Summary of the invention
For solving contactless smart card and the mobile phone with NFC function, carry out the safety problem of " one to one " interactive application, the invention discloses a kind of secure binding method of mobile phone and smart card interactive application.
Technical scheme of the present invention is: a kind of secure binding method of mobile phone and smart card interactive application, it is characterized in that, and said method comprising the steps of:
(1), key message memory space initialization are set on smart card: this key message memory space at least comprises for the key message storing: one of cell-phone number, Mobile phone card IMSI, mobile phone IMEI, PIN (PIN), intelligent card state sign;
(2), cell-phone number is sent to smart card: the described cell-phone number that input will be bound with smart card on described mobile phone, and by Mobile phone card IMSI described in handset program automatic acquisition or/and mobile phone IMEI then send it on described smart card;
(3), smart card at least stores one of cell-phone number, Mobile phone card IMSI and mobile phone IMEI, and binding state is set: described cell-phone number, Mobile phone card IMSI and mobile phone IMEI are stored in to the above key message memory space of smart card, and intelligent card state identifies memory space and is set to binding state.
Before described step (2), be also provided with the step of bindings person being carried out to authentication: the PIN arranging separately in checking smart card; By Third Party Authentication binding person's legitimacy.
After described step (2), be also provided with following two steps:
A, generation active coding also send: described smart card computing produces active coding, and active coding is sent on this mobile phone with short message mode by described mobile phone;
B, active coding postback smart card: mobile phone is received after note active coding, by artificial input or by handset program automatic transmission, use NFC communication modes, and this active coding is sent to smart card;
C, smart card are confirmed active coding: described smart card receives the active coding that described mobile phone sends, and compares with the active coding in steps A, if the two is consistent, carry out described step (3); Otherwise cancel binding.
When carrying out step (3), smart card is affixed on to the mobile phone back side, by the NFC communication of mobile phone and smart card, one in cell-phone number, Mobile phone card IMSI and mobile phone IMEI is sent on smart card, and usings the confirmation of this operating process as mobile phone and smart card security binding.
The beneficial effect that the present invention embodies is:
1, solved mobile phone and how smart card interactive application realizes man-to-man problem.
2, mobile phone storage itself, the unsafe problem of checking PIN have been solved.
3, by completing NFC communication as confirming action, simplify operation, and made to confirm that action is distincter, there is better customer experience.
4, on this basis, can also solve the interactive application demand of mobile phone and smart card " one-to-many ", " many-one ".As the operation of can transferring accounts on a plurality of mobile phones of a: bank card, or mobile phone can use the operation of transferring accounts of multiple different bank cards.
Embodiment
Referring to Fig. 1, when enforcement is of the present invention, in order to guarantee that contactless smart card and the mobile phone with NFC function carry out the safety of " one to one " interactive application, first should be clear and definite, in above-mentioned interactive application, some key messages are extremely important.Here it is: the state of cell-phone number, Mobile phone card IMSI, mobile phone IMEI, PIN (PIN) and smart card and mobile phone interaction application.Wherein, does the state of smart card and mobile phone interaction application refer to: smart card can carry out with plurality of mobile phones alternately? or smart card can only carry out with a mobile phone alternately.Therefore, the present invention emphasizes, above-mentioned key message must be stored on smart card.Because the technical characterictic of smart card, the data in card are to be stored in independently in physical space exactly, can keep isolation physically with other data.So the first step of the present invention is the memory space that above-mentioned critical data is set on smart card, and by memory space initialization.Such as establishing the state that cell-phone number is " 000000 " or " 888888 ", smart card and mobile phone interaction application for " 0 ", mobile phone IMEI for " 0 ", PIN (PIN) for " 0 ", Mobile phone card IMSI, for representing smart card, " 0 " can carry out alternately with plurality of mobile phones (" 1 " represents that smart card can only carry out with a mobile phone alternately).
Secondly, due to mobile phone and smart card realization " one to one " interactive application, also realizing binding, itself is a method that improves safety in utilization.Therefore, which sheet smart card which mobile phone can bind? who has the right to change binding state? it itself is exactly the process of a needs authentication.Only have clearly binding to authorize, binding method just has the meaning that improves fail safe.So it should be explicitly made clear at this point, mobile phone and smart card, before carrying out bindings, should authenticate bindings person's identity.Carry out authentication and can use the PIN (PIN) of verifying when the interior PIN(arranging separately of smart card and mobile phone are applied, not same, need special setting, as increased the memory space of binding authentication PIN on smart card, and by smart card is random, generate a number as the independent PIN arranging of binding authentication when initialization, the PIN simultaneously this being arranged separately gives the operator who authorizes binding with the form of cipher envelope, so that bindings person authenticates.) complete, also can by Third Party Authentication binding person legitimacy (as after identity verification certificate passes through, the PIN arranging separately for binding authentication producing when bindings person sends initialization.) mode complete.The process of this authentication can be used as second step of the present invention.
On this basis, when smart card and mobile phone need one to one interactive application, the implementation process of binding method of the present invention comprises the steps:
1, the cell-phone number (should be loCal number certainly) that input will be bound on mobile phone, and by Mobile phone card IMSI and mobile phone IMEI described in handset program automatic acquisition, then by smart card being affixed on to the mobile phone back side, realize the NFC communication of mobile phone and smart card, namely cell-phone number, Mobile phone card IMSI and mobile phone IMEI are sent on described smart card in the lump.
2, meanwhile, smart card computing produces an active coding (for confirming that user will carry out bindings really), and this active coding is sent to mobile phone (by NFC communication), and send instruction to mobile phone simultaneously, allow mobile phone send note with active coding content to the machine.
3, mobile phone is received after note active coding, or by artificial input, or by handset program automatic transmission, use NFC communication modes, active coding is sent to smart card.
4, smart card is compared after receiving active coding, if correctly just carry out next step, if mistake is just sent error code and stopped binding.
5, smart card is stored in described smart card key message memory space by described phone number, Mobile phone card IMSI and mobile phone IMEI, and intelligent card state identifies memory space and is set to binding state (" 1 ").
So far, binding finishes.List, from completing binding procedure, can be ignored above-mentioned 2,3,4 steps, is also the technical scheme that the present invention protects.
In above-mentioned steps, there is a very important summary of the invention, exactly: the feature while carrying out NFC communication based on mobile phone and smart card, communication each time (exchanges data) between them, is all affixed on the mobile phone back side by smart card and realizes during with voice response.And in the secure binding process of mobile phone and smart card interactive application, before each step is carried out exchanges data, demand according to application, often needs to have the action of confirmation, as the storage on smart card of: binding information, modification of PIN (PIN) etc.This confirmation action, traditional mode is exactly by acknowledgement key on keyboard.And in the interactive application of mobile phone and smart card, this confirmation action repeats with NFC communication action (smart card is affixed on the mobile phone back side).Therefore, with NFC communication action, as confirming that action is more reasonable, and this method is also original at other application scenarioss, therefore hereby emphasize, this method is also as the content of patent protection.
It is to be noted, before smart card and mobile phone are bound one to one, or when smart card and mobile phone carry out interactive application, will often first check that this smart card and this mobile phone bind? or whether this smart card still in binding state not? for this inspection, as long as smart card is affixed on to the mobile phone back side (realizing NFC communication), if the intelligent card state that mobile phone reads is designated " 0 ", not binding (being in generic state) of smart card is just described; If intelligent card state is designated " 1 ", and Mobile phone card IMSI or mobile phone IMEI data that on smart card, the data of Mobile phone card IMSI or mobile phone IMEI memory location obtain by NFC communication with smart card are identical, just illustrate that this Mobile phone card or mobile phone and this smart card have binding relationship one to one, otherwise be not just.
In addition, as the PIN (PIN) of key message, its storage, use and modification etc., also require emphasis.Because the use of PIN is as a kind of known method, be widely used in many fields, therefore at this, there is no the value of patent protection.But for guaranteeing the fail safe of PIN storage, and from the operating principle of protection PIN, realize PIN can only unidirectionally store, can not two-wayly read that to wait requirement, PIN to be stored in smart card be very important (mobile phone is before this applied all cannot realize this function).