CN102056172A - Smart card and authentication method thereof - Google Patents
Smart card and authentication method thereof Download PDFInfo
- Publication number
- CN102056172A CN102056172A CN2011100004121A CN201110000412A CN102056172A CN 102056172 A CN102056172 A CN 102056172A CN 2011100004121 A CN2011100004121 A CN 2011100004121A CN 201110000412 A CN201110000412 A CN 201110000412A CN 102056172 A CN102056172 A CN 102056172A
- Authority
- CN
- China
- Prior art keywords
- authentication
- smart card
- network
- applet
- described network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a smart card and an authentication method thereof, which relates to the smart card technology in a mobile network. The method provided by the invention comprises the following steps: when the smart card needs to be accessed in a certain network, if the smart card does not have the authentication function of the network, the smart card downloads the Applet for authentication of the network in an air mode or a point-of-sale (POS) terminal mode, and the Applet is installed on the smart card to authenticate the network. By the embodiment of the invention, after the smart card is sent, the smart card can safely download the authentication function that the smart card does not have before being sent, thereby ensuring that the smart card can be accessed in various networks.
Description
Technical field
The present invention relates to the smart card techniques among the mobile network, particularly a kind of smart card and carry out the method for authentication.
Background technology
At moving communicating field, smart card is as the subscriber identification module in the mobile communication system, participates in network authentication, lands legitimate network and guarantees the fail safe of network service in order to guarantee validated user.
Generally speaking, the smart card publisher presets authentication arithmetic (as A3A8, milenage etc.) in smartcard internal, at distribution phase, the key data of high safety requirements is write smart card realize the individualized of every sheet smart card.Under this pattern, authentication arithmetic is disclosed to the smart card publisher, is the safety that fail safe and the fail safe of key data during generating, transmitting, write by algorithm itself guarantee whole system.
But along with 3G network large scale deployment at home, application model is abundant gradually, user experience is gradually improved, and for the safety of smart card more and more higher requirement is arranged.For example, some military service or commercial undertaking need the mobile communications network of deployment-specific.Under this demand scene, require the realization details of authentication arithmetic and authentication control flow that the smart card publisher is maintained secrecy, after the smart card distribution, authentication arithmetic is developed also security deployment to card by the user, and can upgrade to algorithm according to operating position.Consider multiple mobile communications network and deposit, may also require this smart card can provide switching that user interface realizes multiple authentication arithmetic to support multiple mobile communications network.
And at present, commonly used after the smart card distribution, reload into functional module that the method for smart card has two kinds: a kind of is functional module to be described as bytecode to download on the smart card of supporting the microbrowser technology, is carried out by the microbrowser engine on the smart card; Another kind is that functional module is downloaded and installed and can load and move on the multi-application card of application as an application.
Wherein, microbrowser is a miniature interpreter that is based upon on the telecom intelligent card, and it is supported the download of byte code sequence and explains operation.By a series of API (Application ProgrammingInterface, application programming interface) combination, comprise STK (SIM TOOL KIT, be called for short " STK) active command analysis API and bytecode operation A PI; finally on terminal, represent service, be used on telecom intelligent card, providing value-added service to a similar web browser of user.General telecom intelligent card microbrowser comprises WIB (Wireless Internet Browser), S@T (SIM Alliance Toolbox) and OTA.OTA is the microbrowser that the existing market function situation is best, minimum to the Internet resources requirement, operation is the most simple and convenient, execution speed is the fastest, it utilizes the data SMS bag that bytecode is downloaded, and a user's exhibition platform with server sync is provided, makes things convenient for the user initiatively to select to download or delete required business.
Industry microbrowser technology can realize simple service logic such as STK demand (telecommunication) service at present, but is difficult to realize the applied logic of complexity such as the authentication demand that this patent is mentioned.
Multi-application card platform that can load application has multiple solution, comparative maturity comprise JavaCardTM,
Three kinds of Powered Smart Cards and MULTOSTM.
Javacard is present solution a kind of commonly used at the multi-application card demand.Javacard provides a kind of many application technologies, can provide the secondary development mechanism of application and the platform that download the back after the smart card distribution, and support the safe operation of back down load application.Javacard has made full use of the characteristic of Java technology at aspects such as safety, platform compatibilities.Secure context is set up firewall system between the application, limit unwarranted visit.The compatible aspect of platform, smart card is realized satisfactory virtual machine platform according to the Javacard standard, makes the application of secondary development not need to be concerned about the inner details that realizes of virtual machine, realizes that according to unified API standard logic function gets final product.The Javacard the inside, application is called as Applet, identifies by AID, and AID is generally 5 to 16 bytes.At the problem that this programme will solve, authentication is used the Applet performance with Javacard, identifies this algorithm with an AID.The upgrading that authentication is used just can be described as deleting the process of existing Applet, a new Applet of download.Therefore the deployment of authentication application is actual is exactly the deployment of a Javacard Applet.The present invention can use the Javacard multi-application platform but be not limited to this platform.
The authentication application and development finishes, and the process that downloads to smart card must be safe.The GlobalPlatform technology provides a kind of safe application download mechanism for multi-application card.No matter any multi-application card is realized technology, GlobalPlatform provides a kind of Governance framework in logic, to be deployed on the smart card with unified instruction and flow process at the virtual machine private byte sign indicating number of particular platform (being not limited to the Javacard platform), and carry out ALM with unified instruction.Javacard itself supports to use the back and downloads, but considers from fail safe and smart card resource controlled angle, can not allow any role can both use the back downloading process.Use down operation and should be positioned to an operation that level of security is very high.If we will use in authentication of smart card deploy, must set up the APDU message interaction of safe lane with safety, directly issue the installation instruction of main security domain and will be rejected without setting up safe lane.Therefore, the deployment that authentication is used does not allow not carry out this process through the role who authorizes under GlobalPlatform control.Guaranteed the safety of deployment.
From functional role, the Javacard technology has solved many application and has carried out the problem of downloading feasibility with the back, and the GlobalPlatform technology has solved the Security Control Problem of using downloading process.
From external interface, the instruction of intelligent card authentication algorithm is generally 0088P1P2Lc CDATA, after traditional intelligence is stuck in and receives this instruction, generally all calls the authentication arithmetic (as A3/A8, milenage) of acquiescence.If after the form that special-purpose authentication arithmetic is used with Java downloads to smart card, also need to consider the selection and the activation problem of algorithm.
Using Java to choose application by explicit selection (SELECT) instruction earlier as last, this application processing is directly issued in subsequent instructions APDU instruction.Consider the authentication demand that this patent is mentioned, terminal generally can't send the instruction of selecting application by explicitly.Therefore this patent need design a kind of authentication arithmetic and activates and invocation scheme, does not need the explicit selection algorithm of terminal just to use the authentication arithmetic application of can excited users writing and calculates.
In Javacard security mechanism when design, set up firewall system limiting unwarranted visit between using, but the exchanging visit of shareableInterface interface between supporting to use is provided.This machine-processed specific implementation can be described as: ServerApplet A provides the interface of a shareable, use C and realize this interface, also can realize other interface, ClientApplet B obtains the example of C according to the AID that uses C, promptly a shareable Interface Object calls and uses the function that C realizes the shareable interface.
When but Javacard Applet compiling generates Download Script, need the storehouse bag of the api function of all import of application (quoting) to support.Authentication application need among the present invention calls except the bag of standard Javacard API storehouse, also needs to call the expanding library bag of self-defining authorization interface, and this storehouse bag exists with the export document form, can be generated by Javacard instrument Converter.
Remote file updates is the mode that a kind of server comes the file in the smart card is carried out remote update by the aerial instruction of satisfying the air security host-host protocol.
The STK menu application resolves the requesting terminal to help smart card to realize one group of function by the combination of the active order of a series of USAT (Usim Application Toolkit), represents function menu to the user.Utilize the STK menu application to realize that the user initiatively selects the function of network in this programme.
Summary of the invention
Technical problem to be solved by this invention is, a kind of smart card is provided and carries out the method for authentication, but make behind the smart card hair fastener not available authentication functions before its hair fastener of secure download.
In order to solve the problems of the technologies described above, the invention discloses the method that a kind of smart card carries out authentication, comprising:
When smart card will insert a certain network, if know the authentication functions that does not possess described network on this smart card, then described smart card is downloaded the application program (Applet) that described network is used for authentication by aerial mode or point-of-sale terminal (POS) mode, be installed on this smart card, the Applet that passes through to be installed carries out authentication to described network.
Preferably, in the said method, after described smart card carries out authentication to described network, also to described network-feedback Authentication Response.
Preferably, in the said method, described smart card knows that the process of the authentication functions that does not possess described network on this smart card is as follows:
When described smart card inserts described network according to the instruction desire of receiving, smart card is determined the authentication type of described network, obtain the application identities (AID) of this authentication type correspondence, smart card is searched the Applet that is used for authentication of its correspondence according to the AID that is obtained, when smart card does not find the Applet that this is used for authentication, then know the authentication functions that does not possess described network on this smart card.
Preferably, can comprise an authentication file on the described smart card, write down the AID of different authentication type correspondences in this authentication file at least, described smart card obtains the AID of the authentication type correspondence of described network by this authentication file.
Preferably, also can record the authentication type of the network that described smart card will insert in the described authentication file, described smart card is determined the authentication type of described network by this authentication file.
Preferably, the parameter 1 in the instruction that described smart card can also be received by reading and the value of parameter 2 are to determine the authentication type of described network.
Preferably, after described smart card carries out authentication to described network, upgrade if described network is used for the Applet of authentication, then described smart card is deleted this intelligence and is gone up the Applet that mounted this network is used for authentication, and the described network behind the down loading updating is used for the Applet of authentication and installs again.
Preferably, in the said method, when described smart card is downloaded described network and is used for the Applet of authentication by aerial mode, adopt the remote application management to download; When described smart card is downloaded described network and is used for the Applet of authentication by the POS mode, adopt safety management platform (GP) to download.
The invention also discloses a kind of smart card, comprising:
First module when this smart card will insert a certain network, is known the authentication functions that whether possesses described network on this smart card;
Second module, when described first module is known the authentication functions that does not possess described network on this smart card, download the Applet that described network is used for authentication by aerial mode or POS mode, be installed on this smart card, the Applet that passes through to be installed carries out authentication to described network.
Preferably, above-mentioned smart card also comprises three module; Described three module is after described second module is carried out authentication to described network, to described network-feedback Authentication Response.
Preferably, in the above-mentioned smart card, described first module, when the instruction desire of receiving according to this smart card inserts described network, determine the authentication type of described network, obtain the AID of this authentication type correspondence, search the Applet that is used for authentication of its correspondence according to the AID that is obtained, when not finding the Applet that this is used for authentication, then know the authentication functions that does not possess described network on this smart card.
Preferably, above-mentioned smart card also comprises the authentication file of the AID that records different authentication type correspondences; Described first module card is obtained the AID of the authentication type correspondence of described network by described authentication file.
Preferably, also record the authentication type of the network that this smart card will insert in the described authentication file, described first module is determined the authentication type of described network by this authentication file.
Preferably, the parameter 1 in the instruction that described first module is received by reading and the value of parameter 2 are to determine the authentication type of described network.
Preferably, above-mentioned smart card also comprises four module;
Described four module, after described second module is carried out authentication to described network, upgrade if described network is used for the Applet of authentication, then delete this intelligence and go up the Applet that mounted this network is used for authentication, the described network behind the down loading updating is used for the Applet of authentication and installs again.
Embodiments of the invention provide a kind of smart card when it will insert a certain network, may also not possess this network of network authentication functions, but can download the Applet that this network is used for authentication by the back downloading mode, to realize the authentication to this network.But be the preceding not available authentication functions of its hair fastener of secure download behind the smart card hair fastener, thereby guarantee that smart card can insert diverse network.In the preferred embodiments of the present invention, can also make the smart card that to support common 2G/3G network authentication before the hair fastener, behind hair fastener, can be used for the Applet of authentication to insert dedicated network by secure download dedicated network (as military network, industry customer's private network), like this, the authentication arithmetic that guarantees dedicated network is maintained secrecy to the smart card publisher, meets the safety requirements of dedicated network.
Description of drawings
Fig. 1 carries out the flow chart of authentication for smart card in the present embodiment 1;
Fig. 2 carries out the schematic diagram that network switches for smart card according to the instruction of receiving;
Fig. 3 carries out the flow chart of authentication for smart card in the present embodiment 2.
Embodiment
Below in conjunction with drawings and the specific embodiments technical solution of the present invention is described in further details.Need to prove that under the situation of not conflicting, embodiment among the application and the feature among the embodiment be combination in any mutually.
Embodiment 1
Present embodiment provides a kind of smart card to carry out the method for authentication.When this smart card (smart card is Javacard) in the time of will inserting a certain network, if know the authentication functions that does not possess the network that will insert on this smart card, then can download the Applet that this network is used for authentication by POS machine or aerial passage, and be installed on this smart card, the Applet that passes through to be installed carries out authentication to the network that will insert.
In order to guarantee the fail safe of downloading process, in the preferred version, when smart card is downloaded this network and is used for the Applet of authentication by the POS machine, also can adopt Global Plat form (GP) safety management platform, the POS machine not only is provided the GP platform and preceding the recognizing each other of smart card sessions demonstrate,proves and safe lane is set up, each new conversation procedure produces new session key to guarantee data security and the integrality in the conversation procedure, more introduce many security domains mechanism, more strict to the smart card Content Management, the safe lane of main security domain can not be passed through in the application that download the back fully, and manage related application voluntarily by the auxiliary security territory, comprise download, install, deletion and life cycle management etc.; When downloading this network and be used for the Applet of authentication, then provide air security communication protocol to guarantee data confidentiality and integrality by aerial passage.
Particularly, the process that above-mentioned smart card carries out authentication comprises the steps: as shown in Figure 1
Above-mentioned smart card can be SIM card (Subscriber Identity Module) or usim card (UniversalSubscriber Identity Module, global Subscriber Identity Module);
The instruction that smart card receives may be the authentication instruction that the terminal use initiates, and also may be the remote document management instruction that network side is initiated, and can certainly be terminal use or network side being used to of initiating to indicate smart card to enter any instruction of network A.Fig. 2 is smart card and carries out the schematic diagram that network switches according to the instruction of receiving.Wherein, the authentication instruction of terminal use's initiation can select network initiate by the STK menu application.After the terminal use initiatively selects changed network, do not pass through if show authentication, then need the user to reselect network.
In this step, smart card is determined the authentication type of network A earlier, obtain its corresponding AID according to determined authentication type again, at last search the Applet that is used for authentication (being the Applet that is used for authentication that this AID correspondence is called in application of IC cards) of its correspondence according to the AID that is obtained, if find, promptly judge the authentication functions that possesses network A on this smart card, otherwise judge the authentication functions of network A off guard on this smart card.
In the preferred version, can introduce an authentication file on smart card, write down the AID of each authentication type correspondence in this authentication file at least, like this, smart card can be according to the AID of the determined authentication type correspondence of authentication file polling.
Preferably, the authentication file on the basis of the AID that records each authentication type correspondence, the authentication type of the network that can also recording smart card will insert, at this moment, smart card inquiry authentication file can be determined the authentication type of the network that will insert.Wherein, the authentication type of the network that will insert that is write down in the authentication file can be that the terminal use initiates to change before the authentication instruction, change in the time of also can being network side initiation remote document management instruction.
And in the authentication file not during the authentication type of the recording smart card network that will insert, smart card can also read the parameter 1 (Param1) in the authentication instruction of being received and the value of parameter 2 (Param2), according to the authentication type of the definite network that will insert of the value that is read.Cao Zuo prerequisite is like this, the authentication type of smart card and the corresponding heterogeneous networks of different values of each network convention Param1 and Param2.
Wherein, network A need provide the Applet that present networks is used for authentication to smart card and just can.
Preferably, when smart card is used for the Applet of authentication by POS mode download network A, can adopt the GP technology to realize secure download.And smart card then can adopt the remote application administrative skill when being used for the Applet of authentication by aerial mode download network A.
The Applet that step 500, smart card are passed through to be installed carries out authentication to network A, process ends.
Preferably, after above-mentioned smart card carries out authentication to the network A that will insert, can also be to this network A feedback Authentication Response.
Also have in some preferred versions, through above-mentioned flow operations, possessed the function of network A on the smart card after, can also upgrade to the authentication functions of existing network A on this smart card by the back downloading mode and upgrade and attended operations such as deletion.
Embodiment 2
Because the safety requirements of dedicated network (as military network, industry customer's private network etc.) is higher at present, so generally do not possess the authentication functions of dedicated network on the smart card.Therefore, can think after the smart card hair fastener to possess common 2G/3G network authentication ability, and not possess the authentication capability of dedicated network.Based on this, present embodiment provides the authentication process of a kind of smart card to dedicated network.Wherein, the authentication of dedicated network (as authentication arithmetic) but use secure download as one and be installed to and support on the Java smart card that the back downloads.This shows, in the present embodiment, the authentication arithmetic development and maintenance link of dedicated network is transferred to user's (this user is a dedicated network for application developer) side, thereby two kinds of roles of isolated intelligent card publisher and authentication application developer can satisfy high safe demand.
Wherein, smart card publisher and dedicated network provider can consult following some design/regulation jointly:
1) privately owned authentication class on the agreement smart card, such is an interface, and the javacard.framework.Shareable interface among the API of expansion Javacardv2.2.1 version.Preferably, the operation in the authentication class comprises the operation of smart card verification server and the operation that smart card returns authenticating result at least.
2) dedicated network provider and smart card publisher arrange the information that dedicated network is used for the Applet of authentication, comprise bag ID, the class ID that authentication is used and use ID, and these ID all not with smart card on existing bag and use ID and overlap.Preferably, bag ID, class ID and application ID are 5 to 16 bytes.
3) information of the authentication file on smart card publisher and the dedicated network provider agreement smart card, the filename, file structure, the file content (authentication type that comprises dedicated network at least that comprise the authentication file, dedicated network is used for length and the content of AID of the Applet of authentication), and the file access authority.
Wherein, the information of authentication file can be that smart card publisher and dedicated network provider arrange before the smart card hair fastener in advance, also may be to arrange behind the smart card hair fastener.
Certainly in some application scenarios, also can not comprise the authentication type of dedicated network in the file content of authentication file.Represent that authentication type is the dedicated network authentication when at this moment, Param1 in the instruction of smart card publisher and dedicated network provider agreement authentication and Param2 parameter are a set point.
4) content and structure of smart card publisher and dedicated network provider agreement smart card menu, as, the one-level menu shows " please select network ", menu item comprises " publicly-owned 3G net " and " proprietary network "; Second-level menu display text " network selecting success " or " network selecting failure " etc.
Particularly to introduce the process that above-mentioned smart card carries out authentication, this process comprises the steps: as shown in Figure 3 below
In other scenes, smart card also can receive other instructions, switches as long as this instruction indicating terminal carries out network.For example, smart card receives the remote document management instruction of network side transmission etc.
Wherein, be to resolve received authentication instruction by application of IC cards, smart card related in the subsequent operation is application of IC cards.Wherein, application of IC cards refers to that usim card is used or SIM card is used.
In the present embodiment, comprise the authentication type byte in the authentication file, this byte representation will carry out the authentication type of the network of authentication, and therefore, smart card needs to read authentication type byte in the authentication file after receiving the authentication instruction.Wherein, the value of the authentication type byte in the authentication file on the smart card is that menu is selected to be provided with in being used by STK (SIM ToolKit) by the terminal use who initiates above-mentioned authentication instruction, at this moment, can think that smart card upgrades local authentication file on one's own initiative.Certainly in other scenes, also can being made amendment by telefile by carrier server of the value of the authentication type byte in the authentication file on the smart card at this moment, can think that smart card upgrades local authentication file passively.
Particularly, the smart card publisher provides an API (Application Programming Interface who realizes the javacard.framework.Shareable interface of Javacard2.2.1 in the present embodiment on the Javacard of band safety management platform GlobalPlatform, API), other networks provider as a Javacard Applet (application), realizes this interface with method for authenticating of present networks etc.This Applet can download and install on the smart card after smart card distribution back is by POS (Point of Sale) machine or aerial channel security.
In this step, dedicated network provider can use the authentication of present networks and generate GP Download Script or the aerial Download Script that meets security protocol, and like this, smart card can be downloaded the authentication of dedicated network and use.
The method (being the Applet that dedicated network is used for authentication) that the object reference that step 308, smart card pass through to be obtained is shared in the interface is carried out authentication, process ends.
In this step,, should not be used for handling different authentication instructions, and the ShareableInterface that uses by common network application call dedicated network carries out the dedicated network authentication by explicit selection in order to guarantee terminal transparency.
Preferably, smart card also generates Authentication Response to return to dedicated network after the dedicated network authentication.
Also have in some preferred versions, after smart card has possessed the authentication functions of dedicated network by above-mentioned flow operations, if the Apple that dedicated network is used for authentication is modified or during needs renewal, the Apple that the dedicated network that smart card has been downloaded before can deleting earlier is used for authentication downloads new dedicated network again and is used for the Apple of authentication and is installed in smart card.Preferably, dedicated network can also be changed AID, AID length and the content etc. that dedicated network in the authentication file is used for the Apple of authentication.
Consider some terminals can't be explicit selection use AID and come to send instruction to using.Therefore, have in the application scenes, can not activate Java and use by selection instruction.At present, the instruction of intelligent card authentication algorithm is generally 0088P1P2Lc CDATA, after smart card is received the authentication instruction (INS=0x88) that terminal sends, smart card COS reads the authentication type byte of authentication file earlier, judge authentication type, if authentication type is the common network authentication, calls the common network authentication functions and get final product; If authentication type is the dedicated network authentication, read the AID that special-purpose network in the authentication file is used for the Apple of authentication, smart card COS obtains the shared interface object (ShareableInterfaceObject) that authentication is used, and calls the method for authenticating of this object or method group and carries out the dedicated network authentication and get final product.In addition, can also create an authentication file and write initial value.Offer dedicated network provider by the smart card publisher.
Embodiment 3
Present embodiment provides a kind of smart card, and this smart card comprises:
First module when this smart card will insert a certain network, is known the authentication functions that whether possesses the network that will insert on this smart card;
Particularly, first module, when the instruction of receiving according to this smart card will insert a certain network, the authentication type of definite network that will insert, obtain the AID of this authentication type correspondence, search the Applet that is used for authentication of its correspondence according to the AID that is obtained,, then know the authentication functions that does not possess the network that will insert on this smart card when not finding the Applet that this is used for authentication.
In the preferred version, smart card comprises the authentication file of the AID that records different authentication type correspondences, and at this moment, first module card can be obtained the AID of the authentication type correspondence of the network that will insert by this authentication file.
Also have under some scenes, in the authentication file except the AID that records different authentication type correspondences, can also record the authentication type of the network that this smart card will insert, like this, first module can be determined the authentication type of the network that will insert by this authentication file.When not including the authentication type of the network that will insert in the authentication file certainly, the parameter 1 in the instruction that first module then can be received by reading and the value of parameter 2, the authentication type of definite network that will insert.
Second module, when first module is known the authentication functions that does not possess the network that will insert on this smart card, download the Applet that the network that will insert is used for authentication by aerial mode or POS mode, be installed on this smart card, the Applet that passes through to be installed carries out authentication to the network that will insert.
Preferably, above-mentioned smart card can also comprise three module, and this three module is after second module is carried out authentication to the network that will insert, to this network-feedback Authentication Response.
Also have in some embodiments, smart card can also comprise four module, this four module, after second module is carried out authentication to the network that will insert, if being used for the Applet of authentication, upgrades on this network, then delete this intelligence and go up the Applet that mounted this network is used for authentication, the described network behind the down loading updating is used for the Applet of authentication and is installed to this smart card again.
From the foregoing description as can be seen, the smart card that proposes in the embodiment of the invention can be downloaded the authentication arithmetic of some networks etc. behind hair fastener, be that smart card in the foregoing description can carry out the secondary development of client layer, and support heterogeneous networks multiple authentication arithmetic and deposit and switch.
Especially as can be seen, the preferred embodiments of the present invention select Javacard and Gloabal Platform security platform to download the authentication module application, and this mode is downloaded bytecode than telecommunications microbrowser card following advantage from the foregoing description:
Authentication module is programmed with Java language, and Java is an object-oriented language, realize function ratio write WML (the Wireless Mark-up Language) language of microbrowser or bytecode collect together write more convenient.Javacard provides virtual machine, and operation can by interface interchange, again with interface instanceization, make application can download call function more later on during operation when writing towards interface programming while explaining.
Write good compiling debugging enironment with the Java application, in the developing instrument of increasing income, be written into the storehouse bag that is called, can develop debugging.Difficulty finds and in a single day bytecode makes mistakes.
Javacard provides abundant API, and as encrypting API etc., function is more powerful, and can use flexibly, and the API supply that can also add expansion is easily used with provider.
Javacard provides the application management system of a safety, and strict safety inspection etc. is arranged when object accesses, and adds the GlobalPlatform platform, has more guaranteed to be applied in the fail safe in each stages such as loading, installation, operation.
The above is a preferred embodiments of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. a smart card carries out the method for authentication, it is characterized in that,
When smart card will insert a certain network, if know the authentication functions that does not possess described network on this smart card, then described smart card is downloaded the application A pplet that described network is used for authentication by aerial mode or point-of-sale terminal POS mode, be installed on this smart card, the Applet that passes through to be installed carries out authentication to described network.
2. the method for claim 1 is characterized in that,
After described smart card carries out authentication to described network, also to described network-feedback Authentication Response.
3. method as claimed in claim 1 or 2 is characterized in that,
Described smart card knows that the process of the authentication functions that does not possess described network on this smart card is as follows:
When described smart card inserts described network according to the instruction desire of receiving, smart card is determined the authentication type of described network, obtain the application identities AID of this authentication type correspondence, smart card is searched the Applet that is used for authentication of its correspondence according to the AID that is obtained, when smart card does not find the Applet that this is used for authentication, then know the authentication functions that does not possess described network on this smart card.
4. method as claimed in claim 3 is characterized in that,
Comprise an authentication file on the described smart card, write down the AID of different authentication type correspondences in this authentication file at least, described smart card obtains the AID of the authentication type correspondence of described network by this authentication file.
5. method as claimed in claim 4 is characterized in that,
Also record the authentication type of the network that described smart card will insert in the described authentication file, described smart card is determined the authentication type of described network by this authentication file.
6. method as claimed in claim 4 is characterized in that,
The parameter 1 in the instruction that described smart card is received by reading and the value of parameter 2 are to determine the authentication type of described network.
7. method as claimed in claim 3 is characterized in that,
After described smart card carries out authentication to described network, if being used for the Applet of authentication, upgrades on described network, then described smart card is deleted this intelligence and is gone up the Applet that mounted this network is used for authentication, and the described network behind the down loading updating is used for the Applet of authentication and installs again.
8. method as claimed in claim 3 is characterized in that,
When described smart card is downloaded described network and is used for the Applet of authentication by aerial mode, adopt the remote application management to download;
When described smart card is downloaded described network and is used for the Applet of authentication by the POS mode, adopt safety management platform GP to download.
9. a smart card is characterized in that, this smart card comprises:
First module when this smart card will insert a certain network, is known the authentication functions that whether possesses described network on this smart card;
Second module, when described first module is known the authentication functions that does not possess described network on this smart card, download the application A pplet that described network is used for authentication by aerial mode or point-of-sale terminal POS mode, be installed on this smart card, the Applet that passes through to be installed carries out authentication to described network.
10. smart card as claimed in claim 9 is characterized in that this smart card also comprises three module;
Described three module is after described second module is carried out authentication to described network, to described network-feedback Authentication Response.
11. as claim 9 or 10 described smart cards, it is characterized in that,
Described first module, when the instruction desire of receiving according to this smart card inserts described network, determine the authentication type of described network, obtain the application identities AID of this authentication type correspondence, search the Applet that is used for authentication of its correspondence according to the AID that is obtained, when not finding the Applet that this is used for authentication, then know the authentication functions that does not possess described network on this smart card.
12. smart card as claimed in claim 11 is characterized in that, described smart card also comprises the authentication file of the AID that records different authentication type correspondences;
Described first module card is obtained the AID of the authentication type correspondence of described network by described authentication file.
13. smart card as claimed in claim 12 is characterized in that,
Also record the authentication type of the network that this smart card will insert in the described authentication file, described first module is determined the authentication type of described network by this authentication file.
14. smart card as claimed in claim 12 is characterized in that,
The parameter 1 in the instruction that described first module is received by reading and the value of parameter 2 are to determine the authentication type of described network.
15. smart card as claimed in claim 11 is characterized in that, described smart card also comprises four module;
Described four module, after described second module is carried out authentication to described network, upgrade if described network is used for the Applet of authentication, then delete this intelligence and go up the Applet that mounted this network is used for authentication, the described network behind the down loading updating is used for the Applet of authentication and installs again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100004121A CN102056172A (en) | 2011-01-04 | 2011-01-04 | Smart card and authentication method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100004121A CN102056172A (en) | 2011-01-04 | 2011-01-04 | Smart card and authentication method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102056172A true CN102056172A (en) | 2011-05-11 |
Family
ID=43959984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100004121A Pending CN102056172A (en) | 2011-01-04 | 2011-01-04 | Smart card and authentication method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102056172A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102612026A (en) * | 2011-12-19 | 2012-07-25 | 大唐微电子技术有限公司 | Intelligent card applicable to special mobile communication requirements and security control method thereof |
| CN102760326A (en) * | 2012-07-10 | 2012-10-31 | 武汉天喻信息产业股份有限公司 | Java virtual machine-based multi-application card swiping method and terminal |
| CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
| CN104714890A (en) * | 2015-04-13 | 2015-06-17 | 东信和平科技股份有限公司 | Method and system for detecting intelligent card in cross-platform way |
| CN104850811A (en) * | 2015-05-22 | 2015-08-19 | 东信和平科技股份有限公司 | Method and system for carrying out authorization on software based on STK menu |
| CN105260213A (en) * | 2015-10-30 | 2016-01-20 | 中国民生银行股份有限公司 | Intelligent POS machine initialization method and device |
| CN107783028A (en) * | 2017-10-16 | 2018-03-09 | 苏州国芯科技有限公司 | A kind of chip enters the control method and system of test pattern |
| CN110414651A (en) * | 2019-07-03 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Debug the method and device of smart card |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604404A (en) * | 2009-07-31 | 2009-12-16 | 北京印天网真科技有限公司 | A kind of Updatable universal smart card and system and method thereof |
| CN101895883A (en) * | 2010-06-04 | 2010-11-24 | 中国联合网络通信集团有限公司 | Smart card supporting authentication arithmetic update and method for updating authentication arithmetic |
-
2011
- 2011-01-04 CN CN2011100004121A patent/CN102056172A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604404A (en) * | 2009-07-31 | 2009-12-16 | 北京印天网真科技有限公司 | A kind of Updatable universal smart card and system and method thereof |
| CN101895883A (en) * | 2010-06-04 | 2010-11-24 | 中国联合网络通信集团有限公司 | Smart card supporting authentication arithmetic update and method for updating authentication arithmetic |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
| CN102612026A (en) * | 2011-12-19 | 2012-07-25 | 大唐微电子技术有限公司 | Intelligent card applicable to special mobile communication requirements and security control method thereof |
| CN102612026B (en) * | 2011-12-19 | 2016-02-17 | 大唐微电子技术有限公司 | Be applicable to smart card and the method for controlling security thereof of specialized mobile radio demand |
| CN102760326A (en) * | 2012-07-10 | 2012-10-31 | 武汉天喻信息产业股份有限公司 | Java virtual machine-based multi-application card swiping method and terminal |
| CN104714890A (en) * | 2015-04-13 | 2015-06-17 | 东信和平科技股份有限公司 | Method and system for detecting intelligent card in cross-platform way |
| CN104850811A (en) * | 2015-05-22 | 2015-08-19 | 东信和平科技股份有限公司 | Method and system for carrying out authorization on software based on STK menu |
| CN104850811B (en) * | 2015-05-22 | 2017-12-05 | 东信和平科技股份有限公司 | A kind of method and system authorized based on STK menus to software |
| CN105260213A (en) * | 2015-10-30 | 2016-01-20 | 中国民生银行股份有限公司 | Intelligent POS machine initialization method and device |
| CN105260213B (en) * | 2015-10-30 | 2019-04-30 | 中国民生银行股份有限公司 | Intelligent POS machine initial method and device |
| CN107783028A (en) * | 2017-10-16 | 2018-03-09 | 苏州国芯科技有限公司 | A kind of chip enters the control method and system of test pattern |
| CN110414651A (en) * | 2019-07-03 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Debug the method and device of smart card |
| CN110414651B (en) * | 2019-07-03 | 2023-01-17 | 创新先进技术有限公司 | Method and device for debugging smart card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102056172A (en) | Smart card and authentication method thereof | |
| EP2852070B1 (en) | Wireless communication device for providing at least one near field communication service | |
| CN105379314B (en) | Method, corresponding equipment and system for accessing service | |
| CN102308561B (en) | ME network parameters configuration by UICC | |
| KR100940180B1 (en) | System and method for executing update instructions on a wireless communications device | |
| CN100423610C (en) | User identifying module service and method and system for using personalized tailered issuing | |
| US20110246978A1 (en) | Application portability and transfer of device management for mobile devices | |
| CN102006334A (en) | Method, system and device for installing software component | |
| CN102088691A (en) | User authentication and identification system and method for mobile internet application of mobile phone | |
| CN101990169A (en) | Intelligent card active pushing system and intelligent card mobile terminal | |
| CN101895883B (en) | Smart card supporting authentication arithmetic update and method for updating authentication arithmetic | |
| CN101986740A (en) | JAVA card | |
| CN102790689A (en) | Method, device and system for managing theme interface | |
| CN103716346A (en) | Management method and device of application on android handset client | |
| CN101350056B (en) | Smart card with wireless card-writing function and method for wireless writing card | |
| EP3729845B1 (en) | Adaptive esim delivery | |
| CN105719391A (en) | Mobile device supporting multiple payment cards and method | |
| CN105516154A (en) | Security policy configuration method and device applied to SEAndroid (Security-Enhanced Android) system | |
| CN103906034A (en) | Mobile application providing method and mobile application providing server | |
| EP3716667B1 (en) | Method for managing profiles in embedded universal integrated circuit cards, corresponding system and computer program product | |
| CN110851825A (en) | eSIM card and working method thereof | |
| CN103476020A (en) | Switching method and OTA intelligent card for over-the-air downloading service registering modes | |
| CN109040169A (en) | The communication device and method of management configuration file | |
| CN102098675A (en) | Smart card and service authentication method thereof | |
| CN113518341B (en) | eSIM code number management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110511 |