CN109698815A - Embedded chip card, card application server and application data transmission system and method - Google Patents

Embedded chip card, card application server and application data transmission system and method Download PDF

Info

Publication number
CN109698815A
CN109698815A CN201710992056.3A CN201710992056A CN109698815A CN 109698815 A CN109698815 A CN 109698815A CN 201710992056 A CN201710992056 A CN 201710992056A CN 109698815 A CN109698815 A CN 109698815A
Authority
CN
China
Prior art keywords
card
card application
module
data
embedded chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710992056.3A
Other languages
Chinese (zh)
Other versions
CN109698815B (en
Inventor
杨剑
卢燕青
李慧芳
戴国华
桂烜
陈晨
贾聿庸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201710992056.3A priority Critical patent/CN109698815B/en
Publication of CN109698815A publication Critical patent/CN109698815A/en
Application granted granted Critical
Publication of CN109698815B publication Critical patent/CN109698815B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of embedded chip card, card application server and data transmission system and method are applied, is related to internet of things field.Embedded chip card includes: card application module, is configured as the card application data of generation being sent to encrypting module, and the card application encryption data that encrypting module returns is sent to card application server;Encrypting module is configured as encrypting card application data using card certificate and private key, generates card and applies encryption data.The present invention is retransmited after capable of being encrypted using card certificate and private key to card application data, so as to improve the safety in card application data transmission procedure, extends the function of embedded chip card.

Description

Embedded chip card, card application server and application data transmission system and method
Technical field
The present invention relates to internet of things field, in particular to a kind of embedded chip card, card application server and application Data transmission system and method.
Background technique
With eUICC (Embedded Universal Integrated Circuit Card, universal embedded integrated electricity An outpost of the tax office), the embedded core such as eSIM (Embedded Subscriber Identity Module, embedded client identification module) Embedded chip card will be widely used in the maturation of piece card technique, internet of things service.
With the water based on cellular narrowband Internet of Things (Narrow Band Internet of Things, NB-IoT) application For electric three table application scenarios of coal gas, it is sent directly to corresponding application server after current water power gas meter acquisition data, Application server carries out the processing such as charging further according to the data received.
Summary of the invention
Inventors have found that the card application data transmission procedure in existing Internet of Things application not can guarantee equipment and not replaced It changes, also not can guarantee data and be not tampered with.Therefore, the card of the prior art is lower using the safety of data transmission procedure.
One technical problem to be solved by the embodiment of the invention is that: how to improve the safety of card application data transmission procedure Property.
First aspect according to some embodiments of the invention provides a kind of embedded chip card, comprising: card applies mould Block is configured as the card application data of generation being sent to encrypting module, and the card application encryption number that encrypting module is returned According to being sent to card application server;Encrypting module is configured as encrypting card application data using card certificate and private key, be generated Card applies encryption data.
In some embodiments, encrypting module is located at security domain.
In some embodiments, card application module is configured to establish card application toolkit with card application server Transport protocol connection, the hypertext transfer protocol connection in security socket layer, any one in bearer independent protocol connection Connection, and card application encryption data is sent to card application server by the connection by establishing.
The second aspect according to some embodiments of the invention provides a kind of card application server, comprising: card application service Module is configured as receiving the card application encryption data of embedded chip card transmission and being sent to card application encryption data testing Module is demonstrate,proved, and card application encryption data is decrypted using the card CertPubKey that authentication module returns;Authentication module is matched Be set to and card application encryption data verified using the card CertPubKey in card certificate, and in response to being verified, Xiang Kaying Card CertPubKey is returned with service module.
In some embodiments, authentication module is configured to obtain card card from embedded chip card management platform Book.
In terms of third according to some embodiments of the invention, provide a kind of using data transmission system, comprising: aforementioned It anticipates a kind of embedded chip card and any one aforementioned card application server.
The 4th aspect according to some embodiments of the invention provides a kind of using data transmission method, comprising: embedded The card application data of generation are sent to encrypting module by the card application module in chip card;Encrypting module in embedded chip card Card application data are encrypted using card certificate and private key, card is generated and applies encryption data;Card application module is by the encryption mould The card application encryption data that block returns is sent to card application server.
In some embodiments, card application module and card application server establish card application toolkit transport protocol connect, Any one connection in hypertext transfer protocol connection, bearer independent protocol connection in security socket layer, and by building Card application encryption data is sent to card application server by vertical connection.
The 5th aspect according to some embodiments of the invention provides a kind of using data transmission method, comprising: card application The card application encryption data that embedded chip card is sent is sent to card application server by the card application service module in server In authentication module;Authentication module verifies card application encryption data using the card CertPubKey in card certificate;In response to It is verified, authentication module returns to card CertPubKey to card application service module;Card application service module is returned using authentication module Card application encryption data is decrypted in the card CertPubKey returned.
In some embodiments, using data transmission method further include: authentication module is from embedded chip card management platform Obtain card certificate.
One embodiment in foregoing invention has the following advantages that or the utility model has the advantages that the present invention can use card certificate and private key It retransmits after being encrypted to card application data, so as to improve the safety in card application data transmission procedure, extends The function of embedded chip card.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.
Fig. 1 is the structure chart using data transmission system according to some embodiments of the invention.
Fig. 2 is the structure chart according to the embedded chip card of some embodiments of the invention.
Fig. 3 is the flow chart using data transmission method according to some embodiments of the invention.
Fig. 4 is the structure chart according to the card application server of some embodiments of the invention.
Fig. 5 is the flow chart using data transmission method according to other embodiments of the invention.
Fig. 6 is the flow chart using data transmission method according to yet other embodiments of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodiments It is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality Proportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable In the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Fig. 1 is the structure chart using data transmission system according to some embodiments of the invention.As shown in Figure 1, the implementation The application data transmission system 10 of example includes embedded chip card 110 and card application server 120.
Embedded chip card 110 is such as can be for eUICC, eSIM, and embedded chip card 110 is located in terminal, the end End can be for example internet of things equipment, such as water power gas meter, environmental sensor, household electrical appliance etc..In some embodiments, Terminal is also possible to other kinds of equipment, and which is not described herein again.Embedded chip card 110 can carry one or more cards and answer With, such as payment application, sensor application, metrology applications etc..
Card application has corresponding card application server, to carry out data interaction with card application.In the present invention, card application Encrypted data transmission is carried out in card application server, to promote the safety of data transmission.
Below with reference to the embedded chip card of Fig. 2 description according to some embodiments of the invention.
Fig. 2 is the structure chart according to the embedded chip card of some embodiments of the invention.As shown in Fig. 2, the embodiment Embedded chip card 210 includes card application module 211 and encrypting module 212.
Card application module 211 is configured as the card application data of generation being sent to encrypting module 212, and will encrypt mould The card application encryption data that block 212 returns is sent to card application server, so that card application server is to card application encryption data It is verified and is decrypted.That is, card application module 211 is applied data, calling encrypting module 212 for generating card, is taken with card application Business device carries out data interaction.
Card application module 211 can for example be located at the issuer security domain configuration file (Issuer of embedded chip card Security Domain Profile, referred to as: ISD-P) in security domain.
In some embodiments, card application module 211 can use card application toolkit transport protocol (Transport Protocol for Card Application Toolkit Applications, referred to as: CAT_TP), security socket layer On hypertext transfer protocol (Hyper Text Transfer Protocol over Secure Socket Layer, letter Claim: HTTPS), the secure transfer protocols such as bearer independent protocol (Bearer Independent Protocol, referred to as: BIP) with Card application server establishes connection, to further promote the safety in data transmission procedure.As needed, art technology Personnel can also use other Data Transport Protocols, and which is not described herein again.
Encrypting module 212 is configured as encrypting card application data using card certificate and private key, generates card application encryption Data, and it is sent to card application module 211.In some embodiments, encrypting module 212 can be located at security domain, such as can be with Positioned at eUICC control authority security domain (eUICC Controlling Authority Security Domain, referred to as: ECASD)。
In the related art, the cards certificate such as eUICC certificate carries out card data distributing, clamp part for eUICC management platform The operation such as authentication, that is, the use of eUICC certificate and association key is only limitted to verify the data of card itself, without right Card carries out any processing using data.
By taking the certificate of eUICC card as an example, eUICC uses the verifying form of certificate chain, that is, by certificate authority (Certificate Authority, referred to as: CA) provides CA certificate, by rights issuer (Certificate Issuer, letter Claim: CI) CI certificate and card vendor (eUICC Manufacturer, referred to as: EUM) certificate are provided, then eUICC card is provided by card vendor Book.
The present invention extends the use of these certificates, so as to be used to authenticate clamp part using these Card application data are encrypted with the certificate of certification, extend the function of embedded chip card.
In some embodiments, card certificate and private key for example can be eUICC certificate and private key, and eUICC certificate and private key is stored in Embedded chip card is local, for example, can store in ECASD, to reduce the risk that key is stolen or distorts.EUICC card The concrete form of book private key and the technical specification of use are related, for example, in global system for mobile communications association (Global System for Mobile Communications assembly) eUICC technical specification Internet of Things series SGP.02 in, EUICC certificate and private key is SK.ECASD.ECKA;In consumer-elcetronics devices series SGP.22, eUICC certificate and private key is SK.EUICC.ECDSA.Those skilled in the art can select corresponding eUICC certificate and private key according to the specification used.
Through the foregoing embodiment, the present invention is retransmited after capable of being encrypted using card certificate and private key to card application data, So as to improve the safety in card application data transmission procedure, the function of embedded chip card is extended.
Below with reference to the application data transmission method of Fig. 3 description according to some embodiments of the invention.
Fig. 3 is the flow chart using data transmission method according to some embodiments of the invention.As shown in figure 3, the implementation The application data transmission method of example includes step S302~S306.
In step s 302, the card application data of generation are sent to encryption mould by the card application module in embedded chip card Block.
Card can be partial data to be transmitted using data, be also possible to partial data and partial data to be transmitted Abstract.If necessary to forward abstract, then card application module can be for example operated by Hash (HASH) to extract the abstract of data.
In step s 304, the encrypting module in embedded chip card adds card application data using card certificate and private key It is close, it generates card and applies encryption data.
One illustrative ciphering process can be such that card certificate and private key to the complete number to be sent in card application data According to being encrypted, and encryption is carried out to the abstract in card application data and generates signature, and signature is attached to encrypted pending After the application data sent, forms card and apply encryption data.
When card application data are complete application data to be sent, another illustrative ciphering process can be as Under: card certificate and private key carries out encryption generation signature to card application data, and signature is attached to using after data, and formation card application adds Ciphertext data.
In step S306, the card application encryption data that encrypting module returns is sent to card application service by card application module Device.
In some embodiments, card application module can be answered by CAT_TP agreement, HTTPS agreement, BIP agreement etc. with card Connection is established with server and transmits data.
Below with reference to the card application server of Fig. 4 description according to some embodiments of the invention.
Fig. 4 is the structure chart according to the card application server of some embodiments of the invention.As shown in figure 4, the embodiment Card application server 420 includes card application service module 421 and authentication module 422.
Card application service module 421 is configured as receiving the card application encryption data of embedded chip card transmission and will block Be sent to authentication module using encryption data, and the card CertPubKey returned using authentication module to card application encryption data into Row decryption.
Authentication module 422 is configured as verifying card application encryption data using the card CertPubKey in card certificate, And card CertPubKey is returned in response to being verified to card application service module.
In some embodiments, authentication module 422 can request card certificate to embedded chip card management platform, to guarantee The card CertPubKey obtained from card certificate is correct.
One illustrative verification process can be such that authentication module 422 extracts card using the signature section in encryption data Point and data portion, and using the card CertPubKey decrypted signature in card certificate.If can decrypt, illustrate to send setting for data Standby is real equipment, then is verified, can continue subsequent decryption oprerations.If the verification passes, authentication module 422 can be to Card application service module 421 returns to card CertPubKey, so that card application service module 421 continues using the decrypted of data Journey.Card application service module 421 applies data using the decryption of card CertPubKey, and compares answering after signature and decryption after decryption It is whether identical with data;Alternatively, compare the signature after decryption with to after decryption using data carry out hashing operation the result is that It is no identical.If identical, illustrate that data are not tampered with.
Through the foregoing embodiment, the data that the present invention can be sent to card application server to embedded chip card are tested Card and decryption, improve the safety of card application data transmission.
The application data transmission method of other embodiments according to the present invention is described below with reference to Fig. 5.
Fig. 5 is the flow chart using data transmission method according to other embodiments of the invention.As shown in figure 5, the reality The application data transmission method for applying example includes step S502~S508.
In step S502, card application that the card application service module in card application server sends embedded chip card Encryption data is sent to the authentication module in card application server.
In step S504, authentication module tests card application encryption data using the card CertPubKey in card certificate Card.
In step S506, in response to being verified, authentication module returns to card CertPubKey to card application service module.
In step S508, the card CertPubKey that card application service module is returned using authentication module is to card application encryption number According to being decrypted.
The application data transmission method of other embodiment according to the present invention is described below with reference to Fig. 6.
Fig. 6 is the flow chart using data transmission method according to yet other embodiments of the invention.As shown in fig. 6, the reality The application data transmission method for applying example includes step S602~S618.
Step S602~S608 occurs in embedded chip card side.
In step S602, card application module carries out Hash operation to the application data of generation, is made a summary, and will apply Data and abstract are sent to encrypting module.
In step s 604, encrypting module carries out encryption to card application data using eUICC certificate and private key and generates signature, and Signature is attached to using generation card after data using encryption data.
In step S606, card application encryption data is sent to card application module by encrypting module.
In step S608, card application module and card application server establish the connection based on security protocol, and card is answered Card application server is sent to by the connection established with encryption data.
Step S610~S618 occurs in card application server side.
In step S610, the card application encryption data received is transmitted to authentication module by card application service module.
In step S612, authentication module obtains EUM certificate from eUICC management platform.
In step S614, authentication module is using the eUICC CertPubKey verifying card in EUM certificate using in encryption data Signature.
In step S616, pass through in response to signature verification, eUICC CertPubKey is sent to card application clothes by authentication module Business module.
In step S618, card application service module is decrypted card application encryption data using eUICC CertPubKey, And it obtains therein using data.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored thereon with computer program, special Sign is, the program realized when being executed by processor it is aforementioned any one using data transmission method.
Those skilled in the art should be understood that the embodiment of the present invention can provide as method, system or computer journey Sequence product.Therefore, complete hardware embodiment, complete software embodiment or combining software and hardware aspects can be used in the present invention The form of embodiment.Moreover, it wherein includes the calculating of computer usable program code that the present invention, which can be used in one or more, Machine can use the meter implemented in non-transient storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of calculation machine program product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It is interpreted as to be realized by computer program instructions each in flowchart and/or the block diagram The combination of process and/or box in process and/or box and flowchart and/or the block diagram.It can provide these computer journeys Sequence instruct to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with A machine is generated, so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for Realize the dress for the function of specifying in one or more flows of the flowchart and/or one or more blocks of the block diagram It sets.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of embedded chip card, comprising:
Card application module is configured as the card application data of generation being sent to encrypting module, and encrypting module is returned Card is sent to card application server using encryption data;
Encrypting module is configured as encrypting card application data using card certificate and private key, generates card and applies encryption data.
2. embedded chip card according to claim 1, wherein the encrypting module is located at security domain.
3. embedded chip card according to claim 1, wherein the card application module is configured to answer with card The connection of card application toolkit transport protocol, hypertext transfer protocol connection, carrying in security socket layer are established with server Any one connection in independent protocol connection, and card application encryption data is sent to card application service by the connection by establishing Device.
4. a kind of card application server, comprising:
Card application service module is configured as receiving the card application encryption data of embedded chip card transmission and adds card application Ciphertext data is sent to authentication module, and is solved using the card CertPubKey that authentication module returns to card application encryption data It is close;
Authentication module is configured as verifying card application encryption data using the card CertPubKey in card certificate, and responded In be verified, to card application service module return card CertPubKey.
5. card application server according to claim 4, wherein the authentication module is configured to from embedded Chip card management platform obtains card certificate.
6. a kind of apply data transmission system, comprising:
Embedded chip card according to any one of claims 1 to 3, and
Card application server described in claim 4 or 5.
7. a kind of apply data transmission method, comprising:
The card application data of generation are sent to encrypting module by the card application module in embedded chip card;
Encrypting module in embedded chip card encrypts card application data using card certificate and private key, generates card application encryption Data;
The card application encryption data that the encrypting module returns is sent to card application server by the card application module.
8. according to claim 7 apply data transmission method, wherein the card application module is built with card application server Hypertext transfer protocol connection, bearer independent protocol in vertical card application toolkit transport protocol connection, security socket layer connect Any one connection in connecing, and card application encryption data is sent to card application server by the connection by establishing.
9. a kind of apply data transmission method, comprising:
The card application encryption data that embedded chip card is sent is sent to card by the card application service module in card application server Authentication module in application server;
The authentication module verifies card application encryption data using the card CertPubKey in card certificate;
It is verified in response to described, the authentication module returns to card CertPubKey to card application service module;
The card application service module is decrypted card application encryption data using the card CertPubKey that authentication module returns.
10. according to claim 9 apply data transmission method, further includes:
The authentication module obtains card certificate from embedded chip card management platform.
CN201710992056.3A 2017-10-23 2017-10-23 Embedded chip card, card application server and application data transmission system and method Active CN109698815B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710992056.3A CN109698815B (en) 2017-10-23 2017-10-23 Embedded chip card, card application server and application data transmission system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710992056.3A CN109698815B (en) 2017-10-23 2017-10-23 Embedded chip card, card application server and application data transmission system and method

Publications (2)

Publication Number Publication Date
CN109698815A true CN109698815A (en) 2019-04-30
CN109698815B CN109698815B (en) 2021-08-31

Family

ID=66226758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710992056.3A Active CN109698815B (en) 2017-10-23 2017-10-23 Embedded chip card, card application server and application data transmission system and method

Country Status (1)

Country Link
CN (1) CN109698815B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333656A (en) * 2020-11-03 2021-02-05 联通物联网有限责任公司 Gas meter data transmission method and gas meter

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841525A (en) * 2010-03-02 2010-09-22 中国联合网络通信集团有限公司 Secure access method, system and client
CN102882847A (en) * 2012-08-24 2013-01-16 山东省计算中心 Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof
US20140258711A1 (en) * 2014-05-20 2014-09-11 Airwatch Llc Application Specific Certificate Management
CN106101068A (en) * 2016-05-27 2016-11-09 宇龙计算机通信科技(深圳)有限公司 Terminal communicating method and system
CN106855924A (en) * 2016-12-16 2017-06-16 南方城墙信息安全科技有限公司 Embedded intelligent chip equipment and background application system
CN106973056A (en) * 2017-03-30 2017-07-21 中国电力科学研究院 The safety chip and its encryption method of a kind of object-oriented
CN107172027A (en) * 2017-05-05 2017-09-15 北京凤凰理理它信息技术有限公司 Certificate management method, storage device, storage medium and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841525A (en) * 2010-03-02 2010-09-22 中国联合网络通信集团有限公司 Secure access method, system and client
CN102882847A (en) * 2012-08-24 2013-01-16 山东省计算中心 Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof
US20140258711A1 (en) * 2014-05-20 2014-09-11 Airwatch Llc Application Specific Certificate Management
CN106101068A (en) * 2016-05-27 2016-11-09 宇龙计算机通信科技(深圳)有限公司 Terminal communicating method and system
CN106855924A (en) * 2016-12-16 2017-06-16 南方城墙信息安全科技有限公司 Embedded intelligent chip equipment and background application system
CN106973056A (en) * 2017-03-30 2017-07-21 中国电力科学研究院 The safety chip and its encryption method of a kind of object-oriented
CN107172027A (en) * 2017-05-05 2017-09-15 北京凤凰理理它信息技术有限公司 Certificate management method, storage device, storage medium and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333656A (en) * 2020-11-03 2021-02-05 联通物联网有限责任公司 Gas meter data transmission method and gas meter
CN112333656B (en) * 2020-11-03 2023-07-11 联通物联网有限责任公司 Gas meter data transmission method and gas meter

Also Published As

Publication number Publication date
CN109698815B (en) 2021-08-31

Similar Documents

Publication Publication Date Title
US10880732B2 (en) Authentication of phone caller identity
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN103067401B (en) Method and system for key protection
CN106304074B (en) Auth method and system towards mobile subscriber
CN102170357B (en) Combined secret key dynamic security management system
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN103078742B (en) Generation method and system of digital certificate
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN106227503A (en) Safety chip COS firmware update, service end, terminal and system
CN104580250A (en) System and method for authenticating credible identities on basis of safety chips
CN109257328B (en) Safe interaction method and device for field operation and maintenance data
CN105553932A (en) Method, device and system of remote control safety binding of intelligent home appliance
CN103297403A (en) Method and system for achieving dynamic password authentication
CN105790938A (en) System and method for generating safety unit key based on reliable execution environment
US20170070353A1 (en) Method of managing credentials in a server and a client system
CN109728913B (en) Equipment validity verification method, related equipment and system
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN104424446A (en) Safety verification and transmission method and system
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
CN104683107B (en) Digital certificate keeping method and device, digital signature method and device
CN112689981A (en) Communication authentication system and method between vehicle, charging station, and charging station management server
CN105376064A (en) Anonymous message authentication system and message signing method thereof
CN104202170A (en) Identity authentication system and method based on identifiers
CN110460674A (en) A kind of information-pushing method, apparatus and system
CN107154916A (en) A kind of authentication information acquisition methods, offer method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant