CN105787723A

CN105787723A - Method, device and system for processing SIM card applications

Info

Publication number: CN105787723A
Application number: CN201410799630.XA
Authority: CN
Inventors: 王青; 李亚强
Original assignee: China Mobile Communications Group Co Ltd
Current assignee: China Mobile Communications Group Co Ltd
Priority date: 2014-12-19
Filing date: 2014-12-19
Publication date: 2016-07-20

Abstract

The invention discloses a method, device and system for processing SIM card applications. The objective of the invention is to solve the problem of low security in operation on card applications in an SE chip in the prior art. The method includes the following steps that: a client identification module SIM card receives a first card application operation instruction sent by a mobile terminal, wherein the first card application operation instruction carries a card application identifier; an authentication request is sent to a card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction, so that two-way authentication between the SIM card and the card application indicated by the card application identifier can be realized; and when two-way authentication between the SIM card and the card application indicated by the card application identifier is successful, and a second card application operation instruction is sent to the card application indicated by the card application identifier.

Description

A kind of methods, devices and systems that SIM application is processed

Technical field

The present invention relates to mobile communication technology field, particularly relate to a kind of methods, devices and systems SIM applied and processes.

Background technology

Near-field communication (NearFieldCommunication, NFC), also known as wireless near field communication, it is a kind of short-range high frequency wireless communication technology, it is allowed between electronic equipment, carry out contactless Point-to-Point Data Transmission (in 10 centimetres) exchange data.

In NFC technique solution, near-field communication-single-wire-protocol (NFCSingleWireProtocol, NFC-SWP) scheme is shown one's talent because of advantages such as its high safety, easy extensions in multiple NFC standard, becomes whole world overwhelming majority operator and standard that main flow terminal manufacturer supports.NFC-SWP scheme is by safety element (SecureElement, SE) built-in chip type in client identification module (SubscriberIdentityModule, SIM) blocks, and is used for storing application, key and sensitive data.When user uses NFC mobile phone terminal carrying out service to operate, during as utilized the bank card application of storage in SIM to pay, by being assembled Application Protocol Data Unit (ApplicationProtocolDataUnit by client, APDU) instruction directly carries out data transmission with the bank card application being stored in SE, to complete the operations such as payment.Fig. 1 is the NFC mobile phone terminal structure schematic diagram supporting NFC-SWP technology.

It is currently based on the system structure schematic diagram of NFC mobile phone terminal carrying out service operation as in figure 2 it is shown, include NFC mobile phone terminal, point of sale (pointofsale, POS) terminal and account platform.Wherein, account platform can be certain bank or the operation system of public transport application, is used for processing business transaction；POS terminal can be certain financial consumption POS terminal with contactless payment function, it is also possible to be the special POS terminal supporting to supplement with money operation；POS terminal is by the account platform belonging to GPRS (general packet radio service) (GeneralPacketRadioService, GPRS) network insertion financial institution or certain card application.When initiating to supplement with money or during the transaction such as payment, POS terminal carries out instruction interaction by applying with the card in NFC mobile phone terminal, obtains card application-dependent data, is uploaded to account platform and carries out account verification；After account platform confirms the validity, complete accounting processing, generate operation script and complete to issue.

In existing NFC-SWP scheme, SIM application is carried out supplementing with money and during the operation such as consumption, be both needed to directly the card on SE chip be applied by the outer entity of card (such as mobile phone terminal client, POS terminal) interact realization.This may create the problem that

Directly card application is performed operation by mobile phone terminal client, there is certain potential safety hazard.Mobile phone terminal client is as the software in mobile phone terminal operating system (OperatingSystem, OS), it is possible to calls application programming interface (ApplicationProgrammingInterface, API) by OS and accesses SE chip.In this case, SE chip likely can suffer malicious attack, causes loss of learning, distorts and leak, brings loss to user.

Summary of the invention

The embodiment of the present invention provides a kind of methods, devices and systems SIM applied and processes, in order to solve the problem that when the card application in SE chip is operated, safety is relatively low existed in prior art.

The embodiment of the present invention is by the following technical solutions:

A kind of method that SIM application is processed, including:

Client identification module SIM receives the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in described first card application operating instruction；

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction；

When the two-way authentication success blocked between application of described card application identities instruction, send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application that described card application identities is indicated.

Wherein, according to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction, specifically include:

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction；

Receive the first encrypted cipher text of the card application feedback of described card application identities instruction；Wherein, described first encrypted cipher text is blocking of described card application identities instruction to apply the first key generation that basis is made an appointment with described SIM；

Judge that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received；

When described second encrypted cipher text is identical with described first encrypted cipher text, continue the second key according to the card application with the instruction of described card application identities is made an appointment and generate the 3rd encrypted cipher text, and it is sent to the card application of described card application identities instruction, judged that whether the 4th encrypted cipher text generated previously according to described second key is identical with the 3rd encrypted cipher text received by the card application of described card application identities instruction, to realize the certification to described SIM；

When the certification success message that the card application receiving the instruction of described card application identities sends, it is determined that two-way authentication success.

Wherein, described first card application operating instruction for supplementing instruction with money, and described in supplement with money instruction also carry recharge amount and supplement password with money；Then

Described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry described recharge amount and described supplements password with money；And

Send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application to the instruction of described card application identities, specifically include:

Initialization directive is supplemented in card application transmission to the instruction of described card application identities with money；

Receive the circle supplementing initialization directive feedback described in the card application basis of described card application identities instruction with money and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

The described circle request of depositing is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Wherein, described first card application operating instruction is consumption order, and also carries spending amount and consumption password in described consumption order；Then

Second card application operating instruction is consumption initialization directive；And

Consumption initialization directive is sent to the card application of described card application identities instruction；

Receive the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries the consumption key that the card application of described card application identities instruction generates according to described consumption initialization directive；

According to the consumption key in described consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password；

The first fee deduction instruction after described encryption is sent to the card application of described card application identities instruction, applied according to described consumption key by the card of described card application identities instruction, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Wherein, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Then

Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Transfer accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；

The response message of transferring accounts of the card application feedback of account identification instruction is produced described in reception；Wherein, transfer accounts described in the card application of producing account identification instruction described in carrying in response message according to described in transfer accounts the key of transferring accounts that initialization directive generates；

According to the described key of transferring accounts transferred accounts in response message, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number；

The card application of account identification instruction is produced described in the second fee deduction instruction after described encryption being sent to, applied, by the described card producing account identification instruction, key of transferring accounts described in basis, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

Send, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts, the described card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

A kind of method that SIM application is processed, including:

Card application receives the certification request that client identification module SIM sends, and carries out two-way authentication with described SIM；

During two-way authentication success between described SIM, receive the second card application operating instruction that described SIM sends；

According to described second card application operating instruction, complete corresponding operating.

Wherein, card application receives the certification request that client identification module SIM sends, and carries out two-way authentication with described SIM, specifically includes:

Receive the certification request that SIM sends；

Ask according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text；

Described first encrypted cipher text is sent to described SIM, described SIM judges that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received, to realize the certification to described card application of the described SIM；

When receiving three encrypted cipher text that described SIM sends, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text；Wherein, described 3rd encrypted cipher text is that described SIM is judged when described second encrypted cipher text is identical with described first encrypted cipher text, generates according to described second key；

Judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；

When described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received, it is determined that two-way authentication success.

Wherein, described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money initialization directive carry recharge amount and supplement password with money；Then

According to described second card application operating instruction, complete corresponding operating, specifically include:

Supplement initialization directive with money according to described, generate circle and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

The request of being deposited by described circle is sent to account platform by described SIM, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Wherein, the second card application operating instruction is consumption initialization directive；Then

According to described consumption initialization directive, generate consumption key；

Described consumption key is carried in consumption response message, is sent to described SIM, by described SIM according to described consumption key, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried spending amount and consumption password；

Receive the first fee deduction instruction after the encryption that described SIM sends；

According to described consumption key, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Wherein, described second card application operating instruction is initialization directive of transferring accounts, and described card application is for producing account；Then

According to described initialization directive of transferring accounts, generate key of transferring accounts；

Described key of transferring accounts is carried in response message of transferring accounts, is sent to described SIM, by described SIM according to described in transfer accounts key, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries transfer amounts and secret number；

Receive the second fee deduction instruction after the encryption that described SIM sends；

According to described key of transferring accounts, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees, and feed back second to described SIM and deduct fees result, deducted fees result according to described second by described SIM, generate the first transfer instructions carrying described transfer amounts, and be sent to and proceed to account, proceed to account described in making and complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

A kind of device that SIM application is processed, including:

First card application operating instruction reception unit, for receiving the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in described first card application operating instruction；

Authentication ' unit, for the card application identities carried in the first card application operating instruction according to described first card application operating instruction reception unit reception, certification request is sent, to realize the two-way authentication between the card application of described card application identities instruction to the card application of described card application identities instruction；

Second card application operating instruction sending unit, for when in described authentication ' unit and described card application identities indicate card application between two-way authentication success time, the second card application operating instruction is sent, to complete the operation of the card application to the instruction of described card application identities to the card application of described card application identities instruction.

Wherein, described authentication ' unit, specifically include:

Certification request sending module, for according to the card application identities carried in described first card application operating instruction, sending certification request to the card application of described card application identities instruction；

Ciphertext receiver module, for receiving the first encrypted cipher text of the card application feedback of described card application identities instruction；Wherein, described first encrypted cipher text is blocking of described card application identities instruction to apply the first key generation that basis is made an appointment with client identification module SIM；

Whether judge module is identical with the first encrypted cipher text that described ciphertext receiver module receives for judging the second encrypted cipher text generated previously according to described first key；

Ciphertext sending module, for when described judge module judges that the second encrypted cipher text is identical with described first encrypted cipher text, continue the second key according to the card application with the instruction of described card application identities is made an appointment and generate the 3rd encrypted cipher text, and it is sent to the card application of described card application identities instruction, judged that whether the 4th encrypted cipher text generated previously according to described second key is identical with the 3rd encrypted cipher text received by the card application of described card application identities instruction, to realize the certification to described SIM；

Module is successfully determined in two-way authentication, for when receiving the certification success message of card application transmission of described card application identities instruction, it is determined that two-way authentication success.

Described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry described recharge amount and described supplements password with money；

Described second card application operating instruction sending unit, specifically includes:

Supplement initialization directive sending module with money, for supplementing initialization directive with money to the card application transmission of described card application identities instruction；

Enclosing and deposit request receiver module, request deposited by the circle supplementing initialization directive feedback with money supplementing the transmission of initialization directive sending module described in application basis with money that blocks being used for receiving the instruction of described card application identities；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module deposited by circle, and the circle request of depositing received for described circle is deposited request receiver module is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Second card application operating instruction is consumption initialization directive；

Consumption initialization directive sending module, for sending consumption initialization directive to the card application of described card application identities instruction；

Consumption response message receiver module, for receiving the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries the consumption key that the card application of described card application identities instruction generates according to the consumption initialization directive that described consumption initialization directive sending module sends；

First fee deduction instruction sending module, for the consumption key consumed in response message received according to described consumption response message receiver module, generates the first fee deduction instruction after encryption, and is sent to the card application of described card application identities instruction；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password, applied according to described consumption key by the card of described card application identities instruction, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Transfer accounts initialization directive sending module, for transferring accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；

Transfer accounts response message receiver module, for producing the response message of transferring accounts of the card application feedback of account identification instruction described in receiving；Wherein, transfer accounts described in the card application of producing account identification instruction described in carrying in response message according to described in transfer accounts the key of transferring accounts that the initialization directive of transferring accounts that initialization directive sending module sends generates；

Second fee deduction instruction sending module, for according to described in transfer accounts the key of transferring accounts transferring accounts in response message that response message receiver module receives, generate the second fee deduction instruction after encryption, and produce the card application of account identification instruction described in being sent to；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number, applied, by the described card producing account identification instruction, key of transferring accounts described in basis, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

First transfer instructions sending module, for sending, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts, the described card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

A kind of device that SIM application is processed, including:

Authentication ' unit, for receiving the certification request that client identification module SIM sends, carries out two-way authentication with described SIM；

Second card application operating instruction reception unit, for when two-way authentication success in described authentication ' unit and between described SIM, receiving the second card application operating instruction that described SIM sends；

Operate unit, for the second card application operating instruction received according to described second card application operating instruction reception unit, complete corresponding operating.

Wherein, described authentication ' unit, specifically include:

Certification request receiver module, for receiving the certification request that SIM sends；

Ciphertext sending module, for asking the certification that receiver module receives to be asked according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text, and it is sent to described SIM, judged that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received by described SIM, to realize the certification to described card application of the described SIM；

Ciphertext receiver module, for receiving the 3rd encrypted cipher text that described SIM sends；

Judge module, for when described ciphertext receiver module receives three encrypted cipher text stating SIM transmission, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text, and judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；Wherein, described 3rd encrypted cipher text is that described SIM is judged when described second encrypted cipher text is identical with described first encrypted cipher text, generates according to described second key；

Module is determined in two-way authentication, for when to judge the 4th encrypted cipher text identical with the 3rd encrypted cipher text received for described judge module, it is determined that two-way authentication is successfully.

Described operation completes unit, specifically includes:

Request generation module deposited by circle, supplements initialization directive with money described in basis, generates circle and deposits request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module deposited by circle, the circle request of depositing generated for described circle is deposited request generation module is sent to account platform by described SIM, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Described operation completes unit, specifically includes:

Consumption key production module, for according to described consumption initialization directive, generating consumption key；

Consumption response message sending module, is sent to described SIM for being carried by the consumption key that described consumption key production module generates in consumption response message, by described SIM according to described consumption key, generates the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried spending amount and consumption password；

First fee deduction instruction receiver module, is used for the first fee deduction instruction after receiving the encryption that described SIM sends；

Deducting fees module, for the consumption key generated according to described consumption key production module, and the spending amount carried in the first fee deduction instruction after the encryption that receives of described first fee deduction instruction receiver module and consumption password complete to deduct fees.

Described operation completes unit, specifically includes:

Transfer accounts key production module, for according to described in transfer accounts initialization directive, generate key of transferring accounts；

Transfer accounts key sending module, in response message of transferring accounts, be sent to described SIM for being carried by the key of transferring accounts that described key production module of transferring accounts generates, by described SIM according to described in transfer accounts key, generate the second fee deduction instruction after encrypting；Wherein, the second fee deduction instruction after described encryption carries transfer amounts and secret number；

Second fee deduction instruction receiver module, is used for the second fee deduction instruction after receiving the encryption that described SIM sends；

Deduct fees module, the key of transferring accounts that key production module of transferring accounts described in basis generates, and the transfer amounts that carries and secret number complete to deduct fees in the second fee deduction instruction after the encryption that receives of described second fee deduction instruction receiver module, and feed back second to described SIM and deduct fees result, deducted fees result according to described second by described SIM, generate the first transfer instructions carrying described transfer amounts, and be sent to and proceed to account, proceed to account described in making and complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

A kind of system that SIM application is processed, including mobile terminal and the client identification module SIM comprising at least one card application, wherein:

Described mobile terminal, for sending the first card application operating instruction to described SIM；Wherein, card application identities is carried in described first card application operating instruction；

Described SIM, is used for receiving described first card application operating instruction；According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction；When the two-way authentication success blocked between application of described card application identities instruction, send the second card application operating instruction to the card application of described card application identities instruction；

The card application of described card application identities instruction, for receiving the certification request that described SIM sends；Ask according to described certification, carry out two-way authentication with described SIM；During two-way authentication success between described SIM, receive the second card application operating instruction that described SIM sends；According to described second card application operating instruction, complete corresponding operating.

Wherein, described SIM, specifically for:

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction；Receive the first encrypted cipher text of the card application feedback of described card application identities instruction；Judge that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received；When described second encrypted cipher text is identical with described first encrypted cipher text, continues to generate the 3rd encrypted cipher text according to the second key that the card application with the instruction of described card application identities is made an appointment, and be sent to the card application of described card application identities instruction；When the certification success message that the card application receiving the instruction of described card application identities sends, it is determined that two-way authentication success；

The card application of described card application identities instruction, specifically for:

Ask according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text, and be sent to described SIM；When receiving three encrypted cipher text that described SIM sends, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text；Judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；When described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received, send certification success message to described SIM.

Wherein, described first card application operating instruction for supplementing instruction with money, and described in supplement with money instruction also carry recharge amount and supplement password with money；

Described SIM, specifically for:

Initialization directive is supplemented in card application transmission to the instruction of described card application identities with money；Receive the circle supplementing initialization directive feedback described in the card application basis of described card application identities instruction with money and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；The described circle request of depositing is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process；

Supplement initialization directive with money according to described, generate circle and deposit request, and be sent to described SIM.

Wherein, described system also includes: parametric controller；Then

Described SIM, specifically for:

The described circle request of depositing is sent to parametric controller, described parametric controller the described circle request of depositing is sent to account platform；

Described SIM is additionally operable to:

What receive the transmission of described parametric controller supplements script with money；Wherein, supplementing script described in money is that described parametric controller receives the circle that described account platform sends and deposits and generate after result；

Described script of supplementing with money is sent to the card application of described card application identities instruction；

The card application of described card application identities instruction, is additionally operable to:

According to described script of supplementing with money, described account balance is updated.

Wherein, described first card application operating instruction is consumption order, and also carries spending amount and consumption password in described consumption order；

Described SIM, specifically for:

Consumption initialization directive is sent to the card application of described card application identities instruction；Receive the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries consumption key；According to the consumption key in described consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password；The first fee deduction instruction after described encryption is sent to the card application of described card application identities instruction；

According to described consumption initialization directive, generate consumption key；Described consumption key is carried in consumption response message, is sent to described SIM；Receive after the encryption that SIM sends first to deduct fees key；According to described consumption key, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Wherein, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Described SIM, specifically for:

Transfer accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；The response message of transferring accounts of the card application feedback of account identification instruction is produced described in reception；Wherein, transfer accounts described in and response message carries key of transferring accounts；According to described key of transferring accounts, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number；The card application of account identification instruction is produced described in the second fee deduction instruction after described encryption being sent to；And send, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts；

The described card application producing account identification instruction, specifically for:

According to described initialization directive of transferring accounts, generate key of transferring accounts；Described key of transferring accounts is carried in response message of transferring accounts, is sent to described SIM；Receiving the second fee deduction instruction after the encryption that described SIM sends, according to described key of transferring accounts, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

The described card application proceeding to account identification instruction, specifically for:

Receiving the first transfer instructions after the encryption that described SIM sends, the transfer amounts according to carrying in described first transfer instructions completes to transfer accounts.

Having the beneficial effect that of the embodiment of the present invention:

In the embodiment of the present invention, when SIM receives the first card application operating instruction that mobile terminal sends, according to the card application identities carried in this first card application operating instruction, certification request is sent to the card application of card application identities instruction, to realize the two-way authentication between the card application of card application identities instruction, when two-way authentication success, send the second card application operating instruction to the card application of card application identities instruction, to complete corresponding operating.This programme is compared with prior art, it is possible to either directly through entity in card, card application is operated, makes the safety of operation be improved.

Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from description, or understand by implementing the present invention.The purpose of the present invention and other advantages can be realized by structure specifically noted in the description write, claims and accompanying drawing and be obtained.

Accompanying drawing explanation

Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the present invention, and the schematic description and description of the present invention is used for explaining the present invention, is not intended that inappropriate limitation of the present invention.In the accompanying drawings:

Fig. 1 is in prior art, supports the NFC mobile phone terminal structure schematic diagram of NFC-SWP technology；

Fig. 2 is in prior art, based on the system structure schematic diagram of NFC mobile phone terminal carrying out service operation；

Fig. 3 is in the embodiment of the present invention, a kind of method flowchart that SIM application is processed；

Fig. 3 a is in the embodiment of the present invention, the two-way authentication flowchart between a kind of SIM and card application；

Fig. 4 is in the embodiment of the present invention, based on the system structure schematic diagram that NFC mobile phone terminal is operated；

Fig. 5 is in the embodiment of the present invention, supplements the method flowchart that SIM application is processed under scene with money；

Fig. 6 is in the embodiment of the present invention, the method flowchart that SIM application is processed under consumption scene；

Fig. 7 is in the embodiment of the present invention, the method flowchart that SIM application is processed under scene of transferring accounts；

Fig. 8 is in the embodiment of the present invention, a kind of apparatus structure schematic diagram that SIM application is processed；

Fig. 9 is in the embodiment of the present invention, a kind of apparatus structure schematic diagram that SIM application is processed；

Figure 10 is in the embodiment of the present invention, a kind of system structure schematic diagram that SIM application is processed.

Detailed description of the invention

In order to solve the problem that when the card application in SE chip is operated, safety is relatively low existed in prior art, embodiments provide a kind of scheme SIM applied and processes.In this technical scheme, when SIM receives the first card application operating instruction that mobile terminal sends, according to the card application identities carried in this first card application operating instruction, certification request is sent to the card application of card application identities instruction, to realize the two-way authentication between the card application of card application identities instruction, when two-way authentication success, send the second card application operating instruction to the card application of card application identities instruction, with the operation of the card application of complete paired card application identities instruction.This programme is compared with prior art, it is possible to either directly through entity in card, card application is operated, makes the safety of operation be improved.

Below in conjunction with Figure of description, embodiments of the invention are illustrated, it will be appreciated that embodiment described herein is merely to illustrate and explains the present invention, is not limited to the present invention.And when not conflicting, embodiment and the feature of embodiment in the present invention can be combined with each other.

Embodiments provide a kind of method SIM applied and processes, as it is shown on figure 3, be the flowchart of the method, specifically include following step:

Step 31, SIM receives the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in the first card application operating instruction.

Wherein, the first card application operating instruction can be, but not limited to for:

Supplement instruction, consumption order and transfer instructions with money.

When the first card application operating instruction is for supplementing instruction with money, this supplements with money in instruction except carrying card application identities, it is also possible to carries recharge amount and supplements password with money.Wherein, recharge amount can be the client software input that user passes through in mobile terminal with supplementing password with money.

When the first card application operating instruction is consumption order, in this consumption order except carrying card application identities, it is also possible to carry spending amount and consumption password.Wherein, consumption password can be the client software input that user passes through in mobile terminal.

When the first card application operating instruction is transfer instructions, in this transfer instructions except carrying card application identities, it is also possible to carry transfer amounts and secret number, and card application identities needs to include: produce account identification and proceed to account identification.Wherein, produce account, proceed to account and transfer amounts and secret number can be the client software inputs that user passes through in mobile terminal.

Step 32, according to the card application identities carried in this first card application operating instruction, sends certification request to the card application of card application identities instruction, to realize the two-way authentication between the card application of card application identities instruction.

Concrete, step 32 can realize according to process as shown in Figure 3 a:

Step 32a, SIM, according to the card application identities carried in this first card application operating instruction, sends certification request to the card application of card application identities instruction；

Step 32b, the card application of card application identities instruction is asked according to certification, and and the first key of making an appointment of SIM, generate the first encrypted cipher text, and be sent to SIM；

Step 32c, after SIM receives the first encrypted cipher text, it is judged that whether the second encrypted cipher text generated previously according to the first key is identical with the first encrypted cipher text received；

Step 32d, when the second encrypted cipher text judged by SIM and the first encrypted cipher text is identical, continues to generate the 3rd encrypted cipher text according to the second key that the card application with the instruction of card application identities is made an appointment, and is sent to the card application of card application identities instruction；

Step 32e, the card application of card application identities instruction judges that whether the 4th encrypted cipher text generated previously according to the second key is identical with the 3rd encrypted cipher text received；

Step 32f, when the card application of card application identities instruction judges that the 4th encrypted cipher text and the 3rd encrypted cipher text are identical, sends certification success message to SIM；

Step 32g, when SIM receives the certification success message of card application transmission of card application identities instruction, it is determined that two-way authentication success.

Step 33, when the two-way authentication success blocked between application that SIM and card application identities indicate, the card application that SIM indicates to card application identities sends the second card application operating instruction, with the operation blocking application of complete paired card application identities instruction.

When the first card application operating instruction is for supplementing instruction with money, the second card application operating instruction in step 33 is for supplementing initialization directive with money, and this is supplemented with money and can carry recharge amount in initialization directive and supplement password with money.

In this case, step 33 can specifically include:

Initialization directive is supplemented in card application transmission to the instruction of card application identities with money；

The card application of receiving card application identities instruction deposits request according to the circle supplementing initialization directive feedback with money；Wherein, circle deposit request carried recharge amount, supplement password with money, the account balance of the card application of the card application card number of card application identities instruction and the instruction of card application identities；

The circle request of depositing is sent to account platform, in order to account platform according to recharge amount, supplement password, card number and account balance with money and complete circle and deposit process.

In prior art, user directly supplements instruction with money to card application initiation by the client software in mobile terminal.And in the embodiment of the present invention, when user initiates to supplement instruction with money by the client software in mobile terminal, this is supplemented instruction with money and is received by the interior entity of card, and after carrying out two-way authentication with card application, initialization directive is supplemented with money again, thus improve the safety of operation to card application initiation.

It addition, according to prior art it can be seen that in operation, it is necessary to after account platform completes accounting processing, generating service scenario and issue, this is higher for the requirement of account platform.Therefore, in the embodiment of the present invention, it is possible to increase a parametric controller, make parametric controller connect account platform, replace account platform issuing service script.

Therefore, when the circle request of depositing being sent to account platform by the embodiment of the present invention, it is possible to specifically include:

The circle request of depositing is sent to parametric controller, parametric controller the circle request of depositing is sent to account platform；

In this case, the method can also include:

What receive parametric controller transmission supplements script with money；Wherein, supplementing script with money is that parametric controller receives the circle that account platform sends and deposits and generate after result；

Be sent to, by supplementing script with money, the card application that card application identities indicates, card application identities the card indicated application is supplemented script with money according to this and account amount of money is updated.

Further, in order to improve safety when interacting between SIM and parametric controller, in the embodiment of the present invention before the Jiang Quan request of depositing is sent to parametric controller, first certification request is sent to parametric controller, to realize the two-way authentication between SIM and parametric controller, and during two-way authentication success between parametric controller, then the circle request of depositing is sent to parametric controller.

When the first card application operating instruction is consumption order, the second card application operating instruction in step 33 is consumption initialization directive.

In this case, step 33 can specifically include:

Consumption initialization directive is sent to the card application of card application identities instruction；

The consumption response message of the card application feedback of receiving card application identities instruction；Wherein, consumption response message carries the consumption key that the card application of card application identities instruction generates according to consumption initialization directive；Wherein, this consumption key is used in certification and the ciphering process of whole consumer sale；

According to the consumption key in consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after encryption is carried spending amount and consumption password；

The first fee deduction instruction after encryption is sent to the card application of card application identities instruction, card application identities the card indicated application is according to consumption key, and the spending amount carried in the first fee deduction instruction after encryption and consumption password complete to deduct fees.

In prior art, user directly initiates consumption order to card application by the client software in mobile terminal.And in the embodiment of the present invention, when user initiates consumption order by the client software in mobile terminal, this consumption order is received by the interior entity of card, and after carrying out two-way authentication with card application, consumption initialization directive is initiated again, thus improve the safety of operation to card application.

When the first card application operating instruction is transfer instructions, the second card application operating instruction in step 33 is the initialization directive of transferring accounts sent to the card application producing account identification instruction in card application identities.

In this case, step 33 can specifically include:

Transfer accounts initialization directive to the card application transmission producing account identification instruction in card application identities；

Receive the response message of transferring accounts of the card application feedback producing account identification instruction；Wherein, transfer accounts response message carries and produce the key of transferring accounts that the card application of account identification instruction generates according to initialization directive of transferring accounts；

According to the key of transferring accounts transferred accounts in response message, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after encryption carries transfer amounts and secret number；

The second fee deduction instruction after encryption is sent to the card application producing account identification instruction, the card producing account identification instruction applies according to transferring accounts key, and the transfer amounts carried in the second fee deduction instruction after encryption and secret number complete to deduct fees；

Send, to the card application proceeding to account identification instruction, the first transfer instructions carrying transfer amounts, the card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in the first transfer instructions.

In prior art, application architecture according to existing SWP-SIM card, each card is applied on SE chip and is assigned with one piece of separate space, it is absent from interactive interface between different cards application, cannot be carried out the Signalling exchange between card application, this results in and must flow through outer entity (client software in the such as mobile terminal) forwarding of card between different cards application when if desired transmitting signaling and just can complete, thus the operating-system resources of mobile terminal can too much be taken, affect the treatment effeciency of operating system.And in the embodiment of the present invention, it is possible to by the signaling between card interior entity transmission different cards application, thus the Signalling exchange realized between different cards application, it is to avoid take the operating-system resources of mobile terminal.

In order to be better understood from the embodiment of the present invention, below in conjunction with concrete enforcement, the specific implementation process of the embodiment of the present invention is illustrated.

As shown in Figure 4, the system structure schematic diagram being operated based on NFC mobile phone terminal provided for the embodiment of the present invention.Wherein, this system specifically includes that account platform, parametric controller, NFC mobile phone terminal and SWP-SIM card.Concrete function is described below:

One) transformation that SWP-SIM card is carried out mainly has two aspects:

1, newly-increased authentication processing unit

Safety chip SE built-in in SIM, except loading various card application (bank card, mass transit card, access card etc.), has also increased an authentication processing unit newly, and it is believable that other card should be used to say that third party by this authentication processing unit.Its major function describes as follows:

(1) uniform registrations and the management function of all card application in SWP-SIM card are realized, including the activation that card is applied, deactivating operation, the storage of card application data and beat opening/closing card application access rights etc.；

(2) storage of key；

(3) provide card application in SIM and the safety certification blocking outer entity；After certification success, the escape way between outer entity and card application and the escape way between different cards application can be blocked as bridge joint；

(4) supplement, consume composition and the parsing of dependent instruction with money；

(5) logical process when card application authorization and transactional operation is carried out；

2, expansion card inner joint

Amendment PBOC standard, the safe interface interacted between definition authentication processing unit and other card application, to complete registration, certification and the instruction transmission etc. to each card application of the authentication processing unit.In card, newly-increased interface function describes as follows:

(1) application registering functional is blocked: for card application that is preset or that download in SE, need to be registered in authentication processing unit by card application relevant parameter (such as information such as application sequence number) by this interface；

(2) card application activating/deexcitation function: when certain card application is selected as the default application of current transaction, the application of this card need to be set to state of activation by authentication processing unit；When changing the acquiescence card application of transactional operation, the card application activated need to be carried out deexcitation by authentication processing unit；

(3) card application lock locking/unlocking function: when authentication processing unit detects current transactional operation abnormal (input error as continuous in trading password more than three times), for the safety guarantee that card is applied, authentication processing unit will close the access rights of this card application, is set to lock-out state.

Two) cell-phone customer terminal interactive interface is provided

Mobile phone terminal is used to initiate transaction anywhere or anytime and complete operation for the ease of user, it is possible to a client software to be installed in NFC mobile phone terminal, provides the user visual interactive interface.

Three) parametric controller

Set up (or multiple) parametric controller on backstage, connect the account platform of the card application such as bank, public transport.Parametric controller is as the third party with public credibility, after the account platform corresponding with card application and SIM authentication processing unit are mutually authenticated, can and authentication processing unit between set up escape way, replace account platform to generate operational order and also complete to issue.

After completion of transactions, parametric controller is responsible for generating transaction record, is uploaded to related financial platform；Transaction record also can be kept in by parametric controller, issues account platform by modes such as mails after accumulating a plurality of record.

The embodiment of the present invention, suitable in multi-exchange types such as the card application SIM are supplemented with money, consumes and transferred accounts, separately below to supplement, consume and to transfer accounts three kinds of scenes of concluding the business with money, is set forth and is realized process.

Recharge procedure:

As it is shown in figure 5, the method detailed process that SIM application is processed under supplementing scene with money is as follows:

1, user initiates recharging payment by client software, selects the card application carrying out supplementing with money；

2, client software sends application to the authentication processing unit in SIM and selects instruction；

3, authentication processing unit returns application and selects the response of instruction, comprises the information such as application sequence number；

4, client software initiates charging request to authentication processing unit；

5, authentication processing cell processing charging request, activates and blocks application accordingly, carries out mutual authentication by the interior newly-increased API of card with the application of this card, and sets up escape way.Detailed process:

1) authentication processing unit sends main frame challenge number to card application and initializes escape way；

2), after card application receives, the challenge number of self is generated；Utilize static keys to generate a secure session key, and utilize this session key to generate an encrypted cipher text；And card application challenge number and encrypted cipher text are returned to authentication processing unit；

3) now, authentication processing unit should have the information that generation encrypted cipher text is identical, and authentication processing unit should be able to generate identical session key, identical encrypted cipher text, relatively card application is authenticated by execution；

4) authentication processing unit uses similar flow process to generate second encrypted cipher text equally, and is returned to card application；

5) card application also should have the information that second encrypted cipher text of generation is identical, relatively can authentication processing unit be authenticated by execution；Mutual authentication is complete, and the escape way between authentication processing unit and card application has been set up.

6, authentication processing unit assembles that card application is discernible supplements initialization directive with money, and will supplement initialization directive with money by escape way and be sent to and block application accordingly；

7, card application receives and supplements initialization directive with money, produces to supplement key with money for this transaction, and this supplements key with money for the certification of whole recharging payment and encryption；

8, card application generates the circle request of depositing (carrying the information such as card number, remaining sum, recharge amount), and use is supplemented the double secret key circle request of depositing with money and is encrypted, and calculates the first check value MAC1, is sent to authentication processing unit；

9, the request of depositing of the circle after encryption is transmitted to parametric controller by client software by authentication processing unit.Authentication processing platform can carry out mutual authentication (authentication process and the 5th step are similar) by client software with parametric controller, set up the escape way between parametric controller and authentication processing unit, now, the escape way between parametric controller with bank card application is connected by authentication processing platform；

10, the circle request of depositing is transmitted to bank card account platform by parametric controller；

11, bank card account platform uses and supplements secret key decryption with money, and verifies MAC1；

12, after bank card account platform validation account validity, complete accounting processing, update bank card account remaining sum；

13, bank card account platform returns circle to parametric controller and deposits request response, and result is sent to parametric controller；

14, parametric controller generates and supplements script with money, uses and supplements double secret key with money and supplement script with money and be encrypted, and calculates the second check value MAC2；

15, parametric controller will be supplemented instruction with money by escape way and be passed to bank card application, complete to supplement script with money and issue；

16, bank card application use is supplemented key with money and is decrypted, and MAC2 is verified；

17, being verified, script is supplemented in bank card application execution with money, more new balance, generates transaction record.

Consumption flow process:

As shown in Figure 6, the method detailed process that SIM application is processed under consumption scene is as follows:

1, user initiates consumer sale by client software, selects a bank card application to consume；

4, client software request input payment cipher, and initiate consumer requests (comprising the mark of card application, payment cipher and payment in request) to authentication processing unit, setting up the escape way between authentication processing unit, client software also can be authenticated by authentication processing unit；

5, authentication processing cell processing consumer requests, activates card application to be consumed, carries out mutual authentication by the interior newly-increased API of card with the application of this card, and set up escape way, and process is with above-mentioned recharge procedure the 5th step.Now, the passage to client can be coupled together by authentication processing unit with the passage to card application；

6, authentication processing unit generates consumption initialization directive, and consumption initialization directive is sent to by escape way and blocks application accordingly；

7, after card application receives consumption initialization directive, producing the consumption key for this transaction, and inform authentication processing unit by response, this key is used for certification and the encryption of whole consumer sale.

8, authentication processing unit generates fee deduction instruction, and uses consumption key to be encrypted, and is sent to card application；The generation simultaneously carrying a MAC1, this MAC1 also uses this consumption key；

9, card application uses consumption key to be decrypted, and verifies MAC1；

10, being verified, card application execution script completes this locality and deducts fees, and operating result is generated instruction, completes encryption again through consumption key, and calculates MAC2；Authentication processing unit is returned to by responding；

11, authentication processing unit uses consumption double secret key response to be decrypted, and verifies MAC2；

12, authentication processing unit is verified, and generates transaction record, and result is sent to client；

13, transaction record is sent to parametric controller by client；

14, after parametric controller can accumulate a plurality of transaction record, disposable it is sent to bank account platform by modes such as mails.

Transfer process:

As it is shown in fig. 7, transfer accounts, the method detailed process that SIM application is processed under scene is as follows:

1, user initiates money transfer transactions by client software, selects to produce account-Ka application 2；

4, the payment cipher of client software prompting user's input card application 1, and select to proceed to account-Ka application 1；

5, client software initiates transfer request to authentication processing unit, comprises and produces account card number, payment cipher, transfer amounts, proceeds to account card number etc.；

6, authentication processing cell processing transfer request, activates card application 2, carries out mutual authentication by the interior API of card with card application 2, and sets up escape way.Detailed process:

7, authentication processing unit assembles card and applies discernible consumption initialization directive, and consumption initialization directive is sent to by escape way and blocks application accordingly；

8, card application 2 receives consumption initialization directive, produces the consumption key for this transaction, and this key is used for certification and the encryption of whole consumer sale；

9, authentication processing unit generates fee deduction instruction, and uses consumption double secret key fee deduction instruction to be encrypted, and produces MAC1 simultaneously；

10, the fee deduction instruction after encryption is sent to card application 2 by authentication processing unit；

11, card application 2 use consumption secret key decryption, and verify MAC1；

12, after card application 2 verifies that MAC1 is effectively, complete to deduct fees, update bank card and apply 2 account balances, and generate MAC2；

13, the response of card application 2 return fee deduction instruction, is sent to authentication processing unit by result；

14, authentication processing unit checking MAC2；

15, authentication processing unit generates and supplements instruction with money, uses and supplements double secret key with money and supplement instruction with money and be encrypted；

16, authentication processing unit will be supplemented instruction with money and will be handed down to card application 1, carry card application identities and recharge amount；

17, bank card application 1 use is supplemented key with money and is decrypted；

18, bank card application 1 execution is supplemented instruction with money and is completed account charging, and more new balance generates transaction record；

19, the response of instruction is supplemented in bank card application 1 return with money.

Based on same inventive concept, the embodiment of the present invention also each provides the device that SIM application is processed of the device that SIM application is processed and the card application side enforcement implemented a kind of SIM side and SIM is applied the system processed, the method that SIM application is processed that the method that SIM application is processed implemented to SIM side due to the principle of said apparatus and system solution problem and card application side are implemented is similar, therefore the enforcement of said apparatus and system may refer to the enforcement of method, repeats part and repeats no more.

As shown in Figure 8, for the first structural representation of device that SIM application is processed that the embodiment of the present invention provides, including:

First card application operating instruction reception unit 81, for receiving the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in described first card application operating instruction；

Authentication ' unit 82, for the card application identities carried in the first card application operating instruction according to described first card application operating instruction reception unit 81 reception, certification request is sent, to realize the two-way authentication between the card application of described card application identities instruction to the card application of described card application identities instruction；

Second card application operating instruction sending unit 83, for when in described authentication ' unit 82 and described card application identities indicate card application between two-way authentication success time, the second card application operating instruction is sent, to complete the operation of the card application to the instruction of described card application identities to the card application of described card application identities instruction.

Wherein, described authentication ' unit 82, specifically include:

Certification request sending module 821, for according to the card application identities carried in described first card application operating instruction, sending certification request to the card application of described card application identities instruction；

Ciphertext receiver module 822, for receiving the first encrypted cipher text of the card application feedback of described card application identities instruction；Wherein, described first encrypted cipher text is blocking of described card application identities instruction to apply the first key generation that basis is made an appointment with client identification module SIM；

Whether judge module 823 is identical with the first encrypted cipher text that described ciphertext receiver module 822 receives for judging the second encrypted cipher text generated previously according to described first key；

Ciphertext sending module 824, for when described judge module 823 judges that the second encrypted cipher text is identical with described first encrypted cipher text, continue the second key according to the card application with the instruction of described card application identities is made an appointment and generate the 3rd encrypted cipher text, and it is sent to the card application of described card application identities instruction, judged that whether the 4th encrypted cipher text generated previously according to described second key is identical with the 3rd encrypted cipher text received by the card application of described card application identities instruction, to realize the certification to described SIM；

Module 825 is successfully determined in two-way authentication, for when receiving the certification success message of card application transmission of described card application identities instruction, it is determined that two-way authentication success.

Described second card application operating instruction sending unit 83, specifically includes:

Supplement initialization directive sending module 831 with money, for supplementing initialization directive with money to the card application transmission of described card application identities instruction；

Circle is deposited and is asked receiver module 832, and request deposited by the circle supplementing initialization directive feedback with money supplementing initialization directive sending module 831 transmission described in application basis with money that blocks being used for receiving the instruction of described card application identities；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module 833 deposited by circle, be sent to account platform for described circle being deposited the request circle request of depositing that receives of receiver module 832, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Consumption initialization directive sending module 834, for sending consumption initialization directive to the card application of described card application identities instruction；

Consumption response message receiver module 835, for receiving the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries the consumption key that the card application of described card application identities instruction generates according to the consumption initialization directive that described consumption initialization directive sending module 834 sends；

First fee deduction instruction sending module 836, for the consumption key consumed in response message received according to described consumption response message receiver module 835, generates the first fee deduction instruction after encryption, and is sent to the card application of described card application identities instruction；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password, applied according to described consumption key by the card of described card application identities instruction, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Transfer accounts initialization directive sending module 837, for transferring accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；

Transfer accounts response message receiver module 838, for producing the response message of transferring accounts of the card application feedback of account identification instruction described in receiving；Wherein, transfer accounts described in the card application of producing account identification instruction described in carrying in response message according to described in transfer accounts the key of transferring accounts that the initialization directive of transferring accounts that initialization directive sending module 837 sends generates；

Second fee deduction instruction sending module 839, for according to described in transfer accounts the key of transferring accounts transferring accounts in response message that response message receiver module 838 receives, generate the second fee deduction instruction after encryption, and produce the card application of account identification instruction described in being sent to；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number, applied, by the described card producing account identification instruction, key of transferring accounts described in basis, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

First transfer instructions sending module 8310, for sending, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts, the described card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

For convenience of description, above each several part is divided by function and is respectively described for each module (or unit).Certainly, the function of each module (or unit) can be realized in same or multiple softwares or hardware when implementing the present invention.

When being embodied as, the first device that SIM application is processed above-mentioned can be arranged in SIM.

As it is shown in figure 9, the structural representation of device that SIM application is processed by the second provided for the embodiment of the present invention, including:

Authentication ' unit 91, for receiving the certification request that client identification module SIM sends, carries out two-way authentication with described SIM；

Second card application operating instruction reception unit 92, for when two-way authentication success in described authentication ' unit 91 and between described SIM, receiving the second card application operating instruction that described SIM sends；

Operate unit 93, for the second card application operating instruction received according to described second card application operating instruction reception unit 92, complete corresponding operating.

Wherein, described authentication ' unit 91, specifically include:

Certification request receiver module 911, for receiving the certification request that SIM sends；

Ciphertext sending module 912, for asking the certification that receiver module 911 receives to be asked according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text, and it is sent to described SIM, judged that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received by described SIM, to realize the certification to described card application of the described SIM；

Ciphertext receiver module 913, for receiving the 3rd encrypted cipher text that described SIM sends；

Judge module 914, for when described ciphertext receiver module 913 receives three encrypted cipher text stating SIM transmission, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text, and judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；Wherein, described 3rd encrypted cipher text is that described SIM is judged when described second encrypted cipher text is identical with described first encrypted cipher text, generates according to described second key；

Module 915 is determined in two-way authentication, for when to judge the 4th encrypted cipher text identical with the 3rd encrypted cipher text received for described judge module 914, it is determined that two-way authentication is successfully.

Described operation completes unit 93, specifically includes:

Request generation module 931 deposited by circle, supplements initialization directive with money described in basis, generates circle and deposits request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module 932 deposited by circle, be sent to account platform for described circle being deposited the request circle that generates of generation module 931 request of depositing by described SIM, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

Described operation completes unit 93, specifically includes:

Consumption key production module 933, for according to described consumption initialization directive, generating consumption key；

First fee deduction instruction receiver module 934, is used for the first fee deduction instruction after receiving the encryption that described SIM sends；

Deducting fees module 935, for the consumption key generated according to described consumption key production module 933, and the spending amount carried in the first fee deduction instruction after the encryption that receives of described first fee deduction instruction receiver module 934 and consumption password complete to deduct fees.

Described operation completes unit 93, specifically includes:

Transfer accounts key production module 936, for according to described in transfer accounts initialization directive, generate key of transferring accounts；

Transfer accounts key sending module 937, in response message of transferring accounts, be sent to described SIM for being carried by the key of transferring accounts that described key production module 936 of transferring accounts generates, by described SIM according to described in transfer accounts key, generate the second fee deduction instruction after encrypting；Wherein, the second fee deduction instruction after described encryption carries transfer amounts and secret number；

Second fee deduction instruction receiver module 938, is used for the second fee deduction instruction after receiving the encryption that described SIM sends；

Deduct fees module 939, the key of transferring accounts that key production module of transferring accounts described in basis 936 generates, and the transfer amounts that carries and secret number complete to deduct fees in the second fee deduction instruction after the encryption that receives of described second fee deduction instruction receiver module 938, and feed back second to described SIM and deduct fees result, deducted fees result according to described second by described SIM, generate the first transfer instructions carrying described transfer amounts, and be sent to and proceed to account, proceed to account described in making and complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

When being embodied as, the device that SIM application is processed by above-mentioned the second can be arranged in SIM.

As shown in Figure 10, for the structural representation of system that SIM application is processed that the embodiment of the present invention provides, including: include mobile terminal 101 and comprise the client identification module SIM 102 of at least one card application 103, wherein:

Described mobile terminal 101, for sending the first card application operating instruction to described SIM 102；Wherein, card application identities is carried in described first card application operating instruction；

Described SIM 102, is used for receiving described first card application operating instruction；According to the card application identities carried in described first card application operating instruction, to the card application 103 transmission certification request of described card application identities instruction, to realize the two-way authentication between the card application 103 of described card application identities instruction；When the two-way authentication success between 103 applied by the card of described card application identities instruction, to the card application 103 transmission second card application operating instructions of described card application identities instruction；

The card application 103 of described card application identities instruction, for receiving the certification request that described SIM 102 sends；Ask according to described certification, carry out two-way authentication with described SIM 102；During two-way authentication success between described SIM 102, receive the second card application operating instruction that described SIM 102 sends；According to described second card application operating instruction, complete corresponding operating.

Wherein, described SIM 102, specifically for:

According to the card application identities carried in described first card application operating instruction, to the card application 103 transmission certification request of described card application identities instruction；Receive the first encrypted cipher text of card application 103 feedback of described card application identities instruction；Judge that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received；When described second encrypted cipher text is identical with described first encrypted cipher text, continues to generate the 3rd encrypted cipher text according to the second key that the card application 103 with the instruction of described card application identities is made an appointment, and be sent to the card application 103 of described card application identities instruction；When receiving the certification success message of card application 103 transmission of described card application identities instruction, it is determined that two-way authentication success；

The card application 103 of described card application identities instruction, specifically for:

Ask according to described certification, and and the first key of making an appointment of described SIM 102, generate the first encrypted cipher text, and be sent to described SIM 102；When receiving three encrypted cipher text that described SIM 102 sends, continue the second key that basis is made an appointment with described SIM 102, generate the 4th encrypted cipher text；Judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；When described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received, send certification success message to described SIM 102.

Described SIM 102, specifically for:

Initialization directive is supplemented with money to card application 103 transmission of described card application identities instruction；Receive the circle supplementing initialization directive feedback described in card application 103 basis of described card application identities instruction with money and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；The described circle request of depositing is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process；

Supplement initialization directive with money according to described, generate circle and deposit request, and be sent to described SIM 102.

Wherein, described system also includes: parametric controller 104；Then

Described SIM 102, specifically for:

The described circle request of depositing is sent to parametric controller 104, described parametric controller 104 the described circle request of depositing is sent to account platform；

Described SIM 102 is additionally operable to:

What receive the transmission of described parametric controller 104 supplements script with money；Wherein, supplementing script described in money is that described parametric controller 104 receives the circle that described account platform sends and deposits and generate after result；

Described script of supplementing with money is sent to the card application 103 of described card application identities instruction；

The card application 103 of described card application identities instruction, is additionally operable to:

Described SIM 102, specifically for:

To the card application 103 transmission consumption initialization directive of described card application identities instruction；Receive the consumption response message of card application 103 feedback of described card application identities instruction；Wherein, described consumption response message carries consumption key；According to the consumption key in described consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password；The first fee deduction instruction after described encryption is sent to the card application 103 of described card application identities instruction；

According to described consumption initialization directive, generate consumption key；Described consumption key is carried in consumption response message, is sent to described SIM 102；Receive after the encryption that SIM 102 sends first to deduct fees key；According to described consumption key, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

Described SIM 102, specifically for:

Initialization directive of transferring accounts is sent to the card application 103 producing account identification instruction in described card application identities；The response message of transferring accounts of card application 103 feedback of account identification instruction is produced described in reception；Wherein, transfer accounts described in and response message carries key of transferring accounts；According to described key of transferring accounts, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number；The card application 103 of account identification instruction is produced described in the second fee deduction instruction after described encryption being sent to；And the first transfer instructions of described transfer amounts is carried to described card application 103 transmission proceeding to account identification instruction；

The described card application 103 producing account identification instruction, specifically for:

According to described initialization directive of transferring accounts, generate key of transferring accounts；Described key of transferring accounts is carried in response message of transferring accounts, is sent to described SIM 102；Receiving the second fee deduction instruction after the encryption that described SIM 102 sends, according to described key of transferring accounts, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

The described card application 103 proceeding to account identification instruction, specifically for:

Receiving the first transfer instructions after the encryption that described SIM 102 sends, the transfer amounts according to carrying in described first transfer instructions completes to transfer accounts.

Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, complete software implementation or the embodiment in conjunction with software and hardware aspect.And, the present invention can adopt the form at one or more upper computer programs implemented of computer-usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) wherein including computer usable program code.

The present invention is that flow chart and/or block diagram with reference to method according to embodiments of the present invention, equipment (system) and computer program describe.It should be understood that can by the combination of the flow process in each flow process in computer program instructions flowchart and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can be provided to produce a machine to the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device so that the instruction performed by the processor of computer or other programmable data processing device is produced for realizing the device of function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame.

These computer program instructions may be alternatively stored in and can guide in the computer-readable memory that computer or other programmable data processing device work in a specific way, the instruction making to be stored in this computer-readable memory produces to include the manufacture of command device, and this command device realizes the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame.

These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices provides for realizing the step of function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame.

Although preferred embodiments of the present invention have been described, but those skilled in the art are once know basic creative concept, then these embodiments can be made other change and amendment.So, claims are intended to be construed to include preferred embodiment and fall into all changes and the amendment of the scope of the invention.

Obviously, the present invention can be carried out various change and modification without deviating from the spirit and scope of the present invention by those skilled in the art.So, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims

1. one kind SIM is applied the method processed, it is characterised in that including:

2. the method for claim 1, it is characterized in that, according to the card application identities carried in described first card application operating instruction, certification request is sent to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction, specifically include:

3. the method for claim 1, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money instruction also carry recharge amount and supplement password with money；Then

4. the method for claim 1, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；Then

5. the method for claim 1, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Then

6. one kind SIM is applied the method processed, it is characterised in that including:

7. method as claimed in claim 6, it is characterised in that card application receives the certification request that client identification module SIM sends, and carries out two-way authentication with described SIM, specifically includes:

Receive the certification request that SIM sends；

8. method as claimed in claim 6, it is characterised in that described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry recharge amount and supplements password with money；Then

9. method as claimed in claim 6, it is characterised in that the second card application operating instruction is consumption initialization directive；Then

10. method as claimed in claim 6, it is characterised in that described second card application operating instruction is initialization directive of transferring accounts, and described card application is for producing account；Then

11. the device processed applied by SIM by one kind, it is characterised in that including:

12. device as claimed in claim 11, it is characterised in that described authentication ' unit, specifically include:

13. device as claimed in claim 11, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money and instruction also carry recharge amount and supplements password with money；Then

14. device as claimed in claim 11, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；Then

15. device as claimed in claim 11, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Then

16. the device processed applied by SIM by one kind, it is characterised in that including:

17. device as claimed in claim 16, it is characterised in that described authentication ' unit, specifically include:

18. device as claimed in claim 16, it is characterised in that described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry recharge amount and supplements password with money；Then

Described operation completes unit, specifically includes:

19. device as claimed in claim 16, it is characterised in that the second card application operating instruction is consumption initialization directive；Then

Described operation completes unit, specifically includes:

20. device as claimed in claim 16, it is characterised in that described second card application operating instruction is initialization directive of transferring accounts, and described card application is for producing account；Then

Described operation completes unit, specifically includes:

21. the system processed applied by SIM by one kind, it is characterised in that include mobile terminal and comprise the client identification module SIM of at least one card application, wherein:

22. system as claimed in claim 21, it is characterised in that described SIM, specifically for:

23. system as claimed in claim 21, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money and instruction also carry recharge amount and supplements password with money；

Described SIM, specifically for:

24. the system as claimed in claim 22, it is characterised in that described system also includes: parametric controller；Then

Described SIM, specifically for:

Described SIM is additionally operable to:

25. system as claimed in claim 21, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；

Described SIM, specifically for:

26. system as claimed in claim 21, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Described SIM, specifically for: