CN103813333A - Data processing method based on negotiation keys - Google Patents
Data processing method based on negotiation keys Download PDFInfo
- Publication number
- CN103813333A CN103813333A CN201410060548.5A CN201410060548A CN103813333A CN 103813333 A CN103813333 A CN 103813333A CN 201410060548 A CN201410060548 A CN 201410060548A CN 103813333 A CN103813333 A CN 103813333A
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- security module
- information
- identification card
- subscriber identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention provides a data processing method based on negotiation keys. The data processing method based on the negotiation keys includes that a cell phone security module is used for verifying legitimacy of a user identity identification card certificate to generate a second random factor and a negotiation key of a cell phone security module end; the cell phone security module encrypts a first random factor and the second random factor and performs signature on first ciphertext information, second certification information is sent to a user identity identification card, the user identity identification card can verify the legitimacy of a certificate of the cell phone security module, first signature information is verified to be accurate, decryption is performed to obtain the first random factor and the second random factor, the first random factor is verified to be accurate, and a negotiation key of a user identity identification card end is generated according to the first random factor and the second random factor; secure transmission of information between the cell phone security module and the user identity identification card can be performed through the negotiation keys. Thereby, a cell phone can safely execute internet-based banking services and/or confidential information transmission.
Description
Technical field
The present invention relates to field of information security technology, relate in particular to a kind of data processing method based on arranging key.
Background technology
Along with the very big facility that developing rapidly of network brought to people, people more and more depend on network and carry out comings and goings, and the transmission of for example network file, internet bank trade all become an indispensable part in people's life, work gradually.Because network is a virtual environment after all, exist too many unsafe factor, and in network environment, will inevitably carry out the network activity of data interaction, especially the network activity as the transmission of Internet-based banking services and confidential information, the safety of network has been proposed to very high requirement, and therefore people start to greatly develop network information security technology.
But along with the develop rapidly of mobile phone technique now, mobile phone terminal is more and more used to replacement computer and uses, can Secure execution Internet-based banking services and/or the solution of confidential information transmission but do not have now a kind of mobile phone terminal.
Summary of the invention
The present invention is intended to solve mobile phone terminal cannot Secure execution Internet-based banking services and/or the problem of confidential information transmission.
Main purpose of the present invention is to provide a kind of data processing method based on arranging key.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of data processing method based on arranging key, comprising:
The first authentication information is sent to mobile phone security module by subscriber identification card, and wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate;
Described mobile phone security module receives after described the first authentication information, verifies the legitimacy of described subscriber identification card certificate;
If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module generates the second random factor, and generates the arranging key of described mobile phone security module end according to described the first random factor and described the second random factor;
Described mobile phone security module is at least encrypted described the first random factor and the second random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the first cipher-text information;
Described mobile phone security module is signed to described the first cipher-text information, obtains the first signing messages;
The second authentication information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate;
Described subscriber identification card receives after described the second authentication information, verifies the legitimacy of described mobile phone security module certificate;
If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is verified the correctness of described the first signing messages;
If described subscriber identification card verifies that described the first signing messages is correct, described subscriber identification card is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;
Described subscriber identification card is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;
If described subscriber identification card verifies that described the first random factor is correct, described subscriber identification card generates the arranging key of described subscriber identification card end according to described the first random factor and described the second random factor;
Between described mobile phone security module and described subscriber identification card, carry out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end.
One aspect of the present invention also provides a kind of data processing method based on arranging key, comprising:
The first authentication information is sent to subscriber identification card by mobile phone security module, and wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate;
Described subscriber identification card receives after described the first authentication information, verifies the legitimacy of described mobile phone security module certificate;
If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card generates the second random factor, and generates the arranging key of described subscriber identification card end according to described the first random factor and described the second random factor;
Described subscriber identification card is at least encrypted described the first random factor and the second random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the first cipher-text information;
Described subscriber identification card is signed to described the first cipher-text information, obtains the first signing messages;
The second authentication information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate;
Described mobile phone security module receives after described the second authentication information, verifies the legitimacy of described subscriber identification card certificate;
If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is verified the correctness of described the first signing messages;
If described mobile phone security module verifies that described the first signing messages is correct, described mobile phone security module is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;
Described mobile phone security module is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;
If described mobile phone security module verifies that described the first random factor is correct, described mobile phone security module generates the arranging key of described mobile phone security module end according to described the first random factor and described the second random factor;
Between described mobile phone security module and described subscriber identification card, carry out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end.
The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the second cipher-text information is decrypted, and obtains information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 3rd cipher-text information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 3rd cipher-text information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the 3rd cipher-text information is decrypted, and obtains described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the second check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second signing messages and described the second check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.
The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information, and described the second cipher-text information is carried out to verification calculating, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is decrypted described the second cipher-text information by the arranging key of described subscriber identification card end, obtains described information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 3rd cipher-text information, and described the 3rd cipher-text information is carried out to verification calculating, obtains the second check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 3rd cipher-text information and described the second check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, by the arranging key of described mobile phone security module end, described the 3rd cipher-text information is decrypted, obtain described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the second cipher-text information is decrypted, and obtains information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the first check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second signing messages and described the first check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.
The step of in addition, carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the second cipher-text information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second cipher-text information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second cipher-text information is decrypted, and obtains described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
In addition,, after described mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of described subscriber identification card by described mobile phone security module, described method also comprises:
Described mobile phone security module is extracted the key message in described information to be transmitted;
Key message in the information to be transmitted extracting described in described mobile phone security module control mobile phone display screen shows;
Described mobile phone security module receives the confirmation instruction of cell phone keyboard output;
Receive in described mobile phone security module after the confirmation instruction of described cell phone keyboard output, carry out described mobile phone security module the first process information is sent to the step of described subscriber identification card.
In addition, described the second random factor is to generate according to described the first random factor, or described the 3rd random factor is random generation.
In addition, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.
As seen from the above technical solution provided by the invention, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The flow chart of the data processing method based on arranging key that Fig. 1 provides for the embodiment of the present invention 1;
The flow chart of the data processing method based on arranging key that Fig. 2 provides for the embodiment of the present invention 2.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Data processing method based on arranging key of the present invention realizes based on mobile phone, and this mobile phone at least comprises a subscriber identification card that possesses safety function, and a mobile phone security module.Wherein:
Subscriber identification card can be following any card: SIM(Subscriber Identity Module, client identification module) card, UIM(User Identity Module) card, usim card, PIM card etc., above card is all on the basis of existing function, expand safety function, to coordinate mobile phone security module of the present invention to realize function of the present invention.
This mobile phone security module can be set to be independent of the independent module outside mobile phone CPU, also can be set to the safety zone in mobile phone CPU, with the independently safety function that guarantees that this mobile phone security module can realize, for example: mobile phone security module can independently be carried out safe identity authentication function, and the security control showing, guarantee the authenticity of displaying contents etc.
In addition, third party CA can issue the certificate through ca authentication to subscriber identification card, third party CA can also also issue the certificate through ca authentication to mobile phone security module simultaneously, to guarantee that both sides can verify the legitimacy of the other side's identity, improves fail safe.
Embodiment 1
Fig. 1 has shown the flow chart of the data processing method based on arranging key that the embodiment of the present invention 1 provides, and referring to Fig. 1, the data processing method based on arranging key of the present invention, comprising:
Step S101, the first authentication information is sent to mobile phone security module by subscriber identification card, and wherein, the first authentication information at least comprises: the first random factor and subscriber identification card certificate;
Concrete, subscriber identification card generates first random factor in advance, and the certificate that the random factor of generation and CA is presented to subscriber identification card sends to mobile phone security module in the lump.Send the first random factor to guarantee that each information sending is all different, prevent Replay Attack, improve fail safe.This first random factor can be or a string random number of subscriber identification card generation, or can be one or a string random character, or the combination in any of a string random number and random combine.
Step S102, mobile phone security module receives after the first authentication information, the legitimacy of identifying user identity identification card certificate;
Concrete, mobile phone security module receives after subscriber identification card certificate, and the legitimacy of this certificate is verified.For example: the PKI of the CA that employing CA issues carries out sign test to the part that in subscriber identification card certificate, CA private key is signed, only, after sign test is passed through, just identifying user identity identification card certificate is legal.
Step S103, if mobile phone security module identifying user identity identification card certificate is legal, mobile phone security module generates the second random factor, and according to the arranging key of the first random factor and the second random factor generation mobile phone security module end;
Concrete, after mobile phone security module identifying user identity identification card certificate is legal, generate the second random factor, and jointly generate the arranging key of mobile phone security module end according to the first random factor and the second random factor.Wherein, this second random factor can be that mobile phone security module generates according to the first random factor, or this second random factor is the random generation of mobile phone security module.Meanwhile, this second random factor can be also one or a string random number, or can be one or a string random character, or the combination in any of a string random number and random combine.Thus, generate the arranging key of mobile phone security module end, so that follow-up safe transmission of carrying out information according to this arranging key and subscriber identification card.
Step S104, mobile phone security module is at least encrypted the first random factor and the second random factor by the PKI of the subscriber identification card that carries in subscriber identification card certificate, obtains the first cipher-text information;
Concrete, the PKI of the subscriber identification card carrying in the subscriber identification card certificate of sending by subscriber identification card is encrypted the first random factor and the second random factor, guarantees thus the fail safe of the first random factor and the transmission of the second random factor.
Step S105, mobile phone security module is signed to the first cipher-text information, obtains the first signing messages;
Concrete, in mobile phone security module, the first random factor and the second random factor are encrypted after acquisition the first cipher-text information, also at least utilize the private key of mobile phone security module to sign to the first cipher-text information, to guarantee integrality and the non repudiation of the first cipher-text information transmission.
Certainly, the present invention is not limited to mobile phone security module the first cipher-text information is signed, mobile phone security module can also directly be signed to the first random factor and the second random factor, obtain the first signing messages, thus, can guarantee integrality and the non repudiation of the first random factor and the second random factor itself.
In the present invention, the scheme of preferably selecting mobile phone security module to sign to the first cipher-text information, to guarantee the opaque transmission of the first random factor and the second random factor.
Step S106, the second authentication information is sent to subscriber identification card by mobile phone security module, and wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and mobile phone security module certificate;
Step S107, subscriber identification card receives after the second authentication information, the legitimacy of checking mobile phone security module certificate;
Concrete, subscriber identification card receives after mobile phone security module certificate, and the legitimacy of this certificate is verified.For example: the PKI of the CA that employing CA issues carries out sign test to the part that in mobile phone security module certificate, CA private key is signed, and only, after sign test is passed through, just verifies that mobile phone security module certificate is legal.
Step S108, if subscriber identification card checking mobile phone security module certificate is legal, subscriber identification card is verified the correctness of the first signing messages;
Concrete, after subscriber identification card checking mobile phone security module certificate is legal, also verify the correctness of the first signing messages.Now, subscriber identification card is directly verified the correctness of the first signing messages according to the PKI of the mobile phone security module in the first cipher-text information and the mobile phone security module certificate that receive.
Certainly, if mobile phone security module is that the first random factor and the second random factor are signed, subscriber identification card is deciphered the first cipher-text information in advance so, obtain the first random factor and the second random factor, thereby verify again the correctness of the first signing messages according to the PKI of the mobile phone security module in the first random factor and the second random factor and the mobile phone security module certificate that decrypt.
In the present invention, preferably adopt the correctness of verifying the first signing messages according to the PKI of the first cipher-text information and mobile phone security module.
Step S109, if subscriber identification card verifies that the first signing messages is correct, subscriber identification card is deciphered the first cipher-text information, obtains the first random factor and the second random factor;
Concrete, subscriber identification card, after checking the first signing messages is correct, is decrypted the first cipher-text information by the private key of subscriber identification card, obtains the first random factor and the second random factor.Under the prerequisite can not being tampered in the first cipher-text information thus, decipher the first cipher-text information, thereby guarantee to obtain real the first random factor and the second random factor.
Step S110, subscriber identification card is obtaining after the first random factor and the second random factor, the correctness of checking the first random factor;
Concrete, only have subscriber identification card deciphering after real the first random factor and the second random factor, whether whether the first random factor that just checking decrypts consistent with the first random factor generating before subscriber identification card, if consistent, verify the first random factor correct.
Step S111, if subscriber identification card verifies that the first random factor is correct, subscriber identification card generates the arranging key of subscriber identification card end according to the first random factor and the second random factor;
Concrete, subscriber identification card is obtaining after real the first random factor and the second random factor, generate the arranging key of subscriber identification card end according to this first random factor and the second random factor, so that follow-up safe transmission of carrying out information according to this arranging key and mobile phone security module.
Step S112, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.
Concrete, generated the arranging key of mobile phone security module end in mobile phone security module, and subscriber identification card generated after the arranging key of subscriber identification card end, between mobile phone security module and subscriber identification card, carry out the safe transmission of information by the arranging key at two ends.
Now, one of can be in the following way realize the safe transmission of information:
Mode one:
Step S113a, mobile phone security module is obtained information to be transmitted;
Concrete, mobile phone security module is obtained information to be transmitted, and this information to be transmitted can, for needing the confidential information of safe transmission, can be also Transaction Information to be transacted in Net silver.
If the present invention is applied in secure transmission of confidential information, the confidential information that information to be transmitted can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.;
If the present invention is applied in Internet-based banking services, information to be transmitted can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
Step S114a, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information;
Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, guarantees the fail safe of transmission.Now, arranging key at least comprises an encryption key.
Step S115a, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information;
Step S116a, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the second cipher-text information is decrypted, and obtains information to be transmitted;
Concrete, cross the arranging key of mobile phone security module end due to information exchange to be transmitted and encrypt, now, subscriber identification card receives after the second cipher-text information, be decrypted by the arranging key in subscriber identification card, thereby obtain real information to be transmitted.
Step S117a, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Concrete, subscriber identification card, having obtained after real information to be transmitted, is signed to this information to be transmitted, to guarantee information integrity to be transmitted and non repudiation.
Step S118a, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 3rd cipher-text information;
Concrete, subscriber identification card is also encrypted the second signing messages by the arranging key of subscriber identification card end, thereby guarantees the opaque transmission of the second signing messages, improves fail safe.
Step S119a, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 3rd cipher-text information;
Step S120a, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the 3rd cipher-text information is decrypted, and obtains the second signing messages;
Concrete, mobile phone security module receives after the 3rd cipher-text information, also by the arranging key of mobile phone security module end, the 3rd cipher-text information is decrypted, and obtains real the second signing messages.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.
Step S121a, mobile phone security module is to major general's the second signing messages outgoing.
Concrete, mobile phone security module has been carried out the second signing messages outgoing after signature by treating transmission information.
If the present invention is applied in secure transmission of confidential information, the device of confidential information after signature being sent to confidential information extraction is outward medium;
If the present invention is applied in Internet-based banking services, the Transaction Information after signature is sent to Web bank's server etc.
Mode two:
Step S113b, mobile phone security module is obtained information to be transmitted;
Concrete, mobile phone security module is obtained information to be transmitted, and this information to be transmitted can, for needing the confidential information of safe transmission, can be also Transaction Information to be transacted in Net silver.
If the present invention is applied in secure transmission of confidential information, the confidential information that information to be transmitted can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.;
If the present invention is applied in Internet-based banking services, information to be transmitted can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
Step S114b, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;
Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is carried out verification calculating, thereby guarantees information integrity to be transmitted.Now, arranging key at least comprises a verification computation key, and this verification is calculated can be for calculating arbitrary verification modes such as MAC value.
Step S115b, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: information to be transmitted and the first check information;
Step S116b, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Concrete; the arranging key of crossing mobile phone security module end due to information exchange to be transmitted has carried out verification calculating; now; subscriber identification card receives after information to be transmitted and the first check information; treat transmission information by the arranging key in subscriber identification card and carry out equally verification calculating, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the information to be transmitted obtaining is without distorting.
Step S117b, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Concrete, subscriber identification card, having obtained after real information to be transmitted, is signed to this information to be transmitted, to guarantee information integrity to be transmitted and non repudiation.
Step S118b, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;
Concrete, subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, thereby guarantees the integrality of the second signing messages.
Step S119b, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the second check information;
Step S120b, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Concrete; mobile phone security module receives after the second signing messages and the second check information; also by the arranging key of mobile phone security module end, the second signing messages is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the second signing messages obtaining is without distorting.Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.
Step S121b, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.
Concrete, mobile phone security module has been carried out the second signing messages outgoing after signature by treating transmission information.
If the present invention is applied in secure transmission of confidential information, the device of confidential information after signature being sent to confidential information extraction is outward medium;
If the present invention is applied in Internet-based banking services, the Transaction Information after signature is sent to Web bank's server etc.
Mode three:
Step S113c, mobile phone security module is obtained information to be transmitted;
Concrete, mobile phone security module is obtained information to be transmitted, and this information to be transmitted can, for needing the confidential information of safe transmission, can be also Transaction Information to be transacted in Net silver.
If the present invention is applied in secure transmission of confidential information, the confidential information that information to be transmitted can need to be exported for mobile phone, for example: mobile phone is from confidential information of obtaining in the secure storage section of mobile phone etc.;
If the present invention is applied in Internet-based banking services, information to be transmitted can be the Transaction Information of pending transaction, for example: the Transaction Information such as transaction account, dealing money that mobile phone gets by Web bank's client.
Step S114c, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information, and the second cipher-text information is carried out to verification calculating, obtains the first check information;
Concrete, mobile phone security module is treated transmission information by the arranging key of the mobile phone security module end of its generation and is encrypted, thereby makes information to be transmitted carry out opaque transmission, guarantees the fail safe of transmission.
Mobile phone security module is carried out verification calculating by the arranging key of the mobile phone security module end of its generation to the second cipher-text information, thereby guarantees the integrality of the second cipher-text information.This verification is calculated can be for calculating arbitrary verification modes such as MAC value.
Now, arranging key at least comprises verification computation key of an encryption key.
Step S115c, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information and the first check information;
Step S116c, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Concrete; because the second cipher-text information has been carried out verification calculating by the arranging key of mobile phone security module end; now; subscriber identification card receives after the second cipher-text information and the first check information; by the arranging key in subscriber identification card, the second cipher-text information is carried out to verification calculating equally, and compare with the first check information, and after relatively unanimously; be verified, thereby guarantee that the second cipher-text information obtaining is without distorting.
Step S117c, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the second cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;
Concrete, cross the arranging key of mobile phone security module end due to information exchange to be transmitted and encrypt, now, subscriber identification card receives after real the second cipher-text information, be decrypted by the arranging key in subscriber identification card, thereby obtain real information to be transmitted.
Step S118c, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Concrete, subscriber identification card, having obtained after real information to be transmitted, is signed to this information to be transmitted, to guarantee information integrity to be transmitted and non repudiation.
Step S119c, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the second check information;
Concrete, subscriber identification card is also encrypted the second signing messages by the arranging key of subscriber identification card end, thereby guarantees the opaque transmission of the second signing messages, improves fail safe.
Subscriber identification card also carries out verification calculating by the arranging key of subscriber identification card end to the 3rd cipher-text information, thereby guarantees the integrality of the 3rd cipher-text information.
Step S120c, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 3rd cipher-text information and the second check information;
Step S121c, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Concrete; mobile phone security module receives after the 3rd cipher-text information and the second check information; also by the arranging key of mobile phone security module end, the 3rd cipher-text information is carried out to verification calculating; and compare with the second check information; and after relatively unanimously; be verified, thereby guarantee that the 3rd cipher-text information obtaining is without distorting.
Step S122c, if mobile phone security module is verified the second process information, is decrypted the 3rd cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;
Concrete, mobile phone security module, having obtained after real the 3rd cipher-text information, is also decrypted the 3rd cipher-text information by the arranging key of mobile phone security module end, obtains real the second signing messages.
Thus, between mobile phone security module and subscriber identification card, completed the information interaction of once safety.
Step S123c, mobile phone security module is to major general's the second signing messages outgoing.
Concrete, mobile phone security module has been carried out the second signing messages outgoing after signature by treating transmission information.
If the present invention is applied in secure transmission of confidential information, the device of confidential information after signature being sent to confidential information extraction is outward medium;
If the present invention is applied in Internet-based banking services, the Transaction Information after signature is sent to Web bank's server etc.
Mode four:
Step S113d, mobile phone security module is obtained information to be transmitted;
Step S114d, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information, and the second cipher-text information is carried out to verification calculating, obtains the first check information;
Step S115d, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information and the first check information;
Step S116d, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Step S117d, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the second cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;
Step S118d, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S119d, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 3rd cipher-text information;
Step S120d, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 3rd cipher-text information;
Step S121d, mobile phone security module is decrypted the 3rd cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;
Step S122d, mobile phone security module is to major general's the second signing messages outgoing.
Mode five:
Step S113e, mobile phone security module is obtained information to be transmitted;
Step S114e, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information, and the second cipher-text information is carried out to verification calculating, obtains the first check information;
Step S115e, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information and the first check information;
Step S116e, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Step S117e, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the second cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;
Step S118e, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S119e, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the second check information;
Step S120e, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the second check information;
Step S121e, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Step S122e, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.
Mode six:
Step S113f, mobile phone security module is obtained information to be transmitted;
Step S114f, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information;
Step S115f, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information;
Step S116f, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the second cipher-text information is decrypted, and obtains information to be transmitted;
Step S117f, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S118f, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 3rd cipher-text information, and the 3rd cipher-text information is carried out to verification calculating, obtains the first check information;
Step S119f, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 3rd cipher-text information and the first check information;
Step S120f, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Step S121f, if mobile phone security module is verified the second process information, is decrypted the 3rd cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;
Step S122f, mobile phone security module is to major general's the second signing messages outgoing.
Mode seven:
Step S113g, mobile phone security module is obtained information to be transmitted;
Step S114g, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is carried out verification calculating, obtains the first check information;
Step S115g, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: information to be transmitted and the first check information;
Step S116g, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Step S117g, if subscriber identification card is verified the first process information, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S118g, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the second cipher-text information, and the second cipher-text information is carried out to verification calculating, obtains the second check information;
Step S119g, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second cipher-text information and the second check information;
Step S120g, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Step S121g, if mobile phone security module is verified the second process information, is decrypted the second cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;
Step S122g, mobile phone security module is to major general's the second signing messages outgoing.
Mode eight:
Step S113h, mobile phone security module is obtained information to be transmitted;
Step S114h, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information;
Step S115h, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information;
Step S116h, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the second cipher-text information is decrypted, and obtains information to be transmitted;
Step S117h, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S118h, subscriber identification card carries out verification calculating by the arranging key of subscriber identification card end to the second signing messages, obtains the first check information;
Step S119h, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the second signing messages and the first check information;
Step S120h, mobile phone security module receives after the second process information, by the arranging key of mobile phone security module end, the second process information is verified;
Step S121h, if mobile phone security module is verified the second process information, mobile phone security module is to major general's the second signing messages outgoing.
Mode nine:
Step S113i, mobile phone security module is obtained information to be transmitted;
Step S114i, mobile phone security module is treated transmission information by the arranging key of mobile phone security module end and is encrypted, and obtains the second cipher-text information, and the second cipher-text information is carried out to verification calculating, obtains the first check information;
Step S115i, the first process information is sent to subscriber identification card by mobile phone security module, and wherein, the first process information at least comprises: the second cipher-text information and the first check information;
Step S116i, subscriber identification card receives after the first process information, by the arranging key of subscriber identification card end, the first process information is verified;
Step S117i, if subscriber identification card is verified the first process information, subscriber identification card is decrypted the second cipher-text information by the arranging key of subscriber identification card end, obtains information to be transmitted;
Step S118i, subscriber identification card is treated transmission information and is signed, and obtains the second signing messages;
Step S119i, subscriber identification card is encrypted the second signing messages by the arranging key of subscriber identification card end, obtains the 3rd cipher-text information;
Step S120i, the second process information is sent to mobile phone security module by subscriber identification card, and wherein, the second process information at least comprises: the 3rd cipher-text information;
Step S121i, mobile phone security module is decrypted the 3rd cipher-text information by the arranging key of mobile phone security module end, obtains the second signing messages;
Step S122i, mobile phone security module is to major general's the second signing messages outgoing.
Certainly, with upper type one to mode nine, for to each step of cipher-text information being carried out to verification calculating, all can adopt to the original text of cipher-text information carry out verification calculate substitute, obtaining after check information and cipher-text information, all deciphering obtains the original text of cipher-text information in advance, then carries out the checking of check information.As long as can guarantee that the original text of cipher-text information or cipher-text information cannot be tampered.
As can be seen here, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.
In addition, in above-mentioned either type, after mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of subscriber identification card by mobile phone security module, the data processing method based on arranging key also comprises the steps:
Step S1131, mobile phone security module is extracted the key message in information to be transmitted;
Concrete, mobile phone security module will be extracted the key message in information to be transmitted, is confirmed whether it is this information to be shown to user.For example:
If the present invention is applied in secure transmission of confidential information, the key message such as mobile phone security module filename in can extractor confidential information, so that user is confirmed whether to extract these classified papers and carries out Safety output;
If the present invention is applied in Internet-based banking services, mobile phone security module can be extracted the key message in Transaction Information, and whether the key message such as account and dealing money of for example concluding the business is real transaction so that user confirms this transaction.
Step S1132, mobile phone security module control mobile phone display screen shows the key message in the information to be transmitted extracting;
Concrete, the display screen of mobile phone security module control mobile phone shows the key message extracting, so that user confirms the authenticity of key message, thereby guarantees the authenticity of information to be transmitted.In addition, display screen by mobile phone security module control mobile phone shows the key message extracting, can also prevent from controlling by mobile phone CPU the problem that mobile phone display screen shows that key message may be tampered, guarantee that the content showing by the control of mobile phone security module is real content, improve fail safe.
Step S1133, mobile phone security module receives the confirmation instruction of cell phone keyboard output;
Concrete, when user confirm mobile phone display screen show key message errorless after, press the acknowledgement key on mobile phone, this acknowledgement key can be the hardware button arranging on mobile phone, also can be the virtual key of touch-screen mobile phone, receive in mobile phone security module after the confirmation instruction of cell phone keyboard output, confirm the authenticity of information to be transmitted, carry out the preparation of follow-up safe transmission.
Step S1134, receives in mobile phone security module after the confirmation instruction of cell phone keyboard output, and execution mobile phone security module is sent to the first process information the step of subscriber identification card.
Concrete, only have the information to be transmitted of confirming through user key-press to be just considered to real information to be transmitted, guarantee the authenticity of information to be transmitted, thereby improved the authenticity of confidential information output, and the fail safe of Transaction Information output.
Certainly, the embodiment of the present invention 1 can also provide a kind of mobile phone, the data processing method based on arranging key that this mobile phone adopts embodiment 1 to provide, and the mobile phone of the embodiment of the present invention 1 at least comprises: mobile phone security module and subscriber identification card; Wherein, mobile phone security module and subscriber identification card all can be divided into the modules such as Transmit-Receive Unit, encryption/decryption element, generation unit, authentication unit, signature unit to complete corresponding function, and this is no longer going to repeat them.
Embodiment 2
The present embodiment 2 and the difference of embodiment 1 are that verification process and the key generative process between mobile phone security module and subscriber identification card is contrary process, this is no longer going to repeat them, and the data processing method based on arranging key only the present embodiment 2 being provided is briefly described.
Fig. 2 shows the flow chart of the data processing method based on arranging key that the embodiment of the present invention 2 provides, and referring to Fig. 2, the data processing method based on arranging key of the embodiment of the present invention 2, comprising:
Step S201, the first authentication information is sent to subscriber identification card by mobile phone security module, and wherein, the first authentication information at least comprises: the first random factor and mobile phone security module certificate;
Step S202, subscriber identification card receives after the first authentication information, the legitimacy of checking mobile phone security module certificate;
Step S203, if subscriber identification card checking mobile phone security module certificate is legal, subscriber identification card generates the second random factor, and according to the arranging key of the first random factor and the second random factor generation subscriber identification card end;
Step S204, subscriber identification card is at least encrypted the first random factor and the second random factor by the PKI of the mobile phone security module of carrying in mobile phone security module certificate, obtains the first cipher-text information;
Step S205, subscriber identification card is signed to the first cipher-text information, obtains the first signing messages;
Step S206, the second authentication information is sent to mobile phone security module by subscriber identification card, and wherein, the second authentication information at least comprises: the first cipher-text information, the first signing messages and subscriber identification card certificate;
Step S207, mobile phone security module receives after the second authentication information, the legitimacy of identifying user identity identification card certificate;
Step S208, if mobile phone security module identifying user identity identification card certificate is legal, mobile phone security module is verified the correctness of the first signing messages;
Step S209, if mobile phone security module verifies that the first signing messages is correct, mobile phone security module is deciphered the first cipher-text information, obtains the first random factor and the second random factor;
Step S210, mobile phone security module is obtaining after the first random factor and the second random factor, the correctness of checking the first random factor;
Step S211, if mobile phone security module verifies that the first random factor is correct, mobile phone security module generates the arranging key of mobile phone security module end according to the first random factor and the second random factor;
Step S212, carries out the safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end between mobile phone security module and subscriber identification card.
As can be seen here, by the data processing method based on arranging key of the present invention, can make the mobile phone can Secure execution Internet-based banking services and/or confidential information transmission.
Wherein, in step S212, between mobile phone security module and subscriber identification card, carry out the process of safe transmission of information by the arranging key of mobile phone security module end and the arranging key of subscriber identification card end identical with embodiment 1, do not repeat them here.
Certainly, the embodiment of the present invention 2 also can provide a kind of mobile phone, the data processing method based on arranging key that this mobile phone adopts embodiment 2 to provide, and the mobile phone of the embodiment of the present invention 2 at least comprises: mobile phone security module and subscriber identification card; Wherein, mobile phone security module and subscriber identification card all can be divided into the modules such as Transmit-Receive Unit, encryption/decryption element, generation unit, authentication unit, signature unit to complete corresponding function, and this is no longer going to repeat them.
Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (10)
1. the data processing method based on arranging key, is characterized in that, comprising:
The first authentication information is sent to mobile phone security module by subscriber identification card, and wherein, described the first authentication information at least comprises: the first random factor and subscriber identification card certificate;
Described mobile phone security module receives after described the first authentication information, verifies the legitimacy of described subscriber identification card certificate;
If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module generates the second random factor, and generates the arranging key of described mobile phone security module end according to described the first random factor and described the second random factor;
Described mobile phone security module is at least encrypted described the first random factor and the second random factor by the PKI of the described subscriber identification card that carries in described subscriber identification card certificate, obtains the first cipher-text information;
Described mobile phone security module is signed to described the first cipher-text information, obtains the first signing messages;
The second authentication information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described mobile phone security module certificate;
Described subscriber identification card receives after described the second authentication information, verifies the legitimacy of described mobile phone security module certificate;
If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card is verified the correctness of described the first signing messages;
If described subscriber identification card verifies that described the first signing messages is correct, described subscriber identification card is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;
Described subscriber identification card is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;
If described subscriber identification card verifies that described the first random factor is correct, described subscriber identification card generates the arranging key of described subscriber identification card end according to described the first random factor and described the second random factor;
Between described mobile phone security module and described subscriber identification card, carry out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end.
2. the data processing method based on arranging key, is characterized in that, comprising:
The first authentication information is sent to subscriber identification card by mobile phone security module, and wherein, described the first authentication information at least comprises: the first random factor and mobile phone security module certificate;
Described subscriber identification card receives after described the first authentication information, verifies the legitimacy of described mobile phone security module certificate;
If described subscriber identification card verifies that described mobile phone security module certificate is legal, described subscriber identification card generates the second random factor, and generates the arranging key of described subscriber identification card end according to described the first random factor and described the second random factor;
Described subscriber identification card is at least encrypted described the first random factor and the second random factor by the PKI of the described mobile phone security module of carrying in described mobile phone security module certificate, obtains the first cipher-text information;
Described subscriber identification card is signed to described the first cipher-text information, obtains the first signing messages;
The second authentication information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second authentication information at least comprises: described the first cipher-text information, described the first signing messages and described subscriber identification card certificate;
Described mobile phone security module receives after described the second authentication information, verifies the legitimacy of described subscriber identification card certificate;
If described mobile phone security module verifies that described subscriber identification card certificate is legal, described mobile phone security module is verified the correctness of described the first signing messages;
If described mobile phone security module verifies that described the first signing messages is correct, described mobile phone security module is deciphered described the first cipher-text information, obtains described the first random factor and described the second random factor;
Described mobile phone security module is obtaining after described the first random factor and described the second random factor, verifies the correctness of described the first random factor;
If described mobile phone security module verifies that described the first random factor is correct, described mobile phone security module generates the arranging key of described mobile phone security module end according to described the first random factor and described the second random factor;
Between described mobile phone security module and described subscriber identification card, carry out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end.
3. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the second cipher-text information is decrypted, and obtains information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 3rd cipher-text information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 3rd cipher-text information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the 3rd cipher-text information is decrypted, and obtains described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
4. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the second check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second signing messages and described the second check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.
5. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information, and described the second cipher-text information is carried out to verification calculating, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is decrypted described the second cipher-text information by the arranging key of described subscriber identification card end, obtains described information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the 3rd cipher-text information, and described the 3rd cipher-text information is carried out to verification calculating, obtains the second check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the 3rd cipher-text information and described the second check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, by the arranging key of described mobile phone security module end, described the 3rd cipher-text information is decrypted, obtain described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
6. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is encrypted described information to be transmitted by the arranging key of described mobile phone security module end, obtains the second cipher-text information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described the second cipher-text information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the second cipher-text information is decrypted, and obtains information to be transmitted;
Described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card carries out verification calculating by the arranging key of described subscriber identification card end to described the second signing messages, obtains the first check information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second signing messages and described the first check information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second process information is verified;
If described mobile phone security module is verified described the second process information, described mobile phone security module is to the second signing messages outgoing described in major general.
7. method according to claim 1 and 2, it is characterized in that, the step of carrying out the safe transmission of information by the arranging key of described mobile phone security module end and the arranging key of described subscriber identification card end between described mobile phone security module and described subscriber identification card comprises:
Described mobile phone security module is obtained information to be transmitted;
Described mobile phone security module is carried out verification calculating by the arranging key of described mobile phone security module end to described information to be transmitted, obtains the first check information;
The first process information is sent to described subscriber identification card by described mobile phone security module, and wherein, described the first process information at least comprises: described information to be transmitted and described the first check information;
Described subscriber identification card receives after described the first process information, by the arranging key of described subscriber identification card end, described the first process information is verified;
If described subscriber identification card is verified described the first process information, described subscriber identification card is signed to described information to be transmitted, obtains the second signing messages;
Described subscriber identification card is encrypted described the second signing messages by the arranging key of described subscriber identification card end, obtains the second cipher-text information;
The second process information is sent to described mobile phone security module by described subscriber identification card, and wherein, described the second process information at least comprises: described the second cipher-text information;
Described mobile phone security module receives after described the second process information, by the arranging key of described mobile phone security module end, described the second cipher-text information is decrypted, and obtains described the second signing messages;
Described mobile phone security module is to the second signing messages outgoing described in major general.
8. according to the method described in claim 3 to 7 any one, it is characterized in that, after described mobile phone security module is obtained the step of information to be transmitted, before the first process information is sent to the step of described subscriber identification card by described mobile phone security module, described method also comprises:
Described mobile phone security module is extracted the key message in described information to be transmitted;
Key message in the information to be transmitted extracting described in described mobile phone security module control mobile phone display screen shows;
Described mobile phone security module receives the confirmation instruction of cell phone keyboard output;
Receive in described mobile phone security module after the confirmation instruction of described cell phone keyboard output, carry out described mobile phone security module the first process information is sent to the step of described subscriber identification card.
9. according to the method described in claim 1 to 8 any one, it is characterized in that, described the second random factor is to generate according to described the first random factor, or described the 3rd random factor is random generation.
10. according to the method described in claim 1 to 9 any one, it is characterized in that, described mobile phone security module is the module being independent of outside mobile phone CPU, or described mobile phone security module is arranged on the safety zone in described mobile phone CPU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060548.5A CN103813333B (en) | 2014-02-21 | 2014-02-21 | A kind of data processing method based on arranging key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060548.5A CN103813333B (en) | 2014-02-21 | 2014-02-21 | A kind of data processing method based on arranging key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103813333A true CN103813333A (en) | 2014-05-21 |
| CN103813333B CN103813333B (en) | 2017-12-19 |
Family
ID=50709429
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410060548.5A Active CN103813333B (en) | 2014-02-21 | 2014-02-21 | A kind of data processing method based on arranging key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103813333B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357667A (en) * | 2015-10-22 | 2016-02-24 | 东信和平科技股份有限公司 | Novel electronic identity authentication smart card and authentication method |
| CN105812334A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Network authentication method |
| CN105991540A (en) * | 2014-11-07 | 2016-10-05 | 天地融科技股份有限公司 | Data interaction method and system |
| CN105989481A (en) * | 2014-11-07 | 2016-10-05 | 天地融科技股份有限公司 | Data interaction method and system |
| CN108476131A (en) * | 2015-12-31 | 2018-08-31 | 华为技术有限公司 | Data transmission method, device and equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004019552A1 (en) * | 2002-08-20 | 2004-03-04 | Koninklijke Philips Electronics N.V. | Mobile network authentication for protecting stored content |
| CN1688171A (en) * | 2005-05-16 | 2005-10-26 | 航天科工信息技术研究院 | Apparatus and method for implementing data safety transmission of mobile communication apparatus |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
| CN101686127A (en) * | 2008-09-24 | 2010-03-31 | 北京创原天地科技有限公司 | Novel USBKey secure calling method and USBKey device |
| CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
| CN103002442A (en) * | 2012-12-20 | 2013-03-27 | 邱华 | Safe wireless local area network key distribution method |
-
2014
- 2014-02-21 CN CN201410060548.5A patent/CN103813333B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004019552A1 (en) * | 2002-08-20 | 2004-03-04 | Koninklijke Philips Electronics N.V. | Mobile network authentication for protecting stored content |
| CN1688171A (en) * | 2005-05-16 | 2005-10-26 | 航天科工信息技术研究院 | Apparatus and method for implementing data safety transmission of mobile communication apparatus |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
| CN101686127A (en) * | 2008-09-24 | 2010-03-31 | 北京创原天地科技有限公司 | Novel USBKey secure calling method and USBKey device |
| CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
| CN103002442A (en) * | 2012-12-20 | 2013-03-27 | 邱华 | Safe wireless local area network key distribution method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991540A (en) * | 2014-11-07 | 2016-10-05 | 天地融科技股份有限公司 | Data interaction method and system |
| CN105989481A (en) * | 2014-11-07 | 2016-10-05 | 天地融科技股份有限公司 | Data interaction method and system |
| CN105989481B (en) * | 2014-11-07 | 2020-05-15 | 天地融科技股份有限公司 | Data interaction method and system |
| CN105812334A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Network authentication method |
| CN105812334B (en) * | 2014-12-31 | 2019-02-05 | 北京华虹集成电路设计有限责任公司 | A kind of method for network authorization |
| CN105357667A (en) * | 2015-10-22 | 2016-02-24 | 东信和平科技股份有限公司 | Novel electronic identity authentication smart card and authentication method |
| CN105357667B (en) * | 2015-10-22 | 2019-04-30 | 东信和平科技股份有限公司 | A kind of novel electron identity identifies smart card and discrimination method |
| CN108476131A (en) * | 2015-12-31 | 2018-08-31 | 华为技术有限公司 | Data transmission method, device and equipment |
| US10904760B2 (en) | 2015-12-31 | 2021-01-26 | Huawei Technologies Co., Ltd. | Data transmission method, apparatus, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103813333B (en) | 2017-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11588637B2 (en) | Methods for secure cryptogram generation | |
| CN103067401B (en) | Method and system for key protection | |
| CN103944715A (en) | Data processing method based on agreement key | |
| CN103078742B (en) | Generation method and system of digital certificate | |
| CN104243451B (en) | A kind of information interacting method, system and intelligent cipher key equipment | |
| EP2983325A1 (en) | Dynamic password token, and data transmission method and system for dynamic password token | |
| CN103095456A (en) | Method and system for processing transaction messages | |
| CN103888942B (en) | Data processing method based on negotiation secret keys | |
| CN103136664A (en) | Trading system and trading method of smart card with electronic signature function | |
| CN103888453A (en) | Data processing method based on negotiation secret keys | |
| CN103220148B (en) | The method of electronic signature token operation response request, system and electronic signature token | |
| CN103248491B (en) | A kind of backup method of electronic signature token private key and system | |
| CN103116847B (en) | Smart card, intelligent card transaction system and method with electronic signature functionality | |
| CN103532719A (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
| CN103929306A (en) | Intelligent secret key device and information management method of intelligent secret key device | |
| CN103516525A (en) | Dynamic password generation method and system | |
| CN103944724A (en) | User identity identification card | |
| CN103813333A (en) | Data processing method based on negotiation keys | |
| EP2840735A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
| CN104243162B (en) | A kind of information interacting method, system and intelligent cipher key equipment | |
| CN103746802A (en) | Data processing method based on coordination secret keys and mobile phone | |
| CN103813321A (en) | Agreement key based data processing method and mobile phone | |
| CN103198401A (en) | Smart card transaction method and smart card transaction system with electronic signature function | |
| CN103945375A (en) | Data processing method based on negotiation secret keys | |
| CN104835038A (en) | Networking payment device and networking payment method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |