CN106507331A - A kind of safety transfer method of card application data, apparatus and system - Google Patents

A kind of safety transfer method of card application data, apparatus and system Download PDF

Info

Publication number
CN106507331A
CN106507331A CN201510563324.0A CN201510563324A CN106507331A CN 106507331 A CN106507331 A CN 106507331A CN 201510563324 A CN201510563324 A CN 201510563324A CN 106507331 A CN106507331 A CN 106507331A
Authority
CN
China
Prior art keywords
sim
card
application data
card application
card management
Prior art date
Application number
CN201510563324.0A
Other languages
Chinese (zh)
Other versions
CN106507331B (en
Inventor
张艳
彭华熹
曹斌
Original Assignee
中国移动通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信集团公司 filed Critical 中国移动通信集团公司
Priority to CN201510563324.0A priority Critical patent/CN106507331B/en
Publication of CN106507331A publication Critical patent/CN106507331A/en
Application granted granted Critical
Publication of CN106507331B publication Critical patent/CN106507331B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Abstract

The present invention provides a kind of safety transfer method of card application data, apparatus and system, and the safety transfer method of the card application data includes:(U) consult to generate symmetrical shared key K between SIM and card management platforms;In the transition process of card application data, using the KsIt is encrypted to sent card application data, or the card application data that the card management platform sends is decrypted.The symmetrical shared key that the method is consulted to generate between SIM and card management platform by using (U), realize the safety transfer of card application data under the upgrading of (U) SIM and the constant scene of cell-phone number, so that user is during card is changed in the upgrading of (U) SIM, the safety of the user's private information on (U) SIM is ensure that, prevents which to be tampered.

Description

A kind of safety transfer method of card application data, apparatus and system

Technical field

The present invention relates to electronic information security field, more particularly to a kind of safety transfer side of card application data Method, device and system.

Background technology

In prior art, in one's hands by backing up the contact person stored in identification card (U) SIM of the user whole world On machine, again associated person information is synchronized in (U) SIM after changing (U) SIM, this method can be solved The problem that certainly contact person backs up, however it is necessary that user's manual operation, can be still to change card to increase difficulty and threshold; Meanwhile, on (U) SIM that this method cannot solve in addition to associated person information, other private informations are (such as Card application message) carrying out safety backup stationary problem, be operator promote 3G, 4G business manufactured difficulty.

Content of the invention

It is an object of the invention to provide a kind of safety transfer method of card application data, device and system, Solve the carrying out safety backup of user's associated person information, short message and card application message after (U) SIM is changed Stationary problem.By using shared key, safety of the card application data in transition process is improve.

To achieve these goals, the safety transfer method of a kind of card application data provided in an embodiment of the present invention, Including:

A kind of safety transfer method of card application data, is applied to user whole world identification card (U) SIM, bag Include:

The shared key that receiving card management tool sends consults order, consults order life according to the shared key Into random number Rk、RsAnd RsDigest value MAC (Rs), and the R is sent to card management toolk、Rs And MAC (Rs);

The random number R from card management platform that receiving card management tool is forwardedp、RkThe first digest value MAC(Rk)、RpThe first digest value MAC (Rp) and (U) SIM cell-phone number MSISDN, Wherein, the Rp、MAC(Rk)、MAC(Rp) it is that the card management platform is receiving card management The R that instrument sendskAnd set up the RkWith generation after the incidence relation of the MSISDN;

According to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Shared key is sent to calculate success message;

In the transition process of card application data, using the KsCarry out to sent card application data plus Close, or the card application data that the card management platform sends is decrypted.

Wherein, described according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and to institute Before stating card management tool transmission shared key calculating success message, also include:

According to the MAC (Rk) and MAC (Rp) safety verification is carried out to card management platform.

Wherein, described according to the MAC (Rk) and MAC (Rp) safe testing is carried out to card management platform Card, including:

According to RkGenerate RkThe second digest value, judge RkThe second digest value whether with MAC (Rk) Identical, judge the legitimacy of card management platform;

When judging that card management platform is legal, according to the R for receivingpGenerate RpThe second digest value, judge RpThe second digest value whether with MAC (Rp) identical, verify RpLegitimacy, and in RpWhen legal, Then the card management platform passes through safety verification.

Wherein, there is in described (U) SIM public private key pair corresponding with MSISDN;Wherein, public key is public Open, private key is stored in the secure storage areas of described (U) SIM.

Wherein, in the transition process of card application data, using the KsTo sent card application data It is encrypted, including:

The request command of moving out of the card application data that receiving card management tool sends;

Request command of moving out according to the card application data generates random number Rq, the first encryption data and Two encryption datas, and the R is sent to the card management toolq, MSISDN, the first encryption data and Two encryption datas,

Wherein, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN encryption generate, second encryption data is the U) SIM use the KsTo pending The card application data encryption that send is generated.

Wherein, the card application data in the transition process of card application data, to card management platform transmission It is decrypted, including:

The request command of moving into of the card application data that receiving card management tool sends;

Request command of moving into according to card application data generates random number RmWith the 3rd encryption data, and to institute State card management tool and send the Rm, MSISDN and the 3rd encryption data,

Wherein, the 3rd encryption data is that (U) SIM uses the private key to the RmWith MSISDN encryptions are generated;

The card application for carrying the 4th encryption data from card management platform that receiving card management tool sends Data are moved into order, and wherein, the 4th encryption data is that the card management platform is receiving card management work The card application data that tool sends is moved into request message, after the safety using the public key verifications (U) SIM, Using the KsGeneration is encrypted to sent card application data;

Using the Ks4th encryption data is decrypted, and by decryption after card application data deposit It is stored in secure storage areas, and moves into success message to the card management tool sending card application data.

Wherein, also include:

The remote wipe request command of the card application data that receiving card management tool sends;

According to the remote wipe request command of card application data, card application data is wiped.

Wherein, the remote wipe request command according to card application data, wipes card application data, including:

Random number R is generated according to the remote wipe request command of card application datanWith the 5th encryption data, and The R is sent to the card management tooln, MSISDN and the 5th encryption data, wherein described slender acanthopanax Ciphertext data is that (U) SIM uses the private key to the RnGeneration is encrypted with MSISDN;

Receive transmission after the remote wipe success message returned according to card management platform by the card management tool Card application data remote wipe order, the card application data is wiped according to the remote wipe order, And success message is wiped to card management tool sending card application data;Wherein, the remote wipe success message It is that the card management platform is receiving the card application data erasing request message of card management tool transmission, uses After the legitimacy of public key verifications (U) SIM, after erasing card application data, to the card management tool The message of transmission.

The embodiment of the present invention also provides a kind of safety transfer device of card application data, is applied to (U) SIM, Including:

First transmitting-receiving process module, consults order for the shared key that receiving card management tool sends, according to The shared key is consulted order and generates random number Rk、RsAnd RsDigest value MAC (Rs), and to card Management tool sends the Rk、RsAnd MAC (Rs);

First receiver module, for the random number R from card management platform that receiving card management tool is forwardedp、 RkThe first digest value MAC (Rk)、RpThe first digest value MAC (Rp) and (U) SIM Cell-phone number MSISDN, wherein, the Rp、MAC(Rk)、MAC(Rp) it is the card management Platform is receiving the R of card management tool transmissionkAnd set up the RkWith associating for the MSISDN Generate after relation;

First key generation module, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;

First data processing module, in the transition process of card application data, using the KsTreat The card application data of transmission is encrypted, or the card application data that the card management platform sends is decrypted.

The embodiment of the present invention also provides a kind of (U) SIM, including:Card application as described in above-mentioned embodiment The safety transfer device of data.

A kind of safety transfer method of card application data, is applied to card management platform, including:

Receive the random number R from (U) SIM sent by card management toolk, and set up the RkWith handss After the incidence relation of machine MSISDN, random number R is generatedp、RkThe first digest value MAC (Rk) And RpThe first digest value MAC (Rp), and the R is sent to card management toolp、MAC(Rp)、 MAC(Rk) and MSISDN, wherein, the RkIt is that (U) SIM is receiving card management work The shared key that tool sends is generated after consulting order;

Receiving card management tool is after the shared key calculating success message that described (U) SIM sends is received The carrying random number R of transmissionsAnd RsDigest value MAC (Rs) shared key consult request, wherein, The RsWith MAC (Rs) it is to be consulted in the shared key that receiving card management tool sends by (U) SIM Generate after order;

According to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Shared key is sent to calculate success message;

In the transition process of card application data, using the KsCarry out to sent card application data plus Close, or the card application data that (U) SIM sends is decrypted.

Wherein, described according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and to the card Before management tool sends shared key calculating success message, also include:

According to the MAC (Rs) safety verification is carried out to (U) SIM.

Wherein, described according to the MAC (Rs) safety verification is carried out to (U) SIM, including:

According to RsGenerate RsThe second digest value, judge RsThe second digest value whether with MAC (Rs) Identical, in RsThe second digest value and the MAC (Rs) identical when, then described (U) SIM passes through Safety verification.

Wherein, there is in described (U) SIM public private key pair corresponding with MSISDN;Wherein, public key is public Open, private key is stored in the secure storage areas of described (U) SIM.

Wherein, in the transition process of card application data, using the Ks(U) SIM is sent Card application data is decrypted, including:

Random number R of the carrying that receiving card management tool sends from (U) SIMq, MSISDN, first The card application data of encryption data and the second encryption data is moved out request message, wherein described RqIt is described (U) SIM moves out what order was generated in the card application data for receiving the transmission of card management tool, and described first Encryption data is that (U) SIM uses the private key to the RqGeneration is encrypted with MSISDN, second adds Ciphertext data is that (U) SIM uses the KsGeneration is encrypted to the card application data;

Moved out request message according to the card application data, using the KsDecrypt second encryption data And after storing to which, move out success message to the card management tool sending card application data.

Wherein, moved into request message according to the card application data, using the KsDecrypt described second to add Before ciphertext data, also include:

Legitimate verification is carried out to (U) SIM using the public key.

Wherein, described legitimate verification is carried out to (U) SIM using the public key, including:

Using the random number R in the first encryption data described in the public key decryptionsqAnd MSISDN, judge with The R for receivingqWhen identical with MSISDN, then described (U) SIM is legal.

Wherein, in the transition process of card application data, using the KsTo sent card application data It is encrypted, including:

Random number R of the carrying that receiving card management tool sends from (U) SIMm, MSISDN and the 3rd The card application data of encryption data is moved into request message, wherein described RmIt is that (U) SIM is being received The card application data that card management tool sends moves out what order was generated, and the 3rd encryption data is (U) SIM Card is using the private key to the RmGeneration is encrypted with MSISDN;

Moved into request message according to the card application data, return to the card management tool and use the Ks The 4th encryption data for generating is encrypted to sent card application data.

Wherein, also include:

Random number R of the carrying that receiving card management tool sends from (U) SIMn, MSISDN and the 5th The remote wipe request message of the card application data of encryption data, wherein, the RnIt is (U) SIM The remote wipe request command of the card application data sent according to the card management tool for receiving is generated, described 5th encryption data is that (U) SIM uses the private key to the RnGeneration is encrypted with MSISDN;

According to the remote wipe request message of the card application data, card application data is wiped.

Wherein, the remote wipe request message according to the card application data, wipes card application data, Including:

According to the remote wipe request message of the card application data, using described in the public key verifications (U), after the legitimacy of SIM, successfully after erasing card application data, and send to the card management tool remote Journey wipes success message.

Wherein, according to the remote wipe request message of the card application data, using described in the public key verifications (U) legitimacy of SIM, including:

The random number R gone out in the 4th encryption data using the public key decryptionsnAnd MSISDN, judge and receive The R for arrivingnWhen identical with MSISDN, then described (U) SIM is legal.

The embodiment of the present invention also provides a kind of safety transfer device of card application data, is applied to card management platform, Including:

Second transmitting-receiving process module, for receive by card management tool send from the random of (U) SIM Number Rk, and set up the RkAfter the incidence relation of cell-phone number MSISDN, random number R is generatedp、Rk The first digest value MAC (Rk) and RpThe first digest value MAC (Rp), and send out to card management tool Send the Rp、MAC(Rp)、MAC(Rk) and MSISDN, wherein, the RkIt is (U) SIM Be stuck in receive card management tool transmission shared key consult order after generate;

Second receiver module, is receiving the shared of (U) SIM transmission for receiving card management tool The carrying random number R sent after cipher key calculation success messagesAnd RsDigest value MAC (Rs) shared close Key consults request, wherein, the RsWith MAC (Rs) it is in receiving card management tool by (U) SIM The shared key of transmission is generated after consulting order;

Second key production module, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;

Second data processing module, in the transition process of card application data, using the KsTreat The card application data of transmission is encrypted, or the card application data that (U) SIM sends is decrypted.

The embodiment of the present invention also provides a kind of card management platform, including:Card application as described in above-mentioned embodiment The safety transfer device of data.

A kind of safety transfer method of card application data, is applied to card management tool, including:

Shared key is sent to (U) SIM and consults order;

(U) SIM is received according to the random number R that orders and generate and returnk、RsAnd RsDigest value MAC(Rs), and the R is sent to card management platformk

Receive card management platform and set up the RkWith associating for the cell-phone number MSISDN of (U) SIM The random number R returned after relationp、RkThe first digest value MAC (Rk)、RpDigest value MAC (Rp) With the cell-phone number MSISDN of (U) SIM, and by the Rp、MAC(Rk)、MAC(Rp) Described (U) SIM is transmitted to MSISDN;

Described in reception, (U) SIM is according to the Rk、RsAnd RpGenerate symmetrical shared key KsAfter return Shared key calculate success message, and send to card management platform and carry the RsWith MAC (Rs) Shared key consults request;

The card management platform is received according to the Rk、RsAnd RpGenerate symmetrical shared key KsAfter return Shared key calculate success message;

In the transition process of card application data, warp is forwarded between SIM and card management platform at (U) The card application data of the shared key encryption.

Wherein, there is in described (U) SIM public private key pair corresponding with MSISDN;Wherein, public key is public Open, private key is stored in the secure storage areas of described (U) SIM.

Wherein, in the transition process of card application data, at (U) between SIM and card management platform The card application data that encrypts through the shared key is forwarded, including:

Move out order to (U) SIM sending card application data;

The MSISDN and (U) SIM for receiving the transmission of (U) SIM is generated simultaneously according to the order The random number R of returnq, the first encryption data, the second encryption data, and to card management platform send carry The Rq, MSISDN, the card application data of the first encryption data and the second encryption data move out request, its In, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN plus Close generation;Second encryption data is that (U) SIM uses the KsTo the card application data Encryption is generated;

After receiving the legitimacy of (U) SIM described in card management platform checking, using the KsTo described second The success message of moving out sent after encryption data decryption.

Wherein, in the transition process of card application data, at (U) between SIM and card management platform The card application data that encrypts through the shared key is forwarded, including:

Move into order to (U) SIM sending card application data;

The MSISDN and (U) SIM that (U) SIM described in reception sends is given birth to according to the order Into and the random number R that returnsmWith the 3rd encryption data, and send to card management platform and carry the Rm、 The card application data of MSISDN and the 3rd encryption data is moved into request, and wherein, the 3rd encryption data is (U) SIM is using the private key to the RmGeneration is encrypted with MSISDN;

After receiving the legitimacy of (U) SIM described in card management platform checking, the 4th encryption data of return, And send to (U) SIM and carry the card application data of the 4th encryption data and move into order, wherein, 4th encryption data is that the card management platform uses the KsEncrypt to sent card application data Generate;

(U) SIM described in reception uses the KsSent after decrypting the 4th encryption data moves into into Work(message.

Wherein, also include:

To (U) SIM sending card application data remote wipe request command;

The MSISDN and (U) SIM that (U) SIM described in reception sends is given birth to according to the order Into and the random number R that returnsn, the 5th encryption data, and send to card management platform and carry the Rn、 The card application data remote wipe request of MSISDN and the 5th encryption data, wherein, the 5th encryption number According to being (U) SIM using the private key to the RnGeneration is encrypted with MSISDN;

The legitimacy of (U) SIM described in card management platform checking is received, is returned after wiping the card application data The remote wipe success message for returning, and to (U) the SIM sending card application data remote wipe order;

The card application data that (U) SIM described in reception is sent after wiping the card application data is wiped and is successfully disappeared Breath.

The embodiment of the present invention also provides a kind of safety transfer device of card application data, is applied to card management tool, Including:

First sending module, consults order for sending shared key to (U) SIM;

First transceiver module, orders the random number R for generating and returning for receiving (U) SIM according to describedk、 RsAnd RsDigest value MAC (Rs), and the R is sent to card management platformk

Second transceiver module, is setting up the R for receiving card management platformkHandss with (U) SIM The random number R returned after the incidence relation of machine MSISDNp、RkThe first digest value MAC (Rk)、 RpDigest value MAC (Rp) and (U) SIM cell-phone number MSISDN, and by the Rp、 MAC(Rk)、MAC(Rp) and MSISDN be transmitted to described (U) SIM;

3rd transceiver module, for receiving described (U) SIM according to the Rk、RsAnd RpIt is right to generate Claim shared key KsThe shared key for returning afterwards calculates success message, and sends carrying institute to card management platform State RsWith MAC (Rs) shared key consult request;

3rd receiver module, for receiving the card management platform according to the Rk、RsAnd RpIt is right to generate Claim shared key KsThe shared key for returning afterwards calculates success message;

First data forwarding module, in the transition process of card application data, in (U) SIM The card application data that encrypts through the shared key is forwarded and card management platform between.

The embodiment of the present invention also provides a kind of card management tool, including:Card application as described in above-mentioned embodiment The safety transfer device of data.

The embodiment of the present invention also provides a kind of safety transfer system of card application data, including:(U) SIM, Card management tool and card management platform, wherein, (U) SIM is (U) SIM described in above-described embodiment Card, the card management platform are the card management platform described in above-described embodiment, and the card management tool is above-mentioned Card management tool described in embodiment.

The above-mentioned technical proposal of the present invention has the beneficial effect that:

In the scheme of the embodiment of the present invention, generation is consulted by using (U) between SIM and card management platform Symmetrical shared key, realizes the safety of card application data under the upgrading of (U) SIM and the constant scene of cell-phone number Migration so that user is during card is changed in the upgrading of (U) SIM, it is ensured that (U) the user's secret on SIM The safety of information, prevents which to be tampered.

Description of the drawings

Basic step schematic diagrams one of the Fig. 1 for the safety transfer method of the card application data of the embodiment of the present invention;

Composition structural representations two of the Fig. 2 for the safety transfer device of the card application data of the embodiment of the present invention;

Basic step schematic diagrams three of the Fig. 3 for the safety transfer method of the card application data of the embodiment of the present invention;

Composition structural representations four of the Fig. 4 for the safety transfer device of the card application data of the embodiment of the present invention;

Basic step schematic diagrams five of the Fig. 5 for the safety transfer method of the card application data of the embodiment of the present invention;

Basic step schematic diagrams six of the Fig. 6 for the safety transfer method of the card application data of the embodiment of the present invention.

Fig. 7 consults to generate symmetrical shared key between SIM and card management platform for (U) of the embodiment of the present invention KsIdiographic flow schematic diagram;

Fig. 8 is the idiographic flow schematic diagram that the safety of the card application data of the embodiment of the present invention is moved out;

Fig. 9 is the idiographic flow schematic diagram that the safety of the card application data of the embodiment of the present invention is moved into;

Idiographic flow schematic diagrams of the Figure 10 for the remote wipe of the card application data of the embodiment of the present invention.

Specific embodiment

For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached Figure and specific embodiment are described in detail.

The present invention is changed card for being upgraded by (U) SIM in prior art and card application data is synchronized to upgrading (U) SIM in, need user's manual operation, make obstruction for changing blocking, while there is also (U) SIM On private information carrying out safety backup stationary problem, there is provided a kind of safety transfer method of card application data, dress Put and system, by using the symmetrical shared key that (U) consults to generate between SIM and card management platform, real The safety transfer of card application data under existing (U) SIM upgrading and the constant scene of cell-phone number so that Yong Hu (U), during card is changed in SIM upgrading, it is ensured that (U) safety of the user's private information on SIM, prevent Stop which to be tampered.

First embodiment:

As shown in figure 1, the embodiment of the present invention provides a kind of safety transfer method of card application data, it is applied to U (SIM) blocks, including:

Step 11, the shared key that receiving card management tool sends consult order, according to the shared key Consult order and generate random number Rk、RsAnd RsDigest value MAC (Rs), and send to card management tool The Rk、RsAnd MAC (Rs);

Step 12, the random number R from card management platform that receiving card management tool is forwardedp、RkFirst Digest value MAC (Rk)、RpThe first digest value MAC (Rp) and (U) SIM cell-phone number MSISDN, wherein, the Rp、MAC(Rk)、MAC(Rp) it is that the card management platform is being received To the R that card management tool sendskAnd set up the RkGenerate with after the incidence relation of the MSISDN 's;

Step 13, according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and to the card Management tool sends shared key and calculates success message;

Step 14, in the transition process of card application data, using the KsTo sent card application number According to being encrypted, or the card application data that the card management platform sends is decrypted.

The safety transfer method of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card management platform, realize the upgrading of (U) SIM and cell-phone number is constant Scene under card application data safety transfer so that user (U) SIM upgrading change card during, guarantor The safety of the user's private information on (U) SIM is demonstrate,proved, has prevented which to be tampered.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Further, step 13 in the above embodiment of the present invention, according to the Rk、RsAnd RpGenerate one Individual symmetrical shared key Ks, and before sending shared key calculating success message to the card management tool, Also include:

Step 15, according to the MAC (Rk) and MAC (Rp) safe testing is carried out to card management platform Card.

Further, in the above embodiment of the present invention provide according to the MAC (Rk) and MAC (Rp) safety verification is carried out to card management platform method, step 15 includes:

Step 151, according to RkGenerate RkThe second digest value, judge RkThe second digest value whether with MAC(Rk) identical, judge the legitimacy of card management platform;

Step 152, when judging that card management platform is legal, according to the R for receivingpGenerate RpSecond pluck It is worth, judges RpThe second digest value whether with MAC (Rp) identical, verify RpLegitimacy, and In RpWhen legal, then the card management platform passes through safety verification.

Further, in the above embodiment of the present invention in step 14 in the transition process of card application data, Using the KsTo sent the method that card application data is encrypted, including:

Step 141, the request command of moving out of the card application data that receiving card management tool sends;

Step 142, the request command of moving out according to the card application data generate random number Rq, first encryption Data and the second encryption data, and the R is sent to the card management toolq, MSISDN, first encryption Data and the second encryption data, wherein, first encryption data is that (U) SIM uses the private Key is to the RqGeneration is encrypted with MSISDN, second encryption data is the U) SIM use The KsGeneration is encrypted to sent card application data.

Further, the transition process in the above embodiment of the present invention in step 14 in card application data In, the method that is decrypted of card application data that the card management platform is sent, including:

Step 143, the request command of moving into of the card application data that receiving card management tool sends;

Step 144, the request command of moving into according to card application data generate random number RmWith the 3rd encryption number According to, and the R is sent to the card management toolm, MSISDN and the 3rd encryption data,

Wherein, the 3rd encryption data is that (U) SIM uses the private key to the RmWith MSISDN encryptions are generated;

Step 145, the 4th encryption data carried from card management platform that receiving card management tool sends Card application data move into order, wherein, the 4th encryption data is that the card management platform is being received The card application data that card management tool sends is moved into request message, using the public key verifications (U) SIM After safety, using the KsGeneration is encrypted to sent card application data;

Step 146, using the Ks4th encryption data is decrypted, and by decryption after card Application data store is in secure storage areas, and moves into the card management tool sending card application data and successfully disappear Breath.

Further, the above embodiment of the present invention provides a kind of safety transfer method of card application data, also Including:

Step 16, the remote wipe request command of the card application data that receiving card management tool sends;

Step 17, according to the remote wipe request command of card application data, wipes card application data.

Further, in the above embodiment of the present invention, step 17 please according to the remote wipe of card application data Order is asked, the method for wiping card application data, including:

Step 171, generates random number R according to the remote wipe request command of card application datanWith slender acanthopanax Ciphertext data, and the R is sent to the card management tooln, MSISDN and the 5th encryption data, wherein 5th encryption data is that (U) SIM uses the private key to the RnWith MSISDN encryption lifes Into;

Step 172, receives and is successfully disappeared according to the remote wipe that card management platform is returned by the card management tool The remote wipe order of the card application data sent after breath, wiping the card according to the remote wipe order should With data, and success message is wiped to card management tool sending card application data;Wherein, the remote wipe Success message is that the card management platform is receiving the card application data erasing request of card management tool transmission Message, after the legitimacy using the public key verifications (U) SIM, after erasing card application data, to described The message that card management tool sends.

The method of the safety transfer of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card and card management platform, realize the upgrading of (U) SIM and cell-phone number is not The safety transfer of card application data under the scene of change so that user (U) SIM upgrading change card during, The safety of the user's private information on (U) SIM is ensure that, prevents which to be tampered.

Second embodiment:

As shown in Fig. 2 the embodiment of the present invention also provides a kind of safety transfer device of card application data, including:

First transmitting-receiving process module 21, consults order for the shared key that receiving card management tool sends, Order is consulted according to the shared key and generates random number Rk、RsAnd RsDigest value MAC (Rs), and The R is sent to card management toolk、RsAnd MAC (Rs);

First receiver module 22, for the random number from card management platform that receiving card management tool is forwarded Rp、RkThe first digest value MAC (Rk)、RpThe first digest value MAC (Rp) and (U) SIM The cell-phone number MSISDN of card, wherein, the Rp、MAC(Rk)、MAC(Rp) it is the card pipe Platform is receiving the R of card management tool transmissionkAnd set up the RkPass with the MSISDN Generate after connection relation;

First key generation module 23, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;

First data processing module 24, in the transition process of card application data, using the KsRight Card application data to be sent is encrypted, or the card application data that the card management platform sends is solved Close.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Specifically, first key generation module 23 described in the above embodiment of the present invention, according to the Rk、 RsAnd RpGenerate symmetrical shared key Ks, and be calculated as to card management tool transmission shared key Before work(message, also include:

First secure verification module 25, for according to the MAC (Rk) and MAC (Rp) card is managed Platform carries out safety verification.

Specifically, in the above embodiment of the present invention, the first secure verification module 25 also includes:

First judging submodule, for according to RkGenerate RkThe second digest value, judge RkSecond pluck Be worth whether with MAC (Rk) identical, judge the legitimacy of card management platform;

First safety verification submodule, for according to the R for receivingpGenerate RpThe second digest value, judge RpThe second digest value whether with MAC (Rp) identical, verify RpLegitimacy, and in RpWhen legal, Then the card management platform passes through safety verification.

Specifically, the first data processing module 24 described in the above embodiment of the present invention, applies in card In the transition process of data, using the KsWhen being encrypted to sent card application data, including:

First receiving submodule, the request command of moving out of the card application data sent for receiving card management tool;

First data encryption submodule, random for being generated according to the request command of moving out of the card application data Number Rq, the first encryption data and the second encryption data, and send the R to the card management toolq、 MSISDN, the first encryption data and the second encryption data, wherein, first encryption data is described (U) SIM uses the private key to the RqGeneration, second encryption data are encrypted with MSISDN The U) SIM use the KsGeneration is encrypted to sent card application data.

Specifically, the first data processing module 24 described in the above embodiment of the present invention, applies in card In the transition process of data, when being decrypted to the card application data that the card management platform sends, including:

Second receiving submodule, the request command of moving into of the card application data sent for receiving card management tool;

First processes sending submodule, generates random number for the request command of moving into according to card application data RmWith the 3rd encryption data, and the R is sent to the card management toolm, MSISDN and the 3rd encryption Data,

Wherein, the 3rd encryption data is that (U) SIM uses the private key to the RmWith MSISDN encryptions are generated;

3rd receiving submodule, carry from card management platform the sent for receiving card management tool The card application data of four encryption datas is moved into order, and wherein, the 4th encryption data is that the card management is flat Platform is moved into request message in the card application data for receiving the transmission of card management tool, using the public key verifications (U) after the safety of SIM, using the KsGeneration is encrypted to sent card application data.

First data deciphering submodule, for using the Ks4th encryption data is decrypted, And by decryption after card application data store in secure storage areas, and to the card management tool sending card application Data are moved into success message.

Specifically, the safety transfer device of the card application data described in the above embodiment of the present invention, also wraps Include:

Second receiver module 26, the remote wipe of the card application data sent for receiving card management tool please Ask order;

Second data processing module 27, for the remote wipe request command according to card application data, erasing Card application data.

Specifically, the second data processing module 27 described in the above embodiment of the present invention, including:

Second processing sending submodule, generates for the remote wipe request command according to card application data random Number RnWith the 5th encryption data, and the R is sent to the card management tooln, MSISDN and slender acanthopanax Ciphertext data, wherein described 5th encryption data are that (U) SIM uses the private key to the RnWith MSISDN encryptions are generated;

First transmitting-receiving process submodule, is returned according to card management platform by the card management tool for reception The remote wipe order of the card application data sent after remote wipe success message, orders according to the remote wipe The order erasing card application data, and success message is wiped to card management tool sending card application data;Wherein, The remote wipe success message is that the card management platform is receiving the card application that card management tool sends Data wipe request message, after the legitimacy using the public key verifications (U) SIM, erasing card application number According to rear, to the message that the card management tool sends.

It should be noted that the device is device corresponding with said method, all realization realities of said method Applying example, identical technique effect can be reached suitable for the embodiment of the device, also.

The embodiment of the present invention also provides a kind of (U) SIM, including the card application number as described in above-mentioned embodiment According to safety transfer device.

3rd embodiment

As shown in figure 3, the embodiment of the present invention also provides a kind of safety transfer method of card application data, application In card management platform, including:

Step 31, receives the random number R from (U) SIM sent by card management toolk, and set up institute State RkAfter the incidence relation of cell-phone number MSISDN, random number R is generatedp、RkThe first digest value MAC (Rk) and RpThe first digest value MAC (Rp), and the R is sent to card management toolp、MAC(Rp)、 MAC(Rk) and MSISDN, wherein, the RkIt is that (U) SIM is receiving card management work The shared key that tool sends is generated after consulting order;

Step 32, receiving card management tool are calculated as in the shared key for receiving (U) SIM transmission The carrying random number R sent after work(messagesAnd RsDigest value MAC (Rs) shared key consult request, Wherein, the RsWith MAC (Rs) be by (U) SIM receiving card management tool send shared close Key is generated after consulting order;

Step 33, according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and to the card Management tool sends shared key and calculates success message;

Step 34, in the transition process of card application data, using the KsTo sent card application number According to being encrypted, or the card application data that (U) SIM sends is decrypted.

The safety transfer method of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card management platform, realize the upgrading of (U) SIM and cell-phone number is constant Scene under card application data safety transfer so that user (U) SIM upgrading change card during, guarantor The safety of the user's private information on (U) SIM is demonstrate,proved, has prevented which to be tampered.

Further, described in the above embodiment of the present invention the step of 33, according to the Rk、RsAnd Rp Generate symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool Before, also include:

Step 35, according to the MAC (Rs) safety verification is carried out to (U) SIM.

Further, described in the above embodiment of the present invention the step of 35, includes:

Step 351, according to RsGenerate RsThe second digest value, judge RsThe second digest value whether with MAC(Rs) identical, in RsThe second digest value and the MAC (Rs) identical when, then described (U) SIM Card passes through safety verification.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Further, step 34 in the above embodiment of the present invention, in the transition process of card application data, Using the KsThe card application data that (U) SIM sends is decrypted, including:

Step 341, random number R of the carrying that receiving card management tool sends from (U) SIMq、 The card application data of MSISDN, the first encryption data and the second encryption data is moved out request message, wherein institute State RqBeing (U) SIM moves out order generation in the card application data for receiving the transmission of card management tool, First encryption data is that (U) SIM uses the private key to the RqGeneration is encrypted with MSISDN, Second encryption data is that (U) SIM uses the KsGeneration is encrypted to the card application data;

Step 342, moves out request message according to the card application data, using the KsDecrypt described Two encryption datas after storing to which, move out to the card management tool sending card application data and successfully disappear Breath.

Further, step 342 in the above embodiment of the present invention, being moved into according to the card application data please Message is sought, using the KsBefore decrypting second encryption data, also include:

Step 343, carries out legitimate verification using the public key to (U) SIM.

Further, in the above embodiment of the present invention, step 343 includes:

Step 343-1, using the random number R in the first encryption data described in the public key decryptionsqWith MSISDN, judges and the R for receivingqWhen identical with MSISDN, then described (U) SIM is legal.

Further, step 34 in the above embodiment of the present invention, in the transition process of card application data, Using the KsIt is encrypted to sent card application data, including:

Step 344, random number R of the carrying that receiving card management tool sends from (U) SIMm、 The card application data of MSISDN and the 3rd encryption data is moved into request message, wherein described RmIt is described (U) SIM moves out what order was generated in the card application data for receiving the transmission of card management tool, and the described 3rd Encryption data is that (U) SIM uses the private key to the RmGeneration is encrypted with MSISDN;

Step 345, moves into request message according to the card application data, and returning to the card management tool makes Use the KsThe 4th encryption data for generating is encrypted to sent card application data.

Further, a kind of safety transfer method of the card application data for providing in the above embodiment of the present invention, Also include:

Step 35, random number R of the carrying that receiving card management tool sends from (U) SIMn、MSISDN With the remote wipe request message of the card application data of the 5th encryption data, wherein, the RnIt is described (U) the remote wipe request command life of the card application data that SIM is sent according to the card management tool for receiving Into, the 5th encryption data is that (U) SIM uses the private key to the RnAnd MSISDN Encryption is generated;

Step 36, according to the remote wipe request message of the card application data, wipes card application data.

Further, in the above embodiment of the present invention, step 36 includes:

Step 361, according to the remote wipe request message of the card application data, using the public key verifications After the legitimacy of (U) SIM, successfully after erasing card application data, and send out to the card management tool Send remote wipe success message.

Further, in the above embodiment of the present invention in step 361, according to the remote of the card application data Journey wipes request message, using the legitimacy of (U) SIM described in the public key verifications, including:

Step 361-1, the random number R gone out in the 4th encryption data using the public key decryptionsnAnd MSISDN, The R for judging and receivingnWhen identical with MSISDN, then described (U) SIM is legal.

The safety transfer method of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card management platform, realize the upgrading of (U) SIM and cell-phone number is constant Scene under card application data safety transfer so that user (U) SIM upgrading change card during, guarantor The safety of the user's private information on (U) SIM is demonstrate,proved, has prevented which to be tampered.

Fourth embodiment

As shown in figure 4, the embodiment of the present invention also provides a kind of safety transfer device of card application data, including:

Second transmitting-receiving process module 41, for receive by card management tool send from (U) SIM with Machine number Rk, and set up the RkAfter the incidence relation of cell-phone number MSISDN, random number R is generatedp、 RkThe first digest value MAC (Rk) and RpThe first digest value MAC (Rp), and to card management tool Send the Rp、MAC(Rp)、MAC(Rk) and MSISDN, wherein, the RkIt is (U) SIM Be stuck in receive card management tool transmission shared key consult order after generate;

3rd receiver module 42, is receiving being total to for (U) SIM transmission for receiving card management tool The carrying random number R sent after enjoying cipher key calculation success messagesAnd RsDigest value MAC (Rs) shared Key negotiation request, wherein, the RsWith MAC (Rs) it is to manage work by (U) SIM in receiving card The shared key that tool sends is generated after consulting order;

Second key production module 43, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;

3rd data processing module 44, in the transition process of card application data, using the KsRight Card application data to be sent is encrypted, or the card application data that (U) SIM sends is solved Close.

Specifically, the second key production module 43 described in the above embodiment of the present invention, according to institute State Rk、RsAnd RpGenerate symmetrical shared key Ks, and shared key is sent to the card management tool Before calculating success message, also include:

Second secure verification module 45, for according to the MAC (Rs) safety is carried out to (U) SIM Checking.

Specifically, the second secure verification module 45 described in the above embodiment of the present invention also includes:

Second safety verification submodule, for according to RsGenerate RsThe second digest value, judge RsSecond Digest value whether with MAC (Rs) identical, in RsThe second digest value and the MAC (Rs) identical When, then described (U) SIM passes through safety verification.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Specifically, the 3rd data processing module 44 described in the above embodiment of the present invention, applies in card In the transition process of data, using the KsThe card application data that (U) SIM sends is decrypted When, including:

4th receiving submodule, for receiving card management tool send carrying from the random of (U) SIM Number Rq, MSISDN, the card application data of the first encryption data and the second encryption data move out request message, Wherein described RqBeing (U) SIM moves out order in the card application data for receiving the transmission of card management tool Generate, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN plus Close generation, the second encryption data is that (U) SIM uses the KsCard application data encryption is generated 's;

Second data deciphering submodule, for being moved out request message according to the card application data, using described KsAfter decrypting second encryption data and which being stored, to the card management tool sending card application Data are moved out success message.

Specifically, the second data deciphering submodule described in the above embodiment of the present invention, according to the card Application data is moved into request message, using the KsBefore decrypting second encryption data, also include:

First legal checking submodule, for carrying out legitimate verification using the public key to (U) SIM.

Specifically, the first legal checking submodule described in the above embodiment of the present invention, including:

First legal authentication unit, for using the random number in the first encryption data described in the public key decryptions RqAnd MSISDN, judge and the R for receivingqWhen identical with MSISDN, then described (U) SIM Legal.

Specifically, the 3rd data processing module 44 described in the above embodiment of the present invention, applies in card In the transition process of data, using the KsWhen being encrypted to sent card application data, including:

5th receiving submodule, for receiving card management tool send carrying from the random of (U) SIM Number Rm, MSISDN and the 3rd encryption data card application data move into request message, wherein described Rm Being (U) SIM moves out order generation in the card application data for receiving the transmission of card management tool, institute It is that (U) SIM uses the private key to the R to state the 3rd encryption datamGeneration is encrypted with MSISDN;

Second data encryption submodule, for being moved into request message according to the card application data, to the card Management tool is returned and uses the KsThe 4th encryption data for generating is encrypted to sent card application data.

Specifically, the safety transfer device of the card application data described in the above embodiment of the present invention, also wraps Include:

4th receiver module 46, for receiving card management tool send carrying from the random of (U) SIM Number Rn, MSISDN and the 5th encryption data card application data remote wipe request message, wherein, The RnIt is the long-range wiping of the card application data that (U) SIM is sent according to the card management tool for receiving Except request command generation, the 5th encryption data is that (U) SIM uses the private key to described RnGeneration is encrypted with MSISDN;

4th data processing module 47, for the remote wipe request message according to the card application data, Erasing card application data.

Specifically, the 4th data processing module 47 described in the above embodiment of the present invention, including:

4th data processing submodule, according to the remote wipe request message of the card application data, using institute After stating the legitimacy of (U) SIM described in public key verifications, successfully after erasing card application data, and to the card Management tool sends remote wipe success message.

Specifically, the 4th data processing submodule described in the above embodiment of the present invention, according to the card The remote wipe request message of application data, using described in the public key verifications during legitimacy of (U) SIM, Including:

Second legal authentication unit, for the random number gone out in the 4th encryption data using the public key decryptions RnAnd MSISDN, judge and the R for receivingnWhen identical with MSISDN, then described (U) SIM Legal.

It should be noted that the device is device corresponding with said method, all embodiments of said method Suitable for the embodiment of the device, identical technique effect can be also reached.

Embodiments of the invention also provide a kind of card management platform, including the card application described in figure above-described embodiment The safety transfer device of data.

5th embodiment

As shown in figure 5, the embodiment of the present invention also provides a kind of safety transfer method of card application data, application In card management tool, including:

Step 51, sends shared key to (U) SIM and consults order;

Step 52, receives (U) SIM according to the random number R that orders and generate and returnk、RsAnd Rs Digest value MAC (Rs), and the R is sent to card management platformk

Step 53, receives card management platform and is setting up the RkCell-phone number with (U) SIM The random number R returned after the incidence relation of MSISDNp、RkThe first digest value MAC (Rk)、Rp's Digest value MAC (Rp) and (U) SIM cell-phone number MSISDN, and by the Rp、MAC (Rk)、MAC(Rp) and MSISDN be transmitted to described (U) SIM;

Step 54, described in reception, (U) SIM is according to the Rk、RsAnd RpGenerate symmetrical shared key KsThe shared key for returning afterwards calculates success message, and sends the carrying R to card management platformsAnd MAC (Rs) shared key consult request;

Step 55, receives the card management platform according to the Rk、RsAnd RpGenerate symmetrical shared key KsThe shared key for returning afterwards calculates success message;

Step 56, in the transition process of card application data, (U) SIM and card management platform it Between forward through the shared key encrypt card application data.

The method of the safety transfer of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card and card management platform, realize the upgrading of (U) SIM and cell-phone number is not The safety transfer of card application data under the scene of change so that user (U) SIM upgrading change card during, The safety of the user's private information on (U) SIM is ensure that, prevents which to be tampered.

Further, described in the above embodiment of the present invention the step of 56, including:

Step 561, moves out order to (U) SIM sending card application data;

Step 562, receives the MSISDN and (U) SIM of the transmission of (U) SIM according to the life The random number R that order is generated and returnedq, the first encryption data, the second encryption data, and to card management platform Send and carry the Rq, MSISDN, the card application data of the first encryption data and the second encryption data move out Request, wherein, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN encryptions are generated;Second encryption data is that (U) SIM uses the KsTo described The encryption of card application data is generated;

Step 563, after receiving the legitimacy of (U) SIM described in card management platform checking, using the Ks To the success message of moving out sent after second encryption data decryption.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Further, described in the above embodiment of the present invention the step of 56, also include:

Step 564, moves into order to (U) SIM sending card application data;

Step 565, the MSISDN and (U) SIM of (U) SIM transmission described in reception is according to institute State the random number R that order is generated and returnedmWith the 3rd encryption data, and to card management platform send carry institute State Rm, MSISDN and the 3rd encryption data card application data move into request, wherein, the Acanthopanan trifoliatus (L.) Merr. Ciphertext data is that (U) SIM uses the private key to the RmGeneration is encrypted with MSISDN;

Step 566, after receiving the legitimacy of (U) SIM described in card management platform checking, the 4th of return the Encryption data, and send to (U) SIM and carry the card application data of the 4th encryption data and move into Order, wherein, the 4th encryption data is that the card management platform uses the KsTo sent card Application data encryption is generated;

Step 567, (U) SIM described in reception use the KsSend out after decrypting the 4th encryption data The success message of moving into for sending.

Further, the safety transfer method of card application data described in the above embodiment of the present invention, also wraps Include:

Step 57, to (U) SIM sending card application data remote wipe request command;

Step 58, the MSISDN and (U) SIM of (U) SIM transmission described in reception is according to institute State the random number R that order is generated and returnedn, the 5th encryption data, and to card management platform send carry institute State Rn, MSISDN and the 5th encryption data the request of card application data remote wipe, wherein, described the Five encryption datas are that (U) SIM uses the private key to the RnGeneration is encrypted with MSISDN;

Step 59, receives the legitimacy of (U) SIM described in card management platform checking, wipes the card application The remote wipe success message returned after data, and remotely wipe to (U) the SIM sending card application data Except order;

Step 60, the card application data that (U) SIM described in reception is sent after wiping the card application data are wiped Remove success message.

The method of the safety transfer of the card application data of the above embodiment of the present invention, by using (U) SIM Consult the symmetrical shared key for generating between card and card management platform, realize the upgrading of (U) SIM and cell-phone number is not The safety transfer of card application data under the scene of change so that user (U) SIM upgrading change card during, The safety of the user's private information on (U) SIM is ensure that, prevents which to be tampered.

Sixth embodiment

As shown in fig. 6, the embodiment of the present invention also provides a kind of safety transfer device of card application data, including:

First sending module 61, consults order for sending shared key to (U) SIM;

First transceiver module 62, orders the random number for generating and returning for receiving (U) SIM according to described Rk、RsAnd RsDigest value MAC (Rs), and the R is sent to card management platformk

Second transceiver module 63, is setting up the R for receiving card management platformkWith (U) SIM The random number R returned after the incidence relation of cell-phone number MSISDNp、RkThe first digest value MAC (Rk)、 RpDigest value MAC (Rp) and (U) SIM cell-phone number MSISDN, and by the Rp、 MAC(Rk)、MAC(Rp) and MSISDN be transmitted to described (U) SIM;

3rd transceiver module 64, for receiving described (U) SIM according to the Rk、RsAnd RpGenerate Symmetrical shared key KsThe shared key for returning afterwards calculates success message, and sends carrying to card management platform The RsWith MAC (Rs) shared key consult request;

5th receiver module 65, for receiving the card management platform according to the Rk、RsAnd RpGenerate Symmetrical shared key KsThe shared key for returning afterwards calculates success message;

First data forwarding module 66, in the transition process of card application data, in (U) SIM The card application data that encrypts through the shared key is forwarded between card and card management platform.

Specifically, have in (U) SIM described in the above embodiment of the present invention corresponding with MSISDN Public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

Specifically, the card application data described in the above embodiment of the present invention includes:User profile and card should Use information;Wherein, user profile includes associated person information and short message;Card application message is (U) SIM In be related to relevant user information in mobile-phone payment business, i.e. user's private information.

Specifically, the safety transfer of the card application data described in the above embodiment of the present invention at least includes: The safety of card application data is moved out, is moved into and/or remote wipe.

Specifically, the first data forwarding module 66 described in the above embodiment of the present invention, including:

First sending submodule, for moving out order to (U) SIM sending card application data;

First transmitting-receiving submodule, for receiving the MSISDN and (U) SIM of the transmission of (U) SIM According to the random number R that orders and generate and returnq, the first encryption data, the second encryption data, and to Card management platform sends and carries the Rq, MSISDN, the first encryption data and the second encryption data card should Moved out request with data, wherein, first encryption data is that (U) SIM uses the private key pair The RqGeneration is encrypted with MSISDN;Second encryption data is (U) SIM using described KsGeneration is encrypted to the card application data;

Second transmitting-receiving submodule, for receiving after the legitimacy of (U) SIM described in card management platform checking, Using the KsTo the success message of moving out sent after second encryption data decryption.

Specifically, the first data forwarding module 66 described in the above embodiment of the present invention, also includes:

Second sending submodule, for moving into order to (U) SIM sending card application data;

3rd transmitting-receiving submodule, for receiving MSISDN that described (U) SIM sends and described (U) SIM is according to the random number R that orders and generate and returnmWith the 3rd encryption data, and to card manage Platform sends and carries the Rm, MSISDN and the 3rd encryption data card application data move into request, its In, the 3rd encryption data is that (U) SIM uses the private key to the RmWith MSISDN encryptions are generated;

4th transmitting-receiving submodule, for receiving after the legitimacy of (U) SIM described in card management platform checking, The 4th encryption data for returning, and the card for sending carrying the 4th encryption data to (U) SIM should Moved into order with data, wherein, the 4th encryption data is that the card management platform uses the KsRight Card application data encryption to be sent is generated;

6th receiving submodule, (U) SIM described in reception use the KsDecrypt the 4th encryption number Success message of moving into according to rear transmission.

Specifically, the safety transfer method of the card application data described in the above embodiment of the present invention, also wraps Include:

Second sending module 67, for (U) SIM sending card application data remote wipe request command;

4th transceiver module 68, for receiving MSISDN that described (U) SIM sends and described (U) SIM is according to the random number R that orders and generate and returnn, the 5th encryption data, and to card manage Platform sends and carries the Rn, MSISDN and the 5th encryption data the request of card application data remote wipe, Wherein, the 5th encryption data is that (U) SIM uses the private key to the RnAnd MSISDN Encryption is generated;

5th transceiver module 69, for receiving the legitimacy of (U) SIM described in card management platform checking, wipes The remote wipe success message returned after removing the card application data, and should to (U) the SIM sending card Use remote data erasing order;

6th receiver module 70, wipes transmission after the card application data for receiving described (U) SIM Card application data wipes success message.

It should be noted that the device is device corresponding with said method, all embodiments of said method Suitable for the embodiment of the device, identical technique effect can be also reached.

The embodiment of the present invention also provides a kind of card management tool, including the card application number as described in above-mentioned embodiment According to safety transfer device.

The embodiment of the present invention also provides a kind of safety transfer system of card application data, including:(U) SIM, Card management tool and card management platform, wherein, (U) SIM is as described in above-mentioned embodiment two (U) SIM, the card management platform are such as the card management platform described in above-mentioned example IV, the card Management tool is such as the card management tool described in above-mentioned embodiment six.

7th embodiment

As shown in fig. 7, the embodiment of the present invention also provide (U) consult between SIM and card management platform generate right Claim shared key KsIdiographic flow illustrate, for describing symmetrical shared key K in detailsGenerating process.

S1:Card management tool sends shared key and consults order;

S2:(U) SIM consults order generation random number R according to the shared key for receivingk、RsAnd RsDigest value MAC (Rs);

S3:(U) SIM returns R to card management toolk、Rs、MAC(Rs) and cell-phone number MSISDN;

S4:The carrying random number R that card management platform receiving card management tool sendskShort message;

S5:Card management platform is according to the R for receivingk, the incidence relation of Rk and MSISDN is set up, raw Into random number RpAnd RpDigest value MAC (Rp);

S6:Card management platform sends R to card management toolp、MAC(Rp)、MAC(Rk) and MSISDN;

S7:Card management tool forwards R to (U) SIMp、MAC(Rp)、MAC(Rk) and MSISDN;

S8:(U) SIM checking MAC (Rp) and MAC (Rk), after being verified, given birth to using key Symmetrical shared key K is generated into algorithms=Hash (Rk|Rs|Rp), and safety is stored in the lump with MSISDN Region;

Explanation is needed exist for, (U) SIM is according to RkGenerate RkThe second digest value, judge Rk's Second digest value whether with MAC (Rk) identical, if identical, card management platform is legal;According to receiving RpGenerate RpThe second digest value, judge RpThe second digest value whether with MAC (Rp) identical, If identical, R is provedpLegal;Then RpThe factor can be generated as key and card management platform is tested by safety Card.

S9:(U) SIM sends shared key to card management tool and calculates success message;

S10:Card management tool sends to card management platform and carries random number RsAnd RsDigest value MAC (Rs) Shared key consult request;

S11:By verifying MAC (Rs), after verifying the safe legitimacy of (U) SIM, given birth to using key Symmetrical shared key K is generated into algorithms=Hash (Rk|Rs|Rp);

It should be noted that card management platform is according to the R for receivingsGenerate RsThe second digest value, judge Rs The second digest value whether with MAC (Rs) identical, if identical, prove that (U) SIM is legal safely;

S12:Card management platform sends shared key to card management tool and calculates success message.

8th embodiment

As shown in figure 8, the embodiment of the present invention also provides the idiographic flow signal that the safety of card application data is moved out, The safety for being used for describing in detail card application data is moved out process.

It should be noted that (U) SIM moves out it with card management platform in the safety for processing card application data Before, negotiated first generate symmetrical shared key Ks.Have and MSISDN in described (U) SIM Corresponding public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

S1:Card management tool is moved out order to (U) SIM sending card application data;

S2:(U) SIM generates random number R according to the order of moving out for receivingq, use the private key of (U) SIM Encryption RqThe first encryption data is generated with MSISDN, using symmetrical shared key KsEncrypt card to be moved out Application data generates the second encryption data;

S3:(U) SIM returns the first encryption data, the second encryption data, R to card management toolqWith MSISDN;

S4:Card management tool to card management platform send carry the first encryption data, the second encryption data, RqMove out request command with the card application data of MSISDN;

S5:Card management platform uses the R that the public key decryptions of (U) SIM go out in the first encryption dataqWith MSISDN, judges whether and the R for receivingqIdentical with MSISDN, if identical, it was demonstrated that (U) SIM is closed Method;Afterwards, card management platform decrypts the card application data in the second encryption data using symmetrical shared key And it is stored to secure storage areas;

S6:Card management platform sends successful result message of moving out to card management tool.

9th embodiment

As shown in figure 9, the embodiment of the present invention also provides the idiographic flow signal that the safety of card application data is moved into, The safety for being used for describing in detail card application data is moved into process.

It should be noted that (U) SIM moves into it with card management platform in the safety for processing card application data Before, negotiated first generate symmetrical shared key Ks.Have and MSISDN in described (U) SIM Corresponding public private key pair;Wherein, public key is disclosed, and private key is stored in the secure storage areas of described (U) SIM.

S1:Card management tool is moved into request command to (U) SIM sending card application data;

S2:(U) SIM generates random number R according to the request command of moving into for receivingm, use (U) SIM's Private key encryption RmThe 3rd encryption data is generated with MSISDN;

S3:(U) SIM sends the 3rd encryption data, R to card management toolmAnd MSISDN;

S4:Card management tool sends to card management platform and carries the 3rd encryption data, RmWith MSISDN's Card application data is moved into request command;

S5:Card management platform uses the R that the public key decryptions of (U) SIM go out in the 3rd encryption datamWith MSISDN, judges whether and the R for receivingmIdentical with MSISDN, if identical, it was demonstrated that (U) SIM is closed Method;Afterwards, card management platform is encrypted card application data generation the 4th to be moved into using symmetrical shared key and is added Ciphertext data;

S6:Card management platform returns the 4th encryption data to card management tool;

S7:Card management tool sends to (U) SIM and carries the card application data of the 4th encryption data and move into life Order;

S8:(U) SIM decrypts the 4th using symmetrical shared key Ks and adds according to the order of moving into for receiving Card application data in ciphertext data is simultaneously stored to secure storage areas;

S9:(U) SIM sends success message of moving into card management tool.

Tenth embodiment

As shown in Figure 10, the embodiment of the present invention also provides the idiographic flow of the remote wipe of card application data and shows Meaning, for describing the remote wipe process of card application data in detail.

It should be noted that (U) SIM and card management platform process card application data remote wipe it Before, without the need for consulting to generate symmetrical shared key Ks, can direct remote wipe card application data.Described (U) there is public private key pair corresponding with MSISDN in SIM;Wherein, public key is disclosed, and private key is stored in The secure storage areas of (U) SIM.

S1:Remote wipe request command of the card management tool to (U) SIM sending card application data;

S2:(U) SIM generates random number R according to the remote wipe request command for receivingn, use (U) SIM Private key encryption R of cardnThe 5th encryption data is generated with MSISDN;

S3:(U) SIM sends the 5th encryption data, R to card management toolnAnd MSISDN;

S4:Card management tool sends to card management platform and carries the 5th encryption data, RnWith MSISDN's The remote wipe request command of card application data;

S5:Card management platform uses the R that the public key decryptions of (U) SIM go out in the 5th encryption datanWith MSISDN, judges whether and the R for receivingnIdentical with MSISDN, if identical, it was demonstrated that (U) SIM is closed Method, afterwards, card management platform erasing is stored in the card application data for being somebody's turn to do (U) SIM in its memory block;

S6:Card management platform sends remote wipe successful result message to card management tool;

S7:Card management tool is to the sending card application data remote wipe order of (U) SIM;

S8:(U) SIM executes the remote wipe order erasing card application data for receiving;

S9:(U) SIM wipes success message to card management tool sending card application data.

Need exist for explanation, this example demonstrates that be (U) SIM should with card management platform two ends card Situation about all being wiped with data.

When the erasing of (U) SIM end card application data, but card management platform end card application data is not when wiping, In the flow process, S4 cards management tool sends to card management platform and carries the 5th encryption data, RnAnd MSISDN Card application data remote wipe request command in, add server erasing mark M in carrying information, After card management platform verifies the legitimacy of (U) SIM, then judge server erasing mark M, use " 0 " " 1 " is used as judging whether server i.e. card management platform end wipes the mark of card application data.

It should be noted that card application number in the safety transfer of card application data described in the embodiment of the present invention According to safety move out, move into and remote wipe to be applicable to independent application scenarios can also be between application scenarios In conjunction with being suitable for, and whether the present invention is not changed mobile phone terminal and is limited.

The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art For art personnel, on the premise of without departing from principle of the present invention, some improvements and modifications can also be made, These improvements and modifications also should be regarded as protection scope of the present invention.

Claims (31)

1. a kind of safety transfer method of card application data, it is characterised in that be applied to the identification of the user whole world Card (U) SIM, including:
The shared key that receiving card management tool sends consults order, consults order life according to the shared key Into random number Rk、RsAnd RsDigest value MAC (Rs), and the R is sent to card management toolk、Rs And MAC (Rs);
The random number R from card management platform that receiving card management tool is forwardedp、RkThe first digest value MAC(Rk)、RpThe first digest value MAC (Rp) and (U) SIM cell-phone number MSISDN, Wherein, the Rp、MAC(Rk)、MAC(Rp) it is that the card management platform is receiving card management The R that instrument sendskAnd set up the RkWith generation after the incidence relation of the MSISDN;
According to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Shared key is sent to calculate success message;
In the transition process of card application data, using the KsCarry out to sent card application data plus Close, or the card application data that the card management platform sends is decrypted.
2. the safety transfer method of card application data according to claim 1, it is characterised in that Described according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Before sending shared key to calculate success message, also include:
According to the MAC (Rk) and MAC (Rp) safety verification is carried out to card management platform.
3. the safety transfer method of card application data according to claim 2, it is characterised in that described According to the MAC (Rk) and MAC (Rp) safety verification is carried out to card management platform, including:
According to RkGenerate RkThe second digest value, judge RkThe second digest value whether with MAC (Rk) Identical, judge the legitimacy of card management platform;
When judging that card management platform is legal, according to the R for receivingpGenerate RpThe second digest value, judge RpThe second digest value whether with MAC (Rp) identical, verify RpLegitimacy, and in RpWhen legal, Then the card management platform passes through safety verification.
4. the safety transfer method of card application data according to claim 1, it is characterised in that institute State;Wherein, public key is disclosed, and private key is stored Secure storage areas in (U) SIM.
5. the safety transfer method of card application data according to claim 4, it is characterised in that In the transition process of card application data, using the KsIt is encrypted to sent card application data, wraps Include:
The request command of moving out of the card application data that receiving card management tool sends;
Request command of moving out according to the card application data generates random number Rq, the first encryption data and Two encryption datas, and the R is sent to the card management toolq, MSISDN, the first encryption data and Two encryption datas,
Wherein, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN encryptions are generated, and second encryption data is that (U) SIM uses the KsTreat The card application data encryption of transmission is generated.
6. the safety transfer method of card application data according to claim 4, it is characterised in that In the transition process of card application data, the card application data that the card management platform sends is decrypted, is wrapped Include:
The request command of moving into of the card application data that receiving card management tool sends;
Request command of moving into according to card application data generates random number RmWith the 3rd encryption data, and to institute State card management tool and send the Rm, MSISDN and the 3rd encryption data,
Wherein, the 3rd encryption data is that (U) SIM uses the private key to the RmWith MSISDN encryptions are generated;
The card application for carrying the 4th encryption data from card management platform that receiving card management tool sends Data are moved into order, and wherein, the 4th encryption data is that the card management platform is receiving card management work The card application data that tool sends is moved into request message, after the safety using the public key verifications (U) SIM, Using the KsGeneration is encrypted to sent card application data;
Using the Ks4th encryption data is decrypted, and by decryption after card application data deposit It is stored in secure storage areas, and moves into success message to the card management tool sending card application data.
7. the safety transfer method of card application data according to claim 6, it is characterised in that also Including:
The remote wipe request command of the card application data that receiving card management tool sends;
According to the remote wipe request command of card application data, card application data is wiped.
8. the safety transfer method of card application data according to claim 7, it is characterised in that institute The remote wipe request command according to card application data is stated, card application data is wiped, including:
Random number R is generated according to the remote wipe request command of card application datanWith the 5th encryption data, and The R is sent to the card management tooln, MSISDN and the 5th encryption data, wherein described slender acanthopanax Ciphertext data is that (U) SIM uses the private key to the RnGeneration is encrypted with MSISDN;
Receive transmission after the remote wipe success message returned according to card management platform by the card management tool Card application data remote wipe order, the card application data is wiped according to the remote wipe order, And success message is wiped to card management tool sending card application data;Wherein, the remote wipe success message It is that the card management platform is receiving the card application data erasing request message of card management tool transmission, uses After the legitimacy of public key verifications (U) SIM, after erasing card application data, to the card management tool The message of transmission.
9. a kind of safety transfer device of card application data, it is characterised in that be applied to (U) SIM, wraps Include:
First transmitting-receiving process module, consults order for the shared key that receiving card management tool sends, according to The shared key is consulted order and generates random number Rk、RsAnd RsDigest value MAC (Rs), and to card Management tool sends the Rk、RsAnd MAC (Rs);
First receiver module, for the random number R from card management platform that receiving card management tool is forwardedp、 RkThe first digest value MAC (Rk)、RpThe first digest value MAC (Rp) and (U) SIM Cell-phone number MSISDN, wherein, the Rp、MAC(Rk)、MAC(Rp) it is the card management Platform is receiving the R of card management tool transmissionkAnd set up the RkWith associating for the MSISDN Generate after relation;
First key generation module, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;
First data processing module, in the transition process of card application data, using the KsTreat The card application data of transmission is encrypted, or the card application data that the card management platform sends is decrypted.
10. a kind of (U) SIM, it is characterised in that include:Card application number as claimed in claim 9 According to safety transfer device.
A kind of 11. safety transfer methods of card application data, it is characterised in that be applied to card management platform, Including:
Receive the random number R from (U) SIM sent by card management toolk, and set up the RkWith handss After the incidence relation of machine MSISDN, random number R is generatedp、RkThe first digest value MAC (Rk) And RpThe first digest value MAC (Rp), and the R is sent to card management toolp、MAC(Rp)、 MAC(Rk) and MSISDN, wherein, the RkIt is that (U) SIM is receiving card management work The shared key that tool sends is generated after consulting order;
Receiving card management tool is after the shared key calculating success message that described (U) SIM sends is received The carrying random number R of transmissionsAnd RsDigest value MAC (Rs) shared key consult request, wherein, The RsWith MAC (Rs) it is to be consulted in the shared key that receiving card management tool sends by (U) SIM Generate after order;
According to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Shared key is sent to calculate success message;
In the transition process of card application data, using the KsCarry out to sent card application data plus Close, or the card application data that (U) SIM sends is decrypted.
The safety transfer method of 12. card application datas according to claim 11, it is characterised in that Described according to the Rk、RsAnd RpGenerate symmetrical shared key Ks, and send out to the card management tool Before sending shared key to calculate success message, also include:
According to the MAC (Rs) safety verification is carried out to (U) SIM.
13. according to claim 12 card application data safety transfer method, it is characterised in that institute State according to the MAC (Rs) safety verification is carried out to (U) SIM, including:
According to RsGenerate RsThe second digest value, judge RsThe second digest value whether with MAC (Rs) Identical, in RsThe second digest value and the MAC (Rs) identical when, then described (U) SIM passes through Safety verification.
The safety transfer method of 14. card application datas according to claim 11, it is characterised in that There is in (U) SIM public private key pair corresponding with MSISDN;Wherein, public key is disclosed, and private key is deposited It is stored in the secure storage areas of described (U) SIM.
The safety transfer method of 15. card application datas according to claim 14, it is characterised in that In the transition process of card application data, using the KsThe card application data sent by (U) SIM It is decrypted, including:
Random number R of the carrying that receiving card management tool sends from (U) SIMq, MSISDN, first The card application data of encryption data and the second encryption data is moved out request message, wherein described RqIt is described (U) SIM moves out what order was generated in the card application data for receiving the transmission of card management tool, and described first Encryption data is that (U) SIM uses the private key to the RqGeneration is encrypted with MSISDN, second adds Ciphertext data is that (U) SIM uses the KsGeneration is encrypted to the card application data;
Moved out request message according to the card application data, using the KsDecrypt second encryption data And after storing to which, move out success message to the card management tool sending card application data.
The safety transfer method of 16. card application datas according to claim 15, it is characterised in that Moved into request message according to the card application data, using the KsBefore decrypting second encryption data, Also include:
Legitimate verification is carried out to (U) SIM using the public key.
The safety transfer method of 17. card application datas according to claim 15, it is characterised in that Described legitimate verification is carried out to (U) SIM using the public key, including:
Using the random number R in the first encryption data described in the public key decryptionsqAnd MSISDN, judge with The R for receivingqWhen identical with MSISDN, then described (U) SIM is legal.
The safety transfer method of 18. card application datas according to claim 14, it is characterised in that In the transition process of card application data, using the KsIt is encrypted to sent card application data, Including:
Random number R of the carrying that receiving card management tool sends from (U) SIMm, MSISDN and the 3rd The card application data of encryption data is moved into request message, wherein described RmIt is that (U) SIM is being received The card application data that card management tool sends moves out what order was generated, and the 3rd encryption data is (U) SIM Card is using the private key to the RmGeneration is encrypted with MSISDN;
Moved into request message according to the card application data, return to the card management tool and use the Ks The 4th encryption data for generating is encrypted to sent card application data.
The safety transfer method of 19. card application datas according to claim 18, it is characterised in that Also include:
Random number R of the carrying that receiving card management tool sends from (U) SIMn, MSISDN and the 5th The remote wipe request message of the card application data of encryption data, wherein, the RnIt is (U) SIM The remote wipe request command of the card application data sent according to the card management tool for receiving is generated, described 5th encryption data is that (U) SIM uses the private key to the RnGeneration is encrypted with MSISDN;
According to the remote wipe request message of the card application data, card application data is wiped.
The safety transfer method of 20. card application datas according to claim 19, it is characterised in that The remote wipe request message according to the card application data, wipes card application data, including:
According to the remote wipe request message of the card application data, using described in the public key verifications (U), after the legitimacy of SIM, successfully after erasing card application data, and send to the card management tool remote Journey wipes success message.
The safety transfer method of 21. card application datas according to claim 20, it is characterised in that According to the remote wipe request message of the card application data, using (U) SIM described in the public key verifications Legitimacy, including:
The random number R gone out in the 4th encryption data using the public key decryptionsnAnd MSISDN, judge and receive The R for arrivingnWhen identical with MSISDN, then described (U) SIM is legal.
22. a kind of safety transfer devices of card application data, it is characterised in that be applied to card management platform, Including:
Second transmitting-receiving process module, for receive by card management tool send from the random of (U) SIM Number Rk, and set up the RkAfter the incidence relation of cell-phone number MSISDN, random number R is generatedp、Rk The first digest value MAC (Rk) and RpThe first digest value MAC (Rp), and send out to card management tool Send the Rp、MAC(Rp)、MAC(Rk) and MSISDN, wherein, the RkIt is (U) SIM Be stuck in receive card management tool transmission shared key consult order after generate;
Second receiver module, is receiving the shared of (U) SIM transmission for receiving card management tool The carrying random number R sent after cipher key calculation success messagesAnd RsDigest value MAC (Rs) shared close Key consults request, wherein, the RsWith MAC (Rs) it is in receiving card management tool by (U) SIM The shared key of transmission is generated after consulting order;
Second key production module, for according to the Rk、RsAnd RpGenerate a symmetrical shared key Ks, and shared key calculating success message is sent to the card management tool;
Second data processing module, in the transition process of card application data, using the KsTreat The card application data of transmission is encrypted, or the card application data that (U) SIM sends is decrypted.
23. a kind of card management platforms, it is characterised in that include:Card application as claimed in claim 22 The safety transfer device of data.
A kind of 24. safety transfer methods of card application data, it is characterised in that be applied to card management tool, Including:
Shared key is sent to (U) SIM and consults order;
(U) SIM is received according to the random number R that orders and generate and returnk、RsAnd RsDigest value MAC(Rs), and the R is sent to card management platformk
Receive card management platform and set up the RkWith associating for the cell-phone number MSISDN of (U) SIM The random number R returned after relationp、RkThe first digest value MAC (Rk)、RpDigest value MAC (Rp) With the cell-phone number MSISDN of (U) SIM, and by the Rp、MAC(Rk)、MAC(Rp) Described (U) SIM is transmitted to MSISDN;
Described in reception, (U) SIM is according to the Rk、RsAnd RpGenerate symmetrical shared key KsAfter return Shared key calculate success message, and send to card management platform and carry the RsWith MAC (Rs) Shared key consults request;
The card management platform is received according to the Rk、RsAnd RpGenerate symmetrical shared key KsAfter return Shared key calculate success message;
In the transition process of card application data, warp is forwarded between SIM and card management platform at (U) The card application data of the shared key encryption.
The safety transfer method of 25. card application datas according to claim 24, it is characterised in that There is in (U) SIM public private key pair corresponding with MSISDN;Wherein, public key is disclosed, and private key is deposited It is stored in the secure storage areas of described (U) SIM.
The safety transfer method of 26. card application datas according to claim 25, it is characterised in that In the transition process of card application data, forward through described between SIM and card management platform at (U) The card application data of shared key encryption, including:
Move out order to (U) SIM sending card application data;
The MSISDN and (U) SIM for receiving the transmission of (U) SIM is generated simultaneously according to the order The random number R of returnq, the first encryption data, the second encryption data, and to card management platform send carry The Rq, MSISDN, the card application data of the first encryption data and the second encryption data move out request, its In, first encryption data is that (U) SIM uses the private key to the RqWith MSISDN plus Close generation;Second encryption data is that (U) SIM uses the KsTo the card application data Encryption is generated;
After receiving the legitimacy of (U) SIM described in card management platform checking, using the KsTo described second The success message of moving out sent after encryption data decryption.
The safety transfer method of 27. card application datas according to claim 25, it is characterised in that In the transition process of card application data, forward through described between SIM and card management platform at (U) The card application data of shared key encryption, including:
Move into order to (U) SIM sending card application data;
The MSISDN and (U) SIM that (U) SIM described in reception sends is given birth to according to the order Into and the random number R that returnsmWith the 3rd encryption data, and send to card management platform and carry the Rm、 The card application data of MSISDN and the 3rd encryption data is moved into request, and wherein, the 3rd encryption data is (U) SIM is using the private key to the RmGeneration is encrypted with MSISDN;
After receiving the legitimacy of (U) SIM described in card management platform checking, the 4th encryption data of return, And send to (U) SIM and carry the card application data of the 4th encryption data and move into order, wherein, 4th encryption data is that the card management platform uses the KsEncrypt to sent card application data Generate;
(U) SIM described in reception uses the KsSent after decrypting the 4th encryption data moves into into Work(message.
The safety transfer method of 28. card application datas according to claim 25, it is characterised in that Also include:
To (U) SIM sending card application data remote wipe request command;
The MSISDN and (U) SIM that (U) SIM described in reception sends is given birth to according to the order Into and the random number R that returnsn, the 5th encryption data, and send to card management platform and carry the Rn、 The card application data remote wipe request of MSISDN and the 5th encryption data, wherein, the 5th encryption number According to being (U) SIM using the private key to the RnGeneration is encrypted with MSISDN;
The legitimacy of (U) SIM described in card management platform checking is received, is returned after wiping the card application data The remote wipe success message for returning, and to (U) the SIM sending card application data remote wipe order;
The card application data that (U) SIM described in reception is sent after wiping the card application data is wiped and is successfully disappeared Breath.
29. a kind of safety transfer devices of card application data, it is characterised in that be applied to card management tool, Including:
First sending module, consults order for sending shared key to (U) SIM;
First transceiver module, orders the random number R for generating and returning for receiving (U) SIM according to describedk、 RsAnd RsDigest value MAC (Rs), and the R is sent to card management platformk
Second transceiver module, is setting up the R for receiving card management platformkHandss with (U) SIM The random number R returned after the incidence relation of machine MSISDNp、RkThe first digest value MAC (Rk)、 RpDigest value MAC (Rp) and (U) SIM cell-phone number MSISDN, and by the Rp、 MAC(Rk)、MAC(Rp) and MSISDN be transmitted to described (U) SIM;
3rd transceiver module, for receiving described (U) SIM according to the Rk、RsAnd RpIt is right to generate Claim shared key KsThe shared key for returning afterwards calculates success message, and sends carrying institute to card management platform State RsWith MAC (Rs) shared key consult request;
3rd receiver module, for receiving the card management platform according to the Rk、RsAnd RpIt is right to generate Claim shared key KsThe shared key for returning afterwards calculates success message;
First data forwarding module, in the transition process of card application data, in (U) SIM The card application data that encrypts through the shared key is forwarded and card management platform between.
30. a kind of card management tools, it is characterised in that include:Card application as claimed in claim 29 The safety transfer device of data.
31. a kind of safety transfer systems of card application data, it is characterised in that include:(U) SIM, Card management tool and card management platform, wherein, (U) SIM is as claimed in claim 10 (U) SIM, the card management platform are card management platform as claimed in claim 23, the card management Instrument is card management tool as claimed in claim 30.
CN201510563324.0A 2015-09-07 2015-09-07 A kind of card applies the safety transfer method, apparatus and system of data CN106507331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510563324.0A CN106507331B (en) 2015-09-07 2015-09-07 A kind of card applies the safety transfer method, apparatus and system of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510563324.0A CN106507331B (en) 2015-09-07 2015-09-07 A kind of card applies the safety transfer method, apparatus and system of data

Publications (2)

Publication Number Publication Date
CN106507331A true CN106507331A (en) 2017-03-15
CN106507331B CN106507331B (en) 2019-08-20

Family

ID=58287678

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510563324.0A CN106507331B (en) 2015-09-07 2015-09-07 A kind of card applies the safety transfer method, apparatus and system of data

Country Status (1)

Country Link
CN (1) CN106507331B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206710A1 (en) * 2005-03-11 2006-09-14 Christian Gehrmann Network assisted terminal to SIM/UICC key establishment
CN103415008A (en) * 2013-07-24 2013-11-27 牟大同 Encryption communication method and encryption communication system
CN103747443A (en) * 2013-11-29 2014-04-23 厦门盛华电子科技有限公司 Multi-security domain device based on mobile phone user identification card and authentication method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206710A1 (en) * 2005-03-11 2006-09-14 Christian Gehrmann Network assisted terminal to SIM/UICC key establishment
CN103415008A (en) * 2013-07-24 2013-11-27 牟大同 Encryption communication method and encryption communication system
CN103747443A (en) * 2013-11-29 2014-04-23 厦门盛华电子科技有限公司 Multi-security domain device based on mobile phone user identification card and authentication method thereof

Also Published As

Publication number Publication date
CN106507331B (en) 2019-08-20

Similar Documents

Publication Publication Date Title
EP2304636B1 (en) Mobile device assisted secure computer network communications
CN103716167B (en) Method and device for safely collecting and distributing transmission keys
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
JP4712871B2 (en) Method for comprehensive authentication and management of service provider, terminal and user identification module, and system and terminal apparatus using the method
EP2673732B1 (en) Secure transaction method from a non-secure terminal
US20160218875A1 (en) Methods for secure credential provisioning
JP2008533882A (en) How to backup and restore encryption keys
EP2334008A1 (en) A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US8239679B2 (en) Authentication method, client, server and system
JP4944886B2 (en) Cryptographic authentication and / or shared encryption key configuration using signature keys encrypted with non-one-time pad cryptography, including but not limited to technology with improved security against malleable attacks
EP1976322A1 (en) An authentication method
CN101131756B (en) Security authentication system, device and method for electric cash charge of mobile paying device
US7913085B2 (en) System and method of per-packet keying
CN102223364B (en) Method and system for accessing e-book data
AU2015277000B2 (en) Efficient methods for authenticated communication
JPH0575598A (en) Key data sharing device
CN105991285B (en) Identity identifying method, apparatus and system for quantum key distribution process
US9515825B2 (en) Method for password based authentication and apparatus executing the method
US10129020B2 (en) Efficient methods for protecting identity in authenticated transmissions
CN102325320B (en) A kind of Wireless security communication method and system
CN103067401B (en) Method and system for key protection
WO2017041715A1 (en) Remote identity authentication method and system and remote account opening method and system
CN104506534A (en) Safety communication secret key negotiation interaction scheme
CN102123027A (en) Information security processing method and mobile terminal
CN103763631A (en) Authentication method, server and television

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant