CN103746802A

CN103746802A - Data processing method based on coordination secret keys and mobile phone

Info

Publication number: CN103746802A
Application number: CN201410040326.7A
Authority: CN
Inventors: 李东声
Original assignee: Tendyron Technology Co Ltd
Current assignee: Tendyron Technology Co Ltd
Priority date: 2014-01-27
Filing date: 2014-01-27
Publication date: 2014-04-23
Anticipated expiration: 2034-01-27
Also published as: CN103746802B; WO2015109958A1

Abstract

The invention provides a data processing method based on coordination secret keys and a mobile phone. The method comprises the steps that a mobile phone security module verifies the validity of a certificate of a user identification card, at least legally encrypts a first random factor and a second random factor, and signs and sends the factors to the user identification card, the user identification card verifies the validity of the certificate of the mobile phone security module, verifies the signature, correctly decrypts to obtain the first random factor and the second random factor, verifies the first random factor to correctly generate a third random factor and the coordination secret key at the user identification card, at least encrypts the second random factor and the third random factor and sends to the mobile phone security module, the mobile phone security module decrypts and generate the coordination secret key at the mobile phone security module end, and the mobile phone security module and the user identification card are in safe information transmission through the coordination secret keys. Therefore, the mobile phone can be used for safely executing an online banking business and/or confidential information transmission.

Description

A kind of data processing method and mobile phone based on arranging key

Technical field

The present invention relates to field of information security technology, relate in particular to a kind of data processing method and mobile phone based on arranging key.

Background technology

Along with the very big facility that developing rapidly of network brought to people, people more and more depend on network and carry out comings and goings, and the transmission of for example network file, internet bank trade all become an indispensable part in people's life, work gradually.Because network is a virtual environment after all, exist too many unsafe factor, and in network environment, will inevitably carry out the network activity of data interaction, especially the network activity as the transmission of Internet-based banking services and confidential information, the safety of network has been proposed to very high requirement, and therefore people start to greatly develop network information security technology.

But along with the develop rapidly of mobile phone technique now, mobile phone terminal is more and more used to replacement computer and uses, can Secure execution Internet-based banking services and/or the solution of confidential information transmission but do not have now a kind of mobile phone terminal.

Summary of the invention

The present invention is intended to solve mobile phone terminal cannot Secure execution Internet-based banking services and/or the problem of confidential information transmission.

Main purpose of the present invention is to provide a kind of data processing method based on arranging key;

Another object of the present invention is to provide a kind of mobile phone.

For achieving the above object, technical scheme of the present invention is specifically achieved in that

One aspect of the present invention provides a kind of data processing method based on arranging key, comprise: subscriber identification card is sent to mobile phone security module by the first authentication information, wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate; Described mobile phone security module receives after described the first authentication information, verifies the legitimacy of described subscriber identification card certificate; If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is at least encrypted described the first random factor and the second random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the first cipher-text information; Described mobile phone security module is signed to described the first cipher-text information, obtains the first signing messages; Described mobile phone security module is sent to described subscriber identification card by the second authentication information, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate; Described subscriber identification card receives after described the second authentication information, verifies the legitimacy of described mobile phone security module certificate; If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is verified the correctness of described the first signing messages; If described subscriber identification card verifies that described the first signing messages is correct, described subscriber identification card is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor; Described subscriber identification card is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor; If described subscriber identification card verifies that described the first random factor is correct, described subscriber identification card generates the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generates the arranging key of described subscriber identification card end; Described subscriber identification card is at least encrypted described the second random factor and described the 3rd random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the second cipher-text information; Described subscriber identification card is sent to described mobile phone security module by described the second cipher-text information; Described mobile phone security module receives after described the second cipher-text information, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor; Described mobile phone security module generates the arranging key of described mobile phone security module end according to described the second random factor and described the 3rd random factor; Between described mobile phone security module and described subscriber identification card, by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end, carry out the safe transmission of information.

One aspect of the present invention also provides a kind of data processing method based on arranging key, comprise: mobile phone security module is sent to subscriber identification card by the first authentication information, wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate; Described subscriber identification card receives after described the first authentication information, verifies the legitimacy of described mobile phone security module certificate; If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is at least encrypted described the first random factor and the second random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the first cipher-text information; Described subscriber identification card is signed to described the first cipher-text information, obtains the first signing messages; Described subscriber identification card is sent to described mobile phone security module by the second authentication information, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate; Described mobile phone security module receives after described the second authentication information, verifies the legitimacy of described subscriber identification card certificate; If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is verified the correctness of described the first signing messages; If described mobile phone security module verifies that described the first signing messages is correct, described mobile phone security module is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor; Described mobile phone security module is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor; If described mobile phone security module verifies that described the first random factor is correct, described mobile phone security module generates the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generates the arranging key of described mobile phone security module end; Described mobile phone security module is at least encrypted described the second random factor and described the 3rd random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the second cipher-text information; Described mobile phone security module is sent to described subscriber identification card by described the second cipher-text information; Described subscriber identification card receives after described the second cipher-text information, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor; Described subscriber identification card generates the arranging key of described subscriber identification card end according to described the second random factor and described the 3rd random factor; Between described mobile phone security module and described subscriber identification card, by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end, carry out the safe transmission of information.

The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises: described mobile phone security module is obtained information to be transmitted; Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information; Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described the 3rd cipher-text information; Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the 3rd cipher-text information is decrypted, and obtains information to be transmitted; Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages; Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information; Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the 4th cipher-text information; Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, and obtains described the second signing messages; Described mobile phone security module is to the second signing messages outgoing described in major general.

The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises: described mobile phone security module is obtained information to be transmitted; Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information; Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information; Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified; If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages; Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the second check information; Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the second signing messages and described the second check information; Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified; If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.

The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises: described mobile phone security module is obtained information to be transmitted; Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information, and described the 3rd cipher-text information is carried out to verification calculating, obtains the first check information; Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described the 3rd cipher-text information and described the first check information; Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified; If described subscriber identification card is verified described the first process information, described subscriber identification card is decrypted described the 3rd cipher-text information by the arranging key of described subscriber identification card end, obtains described information to be transmitted; Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages; Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information, and described the 4th cipher-text information is carried out to verification calculating, obtains the second check information; Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the 4th cipher-text information and described the second check information; Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified; If described mobile phone security module is verified described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, obtain described the second signing messages; Described mobile phone security module is to the second signing messages outgoing described in major general.

In addition, after described mobile phone security module is obtained the step of information to be transmitted, before described mobile phone security module is sent to the step of described subscriber identification card by the first process information, described method also comprises: described mobile phone security module is extracted the key message in described information to be transmitted; Key message in the information to be transmitted extracting described in described mobile phone security module control mobile phone display screen shows; Described mobile phone security module receives the confirmation instruction of cell phone keyboard output; In described mobile phone security module, receive after the confirmation instruction of described cell phone keyboard output, carry out described mobile phone security module the first process information is sent to the step of described subscriber identification card.

In addition, described the 3rd random factor is that described subscriber identification card generates according to described the first random factor and described the second random factor, or described the 3rd random factor is the random generation of described subscriber identification card.

In addition, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.

The present invention provides a kind of mobile phone on the other hand, comprising: subscriber identification card and mobile phone security module; Wherein, the second Transmit-Receive Unit in described subscriber identification card, for the first authentication information is sent to mobile phone security module, wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate; The first Transmit-Receive Unit in described mobile phone security module, for receiving described the first authentication information; The first authentication unit in described mobile phone security module, for receiving after described the first authentication information at described the first Transmit-Receive Unit, verifies the legitimacy of described subscriber identification card certificate; The first ciphering unit in described mobile phone security module, for after described the first authentication unit verifies that described subscriber identification card certificate is legal, PKI by the described subscriber identification card that carries in described subscriber identification card certificate is at least encrypted described the first random factor and the second random factor, obtains the first cipher-text information; The first signature unit in described mobile phone security module, signs for described the first cipher-text information that described the first ciphering unit is obtained, and obtains the first signing messages; Described the first Transmit-Receive Unit in described mobile phone security module, also for the second authentication information is sent to described subscriber identification card, wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate; Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the second authentication information; The second authentication unit in described subscriber identification card, for receiving after described the second authentication information at described the second Transmit-Receive Unit, verifies the legitimacy of described mobile phone security module certificate; Described the second authentication unit in described subscriber identification card, also, for after the described mobile phone security module certificate of checking is legal, verifies the correctness of described the first signing messages; Described the second decrypting device in described subscriber identification card, after verifying that at described the second authentication unit described the first signing messages is correct, deciphers described the first cipher-text information, obtains described the first random factor and described the second random factor; Described the second authentication unit in described subscriber identification card, also, for obtaining after described the first random factor and described the second random factor in described the second decrypting device, verifies the correctness of described the first random factor; The second generation unit in described subscriber identification card, after verifying that at described the second authentication unit described the first random factor is correct, generate the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generate the arranging key of described subscriber identification card end; The second ciphering unit in described subscriber identification card, for generating after described the 3rd random factor at described the second generation unit, PKI by the described mobile phone security module of carrying in described mobile phone security module certificate is at least encrypted described the second random factor and described the 3rd random factor, obtains the second cipher-text information; Described the second Transmit-Receive Unit in described subscriber identification card, for obtaining after described the second cipher-text information at described the second ciphering unit, is sent to described mobile phone security module by described the second cipher-text information; Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second cipher-text information; The first decrypting device in described mobile phone security module, for receiving after described the second cipher-text information at described the first Transmit-Receive Unit, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor; The first generation unit in described mobile phone security module, for obtaining after described the second random factor and described the 3rd random factor in described the first decrypting device, according to described the second random factor and described the 3rd random factor, generate the arranging key of described mobile phone security module end; The arranging key of the described subscriber identification card end that the arranging key of the mobile phone security module end generating by described the first generation unit between described second Transmit-Receive Unit of described first Transmit-Receive Unit of described mobile phone security module and described subscriber identification card and described the second generation unit generate carries out the safe transmission of information.

The present invention also provides a kind of mobile phone on the other hand, comprising: subscriber identification card and mobile phone security module; Wherein, the first Transmit-Receive Unit in described mobile phone security module, for the first authentication information is sent to subscriber identification card, wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate; The second Transmit-Receive Unit in described subscriber identification card, for receiving described the first authentication information; The second authentication unit in described subscriber identification card, for receiving after described the first authentication information at described the second Transmit-Receive Unit, verifies the legitimacy of described mobile phone security module certificate; The second ciphering unit in described subscriber identification card, for after described the second authentication module verifies that described mobile phone security module certificate is legal, PKI by the described mobile phone security module of carrying in described mobile phone security module certificate is at least encrypted described the first random factor and the second random factor, obtains the first cipher-text information; The second signature unit in described subscriber identification card, for obtaining after described the first cipher-text information at described the second ciphering unit, signs to described the first cipher-text information, obtains the first signing messages; Described the second Transmit-Receive Unit in described subscriber identification card, also for the second authentication information being sent to described mobile phone security module, wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate; Described the first Transmit-Receive Unit in described mobile phone security module, for receiving described the second authentication information; The first authentication unit in described mobile phone security module, for receiving after described the second authentication information at described the first Transmit-Receive Unit, verifies the legitimacy of described subscriber identification card certificate; Described the first authentication unit in described mobile phone security module, also, for after the described subscriber identification card certificate of checking is legal, verifies the correctness of described the first signing messages; The first decrypting device in described mobile phone security module, after verifying that at described the first authentication unit described the first signing messages is correct, deciphers described the first cipher-text information, obtains described the first random factor and described the second random factor; Described the first authentication unit in described mobile phone security module, also, for obtaining after described the first random factor and described the second random factor in described the first decrypting device, verifies the correctness of described the first random factor; The first generation unit in described mobile phone security module, after verifying that at described the first authentication unit described the first random factor is correct, generate the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generate the arranging key of described mobile phone security module end; The first ciphering unit in described mobile phone security module, also for generating at described the first generation unit after described the 3rd random factor, PKI by the described subscriber identification card that carries in described subscriber identification card certificate is at least encrypted described the second random factor and described the 3rd random factor, obtains the second cipher-text information; Described the first Transmit-Receive Unit in described mobile phone security module, is also sent to described subscriber identification card for described the second cipher-text information that described the first ciphering unit is obtained; Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the second cipher-text information; The second decrypting device in described subscriber identification card, for receiving after described the second cipher-text information at described the second Transmit-Receive Unit, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor; The second generation unit in described subscriber identification card, for generating the arranging key of described subscriber identification card end according to described the second random factor and described the 3rd random factor; The arranging key of the end in the described subscriber identification card that the arranging key of the mobile phone security module end generating by described the first generation unit between described the second Transmit-Receive Unit in described the first Transmit-Receive Unit and described subscriber identification card in described mobile phone security module and described the second generation unit generate carries out the safe transmission of information.

In addition, the acquiring unit in described mobile phone security module, for obtaining information to be transmitted; The second signature unit in described subscriber identification card, for described information to be transmitted is signed, obtains the second signing messages; Outgoing unit in described mobile phone security module, for to the second signing messages outgoing described in major general.

In addition, the acquiring unit in described mobile phone security module, for obtaining information to be transmitted; Described the second signature unit in described subscriber identification card, also for described information to be transmitted is signed, obtains the second signing messages; Outgoing unit in described mobile phone security module, for to the second signing messages outgoing described in major general.

In addition, described the first ciphering unit in described mobile phone security module, the information to be transmitted of also for the arranging key by described mobile phone security module end, described acquiring unit being obtained is encrypted, and obtains the 3rd cipher-text information; Described the first Transmit-Receive Unit in described mobile phone security module, also for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described the 3rd cipher-text information; Described the second Transmit-Receive Unit in described subscriber identification card, for receiving described the first process information; Described the second decrypting device in described subscriber identification card, also for receiving after described the first process information at described the second Transmit-Receive Unit, arranging key by described subscriber identification card end is decrypted described the 3rd cipher-text information, obtains information to be transmitted; Described the second signature unit in described subscriber identification card, also, for obtaining after described information to be transmitted in described the second decrypting device, signs to described information to be transmitted, obtains the second signing messages; Described the second ciphering unit in described subscriber identification card, is also encrypted described the second signing messages for the arranging key by described subscriber identification card end, obtains the 4th cipher-text information; Described the second Transmit-Receive Unit in described subscriber identification card, also for obtaining at described the second ciphering unit after described the 4th ciphertext, the second process information is sent to described mobile phone security module, and wherein, described the second process information at least comprises: described the 4th cipher-text information; Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second process information; Described the first decrypting device in described mobile phone security module, also for receiving after described the second process information at described the first Transmit-Receive Unit, arranging key by described mobile phone security module end is decrypted described the 4th cipher-text information, obtains described the second signing messages; Outgoing unit in described mobile phone security module, for obtaining after described the second signing messages in described the first decrypting device, to the second signing messages outgoing described in major general.

In addition, described the first verification computing unit in described mobile phone security module, the information to be transmitted of described acquiring unit being obtained for the arranging key by described mobile phone security module end is carried out verification calculating, obtains the first check information; Described the first Transmit-Receive Unit in described mobile phone security module, for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described information to be transmitted and described the first check information; Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the first process information; Described the second authentication unit in described subscriber identification card, also, for receiving after described the first process information at described the second Transmit-Receive Unit, verifies described the first process information by the arranging key of described subscriber identification card end; Described the second signature unit in described subscriber identification card, also, for after described the first process information being verified at described the second authentication unit, signs to described information to be transmitted, obtains the second signing messages; The second verification computing unit in described subscriber identification card, carries out verification calculating for the arranging key by described subscriber identification card end to described the second signing messages, obtains the second check information; Described the second Transmit-Receive Unit in described subscriber identification card, also, for the second process information being sent to described mobile phone security module, wherein, described the second process information at least comprises: described the second signing messages and described the second check information; Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second process information; Described the first authentication unit in described mobile phone security module, also, for receiving after described the second process information at described the first Transmit-Receive Unit, verifies described the second process information by the arranging key of described mobile phone security module end; Described mobile phone security module China and foreign countries bill unit, after being verified described the second process information at described the first authentication unit, to the second signing messages outgoing described in major general.

In addition, described the first ciphering unit in described mobile phone security module, the information described to be transmitted of also for the arranging key by described mobile phone security module end, described acquiring unit being obtained is encrypted, obtain the 3rd cipher-text information, and the first verification computing unit in described mobile phone security module, for described the 3rd cipher-text information is carried out to verification calculating, obtain the first check information; Described the first Transmit-Receive Unit in described mobile phone security module, also for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described the 3rd cipher-text information and described the first check information; The second Transmit-Receive Unit in described subscriber identification card, also for receiving described the first process information; Described the second authentication unit in described subscriber identification card, also, for receiving after described the first process information at described the second Transmit-Receive Unit, verifies described the first process information by the arranging key of described subscriber identification card end; Described the second decrypting device in described subscriber identification card, also for after described the first process information being verified at described the second authentication unit, arranging key by described subscriber identification card end is decrypted described the 3rd cipher-text information, obtains described information to be transmitted; Described the second signature unit in described subscriber identification card, also, for obtaining after described information to be transmitted in described the second decrypting device, signs to described information to be transmitted, obtains the second signing messages; Described the second ciphering unit in described subscriber identification card, also for obtaining after described the second signing messages in described the second signature unit, arranging key by described subscriber identification card end is encrypted described the second signing messages, obtain the 4th cipher-text information, and the second verification computing unit in described subscriber identification card, for described the 4th cipher-text information is carried out to verification calculating, obtain the second check information; Described the second Transmit-Receive Unit in described subscriber identification card, also, for the second process information being sent to described mobile phone security module, wherein, described the second process information at least comprises: described the 4th cipher-text information and described the second check information; Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second process information; Described the first authentication unit in described mobile phone security module, also, for receiving after described the second process information at described the first Transmit-Receive Unit, verifies described the second process information by the arranging key of described mobile phone security module end; Described the first decrypting device in described mobile phone security module, also for after described the second process information being verified at described the first authentication unit, arranging key by described mobile phone security module end is decrypted described the 4th cipher-text information, obtains described the second signing messages; Outgoing unit in described mobile phone security module, also for obtaining after described the second signing messages in described the first decrypting device, to the second signing messages outgoing described in major general.

In addition, the extraction unit in described mobile phone security module, for extracting the key message of described information to be transmitted; Control unit in described mobile phone security module, shows the key message of the information to be transmitted that described extraction unit extracts for controlling mobile phone display screen; Receiving element in described mobile phone security module, for receiving the confirmation instruction of cell phone keyboard output, and receiving after the confirmation instruction of described cell phone keyboard output, notify described the first Transmit-Receive Unit to carry out described mobile phone security module the first process information is sent to described subscriber identification card.

In addition, described the second generation unit that described the 3rd random factor is described subscriber identification card generates according to described the first random factor and described the second random factor, or described the 3rd random factor to be that described the second generation unit in described subscriber identification card is random generate.

As seen from the above technical solution provided by the invention, by data processing method and the mobile phone of the present invention based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.

The flow chart of the data processing method based on arranging key that Fig. 1 provides for the embodiment of the present invention 1;

The structural representation of the mobile phone that Fig. 2 provides for the embodiment of the present invention 1;

The flow chart of the data processing method based on arranging key that Fig. 3 provides for the embodiment of the present invention 2;

The structural representation of the mobile phone that Fig. 4 provides for the embodiment of the present invention 2.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.

In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as indication or hint relative importance or quantity or position.

In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Data processing method based on arranging key of the present invention realizes based on mobile phone, and this mobile phone at least comprises a subscriber identification card that possesses safety function, and a mobile phone security module.Wherein:

Subscriber identification card can be following any card: SIM(Subscriber Identity Module, client identification module) card, UIM(User Identity Module) card, usim card, PIM card etc., above card is all on the basis of existing function, expanded safety function, to coordinate mobile phone security module of the present invention to realize function of the present invention.

This mobile phone security module can be set to be independent of the independent module outside mobile phone CPU, also can be set to the safety zone in mobile phone CPU, with the independently safety function that guarantees that this mobile phone security module can realize, for example: mobile phone security module can independently be carried out safe identity authentication function, and the security control showing, guarantee the authenticity of displaying contents etc.

In addition, third party CA has also issued the certificate through ca authentication to subscriber identification card, and third party CA has still issued the certificate through ca authentication to mobile phone security module simultaneously, to guarantee that both sides can verify the legitimacy of the other side's identity, improves fail safe.

Embodiment 1

Fig. 1 has shown the flow chart of the data processing method based on arranging key that the embodiment of the present invention 1 provides, and referring to Fig. 1, the data processing method based on arranging key of the present invention, comprising:

Step S101, subscriber identification card is sent to mobile phone security module by the first authentication information, and wherein, the first authentication information at least comprises: the first random factor and subscriber identification card certificate;

Concrete, subscriber identification card generates first random factor in advance, and the certificate that the random factor of generation and CA is presented to subscriber identification card sends to mobile phone security module in the lump.Send the first random factor to guarantee that each information sending is all different, prevent Replay Attack, improve fail safe.This first random factor can be a random number of subscriber identification card generation.

Step S102, mobile phone security module receives after the first authentication information, the legitimacy of identifying user identity identification card certificate;

Concrete, mobile phone security module receives after subscriber identification card certificate, and the legitimacy of this certificate is verified.For example: the PKI of the CA that employing CA issues carries out sign test to the part that in subscriber identification card certificate, CA private key is signed, only, after sign test is passed through, just identifying user identity identification card certificate is legal.

Step S103, if mobile phone security module identifying user identity identification card certificate is legal, mobile phone security module is at least encrypted the first random factor and the second random factor by the PKI of the subscriber identification card that carries in subscriber identification card certificate, obtains the first cipher-text information;

Concrete, after mobile phone security module identifying user identity identification card certificate is legal, also generate the second random factor, generating after the second random factor, the PKI of the subscriber identification card carrying in the subscriber identification card certificate of sending by subscriber identification card is encrypted the first random factor and the second random factor, guarantees thus the fail safe of the first random factor and the transmission of the second random factor.

Wherein, the second random factor can be a random number.

Step S104, mobile phone security module is signed to the first cipher-text information, obtains the first signing messages;

Concrete, in mobile phone security module, the first random factor and the second random factor are encrypted after acquisition the first cipher-text information, also at least utilize the private key of mobile phone security module to sign to the first cipher-text information, to guarantee integrality and the non repudiation of the first cipher-text information transmission.

Certainly, the present invention is not limited to mobile phone security module the first cipher-text information is signed, mobile phone security module can also directly be signed to the first random factor and the second random factor, obtain the first signing messages, thus, can guarantee integrality and the non repudiation of the first random factor and the second random factor itself.

In the present invention, the scheme of preferably selecting mobile phone security module to sign to the first cipher-text information, to guarantee the opaque transmission of the first random factor and the second random factor.

Step S105, mobile phone security module is sent to subscriber identification card by the second authentication information, and wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and mobile phone security module certificate;

Step S106, subscriber identification card receives after the second authentication information, the legitimacy of checking mobile phone security module certificate;

Concrete, subscriber identification card receives after mobile phone security module certificate, and the legitimacy of this certificate is verified.For example: the PKI of the CA that employing CA issues carries out sign test to the part that in mobile phone security module certificate, CA private key is signed, and only, after sign test is passed through, just verifies that mobile phone security module certificate is legal.

Step S107, if subscriber identification card checking mobile phone security module certificate is legal, subscriber identification card is verified the correctness of the first signing messages;

Concrete, after subscriber identification card checking mobile phone security module certificate is legal, also verify the correctness of the first signing messages.Now, subscriber identification card is directly verified the correctness of the first signing messages according to the PKI of the mobile phone security module in the first cipher-text information and the mobile phone security module certificate that receive.

Certainly, if mobile phone security module is that the first random factor and the second random factor are signed, subscriber identification card is deciphered the first ciphertext in advance so, obtain the first random factor and the second random factor, thereby according to the PKI of the mobile phone security module in the first random factor and the second random factor and the mobile phone security module certificate that decrypt, verify again the correctness of the first signing messages.

In the present invention, preferably adopt the correctness of verifying the first signing messages according to the PKI of the first cipher-text information and mobile phone security module.

Step S108, if subscriber identification card verifies that the first signing messages is correct, subscriber identification card is deciphered the first cipher-text information, obtains the first random factor and the second random factor;

Concrete, subscriber identification card, after checking the first signing messages is correct, is decrypted the first cipher-text information by the private key of subscriber identification card, obtains the first random factor and the second random factor.Under the prerequisite can not being tampered in the first cipher-text information thus, decipher the first cipher-text information, thereby guarantee to obtain real the first random factor and the second random factor.

Step S109, subscriber identification card is obtaining after the first random factor and the second random factor, the correctness of checking the first random factor;

Concrete, only have subscriber identification card deciphering after real the first random factor and the second random factor, just verify that whether whether the first random factor consistent with the first random factor generating before subscriber identification card, if consistent, verify the first random factor correct.

Step S110, if subscriber identification card verifies that the first random factor is correct, subscriber identification card generates the 3rd random factor, and according to the arranging key of the second random factor and the 3rd random factor generation subscriber identification card end;

Concrete, subscriber identification card generates the 3rd random factor after verifying that the first random factor is correct, and according to the second random factor and the 3rd random factor, jointly generates the arranging key of subscriber identification card end.Wherein, the 3rd random factor can be that subscriber identification card generates according to the first random factor and the second random factor, or the 3rd random factor is the random generation of subscriber identification card.The 3rd random factor can be also a random number.Thus, generated the arranging key of subscriber identification card end, so that follow-up safe transmission of carrying out information according to this arranging key and mobile phone security module.

Step S111, subscriber identification card is at least encrypted the second random factor and the 3rd random factor by the PKI of the mobile phone security module of carrying in mobile phone security module certificate, obtains the second cipher-text information;

Concrete, subscriber identification card is encrypted the second random factor and the 3rd random factor by the PKI of the mobile phone security module of carrying in mobile phone security module certificate, so that safe transmission is follow-up for generating the second random factor and the 3rd random factor of arranging key of mobile phone security module end.

Step S112, subscriber identification card is sent to mobile phone security module by the second cipher-text information;

Step S113, mobile phone security module receives after the second cipher-text information, and deciphering the second cipher-text information, obtains the second random factor and the 3rd random factor;

Concrete, mobile phone security module is decrypted the second cipher-text information by the private key of mobile phone security module, obtains real the second random factor and the 3rd random factor.

Step S114, mobile phone security module generates the arranging key of mobile phone security module end according to the second random factor and the 3rd random factor;

Concrete, mobile phone security module is obtaining after real the second random factor and the 3rd random factor, according to this second random factor and the 3rd random factor, generate the arranging key of mobile phone security module end, so that follow-up safe transmission of carrying out information according to this arranging key and subscriber identification card.

Step S115, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.

Concrete, in mobile phone security module, generated the arranging key of mobile phone security module end, and subscriber identification card generated after the arranging key of subscriber identification card end, between mobile phone security module and subscriber identification card, by the arranging key at two ends, carry out the safe transmission of information.

Now, one of can be in the following way realize the safe transmission of information:

Mode one:

Step S116a, mobile phone security module is obtained information to be transmitted;

Concrete, mobile phone security module is obtained information to be transmitted, and this information to be transmitted can, for needing the confidential information of safe transmission, can be also Transaction Information to be transacted in Net silver.

If the present invention is applied in secure transmission of confidential information, the confidential information that information to be transmitted can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.;

If the present invention is applied in Internet-based banking services, information to be transmitted can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account that mobile phone gets by Web bank's client, dealing money.

Step S117a, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, guarantees the fail safe of transmission.Now, arranging key at least comprises an encryption key.

Step S118a, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: the 3rd cipher-text information;

Step S119a, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Concrete, due to information exchange to be transmitted, cross the arranging key of mobile phone security module end and encrypt, now, subscriber identification card receives after the 3rd cipher-text information, by the arranging key in subscriber identification card, be decrypted, thereby obtain real information to be transmitted.

Step S120a, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Concrete, subscriber identification card, having obtained after real information to be transmitted, is signed to this information to be transmitted, to guarantee information integrity to be transmitted and non repudiation.

Step S121a, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information;

Concrete, subscriber identification card is also encrypted the second signing messages by the arranging key of subscriber identification card end, thereby guarantees the opaque transmission of the second signing messages, improves fail safe.

Step S122a, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information;

Step S123a, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the 4th cipher-text information is decrypted, and obtains the second signing messages;

Concrete, mobile phone security module receives after the 4th cipher-text information, also by the arranging key of mobile phone security module end, the 4th cipher-text information is decrypted, and obtains real the second signing messages.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S124a, mobile phone security module is to major general's the second signing messages outgoing.

Concrete, mobile phone security module has been carried out the second signing messages outgoing after signature by treating transmission information.

If the present invention is applied in secure transmission of confidential information, the device of confidential information after signature being sent to confidential information extraction is outward medium;

If the present invention is applied in Internet-based banking services, the Transaction Information after signature is sent to Web bank's server etc.

Mode two:

Step S116b, mobile phone security module is obtained information to be transmitted;

Step S117b, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is carried out verification calculating, thereby guarantees information integrity to be transmitted.Now, arranging key at least comprises a verification computation key, and this verification is calculated can be for calculating arbitrary verification modes such as MAC value.

Step S118b, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: information to be transmitted and the first check information;

Step S119b, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Concrete; the arranging key of crossing mobile phone security module end due to information exchange to be transmitted has carried out verification calculating; now; subscriber identification card receives after information to be transmitted and the first check information; by the arranging key in subscriber identification card, treat transmission information and carry out equally verification calculating, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the information to be transmitted obtaining is without distorting.

Step S120b, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S121b, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;

Concrete, subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, thereby guarantees the integrality of the second signing messages.

Step S122b, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the second signing messages and the second check information;

Step S123b, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Concrete; mobile phone security module receives after the second signing messages and the second check information; also by the arranging key of mobile phone security module end, the second signing messages is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the second signing messages obtaining is without distorting.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S124b, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.

Mode three:

Step S116c, mobile phone security module is obtained information to be transmitted;

Step S117c, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, guarantees the fail safe of transmission.

Mobile phone security module is carried out verification calculating by the arranging key of the mobile phone security module end of its generation to the 3rd cipher-text information, thereby guarantees the integrality of ground three cipher-text information.This verification is calculated can be for calculating arbitrary verification modes such as MAC value.

Now, arranging key at least comprises verification computation key of an encryption key.

Step S118c, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S119c, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Concrete; because the 3rd cipher-text information has been carried out verification calculating by the arranging key of mobile phone security module end; now; subscriber identification card receives after the 3rd cipher-text information and the first check information; by the arranging key in subscriber identification card, the 3rd cipher-text information is carried out to verification calculating equally, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the 3rd cipher-text information obtaining is without distorting.

Step S120c, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Concrete, due to information exchange to be transmitted, cross the arranging key of mobile phone security module end and encrypt, now, subscriber identification card receives after real the 3rd cipher-text information, by the arranging key in subscriber identification card, be decrypted, thereby obtain real information to be transmitted.

Step S121c, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S122c, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the 4th cipher-text information, thereby guarantees the integrality of the 4th cipher-text information.

Step S123c, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

Step S124c, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Concrete; mobile phone security module receives after the 4th cipher-text information and the second check information; also by the arranging key of mobile phone security module end, the 4th cipher-text information is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the 4th cipher-text information obtaining is without distorting.

Step S125c, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Concrete, mobile phone security module, having obtained after real the 4th cipher-text information, is also decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains real the second signing messages.

Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.

Step S126c, mobile phone security module is to major general's the second signing messages outgoing.

Mode four:

Step S116d, mobile phone security module is obtained information to be transmitted;

Step S117d, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Step S118d, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

Step S119d, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S120d, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Step S121d, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S122d, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information;

Step S123d, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information;

Step S124d, mobile phone security module is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S125d, mobile phone security module is to major general's the second signing messages outgoing.

Mode five:

Step S116e, mobile phone security module is obtained information to be transmitted;

Step S119e, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S120e, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;

Step S121e, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S122e, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;

Step S123e, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the second signing messages and the second check information;

Step S124e, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S125e, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.

Mode six:

Step S116f, mobile phone security module is obtained information to be transmitted;

Step S117f, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the 3rd cipher-text information;

Step S118f, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: the 3rd cipher-text information;

Step S119f, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Step S120f, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S121f, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Step S122f, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

Step S123f, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S124f, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S125f, mobile phone security module is to major general's the second signing messages outgoing.

Mode seven:

Step S116g, mobile phone security module is obtained information to be transmitted;

Step S117g, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;

Step S118g, mobile phone security module is sent to subscriber identification card by the first process information, and wherein, the first process information at least comprises: information to be transmitted and the first check information;

Step S119g, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;

Step S120g, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;

Step S121g, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 4th cipher-text information, and the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Step S122g, subscriber identification card is sent to mobile phone security module by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

Step S123g, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;

Step S124g, if mobile phone security module is verified the second process information, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;

Step S125g, mobile phone security module is to major general's the second signing messages outgoing.

Certainly, with upper type one to mode seven, for to each step of cipher-text information being carried out to verification calculating, all can adopt to the original text of cipher-text information carry out verification calculate substitute, obtaining after check information and cipher-text information, all deciphering obtains the original text of cipher-text information in advance, then carries out the checking of check information.As long as can guarantee that the original text of cipher-text information or cipher-text information cannot be tampered.

As can be seen here, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.

In addition, in above-mentioned either type, after mobile phone security module is obtained the step of information to be transmitted, before mobile phone security module is sent to the step of subscriber identification card by the first process information, the data processing method based on arranging key also comprises the steps:

Step S1161, mobile phone security module is extracted the key message in information to be transmitted;

Concrete, mobile phone security module will be extracted the key message in information to be transmitted, to be shown to user, is confirmed whether it is this information.For example:

If the present invention is applied in secure transmission of confidential information, the key message such as mobile phone security module filename in can extractor confidential information, so that user is confirmed whether to extract these classified papers and carries out Safety output;

If the present invention is applied in Internet-based banking services, mobile phone security module can be extracted the key message in Transaction Information, and whether the key messages such as the account of for example concluding the business and dealing money, be real transaction so that user confirms this transaction.

Step S1162, mobile phone security module control mobile phone display screen shows the key message in the information to be transmitted extracting;

Concrete, the display screen of mobile phone security module control mobile phone shows the key message extracting, so that user confirms the authenticity of key message, thereby guarantees the authenticity of information to be transmitted.In addition, display screen by mobile phone security module control mobile phone shows the key message extracting, can also prevent from controlling by mobile phone CPU the problem that mobile phone display screen shows that key message may be tampered, the content that assurance shows by the control of mobile phone security module is real content, improves fail safe.

Step S1163, mobile phone security module receives the confirmation instruction of cell phone keyboard output;

Concrete, when user confirm mobile phone display screen show key message errorless after, press the acknowledgement key on mobile phone, this acknowledgement key can be the hardware button arranging on mobile phone, also can be the virtual key of touch-screen mobile phone, in mobile phone security module, receive after the confirmation instruction of cell phone keyboard output, confirm the authenticity of information to be transmitted, carry out the preparation of follow-up safe transmission.

Step S1164, receives in mobile phone security module after the confirmation instruction of cell phone keyboard output, and execution mobile phone security module is sent to the first process information the step of subscriber identification card.

Concrete, only have the information to be transmitted of confirming through user key-press to be just considered to real information to be transmitted, guarantee the authenticity of information to be transmitted, thereby improved the authenticity of confidential information output, and the fail safe of Transaction Information output.

Fig. 2 has shown the structural representation of the mobile phone that the embodiment of the present invention 1 provides, and the mobile phone that the embodiment of the present invention 1 provides and the data processing method based on arranging key that adopts embodiment 1 to provide, therefore this is no longer going to repeat them.

At this, only by a kind of implementation of mobile phone of the present invention, be briefly described, certainly, mobile phone of the present invention is not limited to the structure shown in Fig. 2 and divides, and other similar structures are divided and all should be belonged to protection scope of the present invention.

Referring to Fig. 2, the mobile phone that the embodiment of the present invention 1 provides, comprising: mobile phone security module 10 and subscriber identification card 20; Wherein,

The second Transmit-Receive Unit 201 in subscriber identification card 20, for the first authentication information is sent to mobile phone security module 10, wherein, the first authentication information at least comprises: the first random factor and subscriber identification card 20 certificates;

The first Transmit-Receive Unit 101 in mobile phone security module 10, for receiving the first authentication information;

The first authentication unit 102 in mobile phone security module 10, for receiving after the first authentication information at the first Transmit-Receive Unit 101, the legitimacy of identifying user identity identification card 20 certificates;

The first ciphering unit 103 in mobile phone security module 10, for after the first authentication unit 102 identifying user identity identification card 20 certificates are legal, PKI by the subscriber identification card 20 that carries in subscriber identification card 20 certificates is at least encrypted the first random factor and the second random factor, obtains the first cipher-text information;

The first signature unit 105 in mobile phone security module 10, signs for the first cipher-text information that the first ciphering unit 103 is obtained, and obtains the first signing messages;

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for the second authentication information is sent to subscriber identification card 20, wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and mobile phone security module 10 certificates;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for receiving the second authentication information;

The second authentication unit 202 in subscriber identification card 20, for receiving after the second authentication information at the second Transmit-Receive Unit 201, the legitimacy of checking mobile phone security module 10 certificates;

The second authentication unit 202 in subscriber identification card 20, also for after checking mobile phone security module 10 certificates are legal, the correctness of checking the first signing messages;

The second decrypting device 204 in subscriber identification card 20, after verifying that at the second authentication unit 202 the first signing messages is correct, deciphering the first cipher-text information, obtains the first random factor and the second random factor;

The second authentication unit 202 in subscriber identification card 20, also for obtaining after the first random factor and the second random factor in the second decrypting device 204, the correctness of checking the first random factor;

The second generation unit 206 in subscriber identification card 20, after verifying that at the second authentication unit 202 the first random factor is correct, generate the 3rd random factor, and according to the arranging key of the second random factor and the 3rd random factor generation subscriber identification card 20 ends;

The second ciphering unit 203 in subscriber identification card 20, for generating after the 3rd random factor at the second generation unit 206, PKI by the mobile phone security module 10 of carrying in mobile phone security module 10 certificates is at least encrypted the second random factor and the 3rd random factor, obtains the second cipher-text information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, for obtaining after the second cipher-text information at the second ciphering unit 203, is sent to mobile phone security module 10 by the second cipher-text information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for receiving the second cipher-text information;

The first decrypting device 104 in mobile phone security module 10, for receiving after the second cipher-text information at the first Transmit-Receive Unit 101, deciphering the second cipher-text information, obtains the second random factor and the 3rd random factor;

The first generation unit 106 in mobile phone security module 10, for obtaining in the first decrypting device 104 after the second random factor and the 3rd random factor, according to the arranging key of the second random factor and the 3rd random factor generation mobile phone security module 10 ends;

The arranging key of mobile phone security module 10 ends that generate by the first generation unit 106 between the first Transmit-Receive Unit 101 of mobile phone security module 10 and the second Transmit-Receive Unit 201 of subscriber identification card 20 and the arranging key of subscriber identification card 20 ends that the second generation unit 206 generates carry out the safe transmission of information.

As can be seen here, mobile phone of the present invention can Secure execution Internet-based banking services and/or confidential information transmission.

In addition, the acquiring unit 107 in mobile phone security module 10, for obtaining information to be transmitted;

The second signature unit 205 in subscriber identification card 20, signs for treating transmission information, obtains the second signing messages;

Outgoing unit 107 in mobile phone security module 10, for to major general's the second signing messages outgoing.

Mode one:

The first ciphering unit 103 in mobile phone security module 10, the information to be transmitted of also for the arranging key by mobile phone security module 10 ends, acquiring unit 107 being obtained is encrypted, and obtains the 3rd cipher-text information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for the first process information is sent to subscriber identification card 20, wherein, the first process information at least comprises: the 3rd cipher-text information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, for receiving the first process information;

The second decrypting device 204 in subscriber identification card 20, also for receiving after the first process information at the second Transmit-Receive Unit 201, is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card 20 ends, obtains information to be transmitted;

The second signature unit 205 in subscriber identification card 20, also, for obtaining after information to be transmitted in the second decrypting device 204, treats transmission information and signs, and obtains the second signing messages;

The second ciphering unit 203 in subscriber identification card 20, also for by the arranging key of subscriber identification card 20 ends, the second signing messages being encrypted, obtains the 4th cipher-text information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also, for obtaining after the 4th ciphertext at the second ciphering unit 203, is sent to mobile phone security module 10 by the second process information, and wherein, the second process information at least comprises: the 4th cipher-text information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for receiving the second process information;

The first decrypting device 104 in mobile phone security module 10, also for receiving after the second process information at the first Transmit-Receive Unit 101, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module 10 ends, obtains the second signing messages;

Outgoing unit 108 in mobile phone security module 10, for obtaining after the second signing messages in the first decrypting device 104, to major general's the second signing messages outgoing.

Mode two:

The first verification computing unit 107 in mobile phone security module 10, the information to be transmitted of acquiring unit 107 being obtained for the arranging key by mobile phone security module 10 ends is carried out verification calculating, obtains the first check information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, for the first process information is sent to subscriber identification card 20, wherein, the first process information at least comprises: information to be transmitted and the first check information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for receiving the first process information;

The second authentication unit 202 in subscriber identification card 20, also, for receiving after the first process information at the second Transmit-Receive Unit 201, verifies the first process information by the arranging key of subscriber identification card 20 ends;

The second signature unit 205 in subscriber identification card 20, also, for after the first process information being verified at the second authentication unit 202, treats transmission information and signs, and obtains the second signing messages;

The second verification computing unit 207 in subscriber identification card 20, for by the arranging key of subscriber identification card 20 ends, the second signing messages being carried out to verification calculating, obtains the second check information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for the second process information is sent to mobile phone security module 10, wherein, the second process information at least comprises: the second signing messages and the second check information;

The first authentication unit 102 in mobile phone security module 10, also, for receiving after the second process information at the first Transmit-Receive Unit 101, verifies the second process information by the arranging key of mobile phone security module 10 ends;

Mobile phone security module 10 China and foreign countries bill units 108, after being verified the second process information at the first authentication unit 102, to major general's the second signing messages outgoing.

Mode three:

The first ciphering unit 103 in mobile phone security module 10, the information to be transmitted of also for the arranging key by mobile phone security module 10 ends, acquiring unit 107 being obtained is encrypted, obtain the 3rd cipher-text information, and the first verification computing unit 107 in mobile phone security module 10, for the 3rd cipher-text information is carried out to verification calculating, obtain the first check information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for the first process information is sent to subscriber identification card 20, wherein, the first process information at least comprises: the 3rd cipher-text information and the first check information;

The second decrypting device 204 in subscriber identification card 20, also, for after the first process information being verified at the second authentication unit 202, is decrypted the 3rd cipher-text information by the arranging key of subscriber identification card 20 ends, obtains information to be transmitted;

The second ciphering unit 203 in subscriber identification card 20, also for obtaining after the second signing messages in the second signature unit 205, arranging key by subscriber identification card 20 ends is encrypted the second signing messages, obtain the 4th cipher-text information, and the second verification computing unit 207 in subscriber identification card 20, for the 4th cipher-text information is carried out to verification calculating, obtain the second check information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for the second process information is sent to mobile phone security module 10, wherein, the second process information at least comprises: the 4th cipher-text information and the second check information;

The first decrypting device 104 in mobile phone security module 10, also, for after the second process information being verified at the first authentication unit 102, is decrypted the 4th cipher-text information by the arranging key of mobile phone security module 10 ends, obtains the second signing messages;

Outgoing unit 108 in mobile phone security module 10, also for obtaining after the second signing messages in the first decrypting device 104, to major general's the second signing messages outgoing.

Mode four:

The second ciphering unit 203 in subscriber identification card 20, also, for obtaining after the second signing messages in the second signature unit 205, is encrypted the second signing messages by the arranging key of subscriber identification card 20 ends, obtains the 4th cipher-text information;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for the second process information is sent to mobile phone security module 10, wherein, the second process information at least comprises: the 4th cipher-text information;

Mode five:

The second verification computing unit 207 in subscriber identification card 20, for obtaining after the second signing messages in the second signature unit 205, carries out verification calculating to the second signing messages, obtains the second check information;

Outgoing unit 108 in mobile phone security module 10, also for after being verified the second process information at the first authentication unit 102, to major general's the second signing messages outgoing.

Mode six:

Mode seven:

The first Transmit-Receive Unit 101 in mobile phone security module 10, also for the first process information is sent to subscriber identification card 20, wherein, the first process information at least comprises: information to be transmitted and the first check information;

Certainly, with upper type one to mode seven, for to each to cipher-text information carry out verification calculate time, all can adopt to the original text of cipher-text information carry out verification calculate substitute, obtaining after check information and cipher-text information, all deciphering obtains the original text of cipher-text information in advance, then carries out the checking of check information.As long as can guarantee that the original text of cipher-text information or cipher-text information cannot be tampered.

In addition, mobile phone security module 10 can also be by showing that key message in information to be transmitted confirms the authenticity of information to be transmitted for user.

Extraction unit 109 in mobile phone security module 10, for extracting the key message of information to be transmitted;

Control unit 110 in mobile phone security module 10, shows the key message of the information to be transmitted that extracts of extraction unit for controlling mobile phone display screen;

Receiving element 111 in mobile phone security module 10, for receiving the confirmation instruction of cell phone keyboard output, and receiving after the confirmation instruction of cell phone keyboard output, notify the first Transmit-Receive Unit 101 to carry out mobile phone security module 10 the first process information is sent to subscriber identification card 20.

In addition, the 3rd random factor is that the second generation unit 206 of subscriber identification card 20 generates according to the first random factor and the second random factor, or the 3rd random factor is the random generation of the second generation unit 206 in subscriber identification card 20.

And mobile phone security module 10 can be the module being independent of outside mobile phone CPU, or mobile phone security module 10 is arranged on the safety zone in mobile phone CPU.

Embodiment 2

The present embodiment 2 and the difference of embodiment 1 are that verification process and the key generative process between mobile phone security module and subscriber identification card is contrary process, this is no longer going to repeat them, and the mobile phone that the data processing method based on arranging key only the present embodiment 2 being provided and the present embodiment 2 provide is briefly described.

Fig. 3 shows the flow chart of the data processing method based on arranging key that the embodiment of the present invention 2 provides, and referring to Fig. 2, the data processing method based on arranging key of the embodiment of the present invention 2, comprising:

Step S201, mobile phone security module is sent to subscriber identification card by the first authentication information, and wherein, the first authentication information at least comprises: the first random factor and mobile phone security module certificate;

Step S202, subscriber identification card receives after the first authentication information, the legitimacy of checking mobile phone security module certificate;

Step S203, if subscriber identification card checking mobile phone security module certificate is legal, subscriber identification card is at least encrypted the first random factor and the second random factor by the PKI of the mobile phone security module of carrying in mobile phone security module certificate, obtains the first cipher-text information;

Step S204, subscriber identification card is signed to the first cipher-text information, obtains the first signing messages;

Step S205, subscriber identification card is sent to mobile phone security module by the second authentication information, and wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and subscriber identification card certificate;

Step S206, mobile phone security module receives after the second authentication information, the legitimacy of identifying user identity identification card certificate;

Step S207, if mobile phone security module identifying user identity identification card certificate is legal, mobile phone security module is verified the correctness of the first signing messages;

Step S208, if mobile phone security module verifies that the first signing messages is correct, mobile phone security module is deciphered the first cipher-text information, obtains the first random factor and the second random factor;

Step S209, mobile phone security module is obtaining after the first random factor and the second random factor, the correctness of checking the first random factor;

Step S210, if mobile phone security module verifies that the first random factor is correct, mobile phone security module generates the 3rd random factor, and according to the arranging key of the second random factor and the 3rd random factor generation mobile phone security module end;

Step S211, mobile phone security module is at least encrypted the second random factor and the 3rd random factor by the PKI of the subscriber identification card that carries in subscriber identification card certificate, obtains the second cipher-text information;

Step S212, mobile phone security module is sent to subscriber identification card by the second cipher-text information;

Step S213, subscriber identification card receives after the second cipher-text information, and deciphering the second cipher-text information, obtains the second random factor and the 3rd random factor;

Step S214, subscriber identification card generates the arranging key of subscriber identification card end according to the second random factor and the 3rd random factor;

Step S215, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.

In step S215, between mobile phone security module and subscriber identification card, by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end, carry out the process of safe transmission of information identical with embodiment 1, do not repeat them here.

Fig. 4 has shown the structural representation of the mobile phone that the embodiment of the present invention 2 provides, and referring to Fig. 2, the mobile phone that the embodiment of the present invention 2 provides, comprising: mobile phone security module 10 and subscriber identification card 20; Wherein,

The first Transmit-Receive Unit 101 in mobile phone security module 10, for the first authentication information is sent to subscriber identification card 20, wherein, the first authentication information at least comprises: the first random factor and mobile phone security module 10 certificates;

The second Transmit-Receive Unit 201 in subscriber identification card 20, for receiving the first authentication information;

The second authentication unit 202 in subscriber identification card 20, for receiving after the first authentication information at the second Transmit-Receive Unit 201, the legitimacy of checking mobile phone security module 10 certificates;

The second ciphering unit 203 in subscriber identification card 20, for after the second authentication module checking mobile phone security module 10 certificates are legal, PKI by the mobile phone security module 10 of carrying in mobile phone security module 10 certificates is at least encrypted the first random factor and the second random factor, obtains the first cipher-text information;

The second signature unit 205 in subscriber identification card 20, for obtaining after the first cipher-text information at the second ciphering unit 203, signs to the first cipher-text information, obtains the first signing messages;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for the second authentication information is sent to mobile phone security module 10, wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and subscriber identification card 20 certificates;

The first Transmit-Receive Unit 101 in mobile phone security module 10, for receiving the second authentication information;

The first authentication unit 102 in mobile phone security module 10, for receiving after the second authentication information at the first Transmit-Receive Unit 101, the legitimacy of identifying user identity identification card 20 certificates;

The first authentication unit 102 in mobile phone security module 10, also for after identifying user identity identification card 20 certificates are legal, the correctness of checking the first signing messages;

The first decrypting device 104 in mobile phone security module 10, after verifying that at the first authentication unit 102 the first signing messages is correct, deciphering the first cipher-text information, obtains the first random factor and the second random factor;

The first authentication unit 102 in mobile phone security module 10, also for obtaining after the first random factor and the second random factor in the first decrypting device 104, the correctness of checking the first random factor;

The first generation unit 106 in mobile phone security module 10, after verifying that at the first authentication unit 102 the first random factor is correct, generate the 3rd random factor, and according to the arranging key of the second random factor and the 3rd random factor generation mobile phone security module 10 ends;

The first ciphering unit 103 in mobile phone security module 10, also for generating after the 3rd random factor at the first generation unit 106, PKI by the subscriber identification card 20 that carries in subscriber identification card 20 certificates is at least encrypted the second random factor and the 3rd random factor, obtains the second cipher-text information;

The first Transmit-Receive Unit 101 in mobile phone security module 10, is also sent to subscriber identification card 20 for the second cipher-text information that the first ciphering unit 103 is obtained;

The second Transmit-Receive Unit 201 in subscriber identification card 20, also for receiving the second cipher-text information;

The second decrypting device 204 in subscriber identification card 20, for receiving after the second cipher-text information at the second Transmit-Receive Unit 201, deciphering the second cipher-text information, obtains the second random factor and the 3rd random factor;

The second generation unit 206 in subscriber identification card 20, for generating the arranging key of subscriber identification card 20 ends according to the second random factor and the 3rd random factor;

The arranging key of the end in the arranging key of mobile phone security module 10 ends that generate by the first generation unit 106 between the second Transmit-Receive Unit 201 in the first Transmit-Receive Unit 101 and subscriber identification card 20 in mobile phone security module 10 and the subscriber identification card 20 that the second generation unit 206 generates carries out the safe transmission of information.

The structure of safe transmission that the arranging key of the subscriber identification card end 20 that the arranging key of mobile phone security module 10 ends that generate by the first generation unit 106 between mobile phone security module 10 and subscriber identification card 20 and the second generation unit 206 generate carries out information is identical with embodiment 1, does not repeat them here.

Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.

In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.

The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.

In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.

Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims

1. the data processing method based on arranging key, is characterized in that, comprising:

Subscriber identification card is sent to mobile phone security module by the first authentication information, and wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate;

Described mobile phone security module receives after described the first authentication information, verifies the legitimacy of described subscriber identification card certificate;

If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is at least encrypted described the first random factor and the second random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the first cipher-text information;

Described mobile phone security module is signed to described the first cipher-text information, obtains the first signing messages;

Described mobile phone security module is sent to described subscriber identification card by the second authentication information, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate;

Described subscriber identification card receives after described the second authentication information, verifies the legitimacy of described mobile phone security module certificate;

If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is verified the correctness of described the first signing messages;

If described subscriber identification card verifies that described the first signing messages is correct, described subscriber identification card is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;

Described subscriber identification card is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;

If described subscriber identification card verifies that described the first random factor is correct, described subscriber identification card generates the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generates the arranging key of described subscriber identification card end;

Described subscriber identification card is at least encrypted described the second random factor and described the 3rd random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the second cipher-text information;

Described subscriber identification card is sent to described mobile phone security module by described the second cipher-text information;

Described mobile phone security module receives after described the second cipher-text information, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor;

Described mobile phone security module generates the arranging key of described mobile phone security module end according to described the second random factor and described the 3rd random factor;

Between described mobile phone security module and described subscriber identification card, by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end, carry out the safe transmission of information.

2. the data processing method based on arranging key, is characterized in that, comprising:

Mobile phone security module is sent to subscriber identification card by the first authentication information, and wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate;

Described subscriber identification card receives after described the first authentication information, verifies the legitimacy of described mobile phone security module certificate;

If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is at least encrypted described the first random factor and the second random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the first cipher-text information;

Described subscriber identification card is signed to described the first cipher-text information, obtains the first signing messages;

Described subscriber identification card is sent to described mobile phone security module by the second authentication information, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate;

Described mobile phone security module receives after described the second authentication information, verifies the legitimacy of described subscriber identification card certificate;

If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is verified the correctness of described the first signing messages;

If described mobile phone security module verifies that described the first signing messages is correct, described mobile phone security module is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;

Described mobile phone security module is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;

If described mobile phone security module verifies that described the first random factor is correct, described mobile phone security module generates the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generates the arranging key of described mobile phone security module end;

Described mobile phone security module is at least encrypted described the second random factor and described the 3rd random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the second cipher-text information;

Described mobile phone security module is sent to described subscriber identification card by described the second cipher-text information;

Described subscriber identification card receives after described the second cipher-text information, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor;

Described subscriber identification card generates the arranging key of described subscriber identification card end according to described the second random factor and described the 3rd random factor;

3. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

Described mobile phone security module is obtained information to be transmitted;

Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information;

Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described the 3rd cipher-text information;

Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the 3rd cipher-text information is decrypted, and obtains information to be transmitted;

Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;

Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information;

Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the 4th cipher-text information;

Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, and obtains described the second signing messages;

Described mobile phone security module is to the second signing messages outgoing described in major general.

4. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;

Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;

Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;

If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;

Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the second check information;

Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the second signing messages and described the second check information;

Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;

If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.

5. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:

Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the 3rd cipher-text information, and described the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;

Described mobile phone security module is sent to described subscriber identification card by the first process information, and wherein, described the first process information at least comprises: described the 3rd cipher-text information and described the first check information;

If described subscriber identification card is verified described the first process information, described subscriber identification card is decrypted described the 3rd cipher-text information by the arranging key of described subscriber identification card end, obtains described information to be transmitted;

Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 4th cipher-text information, and described the 4th cipher-text information is carried out to verification calculating, obtains the second check information;

Described subscriber identification card is sent to described mobile phone security module by the second process information, and wherein, described the second process information at least comprises: described the 4th cipher-text information and described the second check information;

If described mobile phone security module is verified described the second process information, by the arranging key of described mobile phone security module end, described the 4th cipher-text information is decrypted, obtain described the second signing messages;

6. according to the method described in claim 3 to 5 any one, it is characterized in that, after described mobile phone security module is obtained the step of information to be transmitted, before described mobile phone security module is sent to the step of described subscriber identification card by the first process information, described method also comprises:

Described mobile phone security module is extracted the key message in described information to be transmitted;

Key message in the information to be transmitted extracting described in described mobile phone security module control mobile phone display screen shows;

Described mobile phone security module receives the confirmation instruction of cell phone keyboard output;

In described mobile phone security module, receive after the confirmation instruction of described cell phone keyboard output, carry out described mobile phone security module the first process information is sent to the step of described subscriber identification card.

7. according to the method described in claim 1 to 6 any one, it is characterized in that, described the 3rd random factor is that described subscriber identification card generates according to described the first random factor and described the second random factor, or described the 3rd random factor is the random generation of described subscriber identification card.

8. according to the method described in claim 1 to 7 any one, it is characterized in that, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.

9. a mobile phone, is characterized in that, comprising: subscriber identification card and mobile phone security module; Wherein,

The second Transmit-Receive Unit in described subscriber identification card, for the first authentication information is sent to mobile phone security module, wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate;

The first Transmit-Receive Unit in described mobile phone security module, for receiving described the first authentication information;

The first authentication unit in described mobile phone security module, for receiving after described the first authentication information at described the first Transmit-Receive Unit, verifies the legitimacy of described subscriber identification card certificate;

The first ciphering unit in described mobile phone security module, for after described the first authentication unit verifies that described subscriber identification card certificate is legal, PKI by the described subscriber identification card that carries in described subscriber identification card certificate is at least encrypted described the first random factor and the second random factor, obtains the first cipher-text information;

The first signature unit in described mobile phone security module, signs for described the first cipher-text information that described the first ciphering unit is obtained, and obtains the first signing messages;

Described the first Transmit-Receive Unit in described mobile phone security module, also for the second authentication information is sent to described subscriber identification card, wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate;

Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the second authentication information;

The second authentication unit in described subscriber identification card, for receiving after described the second authentication information at described the second Transmit-Receive Unit, verifies the legitimacy of described mobile phone security module certificate;

Described the second authentication unit in described subscriber identification card, also, for after the described mobile phone security module certificate of checking is legal, verifies the correctness of described the first signing messages;

Described the second decrypting device in described subscriber identification card, after verifying that at described the second authentication unit described the first signing messages is correct, deciphers described the first cipher-text information, obtains described the first random factor and described the second random factor;

Described the second authentication unit in described subscriber identification card, also, for obtaining after described the first random factor and described the second random factor in described the second decrypting device, verifies the correctness of described the first random factor;

The second generation unit in described subscriber identification card, after verifying that at described the second authentication unit described the first random factor is correct, generate the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generate the arranging key of described subscriber identification card end;

The second ciphering unit in described subscriber identification card, for generating after described the 3rd random factor at described the second generation unit, PKI by the described mobile phone security module of carrying in described mobile phone security module certificate is at least encrypted described the second random factor and described the 3rd random factor, obtains the second cipher-text information;

Described the second Transmit-Receive Unit in described subscriber identification card, for obtaining after described the second cipher-text information at described the second ciphering unit, is sent to described mobile phone security module by described the second cipher-text information;

Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second cipher-text information;

The first decrypting device in described mobile phone security module, for receiving after described the second cipher-text information at described the first Transmit-Receive Unit, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor;

The first generation unit in described mobile phone security module, for obtaining after described the second random factor and described the 3rd random factor in described the first decrypting device, according to described the second random factor and described the 3rd random factor, generate the arranging key of described mobile phone security module end;

The arranging key of the described subscriber identification card end that the arranging key of the mobile phone security module end generating by described the first generation unit between described second Transmit-Receive Unit of described first Transmit-Receive Unit of described mobile phone security module and described subscriber identification card and described the second generation unit generate carries out the safe transmission of information.

10. a mobile phone, is characterized in that, comprising: subscriber identification card and mobile phone security module; Wherein,

The first Transmit-Receive Unit in described mobile phone security module, for the first authentication information is sent to subscriber identification card, wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate;

The second Transmit-Receive Unit in described subscriber identification card, for receiving described the first authentication information;

The second authentication unit in described subscriber identification card, for receiving after described the first authentication information at described the second Transmit-Receive Unit, verifies the legitimacy of described mobile phone security module certificate;

The second ciphering unit in described subscriber identification card, for after described the second authentication module verifies that described mobile phone security module certificate is legal, PKI by the described mobile phone security module of carrying in described mobile phone security module certificate is at least encrypted described the first random factor and the second random factor, obtains the first cipher-text information;

The second signature unit in described subscriber identification card, for obtaining after described the first cipher-text information at described the second ciphering unit, signs to described the first cipher-text information, obtains the first signing messages;

Described the second Transmit-Receive Unit in described subscriber identification card, also for the second authentication information being sent to described mobile phone security module, wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate;

Described the first Transmit-Receive Unit in described mobile phone security module, for receiving described the second authentication information;

The first authentication unit in described mobile phone security module, for receiving after described the second authentication information at described the first Transmit-Receive Unit, verifies the legitimacy of described subscriber identification card certificate;

Described the first authentication unit in described mobile phone security module, also, for after the described subscriber identification card certificate of checking is legal, verifies the correctness of described the first signing messages;

The first decrypting device in described mobile phone security module, after verifying that at described the first authentication unit described the first signing messages is correct, deciphers described the first cipher-text information, obtains described the first random factor and described the second random factor;

Described the first authentication unit in described mobile phone security module, also, for obtaining after described the first random factor and described the second random factor in described the first decrypting device, verifies the correctness of described the first random factor;

The first generation unit in described mobile phone security module, after verifying that at described the first authentication unit described the first random factor is correct, generate the 3rd random factor, and according to described the second random factor and described the 3rd random factor, generate the arranging key of described mobile phone security module end;

The first ciphering unit in described mobile phone security module, also for generating at described the first generation unit after described the 3rd random factor, PKI by the described subscriber identification card that carries in described subscriber identification card certificate is at least encrypted described the second random factor and described the 3rd random factor, obtains the second cipher-text information;

Described the first Transmit-Receive Unit in described mobile phone security module, is also sent to described subscriber identification card for described the second cipher-text information that described the first ciphering unit is obtained;

Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the second cipher-text information;

The second decrypting device in described subscriber identification card, for receiving after described the second cipher-text information at described the second Transmit-Receive Unit, deciphers described the second cipher-text information, obtains described the second random factor and described the 3rd random factor;

The second generation unit in described subscriber identification card, for generating the arranging key of described subscriber identification card end according to described the second random factor and described the 3rd random factor;

The arranging key of the end in the described subscriber identification card that the arranging key of the mobile phone security module end generating by described the first generation unit between described the second Transmit-Receive Unit in described the first Transmit-Receive Unit and described subscriber identification card in described mobile phone security module and described the second generation unit generate carries out the safe transmission of information.

11. mobile phones according to claim 9, is characterized in that,

Acquiring unit in described mobile phone security module, for obtaining information to be transmitted;

The second signature unit in described subscriber identification card, for described information to be transmitted is signed, obtains the second signing messages;

Outgoing unit in described mobile phone security module, for to the second signing messages outgoing described in major general.

12. mobile phones according to claim 10, is characterized in that,

Described the second signature unit in described subscriber identification card, also for described information to be transmitted is signed, obtains the second signing messages;

13. according to the mobile phone described in claim 11 or 12, it is characterized in that,

Described the first ciphering unit in described mobile phone security module, the information to be transmitted of also for the arranging key by described mobile phone security module end, described acquiring unit being obtained is encrypted, and obtains the 3rd cipher-text information;

Described the first Transmit-Receive Unit in described mobile phone security module, also for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described the 3rd cipher-text information;

Described the second Transmit-Receive Unit in described subscriber identification card, for receiving described the first process information;

Described the second decrypting device in described subscriber identification card, also for receiving after described the first process information at described the second Transmit-Receive Unit, arranging key by described subscriber identification card end is decrypted described the 3rd cipher-text information, obtains information to be transmitted;

Described the second signature unit in described subscriber identification card, also, for obtaining after described information to be transmitted in described the second decrypting device, signs to described information to be transmitted, obtains the second signing messages;

Described the second ciphering unit in described subscriber identification card, is also encrypted described the second signing messages for the arranging key by described subscriber identification card end, obtains the 4th cipher-text information;

Described the second Transmit-Receive Unit in described subscriber identification card, also for obtaining at described the second ciphering unit after described the 4th ciphertext, the second process information is sent to described mobile phone security module, and wherein, described the second process information at least comprises: described the 4th cipher-text information;

Described the first Transmit-Receive Unit in described mobile phone security module, also for receiving described the second process information;

Described the first decrypting device in described mobile phone security module, also for receiving after described the second process information at described the first Transmit-Receive Unit, arranging key by described mobile phone security module end is decrypted described the 4th cipher-text information, obtains described the second signing messages;

Outgoing unit in described mobile phone security module, for obtaining after described the second signing messages in described the first decrypting device, to the second signing messages outgoing described in major general.

14. according to the mobile phone described in claim 11 or 12, it is characterized in that,

Described the first verification computing unit in described mobile phone security module, the information to be transmitted of described acquiring unit being obtained for the arranging key by described mobile phone security module end is carried out verification calculating, obtains the first check information;

Described the first Transmit-Receive Unit in described mobile phone security module, for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;

Described the second Transmit-Receive Unit in described subscriber identification card, also for receiving described the first process information;

Described the second authentication unit in described subscriber identification card, also, for receiving after described the first process information at described the second Transmit-Receive Unit, verifies described the first process information by the arranging key of described subscriber identification card end;

Described the second signature unit in described subscriber identification card, also, for after described the first process information being verified at described the second authentication unit, signs to described information to be transmitted, obtains the second signing messages;

The second verification computing unit in described subscriber identification card, carries out verification calculating for the arranging key by described subscriber identification card end to described the second signing messages, obtains the second check information;

Described the second Transmit-Receive Unit in described subscriber identification card, also, for the second process information being sent to described mobile phone security module, wherein, described the second process information at least comprises: described the second signing messages and described the second check information;

Described the first authentication unit in described mobile phone security module, also, for receiving after described the second process information at described the first Transmit-Receive Unit, verifies described the second process information by the arranging key of described mobile phone security module end;

Described mobile phone security module China and foreign countries bill unit, after being verified described the second process information at described the first authentication unit, to the second signing messages outgoing described in major general.

15. according to the mobile phone described in claim 11 or 12, it is characterized in that,

Described the first ciphering unit in described mobile phone security module, the information described to be transmitted of also for the arranging key by described mobile phone security module end, described acquiring unit being obtained is encrypted, obtain the 3rd cipher-text information, and the first verification computing unit in described mobile phone security module, for described the 3rd cipher-text information is carried out to verification calculating, obtain the first check information;

Described the first Transmit-Receive Unit in described mobile phone security module, also for the first process information is sent to described subscriber identification card, wherein, described the first process information at least comprises: described the 3rd cipher-text information and described the first check information;

The second Transmit-Receive Unit in described subscriber identification card, also for receiving described the first process information;

Described the second decrypting device in described subscriber identification card, also for after described the first process information being verified at described the second authentication unit, arranging key by described subscriber identification card end is decrypted described the 3rd cipher-text information, obtains described information to be transmitted;

Described the second ciphering unit in described subscriber identification card, also for obtaining after described the second signing messages in described the second signature unit, arranging key by described subscriber identification card end is encrypted described the second signing messages, obtain the 4th cipher-text information, and the second verification computing unit in described subscriber identification card, for described the 4th cipher-text information is carried out to verification calculating, obtain the second check information;

Described the second Transmit-Receive Unit in described subscriber identification card, also, for the second process information being sent to described mobile phone security module, wherein, described the second process information at least comprises: described the 4th cipher-text information and described the second check information;

Described the first decrypting device in described mobile phone security module, also for after described the second process information being verified at described the first authentication unit, arranging key by described mobile phone security module end is decrypted described the 4th cipher-text information, obtains described the second signing messages;

Outgoing unit in described mobile phone security module, also for obtaining after described the second signing messages in described the first decrypting device, to the second signing messages outgoing described in major general.

16. according to claim 11 to the mobile phone described in 15 any one, it is characterized in that,

Extraction unit in described mobile phone security module, for extracting the key message of described information to be transmitted;

Control unit in described mobile phone security module, shows the key message of the information to be transmitted that described extraction unit extracts for controlling mobile phone display screen;

Receiving element in described mobile phone security module, for receiving the confirmation instruction of cell phone keyboard output, and receiving after the confirmation instruction of described cell phone keyboard output, notify described the first Transmit-Receive Unit to carry out described mobile phone security module the first process information is sent to described subscriber identification card.

17. according to the mobile phone described in claim 9 to 16 any one, it is characterized in that, described the second generation unit that described the 3rd random factor is described subscriber identification card generates according to described the first random factor and described the second random factor, or described the 3rd random factor to be that described the second generation unit in described subscriber identification card is random generate.

18. according to the mobile phone described in claim 9 to 17 any one, it is characterized in that, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.