CN 114244887 A CN114244887 A CN 114244887A
Authority
CN
China
Prior art keywords
token
channel
command
information
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111544528.1A
Other languages
Chinese (zh)
Other versions
CN114244887B (en
Inventor
刘煜
翟京卿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202111544528.1A priority Critical patent/CN114244887B/en
Publication of CN114244887A publication Critical patent/CN114244887A/en
Application granted granted Critical
Publication of CN114244887B publication Critical patent/CN114244887B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a channel management method, a channel management device and electronic equipment, which belong to the technical field of communication and can solve the problem that a security policy is insufficient in the aspect of channel management; the method comprises the following steps: responding to a channel opening command of a Universal Integrated Circuit Card (UICC), and acquiring token requirement information of the UICC for the current service operation from the channel opening command; executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the current service operation according to the token requirement information; sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is information determined by a processing result of the channel opening command and a token generation result; responding to a channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command. According to the method, the service can be enhanced and guaranteed in the aspect of channel management.

Description

Channel management method and device and electronic equipment
Technical Field
The invention relates to the technical field of communication, in particular to a channel management method, a channel management device and electronic equipment.
Background
A Bearer Independent Protocol (BIP) channel is one of the common functions of a Universal Integrated Circuit Card (UICC) to implement remote data transmission and management. With the continuous development of services, the use scenario is more complex, and the problem of insufficient security policy in the aspect of channel management is caused. Therefore, it is necessary to enhance service provisioning in terms of channel management.
Disclosure of Invention
Therefore, the invention provides a channel management method, a channel management device and electronic equipment, and aims to solve the problem that a security policy in the aspect of channel management is insufficient in the prior art.
In order to achieve the above object, a first aspect of the present invention provides a channel management method, including: responding to a channel opening command of a Universal Integrated Circuit Card (UICC), and acquiring token requirement information of the UICC for the current service operation from the channel opening command; executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the current service operation according to the token requirement information; sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is information determined by a processing result of the channel opening command and a token generation result; responding to a channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
A second aspect of the present invention provides a channel management method, including: sending a channel opening command to the terminal equipment based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel, and the channel opening command comprises: token requirement information of the business operation; responding to a first terminal response message of the terminal equipment, and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the current business operation determined according to the token requirement information; under the condition that the BIP channel is used for completing data transmission, generating a corresponding channel closing command according to a token generation result of the current business operation; sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
A third aspect of the present invention provides a channel management apparatus, including: the information acquisition module is used for responding to a channel opening command of a Universal Integrated Circuit Card (UICC) and acquiring token requirement information of the UICC for the current service operation from the channel opening command; the first command processing module is used for executing the channel opening command, generating a processing result of the channel opening command and determining a token generating result of the current business operation according to the token requirement information; a message sending module, configured to send a first terminal response message to the UICC, where the information carried in the first terminal response message is information determined by a processing result of the channel open command and a token generation result; and the second command processing module is used for responding to a channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
A fourth aspect of the present invention provides a channel management apparatus, including: the command sending module is used for sending a channel opening command to the terminal equipment based on the data transmission requirement of the service operation, the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel, and the channel opening command comprises: token requirement information of the business operation; the information acquisition module is used for responding to a first terminal response message of the terminal equipment and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the current business operation determined according to the token requirement information; the command generation module is used for generating a corresponding channel closing command according to a token generation result of the current business operation under the condition of finishing data transmission by using the BIP channel; the command sending module is also used for sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
A fifth aspect of the present invention provides an electronic apparatus, comprising: one or more processors; a memory on which one or more programs are stored, the one or more programs, when executed by the one or more processors, causing the one or more processors to implement any of the channel management methods in embodiments of the present invention.
The invention has the following advantages: according to the Channel management method, the device and the electronic equipment in the embodiment of the invention, a token mechanism is introduced into a BIP Channel management command, when a terminal receives an Open Channel command sent by a UICC, a token generation result of the current service operation is determined according to token requirement information carried in the Open Channel command, the processing result of the Open Channel command and the token generation result are returned after the Open Channel command is executed, and when a Close Channel command sent by the UICC is received after a Channel is opened and data transmission is completed, the Close Channel command is processed according to token verification requirement processing corresponding to the token requirement information to generate an execution result of the Channel closing command, so that the authority of managing the Channel between the terminal and the UICC is ensured through the token mechanism, and the service operation safety is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of a channel management method according to an embodiment of the present invention;
fig. 2 is a flowchart of a channel management method according to another embodiment of the present invention;
FIG. 3 is a flowchart of a channel management method of an exemplary embodiment of the invention;
fig. 4 is a schematic structural diagram of a channel management apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a channel management apparatus according to another embodiment of the present invention;
fig. 6 is a block diagram of an exemplary hardware architecture of a computing device of the channel management method and apparatus of the embodiments of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the embodiment of the present invention, a Universal Subscriber Identity Module (USIM) card is a continuation and progress of a SIM card used for a Universal Mobile Telecommunications System (UMTS) network. The USIM card can be used for storing user identity information and personal data, ensuring the security of accessing mobile network services, and can utilize necessary functions and data to perform user identification and user authorization when a user accesses the mobile network services, thereby realizing the requirement that the mobile network can express and identify user applications.
In contrast to SIM cards, USIM cards are no longer built on a single telecommunications application platform, but will become one of a variety of applications resident on the UICC. The physical entity of the USIM is the UICC, and the USIM is actually an application mainly used for identification of an end user, which is built on the UICC. In some embodiments, the UICC may be understood as a universal smart card platform, which provides a uniform underlying support for its upper applications, and besides the USIM, other smart card applications such as banking and ticketing may reside on the UICC, thereby really realizing separation of the bearer platform and the applications.
In a practical application scenario, there is a developing process for the relationship between the UICC and the terminal, in the initial positioning, the UICC is completely passive, the terminal sends a command to the UICC, the UICC executes the command and then returns a response to the terminal, the terminal and the UICC interact with each other in a command response pair manner, and the UICC responds by initiating the command by the terminal, this mechanism does not allow the UICC to actively send the command to the terminal, the terminal is always dominant, and the UICC can only be in a controlled and controlled state of receiving the command from the terminal, executing the command, and sending back the response, which limits the development and use of card-based applications.
With the development of UICC service requirements, in order to solve such problems, a SIM card Application Toolkit (STK)/USIM card Application Toolkit (USIM Application Toolkit, USAT) protocol layer is introduced into a protocol stack of a Cu interface, which is an interface between a terminal and a UICC, and the STK/USAT layer provides a service mechanism based on a service provided by a transport layer, so that UICC applications and terminals supporting the service mechanism are allowed to interact and operate, the UICC can actively require the terminal to perform a certain operation, and an STK/USAT instruction set is a basis and a main mode for a telecommunication smart card to implement services through the terminal. Various applications may also be implemented on the UICC by means of the STK/USAT protocol and provided to the user via the terminal.
The BIP is a basic Protocol for the UICC to download and manage remote Data through a Card Application Toolkit Transport Protocol (CAT/TP), a Secure Hypertext Transport Protocol (HTTPS), etc. at present, and is one of the main capabilities of the UICC realized through an STK/USAT mechanism, the BIP establishes a Data Channel with the terminal through a set of active commands (Open Channel, Close Channel, Send Data command Receive Data, obtain Channel state Get Channel state, etc.) and events (available Data, Channel state), the terminal selects an available Data bearer during Channel establishment according to the provided information, and allows the UICC and the remote server to exchange Data through the available Data bearer connection on the Channel, thereby realizing the remote Application of the UICC, Downloading, updating, and managing files and other content.
Currently, UICC applications require a terminal to Open a transmission Channel by sending an Open Channel command when BIP is needed for remote data transmission, and require the terminal to Close the transmission Channel by a Close Channel command after data transmission is finished, thereby completing a complete cycle of data transmission.
The prior art has basic channel management in general, such as limited channel number, refusal of open channel command when no channel is available, etc. However, there are still deficiencies in the service security and security of the management policy, and some possible problems and abnormal situations are inevitably generated under the conditions of parallel operation, continuous operation and the like, for example, when the UICC multiple channels are opened in parallel or continuously, one of the channel data transmission is not completed and is mistakenly closed by other applications also having channel operation requirements, which undoubtedly affects the normal operation of the service, and especially for some more important remote data transmission and management (such as downloading of basic user subscription data and the like), adverse consequences are more likely to be caused, and the security of the service operation is hindered.
Embodiments of the present invention provide a channel management method, an apparatus, and an electronic device, which may require a terminal to improve security of BIP channel management by means of a dynamic token during a critical operation by providing an extended definition of a terminal management command between a set card and the terminal.
For better understanding of the present invention, the following describes a channel management method according to embodiments of the present invention in detail with reference to the accompanying drawings, and it should be noted that these embodiments are not intended to limit the scope of the present disclosure.
Fig. 1 is a flowchart illustrating a channel management method according to an embodiment of the present invention. As shown in fig. 1, the channel management method in the embodiment of the present invention includes the following steps.
S110, responding to a channel opening command of the universal integrated circuit card UICC, and obtaining token requirement information of the UICC for the current service operation from the channel opening command.
And S120, executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the current service operation according to the token requirement information.
And S130, sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is the information determined by the processing result of the channel opening command and the token generation result.
S140, responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
According to the Channel management method provided by the embodiment of the invention, a token mechanism is introduced into a BIP Channel management command, when a terminal receives an Open Channel command sent by a UICC, a token generation result of the current service operation is determined according to token requirement information carried in the Open Channel command, the processing result of the Open Channel command and the token generation result are returned after the Open Channel command is executed, when a Channel is opened and data transmission is completed, and a Close Channel command sent by the UICC is received, the Close Channel command is processed according to token verification requirement processing corresponding to the token requirement information, the execution result of the Channel closing command is generated, so that the authority of managing the Channel between the terminal and the UICC is ensured through the token mechanism, and the service operation safety is improved.
In order to implement the channel management method according to the embodiment of the present invention, modification and extension definition of an existing management command are first required, including a channel open command and a channel close command corresponding to the channel open command, and a command structure after extension is described below by using a specific example.
Table 1 illustrates a command structure of a channel open command according to an exemplary embodiment of the present invention.
TABLE 1
Figure BDA0003415466830000071
Figure BDA0003415466830000081
In table 1 above, "description" is used to indicate a command field included in the channel open command; "content" is used to show the content of the command field; M/O indicates whether the command field is Mandatory (Mandatory) or Optional (Optinal), MIN is used to indicate whether the command field has the minimum length requirement, Y indicates yes, N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes a minimum length.
In this embodiment, the channel opening command may include necessary information for requesting the terminal device to open the transmission channel through the channel opening command, so that the terminal establishes a data connection with a remote server in the network according to the command request information, thereby opening the BIP channel. As an example, the command requirement information includes at least the following field information as a mandatory data object: active UICC card command flags, length, device identification, command details, bearer description, and buffer size.
The "active UICC card command flag" field is used to indicate active command information to be subsequently sent by the UICC, and the content of the flag may be set as needed, for example, set as "D0" in this embodiment of the present application; a "length" field for indicating the total byte length to be read backward for reading a complete channel open command; a "command details" field for indicating the command details of the command itself; this field may include, for example: command detail flag such as 01 or 81, length (for indicating total length of subsequent command code, command type and command qualifier), command code, command type and command qualifier; a "device identification" field for indicating the originating device and the destination device of the command, which may include, for example: a device identifier flag such as 02 or 82, a length (indicating a total length of a subsequent start device identifier and destination device identifier), a start device identifier (for identifying a start device such as UICC for the channel management command), a destination device identifier (for identifying a destination device such as a terminal device for the channel management command); a "bearer description" field for giving a recommended value to a parameter for the terminal device to establish a data link with the UICC, which may include: bearer description flags such as 35 or B5, length X (to indicate the total length of subsequent bearer types and bearer parameters), bearer type (e.g., single bearer or multiple bearers) and corresponding bearer parameters; a "buffer size" field indicating the number of bytes required by the UICC in the command or available to the terminal Equipment (ME), which includes a buffer size flag such as 39 or B9, length (length indicating the subsequent buffer size).
In the embodiment of the application, the command structure of the channel opening command is obtained by expanding the existing command structure. By way of example, bit 5 (b5) of the "command qualifier" is not enabled in existing command structures. That is to say, the original reserved bit b5 is enabled in the command qualifier of the channel open command in the embodiment of the present application, and the content of the original reserved bit b5 of the command qualifier is used as token requirement information of the channel open command, so as to indicate to the terminal device whether the channel management command sent by the UICC requires the terminal to generate a token, specifically, as an example, when b5 is 0, the token requirement information is used to indicate that the present service operation does not require the terminal device to provide token information in a response message to the channel open command; when b5 is equal to 1, the token requirement information is used to indicate that the current service operation requires the terminal device to provide token information in a response message for a channel open command, the specific definition is shown in the specific definition of a command qualifier b5 in table 1 above, and the rest bits retain the existing definition; in practical applications, the channel open command may also include other optional data objects, which is not limited by the invention.
Table 2 shows a command structure of a terminal response message according to an exemplary embodiment of the present invention.
TABLE 2
Figure BDA0003415466830000091
Figure BDA0003415466830000101
In table 2 above, "description" is used for the command field included in the terminal response message; "content" is used to indicate the content of the command field; M/O/C indicates that the command field is Mandatory (M), Optional (O) or Conditional Optional (C), MIN is used for indicating whether the command field has the minimum length requirement, Y indicates yes, and N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes a minimum length.
Table 2 the same fields as in table 1: the description, content, M/O, MIN and length can represent the same meaning and are not repeated in the embodiments of the present application. As can be seen by comparing table 2 with table 1, table 2 differs in that: in some embodiments, the "result" field is included in the terminal response message of the channel open command to indicate the result of the execution of the channel open command, and includes a "result flag" such as 03 or 83, length (length to indicate the subsequent general result), and general result, where "0X" or "1X" indicates that the command has been completed, "2X" is used to tell the UICC that it has a later opportunity to retry the command, and "3X" indicates that the UICC does not have to retry or is not worth retrying with the same command (because only the same response can be obtained).
In some embodiments, the terminal response message of the Channel open command further includes a "Channel state" field, where the "Channel state" is optional, and is required when responding to a Get Channel state (Get Channel state) command or a Channel command of the UICC, for example; the "bearer description" in the terminal response message of the channel open command is optional, for example, required when the terminal device responds to the channel open command of the UICC; the "buffer size" is optional, for example, when the terminal device responds to the channel open command of the UICC.
In some embodiments, the "token" in the channel opening command is an optional extended data object, which represents token information of the channel for the current service operation, and the UICC may determine whether it is necessary to provide the token according to the importance of the current data transmission. The token is randomly generated and has a length of 8 bytes, and the specific definition is shown in table 2 above. The channel state, the bearer description, and the buffer size are the existing data objects of the command, and respectively represent the relevant data and information after the command is executed.
In the embodiment of the present invention, the UICC stores the token included in the terminal response after receiving the token, and when the BIP data transmission of the Channel is completed and the Channel needs to be closed, the token is carried in the Close Channel command, so that the terminal compares and authenticates the token in the received Close Channel command and the token stored in the terminal, which needs to extend the existing Close Channel command.
Table 3 shows a command structure of a Channel Close Channel command in accordance with an exemplary embodiment of the present invention.
Figure BDA0003415466830000111
Figure BDA0003415466830000121
In table 3, "description" is used for the command field included in the terminal response message; "content" is used to indicate the content of the command field; M/O/C indicates that the command field is Mandatory (M), Optional (O) or Conditional Optional (C), MIN is used for indicating whether the command field has the minimum length requirement, Y indicates yes, and N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes a minimum length.
Table 3 the same fields as in table 1: the description, content, M/O, MIN and length can represent the same meaning and are not repeated in the embodiments of the present application. As can be seen by comparing table 3 with table 1, table 3 differs in that: in some embodiments, the Close Channel command also includes the following description fields: the description fields are the existing data objects of the command and respectively represent related data and information after the command is executed. And, in the command structure of the channel close command, the "command qualifier" is a reserved bit; after receiving a channel closing command sent by the UICC, the terminal device processes the channel closing command according to a token verification requirement of the current service operation corresponding to the token requirement information in the previously received channel opening command, and generates an execution result of the channel closing command.
In the embodiment of the invention, the existing mechanism and the management command are improved and expanded to define, the support of the necessary data object and the data domain setting content representing the newly added requirement are increased, and the flow and the requirement of interaction between the terminal and the UICC are defined.
In some embodiments, when the token requirement information indicates that a token needs to be provided, determining a token generation result of the current service operation includes: generating and storing token information of the current service operation at the terminal; the information carried in the first terminal response message includes: processing results of the channel opening command and token information of the current service operation stored in the terminal; the token verification requirement corresponding to the token requirement information is: token information verification is required.
In some embodiments, determining the token generation result of the current service operation when the token requirement information is that a token does not need to be provided includes: determining token information which does not need to generate the business operation; the information carried in the first terminal response message includes: processing results of the channel opening command; the token verification requirement corresponding to the token requirement information is: no token information verification is required.
In some embodiments, when the token requirement information indicates that a token needs to be provided, the step of processing the channel closing command according to the token verification requirement corresponding to the token requirement information in step S140 and generating an execution result of the channel closing command may specifically include: s11, comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored by the terminal; s12, executing channel closing command under the condition that the comparison result is determined to be that the token information is consistent; and S13, sending a second terminal response message to the UICC, wherein the second terminal response message is used for indicating that the execution result of the channel closing command is command execution success.
In this embodiment, when the terminal receives a USAT command of an Open Channel sent by the UICC, a random token is generated and stored after the command is executed, and a dynamic token for this operation needs to be provided in a terminal response, and when the UICC sends a Close Channel command to the terminal after data transmission through the command is completed, a token identical to the token provided by the corresponding Open Channel command needs to be provided to ensure the right to manage the Channel, thereby avoiding the problem that the Channel is closed by an error when data transmission is not completed.
In some embodiments, when the comparison result is that the token information is inconsistent, or when the token information of the current service operation is not carried in the channel closing command, the channel management method further includes: s150, refusing to execute the channel closing command; and S160, sending a third terminal response message to the UICC, wherein the third terminal response message is used for indicating that the execution result of the channel closing command is command execution failure.
In this embodiment, if the comparison result of the token information is inconsistent, the command execution fails, and the result is returned to the UICC through the terminal response, so as to avoid the problem of false closing of the channel, improve the security of the service operation, and better ensure the normal operation of the BIP data transmission.
In some embodiments, the channel opening command is used to instruct the terminal device to open a BIP channel, and the token requirement information is information that is set by the UICC according to an importance degree of data transmission that needs to be performed by using the BIP channel in the current service operation.
In some embodiments, the token information is dynamic token information randomly generated by the terminal device, and the generation mode is determined according to the terminal self capability.
In this embodiment, a dynamic token (OTP) is generated according to a special algorithm to generate an unpredictable random number combination as passwords, each of which can be used only once, for providing the validity and uniqueness of the secure and convenient authentication function valid command. The most important advantage of the dynamic token information is that the token information used each time is different, and the problem of mistaken closing of the channel can be effectively prevented. According to the self-operation and processing capacity of the terminal, algorithms with different complexity degrees can be selected to generate the dynamic token, and the higher the self-capacity of the terminal is, the more complicated the algorithm which can be selected to generate the dynamic token can be.
According to the channel management method provided by the embodiment of the invention, the existing channel management mechanism and command are improved to support the dynamic token, so that the service operation safety is improved, the normal operation of the BIP data transmission is better ensured, and the response capability of the UICC remote data transmission to various service scenes is enhanced, so that the safety and the orderliness of the BIP channel management are improved by introducing the token mechanism, the authority of managing the channel is ensured, and the problem of mistaken closing of the channel is avoided.
Fig. 2 is a flowchart illustrating a channel management method according to another embodiment of the present invention. As shown in fig. 2, the channel management method may include the following steps.
S210, sending a channel opening command to the terminal device based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal device to open an independent bearer protocol (BIP) channel, and the channel opening command comprises: and the token requirement information of the business operation.
S220, responding to a first terminal response message of the terminal equipment, and acquiring information carried in the first terminal response message; the obtained information is obtained by the terminal device according to the processing result of the channel opening command and the token generation result of the current service operation determined according to the token requirement information.
And S230, under the condition that the BIP channel is used for completing data transmission, generating a corresponding channel closing command according to a token generation result of the current business operation.
S240, sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
According to the Channel management method provided by the embodiment of the invention, a method for improving the existing Channel management mechanism and command to support a dynamic token is provided, when the UICC sends an Open Channel command, a token mechanism can be introduced into the BIP Channel management command, whether the terminal equipment needs to provide token information is indicated to the terminal equipment through the token requirement information, so that after the terminal equipment receives and executes the Open Channel command sent by the UICC, the corresponding Close Channel command is generated according to a token generation result of the current service operation, the Close Channel command is sent to the terminal equipment, so that the terminal equipment processes the Channel closing command according to the token verification requirement corresponding to the token requirement information, and an execution result of the Channel closing command is generated; the channel management method can ensure the authority to manage the channel between the terminal and the UICC through a token mechanism, and improve the safety of service operation.
In some embodiments, in the case that the token requirement information is that a token needs to be provided, the information carried in the obtained first terminal response message includes: processing results and token information of the channel opening command; the token information is generated by the terminal equipment after executing the channel opening command under the condition that the token requirement information is determined to be the token needing to be provided; and after acquiring the information carried in the first terminal response message, the channel management method further includes: and storing the acquired token information of the business operation.
In some embodiments, when the token requirement information is that a token does not need to be provided, acquiring the information carried in the first terminal response message includes: and processing the channel opening command.
In this embodiment, if the token requirement information is that the terminal device needs to provide token information, after receiving the token information of the current service operation provided by the terminal device, the token information is stored, so that when a Close Channel command is subsequently sent for the current service operation, the token information is carried in the Close Channel command, thereby improving the security of the service operation.
In some embodiments, in the case that the token requirement information is that the token needs to be provided, after step S230 and before step S240, the channel management method further includes: and S21, carrying the stored token information of the current service operation in the channel closing command, so that when the terminal device processes the channel closing command, the token information of the current service operation carried in the channel closing command is compared with the token information of the current service operation stored in the terminal device, and when the comparison result is that the token information is consistent, the channel closing command is executed.
In this embodiment, when the UICC sends the Close Channel command to the terminal, token information corresponding to the service operation needs to be provided to ensure the authority to manage the Channel and avoid the problem of incorrect closing of the Channel, so that the service operation security is improved, the normal operation of BIP data transmission is better ensured, and the capability of the UICC remote data transmission in responding to various service scenarios is enhanced.
In some embodiments, if the channel closing command is a command in an abnormal condition, the channel closing command does not carry stored token information of the current service operation or carries token information of a non-current service operation.
In this embodiment, the terminal device is further configured to: refusing to execute the channel closing command under the condition that the channel closing command is determined not to carry the token information of the current service operation; and comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the token information is inconsistent.
In this embodiment, the occurrence of an abnormal channel closing command in an actual application scenario is complex, and therefore, if the channel closing command is a command generated under an abnormal situation, the channel closing command does not carry stored token information of this service operation or carries token information of this operation. At this time, the terminal device may refuse to execute the channel closing command when it is determined that the token information of the current service operation is not carried in the channel closing command, or refuse to execute the channel closing command when the comparison result is that the token information is inconsistent under the condition that the token information carried in the channel closing command is not the token information of the current service operation, thereby improving the security of the service operation, ensuring the normal operation of the BIP data transmission, and enhancing the capability of the UICC remote data transmission in coping with various service scenarios.
In some embodiments, the channel management method further comprises the following steps.
S31, the execution result of the channel closing command acquired from the second terminal response message is command execution success, so as to indicate that the terminal device has executed the channel closing command; s32, in response to the third terminal response message of the terminal device, acquiring the execution result of the channel closing command from the third terminal response message as a command execution failure, so as to indicate that the terminal device has rejected executing the channel closing command.
In some embodiments, before step S210, the channel management method further includes: and S41, generating token requirement information under the condition that token information needs to be provided for the business operation according to the importance information of the business operation needing to use the BIP channel for data transmission.
In this embodiment, the UICC may determine whether it is necessary to provide the token according to the importance of the data transmission.
According to the channel management method provided by the embodiment of the invention, the problem of channel management caused by disordered service sequence, misoperation and the like in a complex service scene can be solved, the normal operation of the BIP remote data transmission service is favorably ensured, the safety in the service execution process is enhanced, the USAT realization mechanism of the BIP service is improved, and the reasonability and the orderliness of the remote data transmission service realized by the UICC through the BIP are improved.
Fig. 3 is a flowchart illustrating a path management method according to an exemplary embodiment of the present invention. As shown in fig. 3, the channel management method in the embodiment of the present invention includes the following steps.
S301, the UICC generates a requirement for data transmission through the BIP.
In this step, the UICC service needs to perform remote downloading, management, and other services, and needs to perform data transmission through the BIP are generated, and the UICC may determine whether the operation needs to provide a token according to factors such as the importance of the service.
And S302, the UICC generates a Channel Open Channel command.
In this step, the UICC generates a Channel Open Channel command, the command is specifically structured as before, and a command qualifier b5 is used to indicate whether a token needs to be provided in the response message, and if so, b5 is set to 1.
And S303, the UICC sends a Channel Open Channel command to the terminal.
And S304, the terminal analyzes and processes the command after receiving the command. The processing comprises the following steps: and establishing a BIP Channel according to a Channel Open Channel command, and determining whether to provide a token.
In this step, in the Channel Open Channel command, in addition to the predetermined data content and the setting requirement, it is determined whether a token needs to be provided by parsing the command qualifier, and if so, the subsequent step S305 is continued; if not, the method is executed according to the preset existing flow. Specifically, if the token requirement information indicates that no token needs to be provided, the token requirement information (b 5: whether a token needs to be provided or not) in the command qualifier of the Channel Open Channel command in the predetermined existing flow indicates that no token needs to be provided.
S305, the terminal establishes data connection with a remote server in the network according to the command requirement, and opens a BIP channel.
And S306, the terminal generates a random dynamic token for the business operation and stores the random dynamic token for the subsequent process, and the token generation mode is determined according to the self capacity of the terminal.
S307, the Terminal generates a Terminal Response (Terminal Response) Response message, which includes the generated token, and the specific structure of the Response message is as shown in table 2.
S308, the Terminal sends a Terminal Response message.
And S309, the UICC analyzes after receiving the response message, and besides acquiring the command processing result, the UICC needs to store the token in the message for the subsequent process.
S310, after the BIP remote data transmission is completed and the BIP Channel needs to be closed, the UICC generates a Channel closing Close Channel command, the command comprises the token obtained and stored in the step 9), and the specific structure of the command is as before.
S311, the UICC sends a Channel Close Channel command to the terminal.
And S312, the terminal acquires the token through processing after receiving the command, and compares the token with the token generated and stored in the step S306.
In this step, whether the received Channel Close Channel command is the Channel management command of the current operation is authenticated through the comparison result, if the comparison is consistent, the subsequent step is continued, if the comparison is inconsistent, the command execution fails, and the result is returned to the UICC through the Terminal Response.
S313, the terminal ends data connection with a remote server in the network according to the command requirement, and closes the BIP channel.
S314, the Terminal generates a Terminal Response message containing the command processing result.
S315, the Terminal sends a Terminal Response message, returns the result to the Terminal, and the process is finished.
According to the channel management method provided by the embodiment of the invention, aiming at the problem that the security of the channel is influenced by bugs of the UICC in the BIP channel management used for remote data transmission, particularly error management operation on the BIP channel which is more likely to be generated in a complex scene, the method for improving the management command to support the dynamic token mechanism is provided. The channel management method adds a new data object supporting the dynamic token and data domain setting content representing a newly added requirement through modification and extended definition of the existing command, and adjusts and specifies the flow and rules of interaction between the terminal and the USIM according to a scheme target so as to ensure the authority of managing the channel and avoid the enumerated problem of mistakenly closing the channel.
The following describes a path management apparatus according to an embodiment of the present invention in detail with reference to the accompanying drawings.
Fig. 4 is a schematic structural diagram of a channel management apparatus according to an embodiment of the present invention. As shown in fig. 4, the path management apparatus includes the following modules.
An information obtaining module 410, configured to respond to a channel opening command of a universal integrated circuit card UICC, and obtain token requirement information of the UICC for the service operation from the channel opening command.
The first command processing module 420 is configured to execute the channel opening command, generate a processing result of the channel opening command, and determine a token generation result of the current service operation according to the token requirement information.
A message sending module 430, configured to send a first terminal response message to the UICC, where the information carried in the first terminal response message is information determined by a processing result of the channel open command and a token generation result.
The second command processing module 440 is configured to, in response to the channel closing command of the UICC, process the channel closing command according to the token verification requirement corresponding to the token requirement information, and generate an execution result of the channel closing command.
In some embodiments, the token information is dynamic token information randomly generated by the terminal device, and the generation mode is determined according to the terminal self capability.
In some embodiments, when the token requirement information indicates that a token needs to be provided, determining a token generation result of the current service operation includes: generating and storing token information of the current service operation at the terminal; the information carried in the first terminal response message includes: processing results of the channel opening command and token information of the current service operation stored in the terminal; the token verification requirement corresponding to the token requirement information is: token information verification is required; under the condition that the token requirement information does not need to provide a token, determining a token generation result of the business operation comprises the following steps: determining token information which does not need to generate the business operation; the information carried in the first terminal response message includes: processing results of the channel opening command; the token verification requirement corresponding to the token requirement information is: no token information verification is required.
In some embodiments, when the token requirement information is that a token needs to be provided, the first command processing module 420 is specifically configured to process the channel closing command according to the token verification requirement corresponding to the token requirement information, and generate an execution result of the channel closing command, specifically including: the comparison unit is used for comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored by the terminal; the execution unit is used for executing the channel closing command under the condition that the comparison result is determined to be that the token information is consistent; the message sending module 430 is further configured to send a second terminal response message to the UICC, where the second terminal response message is used to indicate that the execution result of the channel closing command is that the command execution is successful.
In some embodiments, in a case that the comparison result is that the token information is inconsistent, or in a case that the token information of the current service operation is not carried in the channel closing command, the channel management apparatus further includes: the command rejection module is used for rejecting the execution of the channel closing command; the message sending module 430 is further configured to send a third terminal response message to the UICC, where the third terminal response message is used to indicate that the execution result of the channel closing command is a command execution failure.
In some embodiments, the channel opening command is used to instruct the terminal device to open an independent bearer protocol BIP channel; the token requirement information is information set by the UICC according to the importance degree of the service operation requiring the BIP channel for data transmission.
According to the Channel management device of the embodiment of the invention, a token mechanism is introduced into a BIP Channel management command, when a terminal receives a USAT command of an Open Channel sent by a UICC, a random token is generated and stored after the command is executed, meanwhile, a dynamic token of the operation needs to be provided in a terminal response, and when the UICC sends a Close Channel command to the terminal after data transmission of the command is completed, the token provided by the corresponding Open Channel command needs to be provided to ensure the authority of managing the Channel and avoid the problem of wrong closing of the Channel.
Fig. 5 is a schematic structural diagram of a channel management apparatus according to an embodiment of the present invention. As shown in fig. 5, the path management apparatus includes the following modules.
A command sending module 510, configured to send a channel opening command to the terminal device based on the data transmission requirement of the service operation, where the channel opening command is used to instruct the terminal device to open an independent bearer protocol BIP channel, and the channel opening command includes: and the token requirement information of the business operation.
An information obtaining module 520, configured to respond to a first terminal response message of a terminal device, and obtain information carried in the first terminal response message; the obtained information is obtained by the terminal device according to the processing result of the channel opening command and the token generation result of the current service operation determined according to the token requirement information.
The command generating module 530 is configured to generate a corresponding channel closing command according to a token generation result of the current service operation when the BIP channel is used to complete data transmission.
A command sending module 510, configured to send a channel closing command to the terminal device; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
In some embodiments, in the case that the token requirement information is that a token does not need to be provided, the information carried in the obtained first terminal response message includes: and processing the channel opening command.
In some embodiments, in the case that the token requirement information is that a token needs to be provided, the information carried in the obtained first terminal response message includes: processing results and token information of the channel opening command; the token information is generated by the terminal device after executing the channel opening command under the condition that the token requirement information is determined to be the token which needs to be provided.
In this embodiment, the path management apparatus further includes: the token storage module is configured to, after obtaining the information carried in the first terminal response message, further include: and storing the acquired token information of the business operation.
In some embodiments, the command generating module 530 is further configured to, when the token requirement information is that a token needs to be provided, after generating a corresponding channel closing command according to a token generation result of the current service operation and before sending the channel closing command to the terminal device, carry the stored token information of the current service operation in the channel closing command, so that when the terminal device processes the channel closing command, compare the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal device, and execute the channel closing command if the comparison result is that the token information is consistent.
In some embodiments, if the channel closing command is a command in an abnormal condition, the channel closing command does not carry stored token information of the current service operation or carries token information of the non-current service operation; in this embodiment, the terminal device is further configured to: and refusing to execute the channel closing command under the condition of determining that the channel closing command does not carry the token information of the current service operation. And comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the token information is inconsistent.
In some embodiments, the path management apparatus further comprises: and the execution result acquisition module is used for responding to a second terminal response message of the terminal equipment, acquiring the execution result of the channel closing command from the second terminal response message as successful command execution, and indicating that the terminal equipment has executed the channel closing command.
In some embodiments, the execution result obtaining module is further configured to, in response to a third terminal response message of the terminal device, obtain, from the third terminal response message, that the execution result of the channel closing command is a command execution failure, so as to indicate that the terminal device has rejected execution of the channel closing command.
In some embodiments, the path management apparatus further comprises: the request information generating module is used for generating token request information under the condition that token information needs to be provided for the business operation according to importance information of data transmission needing to be carried out by using a BIP channel in the business operation before a channel opening command is sent to the terminal equipment based on the data transmission request of the business operation.
According to the Channel management device of the embodiment of the invention, a method for improving the existing Channel management mechanism and command to support a dynamic token is provided, when a UICC sends a USAT command of Open Channel, a token mechanism can be introduced into a BIP Channel management command, the token requirement information indicates that a terminal device needs to provide a token, so that the terminal device generates and stores random token information after receiving and executing the Open Channel command sent by the UICC, and simultaneously needs to provide the dynamic token of operation in a terminal response, when the UICC sends a Close Channel command to the terminal after data transmission of the command is completed, the token provided by the corresponding Open Channel command needs to be provided to ensure the authority of managing the Channel and avoid the problem of wrong closing of the Channel, thereby improving the safety of service operation and better ensuring the normal operation of BIP data transmission, the capability of UICC remote data transmission in coping with various service scenes is enhanced.
It is to be understood that the invention is not limited to the particular arrangements and instrumentality described in the above embodiments and shown in the drawings. For convenience and brevity of description, detailed description of a known method is omitted here, and for the specific working processes of the system, the module and the unit described above, reference may be made to corresponding processes in the foregoing method embodiments, which are not described herein again.
Fig. 6 is a block diagram illustrating an exemplary hardware architecture of a computing device capable of implementing the channel management method and apparatus according to embodiments of the present invention.
As shown in fig. 6, computing device 600 includes an input device 601, an input interface 602, a central processor 603, a memory 604, an output interface 605, and an output device 606. The input interface 602, the central processing unit 603, the memory 604, and the output interface 605 are connected to each other via a bus 610, and the input device 601 and the output device 606 are connected to the bus 610 via the input interface 602 and the output interface 605, respectively, and further connected to other components of the computing device 600.
Specifically, the input device 601 receives input information from the outside, and transmits the input information to the central processor 603 through the input interface 602; the central processor 603 processes input information based on computer-executable instructions stored in the memory 604 to generate output information, stores the output information temporarily or permanently in the memory 604, and then transmits the output information to the output device 606 through the output interface 605; output device 606 outputs output information to the exterior of computing device 600 for use by a user.
In one embodiment, the computing device 600 shown in FIG. 6 may be implemented as an electronic device that may include: a memory configured to store a program; a processor configured to execute the program stored in the memory to perform the channel management method described in the above embodiments.
According to an embodiment of the invention, the process described above with reference to the flow chart may be implemented as a computer software program. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network, and/or installed from a removable storage medium.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions which, when run on a computer, cause the computer to perform the methods described in the various embodiments above. The procedures or functions according to the embodiments of the invention are brought about in whole or in part when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (14)

1. A method for channel management, comprising:
responding to a channel opening command of a Universal Integrated Circuit Card (UICC), and acquiring token requirement information of the UICC for the current service operation from the channel opening command;
executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the current service operation according to the token requirement information;
sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is determined by the processing result of the channel opening command and the token generation result;
responding to a channel closing command of the UICC, processing the channel closing command according to a token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
2. The method of claim 1,
under the condition that the token requirement information is that a token needs to be provided, the determining of the token generation result of the current business operation includes: generating and storing token information of the current service operation at the terminal; the information carried in the first terminal response message includes: the processing result of the channel opening command and the token information of the current service operation stored in the terminal; the token verification requirement corresponding to the token requirement information is as follows: token information verification is required;
under the condition that the token requirement information does not need to provide a token, the determining a token generation result of the current business operation comprises: determining token information which does not need to generate the business operation; the information carried in the first terminal response message includes: processing results of the channel opening command; the token verification requirement corresponding to the token requirement information is as follows: no token information verification is required.
3. The method according to claim 1 or 2, wherein, in a case that the token requirement information is that a token needs to be provided, the processing the channel closing command according to the token verification requirement corresponding to the token requirement information to generate an execution result of the channel closing command includes:
comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored by the terminal;
executing the channel closing command under the condition that the comparison result is determined to be that the token information is consistent;
and sending a second terminal response message to the UICC, wherein the second terminal response message is used for indicating that the execution result of the channel closing command is command execution success.
4. The method according to claim 3, wherein when the comparison result is that the token information is inconsistent, or when the token information of the current service operation is not carried in the channel closing command, the method further comprises:
refusing to execute the channel closing command;
and sending a third terminal response message to the UICC, wherein the third terminal response message is used for indicating that the execution result of the channel closing command is command execution failure.
5. The method according to claim 1 or 2,
the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel;
the token requirement information is information set by the UICC according to the importance degree of the service operation requiring the BIP channel for data transmission.
6. A method for channel management, comprising:
sending a channel opening command to the terminal equipment based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel, and the channel opening command comprises: token requirement information of the business operation;
responding to a first terminal response message of terminal equipment, and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal device according to the processing result of the channel opening command and the token generation result of the current service operation determined according to the token requirement information;
under the condition that the BIP channel is used for finishing data transmission, generating a corresponding channel closing command according to a token generation result of the current business operation;
sending the channel closing command to the terminal equipment; the terminal device is configured to process the channel closing command according to a token verification requirement corresponding to the token requirement information, so as to generate an execution result of the channel closing command.
7. The method of claim 6,
in the case that the token requirement information is that a token does not need to be provided, the acquired information includes: processing results of the channel opening command;
in the case that the token requirement information is that a token needs to be provided, the acquired information includes: processing results and token information of the channel opening command; the token information is generated after the terminal device executes the channel opening command under the condition that the token requirement information is determined to be the token which needs to be provided;
after the obtaining of the information carried in the first terminal response message, the method further includes: and storing the acquired token information of the business operation.
8. The method according to claim 7, wherein when the token requirement information indicates that a token needs to be provided, after generating a corresponding channel closing command according to a token generation result of the current service operation and before sending the channel closing command to the terminal device, the method further includes:
and carrying the stored token information of the current service operation in the channel closing command, so that when the terminal equipment processes the channel closing command, the token information of the current service operation carried in the channel closing command is compared with the token information of the current service operation stored in the terminal equipment, and the channel closing command is executed under the condition that the comparison result is that the token information is consistent.
9. The method of claim 7,
if the channel closing command is a command under an abnormal condition, the channel closing command does not carry stored token information of the current service operation or carries token information of the non-current service operation;
the terminal device is further configured to: refusing to execute the channel closing command under the condition that the channel closing command is determined not to carry the token information of the current service operation; and comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the comparison result is that the token information is inconsistent.
10. The method of claim 6, further comprising:
responding to a second terminal response message of the terminal equipment, and acquiring an execution result of the channel closing command from the second terminal response message as command execution success so as to indicate that the terminal equipment has executed the channel closing command;
and responding to a third terminal response message of the terminal equipment, wherein the execution result of the channel closing command acquired from the third terminal response message is command execution failure, so as to indicate that the terminal equipment refuses to execute the channel closing command.
11. The method according to claim 6, wherein before the sending a channel opening command to the terminal device based on the data transmission requirement of the current service operation, the method further comprises:
and determining token requirement information of the business operation to provide the token for the requirement according to the importance information of the data transmission by using the BIP channel required by the business operation.
12. A path management apparatus, comprising:
the information acquisition module is used for responding to a channel opening command of a Universal Integrated Circuit Card (UICC) and acquiring token requirement information of the UICC for the current service operation from the channel opening command;
the first command processing module is used for executing the channel opening command, generating a processing result of the channel opening command and determining a token generation result of the current business operation according to the token requirement information;
a message sending module, configured to send a first terminal response message to the UICC, where information carried in the first terminal response message is information determined by a processing result of the channel opening command and a token generation result;
and the second command processing module is used for responding to a channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
13. A path management apparatus, characterized in that the apparatus comprises:
a command sending module, configured to send a channel opening command to a terminal device based on a data transmission requirement of the current service operation, where the channel opening command is used to instruct the terminal device to open an independent bearer protocol BIP channel, and the channel opening command includes: token requirement information of the business operation;
the information acquisition module is used for responding to a first terminal response message of the terminal equipment and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal device according to the processing result of the channel opening command and the token generation result of the current service operation determined according to the token requirement information;
the command generation module is used for generating a corresponding channel closing command according to a token generation result of the current business operation under the condition that the BIP channel is used for finishing data transmission;
the command sending module is further used for sending the channel closing command to the terminal equipment; the terminal device is configured to process the channel closing command according to a token verification requirement corresponding to the token requirement information, so as to generate an execution result of the channel closing command.
14. An electronic device, comprising:
one or more processors;
memory having one or more programs stored thereon that, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-5, or any of claims 6-11.
CN202111544528.1A 2021-12-16 2021-12-16 Channel management method and device and electronic equipment Active CN114244887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111544528.1A CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111544528.1A CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN114244887A true CN114244887A (en) 2022-03-25
CN114244887B CN114244887B (en) 2023-05-12

Family

ID=80757448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111544528.1A Active CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114244887B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277679A (en) * 2022-07-29 2022-11-01 山石网科通信技术股份有限公司 File synchronization method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105812127A (en) * 2016-05-24 2016-07-27 飞天诚信科技股份有限公司 NFC dynamic token and working method thereof
US20170244691A1 (en) * 2014-10-23 2017-08-24 Gemalto Sa Method of sending data from a secure token to a distant server
US20170331806A1 (en) * 2016-05-13 2017-11-16 Sap Se Dual token based authentication and transport mechanism
US20180219679A1 (en) * 2015-07-13 2018-08-02 Gemalto Sa Security management system for performing a secure transmission of data from a token to a service provider server by means of an identity provider server
US20190132305A1 (en) * 2016-05-24 2019-05-02 Feitian Technologies Co., Ltd. Nfc dynamic token and working method thereof
CN113273133A (en) * 2018-12-27 2021-08-17 贝宝公司 Token management layer for automatic authentication during communication channel interaction
CN113490211A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Auxiliary security domain establishing method, SM-SR and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170244691A1 (en) * 2014-10-23 2017-08-24 Gemalto Sa Method of sending data from a secure token to a distant server
US20180219679A1 (en) * 2015-07-13 2018-08-02 Gemalto Sa Security management system for performing a secure transmission of data from a token to a service provider server by means of an identity provider server
US20170331806A1 (en) * 2016-05-13 2017-11-16 Sap Se Dual token based authentication and transport mechanism
CN105812127A (en) * 2016-05-24 2016-07-27 飞天诚信科技股份有限公司 NFC dynamic token and working method thereof
US20190132305A1 (en) * 2016-05-24 2019-05-02 Feitian Technologies Co., Ltd. Nfc dynamic token and working method thereof
CN113273133A (en) * 2018-12-27 2021-08-17 贝宝公司 Token management layer for automatic authentication during communication channel interaction
CN113490211A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Auxiliary security domain establishing method, SM-SR and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
朱玉飞 等: "流体系结构密码处理器存储系统的研究与设计", 电子学报 *
杜玉杰 等: "SW-TPM便携式身份认证", 计算机安全 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277679A (en) * 2022-07-29 2022-11-01 山石网科通信技术股份有限公司 File synchronization method and system
CN115277679B (en) * 2022-07-29 2024-04-12 山石网科通信技术股份有限公司 File synchronization method and system

Also Published As

Publication number Publication date
CN114244887B (en) 2023-05-12

Similar Documents

Publication Publication Date Title
RU2391796C2 (en) Limited access to functional sets of mobile terminal
US11310641B2 (en) Entitlement server connected eSIMS
EP2651097B1 (en) Method of authenticating a user at a service on a service server, application and system
CN113014568B (en) Account login method, equipment and server
CN110417730B (en) Unified access method of multiple application programs and related equipment
CN110222500A (en) Method for edition management, device, equipment and computer readable storage medium
US20150113113A1 (en) Application takeover method and system, mobile terminal, and server
JP2011170859A (en) Storage medium
CN111355723B (en) Single sign-on method, device, equipment and readable storage medium
CN109743722B (en) Network connection processing method and device
CN105338529B (en) Wireless network connection method and system
SG189085A1 (en) User account recovery
CN112448956B (en) Authority processing method and device of short message verification code and computer equipment
CN109195157B (en) Application management method and device and terminal
CN114244887A (en) Channel management method and device and electronic equipment
US20070174348A1 (en) Databases synchronization
CN113242543B (en) USIM-based application control method, USIM, terminal and medium
CN112367661B (en) USAT application matching implementation method, USIM, terminal, device and medium
US20190147193A1 (en) Method for a first start-up operation of a secure element which is not fully customized
CN114221989B (en) Channel service management method and device and electronic equipment
CN113438223A (en) Bank card security setting method and device
EP3794790B1 (en) Application program access control
CN101662770A (en) Method for accessing wireless application protocol network, mobile terminal, server and system
CN108990046B (en) Connection method of mobile network
CN116886378A (en) Access control method, terminal, USIM and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant