CN109698815A - Embedded chip card, card application server and application data transmission system and method - Google Patents
Embedded chip card, card application server and application data transmission system and method Download PDFInfo
- Publication number
- CN109698815A CN109698815A CN201710992056.3A CN201710992056A CN109698815A CN 109698815 A CN109698815 A CN 109698815A CN 201710992056 A CN201710992056 A CN 201710992056A CN 109698815 A CN109698815 A CN 109698815A
- Authority
- CN
- China
- Prior art keywords
- card
- card application
- module
- data
- embedded chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of embedded chip card, card application server and data transmission system and method are applied, is related to internet of things field.Embedded chip card includes: card application module, is configured as the card application data of generation being sent to encrypting module, and the card application encryption data that encrypting module returns is sent to card application server;Encrypting module is configured as encrypting card application data using card certificate and private key, generates card and applies encryption data.The present invention is retransmited after capable of being encrypted using card certificate and private key to card application data, so as to improve the safety in card application data transmission procedure, extends the function of embedded chip card.
Description
Technical field
The present invention relates to internet of things field, in particular to a kind of embedded chip card, card application server and application
Data transmission system and method.
Background technique
With eUICC (Embedded Universal Integrated Circuit Card, universal embedded integrated electricity
An outpost of the tax office), the embedded core such as eSIM (Embedded Subscriber Identity Module, embedded client identification module)
Embedded chip card will be widely used in the maturation of piece card technique, internet of things service.
With the water based on cellular narrowband Internet of Things (Narrow Band Internet of Things, NB-IoT) application
For electric three table application scenarios of coal gas, it is sent directly to corresponding application server after current water power gas meter acquisition data,
Application server carries out the processing such as charging further according to the data received.
Summary of the invention
Inventors have found that the card application data transmission procedure in existing Internet of Things application not can guarantee equipment and not replaced
It changes, also not can guarantee data and be not tampered with.Therefore, the card of the prior art is lower using the safety of data transmission procedure.
One technical problem to be solved by the embodiment of the invention is that: how to improve the safety of card application data transmission procedure
Property.
First aspect according to some embodiments of the invention provides a kind of embedded chip card, comprising: card applies mould
Block is configured as the card application data of generation being sent to encrypting module, and the card application encryption number that encrypting module is returned
According to being sent to card application server;Encrypting module is configured as encrypting card application data using card certificate and private key, be generated
Card applies encryption data.
In some embodiments, encrypting module is located at security domain.
In some embodiments, card application module is configured to establish card application toolkit with card application server
Transport protocol connection, the hypertext transfer protocol connection in security socket layer, any one in bearer independent protocol connection
Connection, and card application encryption data is sent to card application server by the connection by establishing.
The second aspect according to some embodiments of the invention provides a kind of card application server, comprising: card application service
Module is configured as receiving the card application encryption data of embedded chip card transmission and being sent to card application encryption data testing
Module is demonstrate,proved, and card application encryption data is decrypted using the card CertPubKey that authentication module returns;Authentication module is matched
Be set to and card application encryption data verified using the card CertPubKey in card certificate, and in response to being verified, Xiang Kaying
Card CertPubKey is returned with service module.
In some embodiments, authentication module is configured to obtain card card from embedded chip card management platform
Book.
In terms of third according to some embodiments of the invention, provide a kind of using data transmission system, comprising: aforementioned
It anticipates a kind of embedded chip card and any one aforementioned card application server.
The 4th aspect according to some embodiments of the invention provides a kind of using data transmission method, comprising: embedded
The card application data of generation are sent to encrypting module by the card application module in chip card;Encrypting module in embedded chip card
Card application data are encrypted using card certificate and private key, card is generated and applies encryption data;Card application module is by the encryption mould
The card application encryption data that block returns is sent to card application server.
In some embodiments, card application module and card application server establish card application toolkit transport protocol connect,
Any one connection in hypertext transfer protocol connection, bearer independent protocol connection in security socket layer, and by building
Card application encryption data is sent to card application server by vertical connection.
The 5th aspect according to some embodiments of the invention provides a kind of using data transmission method, comprising: card application
The card application encryption data that embedded chip card is sent is sent to card application server by the card application service module in server
In authentication module;Authentication module verifies card application encryption data using the card CertPubKey in card certificate;In response to
It is verified, authentication module returns to card CertPubKey to card application service module;Card application service module is returned using authentication module
Card application encryption data is decrypted in the card CertPubKey returned.
In some embodiments, using data transmission method further include: authentication module is from embedded chip card management platform
Obtain card certificate.
One embodiment in foregoing invention has the following advantages that or the utility model has the advantages that the present invention can use card certificate and private key
It retransmits after being encrypted to card application data, so as to improve the safety in card application data transmission procedure, extends
The function of embedded chip card.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the structure chart using data transmission system according to some embodiments of the invention.
Fig. 2 is the structure chart according to the embedded chip card of some embodiments of the invention.
Fig. 3 is the flow chart using data transmission method according to some embodiments of the invention.
Fig. 4 is the structure chart according to the card application server of some embodiments of the invention.
Fig. 5 is the flow chart using data transmission method according to other embodiments of the invention.
Fig. 6 is the flow chart using data transmission method according to yet other embodiments of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below
Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make
Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodiments
It is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Fig. 1 is the structure chart using data transmission system according to some embodiments of the invention.As shown in Figure 1, the implementation
The application data transmission system 10 of example includes embedded chip card 110 and card application server 120.
Embedded chip card 110 is such as can be for eUICC, eSIM, and embedded chip card 110 is located in terminal, the end
End can be for example internet of things equipment, such as water power gas meter, environmental sensor, household electrical appliance etc..In some embodiments,
Terminal is also possible to other kinds of equipment, and which is not described herein again.Embedded chip card 110 can carry one or more cards and answer
With, such as payment application, sensor application, metrology applications etc..
Card application has corresponding card application server, to carry out data interaction with card application.In the present invention, card application
Encrypted data transmission is carried out in card application server, to promote the safety of data transmission.
Below with reference to the embedded chip card of Fig. 2 description according to some embodiments of the invention.
Fig. 2 is the structure chart according to the embedded chip card of some embodiments of the invention.As shown in Fig. 2, the embodiment
Embedded chip card 210 includes card application module 211 and encrypting module 212.
Card application module 211 is configured as the card application data of generation being sent to encrypting module 212, and will encrypt mould
The card application encryption data that block 212 returns is sent to card application server, so that card application server is to card application encryption data
It is verified and is decrypted.That is, card application module 211 is applied data, calling encrypting module 212 for generating card, is taken with card application
Business device carries out data interaction.
Card application module 211 can for example be located at the issuer security domain configuration file (Issuer of embedded chip card
Security Domain Profile, referred to as: ISD-P) in security domain.
In some embodiments, card application module 211 can use card application toolkit transport protocol (Transport
Protocol for Card Application Toolkit Applications, referred to as: CAT_TP), security socket layer
On hypertext transfer protocol (Hyper Text Transfer Protocol over Secure Socket Layer, letter
Claim: HTTPS), the secure transfer protocols such as bearer independent protocol (Bearer Independent Protocol, referred to as: BIP) with
Card application server establishes connection, to further promote the safety in data transmission procedure.As needed, art technology
Personnel can also use other Data Transport Protocols, and which is not described herein again.
Encrypting module 212 is configured as encrypting card application data using card certificate and private key, generates card application encryption
Data, and it is sent to card application module 211.In some embodiments, encrypting module 212 can be located at security domain, such as can be with
Positioned at eUICC control authority security domain (eUICC Controlling Authority Security Domain, referred to as:
ECASD)。
In the related art, the cards certificate such as eUICC certificate carries out card data distributing, clamp part for eUICC management platform
The operation such as authentication, that is, the use of eUICC certificate and association key is only limitted to verify the data of card itself, without right
Card carries out any processing using data.
By taking the certificate of eUICC card as an example, eUICC uses the verifying form of certificate chain, that is, by certificate authority
(Certificate Authority, referred to as: CA) provides CA certificate, by rights issuer (Certificate Issuer, letter
Claim: CI) CI certificate and card vendor (eUICC Manufacturer, referred to as: EUM) certificate are provided, then eUICC card is provided by card vendor
Book.
The present invention extends the use of these certificates, so as to be used to authenticate clamp part using these
Card application data are encrypted with the certificate of certification, extend the function of embedded chip card.
In some embodiments, card certificate and private key for example can be eUICC certificate and private key, and eUICC certificate and private key is stored in
Embedded chip card is local, for example, can store in ECASD, to reduce the risk that key is stolen or distorts.EUICC card
The concrete form of book private key and the technical specification of use are related, for example, in global system for mobile communications association (Global
System for Mobile Communications assembly) eUICC technical specification Internet of Things series SGP.02 in,
EUICC certificate and private key is SK.ECASD.ECKA;In consumer-elcetronics devices series SGP.22, eUICC certificate and private key is
SK.EUICC.ECDSA.Those skilled in the art can select corresponding eUICC certificate and private key according to the specification used.
Through the foregoing embodiment, the present invention is retransmited after capable of being encrypted using card certificate and private key to card application data,
So as to improve the safety in card application data transmission procedure, the function of embedded chip card is extended.
Below with reference to the application data transmission method of Fig. 3 description according to some embodiments of the invention.
Fig. 3 is the flow chart using data transmission method according to some embodiments of the invention.As shown in figure 3, the implementation
The application data transmission method of example includes step S302~S306.
In step s 302, the card application data of generation are sent to encryption mould by the card application module in embedded chip card
Block.
Card can be partial data to be transmitted using data, be also possible to partial data and partial data to be transmitted
Abstract.If necessary to forward abstract, then card application module can be for example operated by Hash (HASH) to extract the abstract of data.
In step s 304, the encrypting module in embedded chip card adds card application data using card certificate and private key
It is close, it generates card and applies encryption data.
One illustrative ciphering process can be such that card certificate and private key to the complete number to be sent in card application data
According to being encrypted, and encryption is carried out to the abstract in card application data and generates signature, and signature is attached to encrypted pending
After the application data sent, forms card and apply encryption data.
When card application data are complete application data to be sent, another illustrative ciphering process can be as
Under: card certificate and private key carries out encryption generation signature to card application data, and signature is attached to using after data, and formation card application adds
Ciphertext data.
In step S306, the card application encryption data that encrypting module returns is sent to card application service by card application module
Device.
In some embodiments, card application module can be answered by CAT_TP agreement, HTTPS agreement, BIP agreement etc. with card
Connection is established with server and transmits data.
Below with reference to the card application server of Fig. 4 description according to some embodiments of the invention.
Fig. 4 is the structure chart according to the card application server of some embodiments of the invention.As shown in figure 4, the embodiment
Card application server 420 includes card application service module 421 and authentication module 422.
Card application service module 421 is configured as receiving the card application encryption data of embedded chip card transmission and will block
Be sent to authentication module using encryption data, and the card CertPubKey returned using authentication module to card application encryption data into
Row decryption.
Authentication module 422 is configured as verifying card application encryption data using the card CertPubKey in card certificate,
And card CertPubKey is returned in response to being verified to card application service module.
In some embodiments, authentication module 422 can request card certificate to embedded chip card management platform, to guarantee
The card CertPubKey obtained from card certificate is correct.
One illustrative verification process can be such that authentication module 422 extracts card using the signature section in encryption data
Point and data portion, and using the card CertPubKey decrypted signature in card certificate.If can decrypt, illustrate to send setting for data
Standby is real equipment, then is verified, can continue subsequent decryption oprerations.If the verification passes, authentication module 422 can be to
Card application service module 421 returns to card CertPubKey, so that card application service module 421 continues using the decrypted of data
Journey.Card application service module 421 applies data using the decryption of card CertPubKey, and compares answering after signature and decryption after decryption
It is whether identical with data;Alternatively, compare the signature after decryption with to after decryption using data carry out hashing operation the result is that
It is no identical.If identical, illustrate that data are not tampered with.
Through the foregoing embodiment, the data that the present invention can be sent to card application server to embedded chip card are tested
Card and decryption, improve the safety of card application data transmission.
The application data transmission method of other embodiments according to the present invention is described below with reference to Fig. 5.
Fig. 5 is the flow chart using data transmission method according to other embodiments of the invention.As shown in figure 5, the reality
The application data transmission method for applying example includes step S502~S508.
In step S502, card application that the card application service module in card application server sends embedded chip card
Encryption data is sent to the authentication module in card application server.
In step S504, authentication module tests card application encryption data using the card CertPubKey in card certificate
Card.
In step S506, in response to being verified, authentication module returns to card CertPubKey to card application service module.
In step S508, the card CertPubKey that card application service module is returned using authentication module is to card application encryption number
According to being decrypted.
The application data transmission method of other embodiment according to the present invention is described below with reference to Fig. 6.
Fig. 6 is the flow chart using data transmission method according to yet other embodiments of the invention.As shown in fig. 6, the reality
The application data transmission method for applying example includes step S602~S618.
Step S602~S608 occurs in embedded chip card side.
In step S602, card application module carries out Hash operation to the application data of generation, is made a summary, and will apply
Data and abstract are sent to encrypting module.
In step s 604, encrypting module carries out encryption to card application data using eUICC certificate and private key and generates signature, and
Signature is attached to using generation card after data using encryption data.
In step S606, card application encryption data is sent to card application module by encrypting module.
In step S608, card application module and card application server establish the connection based on security protocol, and card is answered
Card application server is sent to by the connection established with encryption data.
Step S610~S618 occurs in card application server side.
In step S610, the card application encryption data received is transmitted to authentication module by card application service module.
In step S612, authentication module obtains EUM certificate from eUICC management platform.
In step S614, authentication module is using the eUICC CertPubKey verifying card in EUM certificate using in encryption data
Signature.
In step S616, pass through in response to signature verification, eUICC CertPubKey is sent to card application clothes by authentication module
Business module.
In step S618, card application service module is decrypted card application encryption data using eUICC CertPubKey,
And it obtains therein using data.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored thereon with computer program, special
Sign is, the program realized when being executed by processor it is aforementioned any one using data transmission method.
Those skilled in the art should be understood that the embodiment of the present invention can provide as method, system or computer journey
Sequence product.Therefore, complete hardware embodiment, complete software embodiment or combining software and hardware aspects can be used in the present invention
The form of embodiment.Moreover, it wherein includes the calculating of computer usable program code that the present invention, which can be used in one or more,
Machine can use the meter implemented in non-transient storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of calculation machine program product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It is interpreted as to be realized by computer program instructions each in flowchart and/or the block diagram
The combination of process and/or box in process and/or box and flowchart and/or the block diagram.It can provide these computer journeys
Sequence instruct to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with
A machine is generated, so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for
Realize the dress for the function of specifying in one or more flows of the flowchart and/or one or more blocks of the block diagram
It sets.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of embedded chip card, comprising:
Card application module is configured as the card application data of generation being sent to encrypting module, and encrypting module is returned
Card is sent to card application server using encryption data;
Encrypting module is configured as encrypting card application data using card certificate and private key, generates card and applies encryption data.
2. embedded chip card according to claim 1, wherein the encrypting module is located at security domain.
3. embedded chip card according to claim 1, wherein the card application module is configured to answer with card
The connection of card application toolkit transport protocol, hypertext transfer protocol connection, carrying in security socket layer are established with server
Any one connection in independent protocol connection, and card application encryption data is sent to card application service by the connection by establishing
Device.
4. a kind of card application server, comprising:
Card application service module is configured as receiving the card application encryption data of embedded chip card transmission and adds card application
Ciphertext data is sent to authentication module, and is solved using the card CertPubKey that authentication module returns to card application encryption data
It is close;
Authentication module is configured as verifying card application encryption data using the card CertPubKey in card certificate, and responded
In be verified, to card application service module return card CertPubKey.
5. card application server according to claim 4, wherein the authentication module is configured to from embedded
Chip card management platform obtains card certificate.
6. a kind of apply data transmission system, comprising:
Embedded chip card according to any one of claims 1 to 3, and
Card application server described in claim 4 or 5.
7. a kind of apply data transmission method, comprising:
The card application data of generation are sent to encrypting module by the card application module in embedded chip card;
Encrypting module in embedded chip card encrypts card application data using card certificate and private key, generates card application encryption
Data;
The card application encryption data that the encrypting module returns is sent to card application server by the card application module.
8. according to claim 7 apply data transmission method, wherein the card application module is built with card application server
Hypertext transfer protocol connection, bearer independent protocol in vertical card application toolkit transport protocol connection, security socket layer connect
Any one connection in connecing, and card application encryption data is sent to card application server by the connection by establishing.
9. a kind of apply data transmission method, comprising:
The card application encryption data that embedded chip card is sent is sent to card by the card application service module in card application server
Authentication module in application server;
The authentication module verifies card application encryption data using the card CertPubKey in card certificate;
It is verified in response to described, the authentication module returns to card CertPubKey to card application service module;
The card application service module is decrypted card application encryption data using the card CertPubKey that authentication module returns.
10. according to claim 9 apply data transmission method, further includes:
The authentication module obtains card certificate from embedded chip card management platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710992056.3A CN109698815B (en) | 2017-10-23 | 2017-10-23 | Embedded chip card, card application server and application data transmission system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710992056.3A CN109698815B (en) | 2017-10-23 | 2017-10-23 | Embedded chip card, card application server and application data transmission system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109698815A true CN109698815A (en) | 2019-04-30 |
CN109698815B CN109698815B (en) | 2021-08-31 |
Family
ID=66226758
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710992056.3A Active CN109698815B (en) | 2017-10-23 | 2017-10-23 | Embedded chip card, card application server and application data transmission system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109698815B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333656A (en) * | 2020-11-03 | 2021-02-05 | 联通物联网有限责任公司 | Gas meter data transmission method and gas meter |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101841525A (en) * | 2010-03-02 | 2010-09-22 | 中国联合网络通信集团有限公司 | Secure access method, system and client |
CN102882847A (en) * | 2012-08-24 | 2013-01-16 | 山东省计算中心 | Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof |
US20140258711A1 (en) * | 2014-05-20 | 2014-09-11 | Airwatch Llc | Application Specific Certificate Management |
CN106101068A (en) * | 2016-05-27 | 2016-11-09 | 宇龙计算机通信科技(深圳)有限公司 | Terminal communicating method and system |
CN106855924A (en) * | 2016-12-16 | 2017-06-16 | 南方城墙信息安全科技有限公司 | Embedded intelligent chip equipment and background application system |
CN106973056A (en) * | 2017-03-30 | 2017-07-21 | 中国电力科学研究院 | The safety chip and its encryption method of a kind of object-oriented |
CN107172027A (en) * | 2017-05-05 | 2017-09-15 | 北京凤凰理理它信息技术有限公司 | Certificate management method, storage device, storage medium and device |
-
2017
- 2017-10-23 CN CN201710992056.3A patent/CN109698815B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101841525A (en) * | 2010-03-02 | 2010-09-22 | 中国联合网络通信集团有限公司 | Secure access method, system and client |
CN102882847A (en) * | 2012-08-24 | 2013-01-16 | 山东省计算中心 | Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof |
US20140258711A1 (en) * | 2014-05-20 | 2014-09-11 | Airwatch Llc | Application Specific Certificate Management |
CN106101068A (en) * | 2016-05-27 | 2016-11-09 | 宇龙计算机通信科技(深圳)有限公司 | Terminal communicating method and system |
CN106855924A (en) * | 2016-12-16 | 2017-06-16 | 南方城墙信息安全科技有限公司 | Embedded intelligent chip equipment and background application system |
CN106973056A (en) * | 2017-03-30 | 2017-07-21 | 中国电力科学研究院 | The safety chip and its encryption method of a kind of object-oriented |
CN107172027A (en) * | 2017-05-05 | 2017-09-15 | 北京凤凰理理它信息技术有限公司 | Certificate management method, storage device, storage medium and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333656A (en) * | 2020-11-03 | 2021-02-05 | 联通物联网有限责任公司 | Gas meter data transmission method and gas meter |
CN112333656B (en) * | 2020-11-03 | 2023-07-11 | 联通物联网有限责任公司 | Gas meter data transmission method and gas meter |
Also Published As
Publication number | Publication date |
---|---|
CN109698815B (en) | 2021-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10880732B2 (en) | Authentication of phone caller identity | |
CN109756485B (en) | Electronic contract signing method, electronic contract signing device, computer equipment and storage medium | |
CN103067401B (en) | Method and system for key protection | |
CN106304074B (en) | Auth method and system towards mobile subscriber | |
CN102170357B (en) | Combined secret key dynamic security management system | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
CN103078742B (en) | Generation method and system of digital certificate | |
CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
CN104580250A (en) | System and method for authenticating credible identities on basis of safety chips | |
CN109257328B (en) | Safe interaction method and device for field operation and maintenance data | |
CN105553932A (en) | Method, device and system of remote control safety binding of intelligent home appliance | |
CN103297403A (en) | Method and system for achieving dynamic password authentication | |
CN105790938A (en) | System and method for generating safety unit key based on reliable execution environment | |
US20170070353A1 (en) | Method of managing credentials in a server and a client system | |
CN109728913B (en) | Equipment validity verification method, related equipment and system | |
CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
CN104424446A (en) | Safety verification and transmission method and system | |
JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
CN104683107B (en) | Digital certificate keeping method and device, digital signature method and device | |
CN112689981A (en) | Communication authentication system and method between vehicle, charging station, and charging station management server | |
CN105376064A (en) | Anonymous message authentication system and message signing method thereof | |
CN104202170A (en) | Identity authentication system and method based on identifiers | |
CN110460674A (en) | A kind of information-pushing method, apparatus and system | |
CN107154916A (en) | A kind of authentication information acquisition methods, offer method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |