CN101729243A - Method and system for updating key - Google Patents
Method and system for updating key Download PDFInfo
- Publication number
- CN101729243A CN101729243A CN200810169491A CN200810169491A CN101729243A CN 101729243 A CN101729243 A CN 101729243A CN 200810169491 A CN200810169491 A CN 200810169491A CN 200810169491 A CN200810169491 A CN 200810169491A CN 101729243 A CN101729243 A CN 101729243A
- Authority
- CN
- China
- Prior art keywords
- smart card
- security domain
- management platform
- service terminal
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for updating a key. The method comprises the following steps that: a card issuer management platform receives a main security domain updating request of an intelligent card sent from a service terminal in a pre-determined data format and selects the main security domain of the intelligent card via the service terminal so as to establish a safety passage with the intelligent card; and the card issuer management platform and the intelligent card perform key updating operation on the selected main security domain via the safety passage. By using the technical scheme, the method can realize updating of the main security domain key of the intelligent card via the service terminal in a safe way.
Description
Technical field
The present invention relates to the communications field, and especially, relate to a kind of key updating method and system.
Background technology
In correlation technique, near-field communication technology (Near Field Communication, abbreviate NFC as) be a kind of the short distance wireless communication technology that works in 13.56MHz, this technology merges differentiation by radio-frequency (RF) identification (Radio Frequency Identification abbreviates RFID as) technology and interconnection technique.Mobile communication terminals such as mobile phone can be simulated non-contact IC card after integrated NFC technology, the related application that is used to pay by mails, and mobile phone is applied to the E-Payment field, can further enlarge the scope of application of mobile phone, it is convenient to bring for people's life, exists wide application prospect.
In correlation technique, for realizing mobile electronic payment based on the NFC technology, need set up the electronic payment of mobile terminal system, and by the management of this system's realization to electronic payment of mobile terminal, wherein, the electronic payment of mobile terminal system comprises: the safety of the download that the distribution of smart card, E-Payment are used, installation and individualized and employing correlation technique and management strategy realization E-Payment etc.
Main security domain (Issuer Security Domain, abbreviate ISD as), be called issuer security domain again, be that the card issuing merchant forces the main security domain that distributes, it can be used to represent current card, and main security domain comprises the security domain key that is used to support running of escape way agreement and card Content Management.
Particularly, security domain key comprises main security domain key, be used for guaranteeing the integrality and the confidentiality of application data in the initialization and the use of safe lane, and the card of recognizing each other that is used to realize card and the outer entity of card.Each security domain (comprising main security domain) has at least one group key, be respectively safe lane encryption key (Secure Channel-Encryption, abbreviate S-ENC as), safe lane Information Authentication coded key (SecureChannel-Message Authentication Code, abbreviate S-MAC as) and data encryption key (Data Encryption Key, abbreviate DEK as), in the initialization of safe lane and use, generate corresponding session key, and use this session key with these keys.
Soon expired when main security domain key, leak or when assessment was confirmed to have risk of leakage, card issuing merchant management platform must be upgraded main security domain key.Main security domain key is upgraded and is comprised upgrading according to plan and forcing and upgrade, and wherein, upgrading according to plan is update cycle according to the main security domain of setting, main security domain key be about to expired before, main security domain key is upgraded; Forcing to upgrade is leakage to occur or confirm that through assessment key exists under the situation of risk of leakage in main security domain key, and main security domain key is forced to upgrade.
From top description as can be seen, it is an important means guaranteeing to pay by mails on the smart card application safety that the main security domain key of smart card is upgraded, but, at present, main security domain key for smart card is upgraded the concrete scheme that also do not propose, therefore, be badly in need of a kind of technical scheme that can upgrade smart card master security domain key easily and fast.
Summary of the invention
Consider and to use service terminal to realize the problem that main security domain key is upgraded in the correlation technique and propose the present invention that for this reason, main purpose of the present invention is to provide a kind of key updating method and system, to solve the problems referred to above that exist in the correlation technique.
According to an aspect of the present invention, provide a kind of key updating method, be used for the smart card of portable terminal is carried out the renewal of main security domain key.
Key updating method according to the present invention comprises: card issuing merchant management platform receives the smart card master security domain key update request that service terminal sends with the tentation data form, and select the main security domain of smart card by service terminal, set up escape way with smart card; Card issuing merchant management platform and smart card carry out the key updating operation by escape way to the main security domain of selecting.
In addition, card issuing merchant management platform receives before the smart card master security domain key update request of service terminal transmission, said method further comprises: service terminal sends smart card master security domain key update request to card issuing merchant management platform, wherein, carry the characteristic information of smart card in the smart card master security domain key update request.
In addition, service terminal sends smart card master security domain key update request and arrives before the card issuing merchant management platform, and said method further comprises: service terminal sends to smart card and reads the smartcard features message command; In response to reading the smartcard features message command, smart card is encapsulated in its characteristic information in the response message that reads the smartcard features message command and sends to service terminal.
In addition, after card issuing merchant management platform receives smart card master security domain key update request, said method further comprises: card issuing merchant management platform is obtained the characteristic information that carries in the smart card master security domain key update request, and judges whether that according to characteristic information needs upgrade; Be judged as under the situation that is, card issuing merchant management platform is selected the main security domain of smart card by service terminal.
Wherein, card issuing merchant management platform and smart card are set up specifically being treated to of escape way: card issuing merchant management platform is set up escape way according to predetermined safe lane agreement and smart card, and when setting up escape way, card issuing merchant management platform and smart card carry out the negotiation of authentication and session key.
Wherein, card issuing merchant management platform and smart card carry out specifically being treated to of key updating operation of smart card master security domain: card issuing merchant management platform adopts main security domain key that new main safe key is encrypted, and is encapsulated in the predetermined command; Card issuing merchant management platform encapsulates predetermined command as data, and sends to smart card by service terminal; After smart card received predetermined command, deciphering obtained new main security domain key, carried out main security domain key and upgraded operation, and send response message by service terminal to card issuing merchant management platform; Service terminal receives the key updating that the card distributor management platform sends and finishes order, and the communicating by letter of end and smart card.
According to a further aspect in the invention, provide a kind of key updating system.
Comprise according to key updating of the present invention system: card issuing merchant management platform, be used to receive the smart card master security domain key update request that service terminal sends with the tentation data form, and select the main security domain of smart card by service terminal, after setting up escape way, by escape way the main security domain of selecting is carried out the key updating operation with smart card with smart card; Service terminal, be used to send smart card master security domain key update request to card issuing merchant management platform, and between card issuing merchant management platform and smart card, transmit data pellucidly, wherein, carry the characteristic information of smart card in the smart card master security domain key update request; Smart card is used for by escape way the main security domain of selecting being carried out the key updating operation by service terminal and card issuing merchant management platform.
In addition, service terminal is further used for reading the smartcard features message command to the smart card transmission.
In addition, smart card is further used in response to reading the smartcard features message command, and its characteristic information is encapsulated in the response message that reads the smartcard features message command sends to service terminal.
In addition, above-mentioned card issuing merchant management platform further comprises: acquisition module is used for obtaining the characteristic information of the smart card of smart card master security domain key update request; Judge module is used for judging whether that according to the characteristic information of smart card needs upgrade; Select module, be used for being judged as under the situation that is, select the main security domain of smart card by service terminal at judge module.
In addition, above-mentioned card issuing merchant management platform further comprises: set up module, be used for setting up escape way according to predetermined safe lane agreement and smart card; Authentication module is used for when setting up escape way, carries out authentication with smart card.
In addition, above-mentioned card issuing merchant management platform further comprises: encrypting module is used to adopt main security domain key that new main safe key is encrypted; First package module is used for the new main safe key after encrypting is encapsulated in predetermined command; Second package module is used for predetermined command is encapsulated as data; Sending module is used for by service terminal predetermined command being sent to smart card; Receiver module is used for behind the response message that receives the service terminal transmission, sends key updating to service terminal and finishes order.
By means of technical scheme of the present invention, provide a kind of and realized the smart card method for updating by service terminal, solved and to have used service terminal to carry out the problem that smart card upgrades in the correlation technique, can realize safety, smart card master security domain key renewal easily by service terminal, fill up the blank in the correlation technique.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the block diagram according to the key updating system of the embodiment of the invention;
Fig. 2 is the flow chart according to the key updating method of the embodiment of the invention;
Fig. 3 is the signaling process figure according to the detailed process of the key updating method of the embodiment of the invention.
Embodiment
Functional overview
At present, in correlation technique, do not propose as yet to use service terminal to realize the technical scheme that smart card master security domain key is upgraded, therefore, the invention provides and a kind ofly realize main security domain key method for updating by service terminal, comprise: card issuing merchant management platform receives the smart card master security domain key update request that service terminal sends with the tentation data form, and selects the main security domain of smart card by service terminal, sets up escape way with smart card; Card issuing merchant management platform and smart card carry out the key updating operation of smart card master security domain, to realize the security update of main security domain key.
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
System embodiment
According to embodiments of the invention, a kind of key updating system is provided, Fig. 1 is the block diagram according to the key updating system of the embodiment of the invention, at present, frame requirements based on the electronic payment of mobile terminal system of near-field communication satisfies by global platform (Global Platform, abbreviate GP as) global platform card standard 2.1.1 or 2.2 versions (GlobalPlatform Card Specification V2.1.1 or V2.2) organized to set up, if this system supports the GP2.1.1 standard, then the escape way agreement just needs to support based on symmetric key (Security ChannelProtocol 02 abbreviates SCP02 as); If this system supports the GP2.2 standard, the escape way agreement need be supported SCP02 and based on unsymmetrical key (Security ChannelProtocol 10, abbreviate SCP10 as), and card issuing merchant, application provider can select according to the demand of security strategy.
The electronic payment of mobile terminal system mainly is made up of card issuing merchant management platform, application provider's management platform and portable terminal, can have a plurality of application providers management platform in the system.
The smart card that possesses the E-Payment supported in the portable terminal, for security management and the download of paying application, the installation etc. that realize smart card, smart card needs to set up with card distributor management platform and application provider's management platform communicate by letter, sets up between the service terminal that smart card can use mobile communications network or pass through management platform by portable terminal and the management platform and communicates by letter.
Electronic payment of mobile terminal system based on the near-field communication technology supports the polyelectron payment to use, that is, a plurality of E-Payments can be installed on smart card use.In order to realize paying the safety of application, smart card adopts Global Platform Card Specification V2.1/V2.2 standard, smart card is separated into several independently security domains, guaranteeing a plurality of application isolation and independence each other, each application provider's management security domain and application, application data etc. separately.
Below, based on above-mentioned system architecture, the system of the key updating that realizes by service terminal is described in detail, need to prove that key updating of the present invention system is the part of above-mentioned electronic payment of mobile terminal system based on near-field communication.
According to embodiments of the invention, a kind of key updating system is provided, Fig. 1 is the block diagram according to the key updating system of the embodiment of the invention, as shown in Figure 1, comprise sheet distributor management platform 10, service terminal 12 and smart card 14 (being positioned at portable terminal), below above-mentioned key updating system is described in detail.
Card issuing merchant management platform 10 is responsible for the distribution and the management of card, and resource and life cycle, key, certificate and the application etc. that block are managed.Be used to receive the smart card 14 main security domain key update requests that service terminal 12 sends with the tentation data form, and select the main security domain of smart cards 14 by service terminal 12, after setting up escape way, by escape way the main security domain of selecting is carried out the key updating operation with smart card 14 with smart card 14.
Service terminal 12, the card issuing merchant can provide the relevant service of smart card 14 by the service terminal 12 of outlet to the user, for example, key updating, download that E-Payment is used and renewal etc., in addition, card issuing merchant's service terminal 12 can be connected to card issuing merchant management platform 10 by the service terminal management system, service terminal 12 disposes read-write equipment for smart card, communicate by smart card fetch equipment and smart card 14, read-write equipment for smart card can be contactless reader or contact intelligent card read write line, when adopting non-contact reader-writer, smart card 14 is placed on portable terminal, and service terminal 12 adopts the near-field communication agreement to communicate by portable terminal and smart card 14; When adopting the contact intelligent card read write line, service terminal 12 by intelligent card read/write device directly and smart card 14 communicate.In the present invention, service terminal 12 at first needs to send smart card 14 main security domain key update requests to card issuing merchant management platform 10, and between card issuing merchant management platform 10 and smart card 14, transmit data pellucidly, wherein, carry the characteristic information of smart card 14 in the smart card 14 main security domain key update requests.
Smart card 14 is used for by escape way the main security domain of selecting being carried out the key updating operation by service terminal 12 and card issuing merchant management platform 10.Need to prove, above-mentioned smart card is meant IC chip or the smart card that meets Global Platform Card Specification V2.1.1/V2.2 standard, can or be integrated in IC chip on the portable terminal for (U) SIM card, pluggable intelligent memory card on the physical form.
In addition, when needs upgraded main security domain key, service terminal 12 was further used for reading the smartcard features message command to smart card 14 transmissions; Smart card 14 is in response to reading the smartcard features message command, and its characteristic information is encapsulated in sends to service terminal 12 in the response message that reads the smartcard features message command.
Service terminal 12 at first reads the characteristic information of smart card 14, smartcard features information refer to can identification intelligent card 14 information, can be integrated circuit card identification code (Integrated Circuit Card Identity abbreviates ICCID as); Service terminal 12 is included in this information and sends to card issuing merchant management platform 10 in the key updating request together then.
In addition, above-mentioned card issuing merchant management platform 10 further comprises:
Acquisition module is used for obtaining the characteristic information of the smart card 14 of smart card 14 main security domain key update requests;
Judge module is used for judging whether that according to the characteristic information of smart card 14 needs upgrade;
Select module, be used for being judged as under the situation that is, select the main security domain of smart card 14 by service terminal 12 at judge module.
Set up module, be used for setting up escape way according to predetermined safe lane agreement and smart card 14; Need to prove, when the main security domain key of carrying out smart card 14 by service terminal 12 is upgraded, in order to realize the safety of communication between smart card 14 and the card issuing merchant management platform 10, can set up safe lane according to the regulation of appendix E Secure Channel Protocol 02 among the Global Platform Card Specification V2.2 between them.
Authentication module is used for when setting up escape way, carries out the negotiation of authentication and communication encryption with smart card 14.
On the other hand, service terminal 12 is not grasped the key of communicating by letter with smart card 14, the order that sends to smart card 14 is by 10 encapsulation of card issuing merchant management platform, and will order as data according to the communication protocol between service terminal 12 and the card issuing merchant management platform 10 and send to service terminal 12, service terminal 12 is transferred to smart card 14 with the data transparency that receives, the enciphered message of service terminal 12 in can't resolve command; Smart card 14 sends to the response message of card issuing merchant management platform 10, is transferred to card issuing merchant management platform 10 by service terminal 12 as data transparency, the enciphered message of service terminal 12 in can't resolution response.
Encrypting module is used to adopt main security domain key that new main safe key is encrypted;
First package module is used for the new main safe key after encrypting is encapsulated in predetermined command (PUT KEY order);
Second package module is used for predetermined command is encapsulated as data;
Sending module is used for by service terminal 12 predetermined command being sent to smart card;
The key that smart card 14 uses new main security domain key more to exist on the neocaine is finished the renewal of main security domain key, after finishing renewal, sends response messages by service terminal 12 to card issuing merchant management platform 10.
Receiver module is used for behind the response message that receives service terminal 12 transmissions, sends key updatings to service terminal 12 and finishes order.
By above-mentioned processing, can realize the renewal of smart card master security domain key safely by service terminal.
Method embodiment
According to embodiments of the invention, a kind of key updating method is provided, be used for the smart card of portable terminal is carried out the renewal of main security domain key.Fig. 2 is the flow chart according to the key updating method of the embodiment of the invention, as shown in Figure 2, comprises following processing:
Step S202, card issuing merchant management platform receives the smart card master security domain key update request that service terminal sends with the tentation data form, and selects the main security domain of smart card by service terminal, sets up escape way with smart card.
Before the processing of carrying out step S202, soon expired when main security domain key, leak or when assessment is confirmed to have risk of leakage, card issuing merchant management platform must be upgraded main security domain key, at this moment, card issuing merchant management platform can be used phone or SMS notification user to carry card to go to its outlet to carry out key updating by service terminal.The user have notice carry smart card and go to its outlet after, carry out smart card master security domain key by service terminal and upgrade and specifically comprise following processing:
1, service terminal sends to smart card and reads the smartcard features message command; 2, in response to reading the smartcard features message command, smart card is encapsulated in its characteristic information in the response message that reads the smartcard features message command and sends to service terminal; 3, service terminal sends smart card master security domain key update request to card issuing merchant management platform, wherein, carries the characteristic information of smart card in the smart card master security domain key update request; 4, card issuing merchant management platform is obtained the characteristic information that carries in the smart card master security domain key update request, and judges whether that according to characteristic information needs upgrade; 5, be judged as under the situation that is, card issuing merchant management platform is selected the main security domain of smart card by service terminal.
In step S202, card issuing merchant management platform and smart card are set up specifically being treated to of escape way: card issuing merchant management platform is set up escape way according to predetermined safe lane agreement and smart card, and when setting up escape way, card issuing merchant management platform and smart card carry out authentication.
Step S204, card issuing merchant management platform and smart card carry out the key updating operation by escape way to the main security domain of selecting.
In step S204, card issuing merchant management platform and smart card carry out specifically being treated to of key updating operation of smart card master security domain: 1, card issuing merchant management platform adopts main security domain key that new main safe key is encrypted, and is encapsulated in the predetermined command; 2, card issuing merchant management platform encapsulates predetermined command as data, and sends to smart card by service terminal; 3, after smart card received predetermined command, deciphering obtained new main security domain key, carried out main security domain key and upgraded operation, and send response message by service terminal to card issuing merchant management platform; 4, service terminal receives the key updating that the card distributor management platform sends and finishes order, and the communicating by letter of end and smart card.
Below, in conjunction with example, technique scheme of the present invention is described in detail, as shown in Figure 3, Fig. 3 is the signaling process figure according to the detailed process of the key updating method of the embodiment of the invention, need to prove that the present invention is based on key updating system architecture shown in Figure 1 is that example is described, but is not limited to the framework of key updating system shown in Figure 1.In the framework of Fig. 1, card issuing merchant management platform is responsible for the management of key, and it finishes renewal to main security domain key on the smart card by service terminal.As shown in Figure 3, comprise following processing:
1, service terminal sends to smart card and reads the smartcard features message command, wherein smartcard features information refer to can the identification intelligent card information, preferably, can be ICCID.
2, after smart card receives and reads the smartcard features message command, oneself characteristic information is encapsulated in reads in the smartcard features information response, send to service terminal then.
3, service terminal sends smart card master security domain key update request to card issuing merchant management platform, wherein, the data format of main security domain key update request can define in the Technical Interface Specification of service terminal and card issuing merchant management platform, card issuing merchant management platform needs to comprise the ICCID of smart card in the data of main security domain key update request, so that can be learnt the smart card that needs to upgrade main security domain key.
4, after card issuing merchant management platform is received main security domain key update request, judge and apply for more whether the smart card of new key is whether smart card and the key that it is issued needs to upgrade; If judge the main security domain key of the smart card that is its distribution, and judge to need more under the news, select the main security domain of smart card, card issuing merchant management platform encapsulates according to the SELECT order of the regulation of the command format in the Global Platform standard to the smart card master security domain of selection, in the SELECT order, fill the AID of main security domain, SELECT order with encapsulation sends to service terminal as data then, service terminal separates the SELECT order from the data that card issuing merchant management platform is sent, send to smart card then.
5, smart card is according to SELECT command selection master security domain, and after fill order, described smart card sends the SELECT response data to described service terminal, and described service terminal encapsulates these data, sends to described card issuing merchant management platform then.
6, after described card issuing merchant management platform is received the SELECT response, according to the regulation foundation of appendix E Secure Channel Protocol 02 among the GlobalPlatform V2.2 and the secure communication channel between the smart card, when setting up secure communication channel, card issuing merchant management platform and smart card carry out two-way authentication, and authentication mode can adopt explicit authentication.
7, after safe lane is set up and is finished, card issuing merchant management platform adopts main security domain key that new main security domain key is encrypted, command format standard encapsulation PUT KEY order according to PUT KEY, then PUT KEY order is sent to service terminal, send to smart card by service terminal again.
8, after smart card is received PUT KEY order, carry out main security domain key and upgrade operation, deciphering obtains new main security domain key, with new key already present key on the neocaine more.After key updating was finished, smart card sent PUT KEY response (comprising key version number, keycheck value etc.) and gives service terminal, sends to card issuing merchant management platform by service terminal again.
9, after card issuing merchant management platform is received PUT KEY response, order is finished in key updating sent to service terminal, the service terminal end is communicated by letter with smart card.
In sum, by means of technical scheme of the present invention, provide a kind of and realized the smart card method for updating by service terminal, solved and to have used service terminal to carry out the problem that smart card upgrades in the correlation technique, can realize the renewal of smart card master security domain key safely by service terminal.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a key updating method is used for the smart card of portable terminal is carried out the renewal of main security domain key, it is characterized in that, described method comprises:
Described card issuing merchant management platform receives the smart card master security domain key update request that described service terminal sends with the tentation data form, and selects the main security domain of described smart card by described service terminal, sets up escape way with described smart card;
Described card issuing merchant management platform and described smart card carry out the key updating operation by described escape way to the described main security domain of selecting.
2. method according to claim 1 is characterized in that, described card issuing merchant management platform receives before the smart card master security domain key update request of described service terminal transmission, and described method further comprises:
Described service terminal sends described smart card master security domain key update request to described card issuing merchant management platform, wherein, carries the characteristic information of described smart card in the described smart card master security domain key update request.
3. method according to claim 2 is characterized in that, described service terminal sends described smart card master security domain key update request and arrives before the card issuing merchant management platform, further comprises:
Described service terminal sends to described smart card and reads the smartcard features message command;
In response to the described smartcard features message command that reads, described smart card is encapsulated in its characteristic information in the described response message that reads the smartcard features message command and sends to described service terminal.
4. method according to claim 3 is characterized in that, after described card issuing merchant management platform received described smart card master security domain key update request, described method further comprised:
Described card issuing merchant management platform is obtained the described characteristic information that carries in the described smart card master security domain key update request, and judges whether that according to described characteristic information needs upgrade;
Be judged as under the situation that is, described card issuing merchant management platform is selected the described main security domain of described smart card by described service terminal.
5. method according to claim 1 is characterized in that, described card issuing merchant management platform and described smart card are set up specifically being treated to of escape way:
Described card issuing merchant management platform is set up described escape way according to predetermined safe lane agreement and described smart card, and when setting up described escape way, described card issuing merchant management platform and described smart card carry out the negotiation of authentication and session key.
6. method according to claim 1 is characterized in that, described card issuing merchant management platform and described smart card carry out specifically being treated to of key updating operation of described smart card master security domain:
Described card issuing merchant management platform adopts main security domain key that new main safe key is encrypted, and is encapsulated in the predetermined command;
Described card issuing merchant management platform encapsulates described predetermined command as data, and sends to described smart card by described service terminal;
After described smart card received described predetermined command, deciphering obtained described new main security domain key, carried out main security domain key and upgraded operation, and send response message by described service terminal to described card issuing merchant management platform;
Described service terminal receives the key updating that described card issuing merchant management platform sends and finishes order, and the communicating by letter of end and described smart card.
7. a key updating system is characterized in that, comprising:
Card issuing merchant management platform, be used to receive the smart card master security domain key update request that service terminal sends with the tentation data form, and select the main security domain of smart card by described service terminal, after setting up escape way, by described escape way the described main security domain of selecting is carried out the key updating operation with described smart card with described smart card;
Described service terminal, be used to send described smart card master security domain key update request to card issuing merchant management platform, and between described card issuing merchant management platform and described smart card, transmit data pellucidly, wherein, carry the characteristic information of described smart card in the described smart card master security domain key update request;
Described smart card is used for by described escape way the described main security domain of selecting being carried out the key updating operation by described service terminal and described card issuing merchant management platform.
8. system according to claim 7 is characterized in that, described service terminal is further used for reading the smartcard features message command to described smart card transmission.
9. system according to claim 8, it is characterized in that, described smart card is further used in response to the described smartcard features message command that reads, and its characteristic information is encapsulated in the described response message that reads the smartcard features message command sends to described service terminal.
10. system according to claim 9 is characterized in that, described card issuing merchant management platform further comprises:
Acquisition module is used for obtaining the characteristic information of the described smart card of described smart card master security domain key update request;
Judge module is used for judging whether that according to the characteristic information of described smart card needs upgrade;
Select module, be used for being judged as under the situation that is, select the main security domain of described smart card by described service terminal at described judge module.
11. system according to claim 10 is characterized in that, described card issuing merchant management platform further comprises:
Set up module, be used for setting up described escape way according to predetermined safe lane agreement and described smart card;
Authentication module is used for when setting up described escape way, carries out authentication with described smart card.
12. system according to claim 11 is characterized in that, described card issuing merchant management platform further comprises:
Encrypting module is used to adopt main security domain key that new main safe key is encrypted;
First package module is used for the described new main safe key after encrypting is encapsulated in predetermined command;
Second package module is used for described predetermined command is encapsulated as data; Sending module is used for by described service terminal described predetermined command being sent to described smart card;
Receiver module is used for sending key updating to described service terminal and finishing order behind the response message that receives described service terminal transmission.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101694917A CN101729243B (en) | 2008-10-21 | 2008-10-21 | Method and system for updating key |
| PCT/CN2009/073399 WO2010045821A1 (en) | 2008-10-21 | 2009-08-21 | Cryptographic-key updating method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101694917A CN101729243B (en) | 2008-10-21 | 2008-10-21 | Method and system for updating key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101729243A true CN101729243A (en) | 2010-06-09 |
| CN101729243B CN101729243B (en) | 2011-12-07 |
Family
ID=42118936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101694917A Expired - Fee Related CN101729243B (en) | 2008-10-21 | 2008-10-21 | Method and system for updating key |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101729243B (en) |
| WO (1) | WO2010045821A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468962A (en) * | 2010-11-12 | 2012-05-23 | 同亨科技股份有限公司 | Method for personal identity authentication utilizing a personal cryptographic device |
| CN103079198A (en) * | 2011-10-26 | 2013-05-01 | 中兴通讯股份有限公司 | Key updating method and system for sensor node |
| CN103684755A (en) * | 2013-12-06 | 2014-03-26 | 上海新储集成电路有限公司 | Method for exchanging encryption and decryption algorithms and encryption and decryption secret keys |
| CN106685931A (en) * | 2016-12-07 | 2017-05-17 | 深圳市久和久科技有限公司 | Smart card application management method and system, a terminal and smart card |
| CN110113153A (en) * | 2019-04-23 | 2019-08-09 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9185089B2 (en) | 2011-12-20 | 2015-11-10 | Apple Inc. | System and method for key management for issuer security domain using global platform specifications |
| TWI558152B (en) * | 2014-07-18 | 2016-11-11 | Hao-Xi Zhuang | Key replacement method and computer program products |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2334597C (en) * | 1998-07-02 | 2007-09-04 | Cryptography Research, Inc. | Leak-resistant cryptographic indexed key update |
| JP4501197B2 (en) * | 2000-01-07 | 2010-07-14 | ソニー株式会社 | Information portable processing system, information portable device access device and information portable device |
| US7628322B2 (en) * | 2005-03-07 | 2009-12-08 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
| CN101179377A (en) * | 2006-11-09 | 2008-05-14 | 中兴通讯股份有限公司 | Cipher key distributing and updating system of multimedia broadcasting service |
| CN101257358B (en) * | 2008-04-17 | 2011-09-21 | 中兴通讯股份有限公司 | Method and system for updating user cipher key |
-
2008
- 2008-10-21 CN CN2008101694917A patent/CN101729243B/en not_active Expired - Fee Related
-
2009
- 2009-08-21 WO PCT/CN2009/073399 patent/WO2010045821A1/en active Application Filing
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468962A (en) * | 2010-11-12 | 2012-05-23 | 同亨科技股份有限公司 | Method for personal identity authentication utilizing a personal cryptographic device |
| CN103079198A (en) * | 2011-10-26 | 2013-05-01 | 中兴通讯股份有限公司 | Key updating method and system for sensor node |
| WO2013060158A1 (en) * | 2011-10-26 | 2013-05-02 | 中兴通讯股份有限公司 | Key update method and system of sensor node |
| CN103684755A (en) * | 2013-12-06 | 2014-03-26 | 上海新储集成电路有限公司 | Method for exchanging encryption and decryption algorithms and encryption and decryption secret keys |
| CN103684755B (en) * | 2013-12-06 | 2017-04-05 | 上海新储集成电路有限公司 | A kind of replacing options of enciphering and deciphering algorithm and encryption and decryption secret keys |
| CN106685931A (en) * | 2016-12-07 | 2017-05-17 | 深圳市久和久科技有限公司 | Smart card application management method and system, a terminal and smart card |
| CN106685931B (en) * | 2016-12-07 | 2020-01-14 | 深圳市久和久科技有限公司 | Smart card application management method and system, terminal and smart card |
| CN110113153A (en) * | 2019-04-23 | 2019-08-09 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
| CN110113153B (en) * | 2019-04-23 | 2022-05-13 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101729243B (en) | 2011-12-07 |
| WO2010045821A1 (en) | 2010-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101729503B (en) | Method and system for distributing key | |
| CN101729243B (en) | Method and system for updating key | |
| CN101729502B (en) | Method and system for distributing key | |
| CN101729247B (en) | Method and system for updating key | |
| CN102204111B (en) | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices | |
| CN101742480B (en) | Method and system for distributing initial key of slave security domain of intelligent card and mobile terminal | |
| CN101819696B (en) | Application downloading system and method | |
| US20120166337A1 (en) | Near field communication terminal for performing secure payment and secure payment method using the same | |
| CN101729244B (en) | Method and system for distributing key | |
| CN102630083B (en) | System for using mobile terminal to carry out card operation and method thereof | |
| CN103366140A (en) | Card writing method and card writing device based on NFC (Near Field Communication) | |
| CN101866463A (en) | eNFC terminal, eNFC intelligent card and communication method thereof | |
| CN202444629U (en) | System for carrying out card operation by using mobile terminal | |
| CN101742478B (en) | Method and system for updating and distributing key of slave security domain of intelligent card and mobile terminal | |
| CN101729246B (en) | Method and system for distributing key | |
| CN101742481B (en) | Method and system for distributing secondary security domain initial keys of smart card and mobile terminal | |
| KR20110082888A (en) | Method and apparatus for providing global payment service, global payment service server, client device for global payment service and smart card | |
| CN104240080A (en) | Realization method for mobile payment and device thereof | |
| EP2249591B1 (en) | Telecommunication intelligent card and method for signaling interaction with external non-contact card | |
| CN101729245B (en) | Method and system for distributing key | |
| CN101727706B (en) | Electronic payment system and method for updating mobile user numbers corresponding to intelligent cards | |
| WO2007132056A1 (en) | Method and system for loading value to a smartcard | |
| EP2393261A1 (en) | A portable device, system and a method for preventing a misuse of data originating from the portable device | |
| CN101877835A (en) | STK (SIM (Subscriber Identity Module) Tool Kit) business processing method and system as well as mobile terminal | |
| CN201234299Y (en) | Smart card for telecommunication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111207 Termination date: 20201021 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |