CN106412881A - Terminal equipment and card management method - Google Patents
Terminal equipment and card management method Download PDFInfo
- Publication number
- CN106412881A CN106412881A CN201510458247.2A CN201510458247A CN106412881A CN 106412881 A CN106412881 A CN 106412881A CN 201510458247 A CN201510458247 A CN 201510458247A CN 106412881 A CN106412881 A CN 106412881A
- Authority
- CN
- China
- Prior art keywords
- management system
- trusted service
- terminal device
- identification card
- field communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
Provided is terminal equipment for installing a SIM card. The SIM card includes a secure element. The terminal equipment comprises an authorization module, a verification module and an execution module, the authorization module is used for receiving request information for obtaining authorization data of the SIM card and managing the SIM card sent by a second trusted service manager, sending the request information to a first telecommunication service provider, receiving an authorization electronic token and a management command for the SIM card which are returned by the first telecommunication service provider, and transmitting the authorization electronic token and the management command to the second trusted service manager, the verification module is used for receiving the authorization electronic token and the management command transmitted by the second trusted service manager and sending a verification command to the secure element in order to verify the electronic token, and the execution module is used for sending an execution command to the secure element in order to manage the SIM card according to the management command if the verification is successful. The invention also provides a card management method. By employing the terminal equipment and the card management method, cross-telecommunication service provider management of the SIM card can be realized, and the user experience is enhanced.
Description
Technical field
The present invention relates to near-field communication field, more particularly, to there is terminal device and the card management method of near field communication (NFC) function.
Background technology
Near-field communication (Near Field Communication, NFC) it is a kind of in-plant high frequency wireless communication technology, the use of frequency range is 13.56MHz, available range is about 10 centimetres, electronic identity identification or data transfer can be realized, the such as function such as credit card, access card, its mode of operation is divided into three kinds;1. contactless mode card, be equivalent to one and adopt radio-frequency technique (Radio Frequency Identification, RFID) the IC-card of technology, can substitute substantial amounts of IC-card (inclusion credit card) occasion market now swipe the card, mass transit card, gate inhibition's control, ticket, admission ticket etc.;2. ad hoc mode, can be used for data exchange, simply transmission range is shorter, transmission creates speed, and transmission speed is also quicker, low in energy consumption, by two linking of devices possessing NFC function, enable data point-to-point transmission, such as down-load music, exchange picture or synchronizer address book;3. card reader pattern:Use as contactless card reader, read relevant information such as from poster or Exhibition Information electronic tag.By this technology, user can substitute the contact type intelligent cards such as mass transit card, bank card, employee job card, access card, member card with mobile phone moreover it is possible to easily read subsidiary FRID label information on billboard.Development with technology and research application, can carry out wireless near field communication in mobile device, consumer electronics product, PC and smart control Tool Room.NFC provides a kind of simple, solution of touch, exchanges information with can allowing consumer's simple, intuitive, accesses content and service.
NFC terminal device hardware components mainly include at present:Safety element (Secure Element, SE), NFC rf control unit, the part such as NFC antenna.Wherein, safety element can be divided into according to installation site and is built into terminal device, is built into subscriber identification card (Subscriber Identity Module, SIM), it is built into digital card (Secure Digital Memory Card, SD), the standardization level being built into SIM at present is higher, and intercommunity is preferable.Safety element is built in SIM for telecom operators, is to provide NFC service using the terminal device of SIM.The safety element of different telecom operators is different, results in the need for different third party's trusted service management systems (Trusted Service Manager, TSM)
NFC application software is managed, refering to Fig. 1, Fig. 1 show the schematic diagram of trusted service management system, NFC service provider 30 can provide a NFC service the 300, the 2nd NFC service the 302, the 3rd NFC service 304, to be stored in trusted service management system 20 with the NFC corresponding NFC service software 1010 of service, the 2nd NFC service software 1012, the 3rd NFC service software 1014, when terminal device 10 needs using one of service, corresponding service software can be downloaded from trusted service management system 20.
Refering to Fig. 2, Fig. 2 show the working mode figure of existing trusted service management.Main flow under this pattern includes:1. terminal device 10 sends the request installing NFC application software to NFC service provider 30;2. whether service provider has NFC function to trusted service management system 20 inquiry terminal equipment 10, whether terminal device 10 has the SIM containing safety element that telecom operators provide;4. whether trusted service trusted service management system 20 has NFC function, whether has the SIM containing safety element of this telecom operators 40 offer to telecom operators 40 inquiry terminal equipment 10;When terminal device 10 has NFC function and is provided with the SIM containing safety element of telecom operators 40 offer, NFC service provider 30 asks to install corresponding service software to terminal device 10 to trusted service management system 20;5., after service software installed by terminal device 10, the order of service software receive user sends, to trusted service management system 20, the request that SIM piece is managed, and trusted service management system 20 forwards, to telecom operators 40, the request that SIM piece is managed;6., after telecom operators 40 accept request, transmit the related command that safety element content is managed and electronic passwords board to trusted service management system 20, related command and electronic passwords board are transmitted to terminal device 10 by trusted service management system 20;7. terminal device 10 accepts related command and electronic passwords board, and the safety element of terminal device 10 is verified to electronic passwords board, and executes the related command to SIM;8. the result executing after order is returned to telecom operators 40 by trusted service management system 20 by terminal device 10;After 9.SIM card licenses to service software use, the administration order that trusted service management system 20 responds the service software of terminal device 10 is managed to SIM.
Trusted service management system is mainly used in providing the corresponding NFC application software of NFC ASP such as financial institution, contractor, traffic ticketing service.Trusted service management system is matched with the SIM being built in terminal device use, for example, when terminal device uses the SIM of built-in security element that China Mobile issues, NFC application software must be downloaded from the trusted service system of the safety element based on China Mobile;When terminal device uses the SIM of built-in security element that Hinet is issued, NFC application software must be downloaded from the trusted service system of the safety element based on Hinet.The trusted service management system that this results in based on different telecom operators can not carry out corresponding operating management to the NFC application software of the trusted service management system of other telecom operators, when user needs the NFC application software using cross-system, need to be replaced with the SIM of the built-in security element of other system, again carry out the operation such as registering to telecom operators.
Because existing settling mode there are inconvenience, thus be badly in need of provide a kind of can be simply and easily across terminal device and the card management method of telecom operators.
Content of the invention
In view of this, the present invention provides a kind of terminal device, in order to realize the simply and easily terminal device across telecom operators' card management.
In addition, the present invention also provides a kind of card management method, in order to realize the simply and easily card management method across telecom operators.
The terminal device providing in present embodiment, the identification card that installing terminal equipment is provided by the first telecom operators, wherein, identification card comprises safety element, the second trusted service management system that terminal device is provided with other telecommunication service operator is connected, and terminal device includes:Authorization module, correction verification module and performing module.
Authorization module is used for the solicited message receiving the second trusted service management system acquisition identification card mandate data sending, identification card being carried out with related management, solicited message is issued the first telecom operators, and receive the mandate electronic passwords board of the first telecom operators passback, the related management order that identification card is managed, and electronic passwords board and related management order will be authorized to pass to the second trusted service management system.Correction verification module is used for receiving mandate electronic passwords board and the related management order that the second trusted service management system sends, and sends check command and to safety element, electronic passwords board is verified.Performing module is used for, when safety element is proved to be successful to electronic passwords board, sending execution order and carrying out related management according to related management order to identification card to safety element.
Preferably, terminal device includes wireless near field communication function, and terminal device also includes:Registering modules.Registering modules are used for sending the request of registration wireless near field communication service to the first telecom operators, and receive the mandate data of the wireless near field communication service to identification card of the first telecom operators passback.
Preferably, also include:Transceiver module.Transceiver module is used for the request of receive user, send the mandate data obtaining the service of identification card wireless near field communication to the second trusted service management system, identification card is carried out with the solicited message of related management, authorization module, it is additionally operable to receive the mandate data obtaining the service of identification card wireless near field communication that the second trusted service management system sends, identification card is carried out with the solicited message of related management, solicited message is issued the first telecom operators, and receive the mandate electronic passwords board of the first telecom operators passback, the related command that identification card is managed, and electronic passwords board and related command will be authorized to pass to the second trusted service management system.
Preferably, terminal device is also connected with by the first trusted service management system that the first telecom operators provide, have in first trusted service management system and multiple software is served by based on the wireless near field communication of this system, authorization message includes allowing terminal device to download wireless near field communication from the first trusted service management system being served by software, and allows the wireless near field communication downloaded to be served by software by the first trusted service management system, identification card to be managed.
Preferably, the second trusted service management system provides and is served by software based on the wireless near field communication of this system, and terminal device also includes:Proxy module, download module.Proxy module is used for sending, to the second trusted service management system, the solicited message that request download wireless near field communication is served by software, and receive whether the terminal device of the second trusted service management system return has wireless near field communication function, whether identification card be have registered the inquiry message that wireless near field communication services, and inquiry message is sent to the first telecommunication service operator, receive judged result and the related data that the first telecom operators return, when judged result is to have wireless near field communication service function and identification card be have registered wireless near field communication service, will determine that result and related data send the second trusted service management system to, the control command that wireless near field communication is served by software downloaded by the terminal device that allows receiving the second trusted service management system transmission.
Download module is used for being served by software from the second trusted service management system download wireless near field communication, and wireless near field communication is installed is served by software, the wireless near field communication installed is served by software, for the request of receive user, the solicited message send to the second trusted service management system and obtain identification card mandate data, identification card being carried out with related management.
Preferably, terminal device is connected with certificate server, also includes authentication module.Authentication module is used for generating a pair of key, the key of generation is sent to certificate server, the first public key is comprised in key, accept the Service Ticket of certificate server return, and Service Ticket and the first public key are sent to the second trusted service management system, send terminal device after data being encrypted using the first public key for the second trusted service management system to, and receive the second public key that the second trusted service management system returns.
Preferably, also include encrypting module.Encrypting module sends the second trusted service management system to after being used for using the second public key, data being encrypted.
Preferably, wireless near field communication service is near-field communication service.
Preferably, the management of identification card is included identification card is carried out with information inquiry, the management supplemented with money, withhold.
The method that card management is provided in present embodiment, it is applied on terminal device, the identification card that installing terminal equipment is provided by the first telecom operators, wherein, identification card comprises safety element, the second trusted service management system that terminal device is provided with other telecommunication service operator is connected, and method includes:Receive the acquisition identification card mandate data that the second trusted service management system sends, identification card is carried out with the solicited message of related management, solicited message is issued the first telecom operators, and receive the mandate electronic passwords board of the first telecom operators passback, the related management order that identification card is managed will authorize electronic passwords board and related management order to pass to the second trusted service management system, receive mandate electronic passwords board and the related management order that the second trusted service management system sends, and send check command and to safety element, electronic passwords board is verified, when safety element is proved to be successful to electronic passwords board, send execution order, to safety element, related management is carried out to identification card according to related management order.
Preferably, terminal device includes wireless near field communication function, and method also includes:
Send the request of registration wireless near field communication service to the first telecom operators, and receive the mandate data of the wireless near field communication service to identification card of the first telecom operators passback.
Preferably, also include:The request of receive user, sends the mandate data of the wireless near field communication service obtaining identification card, identification card is carried out with the solicited message of related management to the second trusted service management system,
The solicited message receive the second trusted service management system mandate data of wireless near field communication service of acquisition identification card sending, identification card being carried out with related management, solicited message is issued the first telecom operators, and receive the mandate electronic passwords board of the first telecom operators passback, the related command that identification card is managed, and electronic passwords board and related command will be authorized to pass to the second trusted service management system.
Preferably, wherein, terminal device is also connected with by the first trusted service management system that the first telecom operators provide, have in first trusted service management system and multiple software is served by based on the wireless near field communication of this system, authorization message includes allowing terminal device to download wireless near field communication from the first trusted service management system being served by software, and allows the wireless near field communication downloaded to be served by software by the first trusted service management system, identification card to be managed.
Preferably, wherein, the second trusted service management system provides and is served by software based on the wireless near field communication of this system, also includes:
Download the solicited message that wireless near field communication is served by software to the second trusted service management system transmission request, whether the terminal device receiving the second trusted service management system return has wireless near field communication function, whether identification card be have registered the inquiry message that wireless near field communication services;Inquiry message is sent to the first telecommunication service operator,Receive judged result and the related data that the first telecom operators return,When judged result is to have wireless near field communication service function and identification card be have registered wireless near field communication service,Will determine that result and related data send the second trusted service management system to,The control command that wireless near field communication is served by software downloaded by the terminal device that allows receiving the second trusted service management system transmission,Download wireless near field communication from the second trusted service management system and be served by software,And wireless near field communication is installed is served by software,The wireless near field communication installed is served by software,Request for receive user,Send to the second trusted service management system and obtain identification card mandate data、Identification card is carried out with the solicited message of related management.
Preferably, wherein, terminal device is connected with certificate server, and method also includes:Generate a pair of key, the key of generation is sent to certificate server, the first public key is comprised in key, accept the Service Ticket of certificate server return, and Service Ticket and the first public key are sent to the second trusted service management system, send terminal device after data being encrypted using the first public key for the second trusted service management system to, and receive the second public key that the second trusted service management system returns.
Preferably, also include:The second trusted service management system is sent to after data being encrypted using the second public key.
Preferably, wireless near field communication service is near-field communication service.
Preferably, the management of identification card is included identification card is carried out with information inquiry, the management supplemented with money, withhold.
Therefore, the terminal device in embodiment of the present invention and its card management method can carry out the management across telecom operators to identification card, improve Consumer's Experience.
Brief description
Fig. 1 is the schematic diagram of trusted service management system
Fig. 2 is the working mode figure of existing trusted service management
Fig. 3 is the applied environment figure of terminal device one embodiment of the present invention
Fig. 4 is the applied environment figure of another embodiment of terminal device of the present invention.
Fig. 5 is the functional block diagram of terminal device one embodiment of the present invention.
Fig. 6 is the functional block diagram of another embodiment of terminal device of the present invention.
Fig. 7 is the functional block diagram of terminal device one better embodiment of the present invention
Fig. 8 is the functional block diagram of another better embodiment of terminal device of the present invention
Fig. 9 is the flow chart of card management method one embodiment of the present invention.
Figure 10 is the flow chart of data encryption one embodiment in card management of the present invention.
Main element symbol description
Terminal device 10
First NFC service software 1010
2nd NFC service software 1012
3rd NFC service software 1014
Identification card 100
Safety element 101
Registering modules 102
Authorization module 103
Proxy module 104
Download module 105
Correction verification module 107
NFC application software 108
Performing module 109
Authentication module 110
Encrypting module 112
Trusted service management system 20
NFC service provider 30
Telecom operators 40
First trusted service management system 50
Second trusted service management system 60
Certificate server 70
First NFC service 300
2nd NFC service 302
3rd NFC service 304
Specific embodiment
Refer to Fig. 3, be the applied environment figure of terminal device one embodiment of the present invention shown in Fig. 3.In the present embodiment,Terminal device 10 has identification card (the Subscriber Identity Module being built-in with safety element of telecom operators 40 offer,SIM),Terminal device 10 is to after telecom operators 40 registration NFC service,Terminal device 10 can be downloaded based on the NFC application software in the first trusted service management system 50 of telecom operators 40,The NFC application software of this download can obtain the mandate of telecom operators 40,SIM is managed,Terminal device 10 terminal device 10 is to after telecom operators 40 registration NFC service,NFC application software can also be downloaded to the trusted service management system requested that other telecom operators provide,As shown in Figure 2,The second trusted service management system 60 that other telecom operators provide,After the second trusted service management system 60 downloads the 2nd NFC application software,Terminal device 10 obtains, from telecom operators 40, the mandate allowing the 2nd NFC application software to manage SIM,After 2nd NFC application software obtains the mandate of management SIM,User can be by the associative operation to the 2nd NFC application software,Operational order is sent to the second trusted service management system 60,Associative operation to SIM is completed by the second trusted service management system 60.
Fig. 4 is the applied environment figure of another embodiment of terminal device of the present invention.In the present embodiment, terminal device 10 and certificate server 70, second trusted service management system 60 is connected, certificate server 70 is the server of the second trusted service management system 60 accreditation, when terminal device 10 needs to be communicated with the second trusted service management system 60, terminal device utilizes the fingerprint of user, sound, sky-writing signature generates a pair of key, and the key of generation is sent to certificate server 70, after the certification of certificate server 70, the Service Ticket that access authentication server 70 sends, Service Ticket is issued the second trusted service management system 60 and is carried out authentication by terminal device 10;Second trusted service management system 60 accepts Service Ticket and obtains the public key of terminal device 10;The Service Ticket of itself is issued terminal device 10 by the second trusted service management system 60;Terminal device 10 receives Service Ticket and obtains the public key of the second trusted service management system 60;Data transmission between terminal device 10 and the second trusted service management system 60 will be encrypted using public key each other, confirms data accuracy and security.
Refer to Fig. 5, Fig. 5 is the functional block diagram of terminal device 10 1 embodiment of the present invention.Terminal device 10 is applied in an applied environment of the embodiment shown in Fig. 3.In the present embodiment, terminal device 10 includes control module identification card 100, authorization module 103, correction verification module 107 and performing module 109, wherein, is also equipped with safety element 101 in this identification card 100.Function with reference to the modules to terminal device 10 respectively in connection with Fig. 3 and Fig. 5 illustrates.Authorization module 103 is used for the solicited message receiving the second trusted service management system 60 mandate data of acquisition identification card 100 sending, identification card 100 being carried out with related management, solicited message is issued telecom operators 40, and receive the mandate electronic passwords board of telecom operators 40 passback, the related management order that identification card 100 is managed, and electronic passwords board and related management order will be authorized to pass to the second trusted service management system 60.Correction verification module 107 receives mandate electronic passwords board and the related management order that the second trusted service management system 60 sends, and sends check command and to safety element 101, electronic passwords board is verified.When safety element 101 is proved to be successful to electronic passwords board, performing module 109 sends execution order and carries out related management according to related management order to identification card 100 to safety element 101.
Refer to Fig. 6, Fig. 5 is the functional block diagram of another embodiment of terminal device 10 of the present invention.Terminal device 10 is applied in an applied environment of the embodiment shown in Fig. 3.In the present embodiment, terminal device 10 includes control module identification card 100, Registering modules 102, authorization module 103, proxy module 104, download module 105, correction verification module 107, performing module 109, transceiver module 111, wherein, it is also equipped with safety element 101 in this identification card 100.Function with reference to the modules to terminal device 10 respectively in connection with Fig. 3 and Fig. 6 illustrates.
Please refer to Fig. 3 and Fig. 6, terminal device 10 includes the identification card 100 being built-in with safety element 101, the Registering modules 102 of terminal device 10 are to the telecom operators 40 application for registration NFC service providing identification card, after obtaining telecom operators 40 mandate NFC service, terminal device 10 can be downloaded based on the NFC application software in the first trusted service management system 50 of telecom operators 40, the NFC application software downloaded can obtain the mandate of telecom operators 40, and identification card is managed.
The request that the proxy module 104 of terminal device 10 accepts user is served by software to the trusted service management system requested download wireless near field communication that other telecom operators provide, specifically, for example as shown in Figure 3, send the request downloading NFC application software to the second trusted service management system 60 that other telecom operators provide, whether the second trusted service management system 60 has NFC function, whether identification card be have registered NFC service to proxy module 104 inquiry terminal equipment 10.
Proxy module 104 accepts inquiry and sends this inquiry to telecom operators 40,The related data of terminal device 10 is inquired about by telecom operators 40,Judge whether terminal device 10 has NFC function、Whether identification card be have registered NFC service,And will determine that proxy module 104 passed back by result and related data,Proxy module 104 will determine that result and related data pass to the second trusted service management system 60,When judged result has NFC function and identification card be have registered NFC service for terminal device 10,Second trusted service management system 60 allows terminal device 10 to download NFC application software,The download module 105 of terminal device 10 is installed after the second trusted service management system 60 downloads NFC application software,After installation, the functional block diagram of terminal device 10 refers to Fig. 7,Other module all sames compared with Fig. 6,Accordingly increased the NFC application software 108 of installation.Refer to Fig. 3, Fig. 6 and Fig. 7 simultaneously, installing after the NFC application software 108 that the second trusted service management system 60 is downloaded, because identification card 100 is the registration carrying out to telecom operators 40, thus the NFC application software 108 that other service providers provide can not directly be managed to identification card 100.Now the NFC application software 108 of terminal device 10 needs to ask to obtain the mandate data of identification card 100 to the second trusted service management system 60, and asks to carry out related management to identification card 100.
After second trusted service management system 60 receives the request that NFC application software 108 sends, solicited message is sent to the authorization module 103 of terminal device 10, authorization module 103 receives request and obtains the mandate data of identification card 100, asks identification card 100 is carried out with the solicited message of related management, and it is transferred to telecom operators 40, wherein, the management of identification card is included identification card is carried out with information inquiry, the management supplemented with money, withhold.Telecom operators 40 generate the electronic passwords board (takon) of mandate after receiving request, and identification card 100 carried out with the related command needing during related management safety element 101 is sent, and by the electronic passwords board of generation, need the related command that safety element 101 is sent to return to the second trusted service management system 60.Second trusted service management system 60 is by electronic passwords board, related command that safety element 101 is sent sends terminal device 10 to, after the inspection module 107 reception electronic passwords board of terminal device 10, related command, send check command to safety element 101, electronic passwords board to be verified, when safety element is proved to be successful to electronic passwords board, performing module 109 sends execution order and carries out related management according to related management order to identification card to safety element 101.Authorization module 103, and safety element 101 is fed back to telecom operators 40 to the management result of identification card 100.So far, complete the cross-platform management to identification card.
It should be noted that, corresponding application software can not also be downloaded, communication with the second trusted service management system 60 is realized by built-in module, for example, built-in transceiver module 111 in the present embodiment, transceiver module 111 is used for the request of receive user, sends the mandate data of the wireless near field communication service obtaining identification card, identification card is carried out with the solicited message of related management to the second trusted service management system 60.Authorization module 103 is used for the solicited message receiving the second trusted service management system 60 mandate data of wireless near field communication service of acquisition identification card sending, identification card being carried out with related management, solicited message is issued telecom operators 40, and receive the mandate electronic passwords board of telecom operators 40 passback, the related command that identification card is managed, and electronic passwords board and related command will be authorized to pass to the second trusted service management system 60.
Refer to Fig. 8, Fig. 8 show the functional block diagram of terminal device 10 1 better embodiment of the present invention, compared with Fig. 7, increased authentication module 110 and encrypting module 112, the terminal device 10 shown in Fig. 8 applies simultaneously in the applied environment shown in Fig. 4.Please refer to Fig. 4 and Fig. 8, in the present embodiment, when terminal device 10 needs to be communicated with the second trusted service management system 60, the authentication module 110 of terminal device 10 utilizes the fingerprint of user, sound, sky-writing signature to generate a pair of key, and the key of generation is sent to certificate server 70, certificate server 70 accepts key and terminal device 10 is authenticated, and generates Service Ticket and Service Ticket is sent to terminal device 10.The authentication module 110 of terminal device 10 accepts Service Ticket, and Service Ticket is issued the second trusted service management system 60 carries out authentication;Second trusted service management system 60 accepts Service Ticket and obtains the public key of terminal device 10;The Service Ticket of itself is issued terminal device 10 by the second trusted service management system 60;Terminal device 10 receives Service Ticket and obtains the public key of the second trusted service management system 60;The data that encrypting module 112 is sent to the second trusted service management system 60 to terminal device 10 is encrypted and sends the second trusted service management system 60 to, will be encrypted using public key each other, confirms data accuracy and security.
Refer to Fig. 9, Fig. 9 is the flow chart of card management method one embodiment of the present invention.In this embodiment, the terminal device 10 shown in Fig. 7 is applied in the applied environment shown in Fig. 3.Terminal device 10 includes the identification card being built-in with safety element 101.
In step S900, the Registering modules 102 of terminal device 10 are to the telecom operators 40 application for registration NFC service providing identification card, after obtaining telecom operators 40 mandate NFC service, terminal device 10 can be downloaded based on the NFC application software in the first trusted service management system 50 of telecom operators 40, the NFC application software downloaded can obtain the mandate of telecom operators 40, and identification card is managed.
In step S902, the request that the proxy module 104 of terminal device 10 accepts user downloads NFC application software to the trusted service management system requested that other telecom operators provide, for example as shown in figure 3, sending, to the second trusted service management system 60 that other telecom operators provide, the request downloading NFC application software.
In step S904, whether the second trusted service management system 60 has NFC function, whether identification card be have registered NFC service to proxy module 104 inquiry terminal equipment 10.
In step S906, proxy module 104 accepts inquiry and sends this inquiry to telecom operators 40.
In step S908, the related data of terminal device 10 is inquired about by telecom operators 40, judges whether terminal device 10 has NFC function, whether identification card be have registered NFC service, and will determine that proxy module 104 passed back by result and related data.
In step S910, proxy module 104 accepts judged result and the related data of passback, and will determine that result and related data pass to the second trusted service management system 60.
When judged result has NFC function and identification card be have registered NFC service for terminal device 10, in step S912, the second trusted service management system 60 allows terminal device 10 to download NFC application software.
In step S914, terminal device 10 is installed after the second trusted service management system 60 downloads NFC application software.
Installing after the NFC application software 108 that the second trusted service management system 60 is downloaded, because identification card 100 is the registration carrying out to telecom operators 40, thus the NFC application software 108 that other service providers provide can not directly be managed to identification card 100.Now the NFC application software 108 of terminal device 10 asks to obtain the mandate data of identification card 100 to the second trusted service management system 60, and ask to carry out related management to identification card 100, wherein the management of identification card is included identification card is carried out with information inquiry, the management supplemented with money, withhold.
In step S916, after the second trusted service management system 60 receives the request that NFC application software 108 sends, solicited message is sent to the authorization module 103 of terminal device 10.
In step S918, authorization module 103 sends the mandate data obtaining identification card 100, the solicited message that identification card 100 is carried out with related management, and is transferred to telecom operators 40.
In step S920, telecom operators 40 generate the electronic passwords board (takon) of mandate after receiving request, and identification card 100 carried out with the related command needing during related management safety element 101 is sent, and by the electronic passwords board of generation, need the related command that safety element 101 is sent to return to the second trusted service management system 60 by terminal device.
In step S922, the second trusted service management system 60 is by electronic passwords board, related command that safety element 101 is sent sends the NFC application software downloaded from the second trusted service management system that terminal device 10 is installed to.
In step S924, the correction verification module 107 of terminal device 10 accepts electronic passwords board, the related command that safety element 101 is sent, and send check command and to safety element 101, electronic passwords board is verified, when verifying successfully, performing module 109 sends execution related command and to safety element 101, identification card is managed, and safety element 101 is fed back to telecom operators 40 to the management result of identification card 100 by authorization module 103.So far, complete the cross-platform management to identification card.
Figure 10 is the flow chart of data encryption one embodiment in card management method of the present invention.Terminal device 10 shown in Fig. 8 applies simultaneously in the applied environment shown in Fig. 4.
Please refer to Fig. 4, Fig. 8 and Figure 10, when terminal device 10 needs to be communicated with the second trusted service management system 60, in step S1000, the authentication module 110 of terminal device 10 utilizes the fingerprint of user, sound, sky-writing signature to generate a pair of key, and the key of generation is sent to certificate server 70.In step S1002, certificate server 70 accepts key and terminal device 10 is authenticated, and generates Service Ticket and Service Ticket is sent to terminal device 10.In step S1004, the authentication module 110 of terminal device 10 accepts Service Ticket, and Service Ticket is issued the second trusted service management system 60 carries out authentication.In step S1006, the second trusted service management system 60 accepts Service Ticket and obtains the public key of terminal device 10, and the Service Ticket of itself is issued terminal device 10 by the second trusted service management system 60.In step S1008, terminal device 10 receives Service Ticket and obtains the public key of the second trusted service management system 60.In step S1010, the data transmission between terminal device 10 and the second trusted service management system 60 will be encrypted using public key each other, confirms data accuracy and security.
Therefore, terminal device 10 in embodiment of the present invention can carry out the management of the platform across telecom operators' offer to identification card, when the application service that user uses new telecom operators to provide, corresponding identity code need not be reinstalled carry out the loaded down with trivial details flow process such as re-registering, user operation time can be saved, improve Consumer's Experience.
Claims (18)
1. a kind of terminal device, the identification that described installing terminal equipment is provided by the first telecom operators
Card, wherein, described identification card comprises safety element, described terminal device and other telecommunication service operator
The second trusted service management system that business provides is connected it is characterised in that described terminal device includes:
Authorization module, for receiving the described identification of acquisition that described second trusted service management system sends
Card mandate data, described identification card is carried out with the solicited message of related management, described solicited message is sent out
To described first telecom operators, and receive the passback of described first telecom operators mandate electronic passwords board,
The related management order that identification card is managed, and authorize electronic passwords board and described correlation by described
Described second trusted service management system is passed in administration order;
Correction verification module, for receiving the described mandate electronic passwords that described second trusted service management system sends
Board and described related management order, and send check command and to described safety element, described electronic passwords board is entered
Row checking;
Performing module, for when described safety element is proved to be successful to described electronic passwords board, sending execution
Order, to described safety element, related management is carried out to described identification card according to described related management order.
2. terminal device as claimed in claim 1, described terminal device includes wireless near field communication work(
Can be it is characterised in that described terminal device also includes:
Registering modules, for sending asking of registration wireless near field communication service to described first telecom operators
Ask, and receive the wireless near field communication clothes to described identification card of described first telecom operators passback
The mandate data of business.
3. terminal device as claimed in claim 2 is it is characterised in that also include:
Transceiver module, for the request of receive user, sends to described second trusted service management system and obtains
The mandate data of the wireless near field communication service of described identification card, phase is carried out to described identification card
Close the solicited message of management;
Described authorization module, is additionally operable to receive the described body of acquisition that described second trusted service management system sends
The mandate data of part identification card wireless near field communication service, related management is carried out to described identification card
Solicited message, described solicited message is issued described first telecom operators, and receives described first telecommunications fortune
The related command authorizing electronic passwords board, identification card being managed of battalion's business's passback, and award described
Power electronic passwords board and described related command pass to described second trusted service management system.
4. terminal device as claimed in claim 1, described terminal device also with by described first telecom operation
The first trusted service management system that business provides is connected, and described first trusted service management system has multiple bases
Wireless near field communication in this system is served by software it is characterised in that described authorization message includes permitting
Permitted described terminal device to be served by from described first trusted service management system download wireless near field communication
Software, and allow the wireless near field communication downloaded to be served by software by described first trusted service management
System is managed to described identification card.
5. terminal device as claimed in claim 1, described second trusted service management system provides to be based on and is somebody's turn to do
The wireless near field communication of system is served by software it is characterised in that described terminal device also includes:
Proxy module, leads to for sending request download near radio to described second trusted service management system
The solicited message of telecommunications services application software, and receive the described end that described second trusted service management system returns
Whether end equipment has wireless near field communication function, whether identification card be have registered near radio and lead to
The inquiry message of telecommunications services, and described inquiry message is sent to described first telecommunication service operator, receive
Judged result and related data that described first telecom operators return, when judged result is to have closely no
Line communication service function and by described identification card have registered wireless near field communication service when, will determine that
Result and related data send described second trusted service management system to, receive described second trusted service pipe
The control life that wireless near field communication is served by software downloaded by the described terminal device of permission that reason system sends
Order;
Download module, should for downloading wireless near field communication service from described second trusted service management system
With software, and described wireless near field communication is installed it is served by software;
The wireless near field communication of described installation is served by software, for the request of receive user, to described
Second trusted service management system sends and obtains described identification card mandate data, to described identification card
Carry out the solicited message of related management.
6. terminal device as claimed in claim 1, described terminal device is connected with certificate server, and it is special
Levy and be, also include:
Authentication module, for generating a pair of key, the key of generation is sent to described certificate server, institute
State and in key, comprise the first public key, accept the Service Ticket that described certificate server returns, and by described certification
Voucher and the first public key are sent to described second trusted service management system, for described second trusted service pipe
Reason system sends described terminal device to after data being encrypted using described first public key, and receives second
The second public key that trusted service management system returns.
7. terminal device as claimed in claim 6 is it is characterised in that also include:
Encrypting module, for sending described second trusted service to after data being encrypted using the second public key
Management system.
8. terminal device as claimed in claim 2 is it is characterised in that described wireless near field communication service
For near-field communication service.
9. terminal device as claimed in claim 1 is it is characterised in that management to described identification card
Including described identification card is carried out with information inquiry, the management supplemented with money, withhold.
10. a kind of card management method, is applied on terminal device, and described installing terminal equipment is by the first electricity
The identification card that letter operator provides, wherein, described identification card comprises safety element, described terminal
The second trusted service management system that equipment is provided with other telecommunication service operator be connected it is characterised in that
Methods described includes:
Receive the acquisition described identification card mandate data, right that described second trusted service management system sends
Described identification card carries out the solicited message of related management;
Described solicited message is issued described first telecom operators, and receives described first telecom operators and return
The related management order authorizing electronic passwords board, identification card being managed passing;
Described mandate electronic passwords board and described related management order are passed to described second trusted service management
System;
Receive described mandate electronic passwords board and the described correlation that described second trusted service management system sends
Administration order, and send check command and to described safety element, described electronic passwords board is verified;
When described safety element is proved to be successful to described electronic passwords board, send execution order to described safety
Element carries out related management according to described related management order to described identification card.
11. card management methods as claimed in claim 10, wherein, described terminal device is included closely
Radio communication function is it is characterised in that methods described also includes:
Send the request of registration wireless near field communication service to described first telecom operators, and receive described
The mandate data of the wireless near field communication service to described identification card of the first telecom operators passback.
12. card management methods as claimed in claim 11 are it is characterised in that also include:
The request of receive user, sends to described second trusted service management system and obtains described identification card
The mandate data of wireless near field communication service, described identification card is carried out related management request letter
Breath;
Receive described second trusted service management system send acquisition described identification card closely no
The mandate data of line communication service, the solicited message of related management that described identification card is carried out, will be described
Solicited message issues described first telecom operators, and receives the mandate electricity of described first telecom operators passback
Rim of the mouth token, the related command that identification card is managed, and authorize electronic passwords board and institute by described
State related command and pass to described second trusted service management system.
13. card management methods as claimed in claim 10, wherein, described terminal device also with by described
The first trusted service management system that first telecom operators provide is connected, described first trusted service management system
Have on system and multiple software is served by it is characterised in that described award based on the wireless near field communication of this system
Power information includes allowing described terminal device to download near radio from described first trusted service management system
Communication service application software, and allow download wireless near field communication be served by software pass through described first
Trusted service management system is managed to described identification card.
14. card management methods as claimed in claim 10, wherein, described second trusted service management system
System provides and is served by software it is characterised in that also including based on the wireless near field communication of this system:
It is served by soft to described second trusted service management system transmission request download wireless near field communication
The solicited message of part;
Whether the described terminal device receiving described second trusted service management system return has closely no
Line communication function, whether identification card be have registered the inquiry message of wireless near field communication service;By institute
State inquiry message and send described first telecommunication service operator to, receive what described first telecom operators returned
Judged result and related data;
When judged result is to have wireless near field communication service function and by the registration of described identification card
During wireless near field communication service, will determine that result and related data send described second trusted service pipe to
Reason system, the described terminal device of permission receiving described second trusted service management system transmission is downloaded closely
The control command of radio communication service application software;
Download wireless near field communication from described second trusted service management system and be served by software, and install
Described wireless near field communication is served by software;And
The wireless near field communication of described installation is served by software, for the request of receive user, to described
Second trusted service management system sends and obtains described identification card mandate data, to described identification card
Carry out the solicited message of related management.
15. card management methods as claimed in claim 10, wherein, described terminal device and authentication service
Device is connected it is characterised in that methods described also includes:
Generate a pair of key, the key of generation is sent to described certificate server, in described key, comprise
One public key, accepts the Service Ticket that described certificate server returns, and by described Service Ticket and the first public key
It is sent to described second trusted service management system, so that described second trusted service management system is using described
First public key sends described terminal device to after data is encrypted, and receives the second trusted service management system
The second public key that system returns.
16. card management methods as claimed in claim 15 are it is characterised in that also include:
Described second trusted service management system is sent to after data being encrypted using the second public key.
17. card management methods as claimed in claim 11 are it is characterised in that described near radio leads to
Telecommunications services are near-field communication service.
18. card management methods as claimed in claim 10 are it is characterised in that to described identification card
Management include described identification card is carried out information inquiry, the management supplemented with money, withhold.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510458247.2A CN106412881B (en) | 2015-07-30 | 2015-07-30 | Terminal device and card management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510458247.2A CN106412881B (en) | 2015-07-30 | 2015-07-30 | Terminal device and card management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106412881A true CN106412881A (en) | 2017-02-15 |
| CN106412881B CN106412881B (en) | 2019-12-03 |
Family
ID=58009423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510458247.2A Active CN106412881B (en) | 2015-07-30 | 2015-07-30 | Terminal device and card management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106412881B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107396298A (en) * | 2017-08-28 | 2017-11-24 | 成都市保丽康科技有限公司 | The closely personal identification method and system of a kind of multi-to-multi |
| CN107613487A (en) * | 2017-11-07 | 2018-01-19 | 恒宝股份有限公司 | A kind of eSIM cards and its method of work |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102411742A (en) * | 2011-12-27 | 2012-04-11 | 大唐微电子技术有限公司 | Mobile terminal |
| WO2013039625A1 (en) * | 2011-09-15 | 2013-03-21 | Google Inc. | Enabling users to select between secure service providers using a key escrow service |
| CN103313241A (en) * | 2012-03-15 | 2013-09-18 | 中国移动通信集团公司 | SE (secure element) key management method, service platform, management platform and system |
| CN103312680A (en) * | 2012-03-15 | 2013-09-18 | 中国移动通信集团公司 | Migration method, device and system for application of NFC (near field communication) terminal |
| CN103518348A (en) * | 2012-02-28 | 2014-01-15 | 谷歌公司 | Portable secure element |
-
2015
- 2015-07-30 CN CN201510458247.2A patent/CN106412881B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013039625A1 (en) * | 2011-09-15 | 2013-03-21 | Google Inc. | Enabling users to select between secure service providers using a key escrow service |
| CN102411742A (en) * | 2011-12-27 | 2012-04-11 | 大唐微电子技术有限公司 | Mobile terminal |
| CN103518348A (en) * | 2012-02-28 | 2014-01-15 | 谷歌公司 | Portable secure element |
| CN103313241A (en) * | 2012-03-15 | 2013-09-18 | 中国移动通信集团公司 | SE (secure element) key management method, service platform, management platform and system |
| CN103312680A (en) * | 2012-03-15 | 2013-09-18 | 中国移动通信集团公司 | Migration method, device and system for application of NFC (near field communication) terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107396298A (en) * | 2017-08-28 | 2017-11-24 | 成都市保丽康科技有限公司 | The closely personal identification method and system of a kind of multi-to-multi |
| CN107613487A (en) * | 2017-11-07 | 2018-01-19 | 恒宝股份有限公司 | A kind of eSIM cards and its method of work |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106412881B (en) | 2019-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2016277638B2 (en) | Credential management system | |
| US9542630B2 (en) | Method of securely reading data from a transponder | |
| CN108093001B (en) | System, method and server computer for mutual mobile authentication using key management center | |
| CN101809977B (en) | Updating mobile devices with additional elements | |
| CN102314576B (en) | The method performing safety applications in NFC device | |
| US20090307140A1 (en) | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment | |
| US9740847B2 (en) | Method and system for authenticating a user by means of an application | |
| TWI529638B (en) | System and method for electronic ticket peer to peer secure transfer on mobile devices by near field communication (nfc) technology | |
| KR101157541B1 (en) | The system of issuing a p2p coupon and method thereof | |
| WO2009071734A1 (en) | Transaction authentication | |
| CN105850155B (en) | System and method for managing application data for contactless card applications | |
| CN102542697A (en) | POS (Point of Sale) terminal based on electronic equipment having network access function | |
| CN102823191B (en) | For application to be sent to the method and system fetch equipment unit from server security | |
| KR20130008125A (en) | Payment by using payment identification number dynamic mapped user's payment tool | |
| EP2112634A1 (en) | Method for transferring provisioning information to a mobile unit | |
| KR20130065829A (en) | Method and system for providing service by using object mapped one time code | |
| CN106412881B (en) | Terminal device and card management method | |
| TW201026011A (en) | Transaction in mobile card reader system using mobile phone and methods thereof | |
| KR101772358B1 (en) | Method for Automatic Identifying Other Companies Application for Registration of Payment Means | |
| KR101103189B1 (en) | System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium | |
| KR20090021887A (en) | The integrative method and system which use an id card and a mobile phone for electronic payment | |
| KR101078953B1 (en) | System and Method for Processing Scrap Public Certificate of Attestation and Recording Medium | |
| KR20190004250A (en) | Method for Providing Non-Faced Transaction by using Appointed Terminal | |
| KR20130008124A (en) | Payment by using payment identification number dynamic mapped individual financial institution | |
| EP2881908A1 (en) | NFC top-up |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |