CN110366161B - Card opening method and device, related equipment and storage medium - Google Patents

Card opening method and device, related equipment and storage medium Download PDF

Info

Publication number
CN110366161B
CN110366161B CN201810319863.3A CN201810319863A CN110366161B CN 110366161 B CN110366161 B CN 110366161B CN 201810319863 A CN201810319863 A CN 201810319863A CN 110366161 B CN110366161 B CN 110366161B
Authority
CN
China
Prior art keywords
card
writing
terminal
smart card
message format
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810319863.3A
Other languages
Chinese (zh)
Other versions
CN110366161A (en
Inventor
陈国华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810319863.3A priority Critical patent/CN110366161B/en
Publication of CN110366161A publication Critical patent/CN110366161A/en
Application granted granted Critical
Publication of CN110366161B publication Critical patent/CN110366161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a card opening method, a card opening device, a terminal, an intelligent card and a storage medium. Wherein the method comprises the following steps: the terminal acquires authentication information from the smart card by calling a corresponding native Application Programming Interface (API) of the terminal operating system and based on a case2 type message format in an Application Protocol Data Unit (APDU) command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card; sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.

Description

Card opening method and device, related equipment and storage medium
Technical Field
The invention relates to the field of smart cards in communication, in particular to a card opening method, a device, a terminal, a smart card and a storage medium.
Background
The User Identity Module card (including UIM (User Identity Module) card and SIM (Subscriber Identity Module) card) is an important physical identifier of the mobile Identity of the User and is also an important resource grasped by the operator. The sim card is a separate secure carrier on which security-related card applications, such as a card shield (i.e. the functionality of the U shield is implemented on the card), can be carried.
At present, the following two ways for a user to open a card are mainly used:
first, a smart card (which may be a UIM card or a SIM card) is written using a subscriber identity module (STK) function of a smart card, but this method has a security risk.
Secondly, card writing is performed by using an Open Mobile API, however, this method requires that the terminal is integrated with the Open Mobile API, but most terminals are not integrated with the Open Mobile API, which is not favorable for popularization.
In summary, the related art card opening methods all have certain drawbacks.
Disclosure of Invention
In order to solve the existing technical problems, embodiments of the present invention provide a card opening method, device, terminal, smart card, and storage medium.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a card opening method, which is applied to a terminal and comprises the following steps:
acquiring authentication information from a smart card by calling a corresponding native Application Programming Interface (API) of the terminal operating system and based on a case2 type message format in an Application Protocol Data Unit (APDU);
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
In the foregoing solution, the acquiring authentication information from the smart card based on the case2 type message format in the APDU command includes:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
In the foregoing solution, the sending the card data to the smart card through a message format based on a case3 type in an APDU command includes:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
In the foregoing solution, the method further includes:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
The embodiment of the invention also provides a card opening method which is applied to the intelligent card and comprises the following steps:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
In the foregoing solution, the providing authentication information for a terminal based on a case2 type message format in an APDU command includes:
receiving an initial card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
In the foregoing solution, the receiving card data sent by the terminal based on a case3 type message format in an APDU command includes:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
In the above scheme, the method further comprises:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the intelligent card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
The embodiment of the invention also provides a card opening device, which comprises:
the acquisition unit is used for acquiring authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in an APDU command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
the first card writing unit is used for sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
In the foregoing solution, the obtaining unit is specifically configured to:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
In the foregoing solution, the first card writing unit is specifically configured to:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
In the foregoing solution, the first card writing unit is further configured to:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquisition command.
The embodiment of the invention also provides a card opening device, which comprises:
a providing unit, configured to provide authentication information for the terminal based on a case2 type message format in the APDU command; the authentication information is used for authenticating the smart card;
a second card writing unit, configured to receive card data sent by the terminal based on a case3 type message format in the APDU command; and performing a card writing operation using the card data.
In the foregoing solution, the providing unit is specifically configured to:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialized state, and returning the authentication information to the terminal.
In the foregoing solution, the second card writing unit is specifically configured to:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
In the foregoing solution, the second card writing unit is further configured to:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the intelligent card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
An embodiment of the present invention further provides a terminal, including: a first processor and a first memory for storing a computer program capable of running on the first processor,
wherein the first processor, when executing the computer program, is configured to perform:
acquiring authentication information from the smart card by calling a corresponding native port API of the terminal operating system and based on a case2 type message format in an APDU command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
In the foregoing solution, the first processor is configured to, when running the computer program, execute:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
In the foregoing solution, the first processor is configured to, when running the computer program, execute:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
In the foregoing solution, the first processor is further configured to, when running the computer program, execute:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
An embodiment of the present invention further provides a smart card, including: a second processor and a second memory for storing a computer program capable of running on said second processor,
wherein the second processor is configured to execute, when running the computer program:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
In the foregoing solution, the second processor is configured to, when running the computer program, execute:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
In the foregoing solution, the second processor is configured to, when running the computer program, execute:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
In the foregoing solution, the second processor is further configured to, when running the computer program, execute:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
An embodiment of the present invention further provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any one of the methods on the terminal side or implements the steps of any one of the methods on the smart card side.
According to the card opening method, the card opening device, the terminal, the smart card and the storage medium provided by the embodiment of the invention, the terminal obtains the authentication information from the smart card by calling the corresponding native API of the terminal operating system and based on the case2 type message format in the APDU command; the terminal sends the authentication information to a platform; receiving card data sent by the platform; here, the card data is sent after the platform successfully authenticates the smart card, and the terminal sends the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; and after receiving the card data, the intelligent card writes the card by utilizing the card data. According to the scheme provided by the embodiment of the invention, the interaction with the intelligent card is realized by virtue of the native API of the terminal operating system, and the interaction process is protected by a safety mechanism, so that the information in the card writing process can be ensured not to be acquired, tampered and deleted for other applications, the card writing safety is improved, and the method is widely popularized. Simultaneously, realize writing the card flow through the combination of case2 and case3 type instruction, and case2 and case3 type instruction can be discerned by the baseband chip accuracy at terminal, and then make APP can follow the smart card accuracy and acquire the execution result, so, can improve the success rate of writing the card greatly.
Drawings
Fig. 1 is a schematic flow chart of a terminal side card opening method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a smart card side card opening method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a card opening method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a card opening process according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a state of a smart card according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a card opening device according to an embodiment of the present invention;
FIG. 7 is a schematic structural diagram of another card opening device according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a terminal structure according to an embodiment of the present invention;
FIG. 9 is a diagram illustrating a smart card according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a card opening system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
The process of writing the card using the STK function of the smart card (which may be a UIM card or a SIM)) includes: writing a card writing instruction in the address book of the STK by using the address book function of the STK on the intelligent card by using an application program (APP) of the terminal, then obtaining the card writing instruction by the intelligent card and executing card writing operation, and writing a card writing result into a specific communication area after the card writing is finished; and the APP acquires the card writing result from the area. In the method, card writing and card obtaining are asynchronous processing, the APP needs to be obtained regularly, the address book of the STK allows other APPs to access, and the risk that other applications obtain, delete and tamper with card writing instructions and card writing results exists. I.e. there is a security risk of the book.
The process of writing the card by utilizing the Open Mobile API mainly comprises the following steps:
an interface provided by the Open Mobile API and used for sending an APDU (advanced configuration protocol data Unit) instruction by a smart card (which can be a UIM (user identity Module) card or a SIM (subscriber identity Module) card) can be provided for a third party application to call, and the Open Mobile API is called to send a card writing instruction to complete the card writing process; however, the Open Mobile API is an Open-source third-party scheme, and needs to be integrated in a system before the terminal leaves a factory, that is, the Open Mobile API needs to be prefabricated before the terminal leaves the factory. Except for Near Field Communication (NFC) terminals, most terminals in the market currently have no Open Mobile API, so this card-opening method is not suitable for wide popularization.
On the other hand, some operating systems have their own APIs capable of providing interfaces for accessing the smart card (which may be a UIM card or a SIM card), so that third-party applications may send APDU commands to the smart card by calling these standard APIs to implement interaction with the card, and thus, the problem that Open Mobile requires factory pre-provisioning of the terminal and asynchronous interaction with the STK can be solved.
Meanwhile, the interfaces can provide an Access Control (ACE) mechanism, namely a security mechanism, in which only the APP authorized on the smart card can Access the smart card through the API, so that the risk that the STK is used by other applications to acquire, delete and tamper instructions and results in the card writing process can be solved, that is, the security of the card writing can be improved through the mechanism.
In a third aspect, consideration is needed to improve the success rate of card writing, which can be implemented using APDU commands. The APDU command has four types of formats, which are: case1, case2, case3, and case4. These four types of commands are analyzed below.
The case1 type command has no data to be sent to the smart card or data to be returned to the terminal from the smart card, however, the terminal and the smart card have data interaction during the card writing process, so the type of command is not suitable for the card writing process.
No data in the case2 type command is sent to the smart card, data is returned from the smart card, and the baseband chip platform of the terminal can correctly process the APDU instruction of the case2 type.
Data in the case3 type command is sent to the smart card, no data is returned from the smart card, and the baseband chip platform of the terminal can correctly process the APDU instruction of the case3 type.
The Case4 type of command has both data to be sent to the smart card and data from the smart card to be returned to the terminal. For the type of command, when the baseband chip of the terminal processes the case4 type of command, the baseband chips of various manufacturers have individual differences, and some baseband chips cannot correctly process the type of command, so that the APP cannot acquire an instruction execution result from the smart card according to the prefabrication, and further the card writing operation cannot be completed by using the case4 type of instruction.
Based on the above analysis, in various embodiments of the invention: and an API of an operating system capable of providing a security mechanism is adopted to interact with the smart card, and a card writing process is realized through the combination of case2 and case3 type instructions.
According to the scheme provided by the embodiment of the invention, the API of the operating system capable of providing the security mechanism is adopted to interact with the smart card, so that the information in the card writing process can be ensured not to be acquired, tampered and deleted for other applications, the card writing security is improved, and the method and the device are widely popularized. Simultaneously, realize writing the card flow through the combination of case2 and case3 type instruction, and case2 and case3 type instruction can be discerned by the baseband chip accuracy at terminal, and then make APP can follow the smart card accuracy and acquire the execution result, so, can improve the success rate of writing the card greatly.
The embodiment of the invention provides a card writing method, which is applied to a terminal and comprises the following steps:
step 101: acquiring authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command;
specifically, based on a case2 type message format in the APDU command, sending an initialization card writing instruction to the smart card; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card.
And receiving the authentication information sent by the intelligent card.
That is, the format of the initialization card writing instruction is a case2 type message format.
Here, since the format of the command sent by the terminal to the smart card is a case2 type message format, the data structure of the authentication information sent by the smart card also corresponds to the case2 type message format, and may also be understood as matching.
The communication path between the terminal and the intelligent card is as follows: the terminal calls a corresponding native API of the operating system of the terminal, the native API interacts with a baseband chip of the terminal, and the baseband chip communicates with the smart card.
The native API may be understood as an (existing) API that the operating system is self-contained.
In practical application, the operating system may be Android (Android), iOS, or the like.
In practical application, the smart card is a blank card.
Step 102: sending the authentication information to a platform;
here, the authentication information is used to authenticate the smart card.
In actual application, the authentication information may include an empty card serial number, a card writing random number, and the like of the smart card.
Step 103: receiving card data sent by the platform;
here, the card data is transmitted after the platform successfully authenticates the smart card.
In practical application, the card data returned by the platform is encrypted, the terminal sends the encrypted card data to the smart card, and the smart card decrypts the card data and writes the card.
Step 104: and sending the card data to the smart card by calling the API and based on a case3 type message format in the APDU command.
Here, the transmitted card data is used for a card writing operation of the smart card.
It should be noted that: the terminal can establish a secure connection with the smart card by calling the API; the interaction process between the terminal and the smart card is realized through the established safe connection.
In actual application, the operating system can provide a security access mechanism. In practical applications, such security mechanisms may be various, such as: when the API is called, the operating system of the terminal sends verification information of the APP calling the API to the smart card, the smart card verifies the corresponding APP by using the verification information, and after the verification is successful, the operating system allows the corresponding APP to call the API.
For another example: the method comprises the steps that an access control rule is stored in the smart card, an operating system obtains the access control rule from the smart card, when the API is called, the operating system judges whether the corresponding APP calling the API has access right to the smart card or not by using the obtained access control rule, and when the corresponding APP is determined to have the access right to the smart card according to the access control rule, the corresponding APP is allowed to call the API.
For the two examples above, when the operating system allows the corresponding APP to call the API, it indicates that the secure connection between the terminal and the smart card has been established.
It should be noted that: in practical application, the security mechanism may also be implemented in other ways, which is not limited in the embodiment of the present invention.
In an embodiment, the terminal sends a card writing message instruction carrying the card data to the smart card based on a case3 type message format in an APDU command, so as to send the card data to the smart card.
That is to say, the format of the card writing message instruction is a case3 type message format.
In actual application, the smart card feeds back a card writing execution state to the terminal so as to inform the terminal whether the card writing is successful.
Based on this, in an embodiment, the method may further include:
the terminal receives a card writing execution state returned by the intelligent card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the card writing of the intelligent card is successful, the terminal sends a card writing state acquisition command to the intelligent card based on a case2 type message format in an APDU command;
and the terminal receives the card writing state returned by the smart card based on the card writing state acquisition command.
Here, the data structure of the card writing status returned by the smart card also corresponds to the case2 type message format.
Correspondingly, an embodiment of the present invention further provides a card writing method, which is applied to a terminal, and as shown in fig. 2, the method includes:
step 201: based on the case2 type message format in the APDU command, providing authentication information for the terminal;
specifically, an initial card writing instruction sent by the terminal is received based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
That is, after receiving the initialization card writing command, the smart card enters into a card writing initialization state so as to wait for a command corresponding to card data sent by the terminal, and when receiving other commands, the smart card enters into an idle (idle) state.
Here, the authentication information is used to authenticate the smart card.
Step 202: receiving card data sent by the terminal based on a case3 type message format in an APDU command;
specifically, based on a case3 type message format in the APDU command, a card writing message instruction carrying the card data sent by the terminal is received.
In practical application, the card data received by the smart card is encrypted, and the encrypted card data needs to be decrypted and then written.
Step 203: and performing card writing operation by using the card data.
In actual application, the smart card feeds back a card writing execution state to the terminal to inform the terminal whether the card writing is successful.
Based on this, in an embodiment, the method may further include:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
An embodiment of the present invention further provides a card writing method, as shown in fig. 3, the method includes:
step 301: the terminal acquires authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command;
in other words, the smart card provides the authentication information to the terminal based on the case2 type message format in the APDU command.
Step 302: the terminal sends the authentication information to a platform;
here, the authentication information is used to authenticate the smart card.
Step 303: the terminal receives card data sent by the platform;
here, the card data is transmitted after the platform successfully authenticates the smart card.
Step 304: the terminal sends the card data to the smart card by calling the API and based on a case3 type message format in an APDU command;
step 305: and after receiving the card data, the intelligent card writes the card by utilizing the card data.
The terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
It should be noted that: the specific processing procedures of the terminal and the smart card are described in detail above, and are not described herein again.
According to the card opening method provided by the embodiment of the invention, the terminal acquires the authentication information from the intelligent card by calling the corresponding native API of the terminal operating system and based on the case2 type message format in the APDU command; the terminal sends the authentication information to a platform; receiving card data sent by the platform; here, the card data is sent after the platform successfully authenticates the smart card, and the terminal sends the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; and after receiving the card data, the intelligent card writes the card by using the card data. According to the scheme provided by the embodiment of the invention, the interaction with the intelligent card is realized by virtue of the native API of the terminal operating system, and the interaction process is protected by a safety mechanism, so that the information in the card writing process can be ensured not to be acquired, tampered and deleted for other applications, the card writing safety is improved, and the method is widely popularized. Simultaneously, realize writing the card flow through the combination of case2 and case3 type instruction, and case2 and case3 type instruction can be discerned by the baseband chip accuracy at terminal, and then make APP can follow the smart card accuracy and acquire the execution result, so, can improve the success rate of writing the card greatly.
In addition, in the whole process, the intelligent card performs corresponding operation only when receiving a specific instruction, so that the safety of card writing is further ensured.
The invention is described in more detail below with reference to an application example.
In the embodiment of the present application, an Android system (Android 5.1 or more) is taken as an example for description. The scheme of the embodiment of the invention is realized in a software mode, and in the embodiment of the invention, the scheme is called APP. The smart card may be a SIM card or a UIM card.
It should be noted that: before card writing, the APP establishes a secure connection with the smart card through an API of an Android system, that is, the APP is an APP authorized on the smart card, that is, the APP with access permission, and the Android system allows the APP to call the API.
The flow of card writing in the embodiment of the present application, as shown in fig. 4, includes the following steps:
step 401: the APP sends an initial card writing instruction in a case2 type format to the smart card;
the format of the initialization card writing command (APDU command) -B5010000 command in case2 type format is defined as shown in table 1:
TABLE 1
Figure BDA0001624979330000141
Step 402: after receiving the instruction, the intelligent card enters a card writing initialization state and returns card information required by card writing to the APP;
here, the card information required for card writing is authentication information.
In practical application, the card information may include: empty card serial number, write card random number, etc.
The data structure of the corresponding returned card information of the smart card is shown in table 2:
TABLE 2
Figure BDA0001624979330000151
Here, in practical application, the smart card generates a card writing session key encrypted by the card writing package name by using two dispersion factors, namely, the empty card serial number and the card writing random number, and the skey of the card, and uses the card writing session key for subsequently decrypting the card data.
Step 403: after receiving the card information, the APP sends the card information of the smart card to the card writing platform;
step 404: after receiving the card information, the card writing platform finds out the skey of the intelligent card according to the empty card serial number, generates a session secret key by using two dispersion factors of the empty card serial number and the card writing random number and the skey of the intelligent card, encrypts a card writing message by using the return session secret key, and then sends the card writing message to the APP;
step 405: after receiving the encrypted card writing message, the APP sends a card writing message instruction in a case3 type format to the smart card;
here, after sending the card writing message command, it indicates that the smart card enters the card writing state.
The card writing message instruction in the case3 type format-a 50000XX + Data format is defined as shown in table 3:
TABLE 3
Code Value (Hex)
INS 0xA5
P1 0x00
P2 0x00
P3 0xXX: XX is the length of Data
Data (Data) Card writing message generated by encryption
Step 406: after receiving the card writing message command, the intelligent card completes the card writing operation according to the card data issued by the command;
specifically, the smart card judges whether the length of Data in the command is 0xXX byte of P3, and if the length of the card writing message is correct, the generated session key is used for decrypting the card Data of the Data part in the command and writing the card Data into the smart card, so that the card writing operation is completed.
Step 407: after the smart card finishes the card writing operation, returning a card writing execution state to the APP;
here, the corresponding write card execution state data structure is shown in table 4:
TABLE 4
Figure BDA0001624979330000161
Step 408: after receiving the 9E0X, the APP sends a card writing state acquisition command in a case2 type format to the smart card;
here, the get card status write instruction in case2 type format-A900000X, where X is X in 9E0X and represents the number of bytes returned by the card accordingly.
Step 409: and after receiving the command of acquiring the card writing state, the smart card returns the card writing state to the APP.
Here, the corresponding write card status data structure is shown in table 5:
TABLE 5
Return value Means of
0x00+ MAC check value Writing cardSuccessful
0x02+ MAC check value Card writing data MAC error
0x03+ MAC check value Card data exception (tag error, etc.)
And completing the card writing process. In the process, the APP interacts with the smart card by calling the API of the Android system.
In addition, in this process, as shown in fig. 5, the smart card has three states, specifically,
in the first state, after power-on starting, the intelligent card enters an IDLE state;
in the second state, after the IDLE state smart card receives a specific instruction (card writing initialization state instruction, specifically, B5010000 instruction) and completes execution, the IDLE state smart card enters the card writing initialization state;
after entering the card writing initialization state, when receiving a card writing message instruction (i.e., an A50000XX + Data instruction), performing card writing operation, and entering a third state after the card writing operation is completed.
If other instructions are received, the smart card returns to the IDLE state.
In the third state, a specific instruction (a card writing message instruction, i.e., a50000XX + Data instruction) is received in the card writing initialization state, and the card writing completion state is entered after the execution is completed.
When a specific command (a card writing state obtaining command, i.e., an a900000X command) is received in the card writing completion state, the card writing result may be obtained. And when the intelligent card is restarted after power failure, the card writing result is lost.
As can be seen from the above description, in the solution provided in the embodiment of the present invention, the card writing process is implemented in a manner of combining the case2 and case3 commands; in the process, the safety mechanism provided by the operating system is used for ensuring the safety of the information in the interaction process of the APP and the smart card, the safety interaction between the APP and the smart card can be realized without presetting other third party schemes before the terminal leaves a factory, the information is prevented from being tampered, deleted and the like, and therefore the method is widely popularized. And the card writing is realized by combining the case2 and case3 commands, and the whole card writing process has a strict interaction process and a state protection mechanism of the intelligent card, so that the success rate of the card writing is greatly improved.
In order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a card opening device, which is disposed on a terminal, and as shown in fig. 6, the device includes:
an obtaining unit 61, configured to obtain authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
a first card writing unit 62, configured to send the card data to the smart card by calling the API and based on a message format of a case3 type in the APDU command; the sent card data is used for the smart card to write; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
Wherein, the communication path between the terminal and the smart card is as follows: the terminal calls a corresponding native API of the operating system of the terminal, the native API interacts with a baseband chip of the terminal, and the baseband chip communicates with the smart card.
The native API may be understood as an (existing) API that the operating system is self-contained.
In an embodiment, the obtaining unit 61 is specifically configured to:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
That is, the format of the initialization card writing instruction is a case2 type message format.
In an embodiment, the first card writing unit is specifically configured to:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
That is, the format of the card writing message instruction is a case3 type message format.
In actual application, the smart card feeds back a card writing execution state to the terminal so as to inform the terminal whether the card writing is successful.
Based on this, in an embodiment, the first card writing unit 62 is further configured to:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
In practical applications, the obtaining unit 61 and the first card writing unit 62 may be implemented by a processor in the card opening device.
It should be noted that: in the foregoing embodiment, the division of the program modules is merely used as an example for the case of opening the card, and in practical applications, the above processing may be distributed to different program modules as needed, that is, the internal structure of the device may be divided into different program modules to complete all or part of the above-described processing. In addition, the card opening device and the card opening method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
In order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a device for opening a card, which is disposed on a smart card, and as shown in fig. 7, the device includes:
a providing unit 71, configured to provide authentication information for the terminal based on a message format of a case2 type in the APDU command; the authentication information is used for authenticating the smart card;
a second card writing unit 72, configured to receive card data sent by the terminal based on a case3 type message format in the APDU command; and performing card writing operation by using the card data.
In an embodiment, the providing unit 71 is specifically configured to:
receiving an initial card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
In an embodiment, the second card writing unit 72 is specifically configured to:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
In actual application, the smart card feeds back a card writing execution state to the terminal to inform the terminal whether the card writing is successful.
Based on this, in an embodiment, the second card writing unit 72 is further configured to:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
In practical applications, the providing unit 71 and the second card writing unit 72 may be implemented by a processor in the card opening device.
It should be noted that: in the card opening device provided in the above embodiment, only the division of each program module is illustrated when the card is opened, and in practical applications, the processing may be distributed to different program modules as needed, that is, the internal structure of the device may be divided into different program modules to complete all or part of the processing described above. In addition, the card opening device and the card opening method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
Based on the hardware implementation of the above device, and in order to implement the method for implementing the terminal side of the present invention, an embodiment of the present invention further provides a terminal, as shown in fig. 8, where the terminal 80 includes:
a first communication interface 81 capable of information interaction with other devices;
the first processor 82 is connected to the first communication interface 81 to implement information interaction with other devices, and is configured to execute the method provided by one or more technical solutions of the terminal side when running a computer program. And a computer program capable of running on said first processor 82 is stored on the first processor 81.
Specifically, the first processor 82 is configured to, when running the computer program, perform:
acquiring authentication information from the smart card by calling a corresponding native port API of the terminal operating system and based on a case2 type message format in an APDU command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
In an embodiment, the first processor 82, when running the computer program, is configured to perform:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
In an embodiment, the first processor 82, when running the computer program, is configured to perform:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
In an embodiment, the first processor 82 is further configured to, when running the computer program, perform:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquisition command.
The specific processing procedure of the first processor 82 can be understood by referring to a method, which is not described herein.
Of course, in practical applications, the terminal 80 may further include: a user interface 84. The various components in the terminal 80 are coupled together by a bus system 85. It will be appreciated that the bus system 85 is used to enable communications among the components connected. The bus system 85 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 85 in FIG. 8.
The number of the first processors 82 is at least one.
The user interface 84 may include buttons, a touch sensitive pad, a touch screen, or the like.
The first memory 83 in the embodiment of the present invention is used to store various types of data to support the operation of the terminal 80. Examples of such data include: any computer program for operating on the terminal 80.
The method disclosed in the above embodiments of the present invention may be applied to the first processor 82, or implemented by the first processor 82. The first processor 82 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the first processor 82. The first Processor 82 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, etc. The first processor 82 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software module may be located in a storage medium located in the first memory 83, and the first processor 82 reads the information in the first memory 83 to complete the steps of the foregoing method in combination with the hardware thereof.
In an exemplary embodiment, the terminal 80 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable Logic Devices (PLDs), complex Programmable Logic Devices (CPLDs), field-Programmable Gate arrays (FPGAs), general-purpose processors, controllers, micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.
Based on the hardware implementation of the above device, and in order to implement the method for implementing the smart card side of the present invention, an embodiment of the present invention further provides a smart card, as shown in fig. 9, where the smart card 90 includes:
a second processor 91 and a second memory 92 for storing computer programs capable of running on said second processor,
wherein the second processor 91 is configured to, when running the computer program, perform:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
In an embodiment, the second processor 91 is configured to, when running the computer program, perform:
receiving an initial card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialized state, and returning the authentication information to the terminal.
In an embodiment, the second processor 91 is configured to, when running the computer program, perform:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
In an embodiment, the second processor 91 is further configured to, when running the computer program, perform:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the intelligent card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
The specific processing procedure of the second processor 91 can be understood by referring to the method, which is not described herein.
Of course, in practical applications, the smart card 90 may further include a second communication interface 93 for interacting with a terminal. The various components of the smart card 90 are coupled together by a bus system 94. It will be appreciated that the bus system 94 is used to enable communications among the components of the connection. The bus system 94 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 94 in FIG. 9.
The second memory 92 in the embodiment of the present invention is used to store various types of data to support the operation of the smart card 90. Examples of such data include: any computer program for operating on the smart card 90.
The method disclosed in the above embodiments of the present invention may be applied to the second processor 91, or implemented by the second processor 91. The second processor 91 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the second processor 91. The second processor 91 described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The second processor 91 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the second memory 92, and the second processor 91 reads the information in the second memory 92 and performs the steps of the foregoing method in combination with the hardware thereof.
In an exemplary embodiment, the smart card 90 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general-purpose processors, controllers, MCUs, microprocessors, or other electronic components for performing the aforementioned methods.
It will be appreciated that the memories (first memory 83 and second memory 92) of embodiments of the present invention may be either volatile memory or non-volatile memory, and may include both volatile and non-volatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a magnetic random access Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), synchronous Static Random Access Memory (SSRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), synchronous Dynamic Random Access Memory (SLDRAM), direct Memory (DRmb Access), and Random Access Memory (DRAM). The described memory for embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
In order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides a card opening system, as shown in fig. 10, where the system includes:
the terminal 101 is configured to obtain authentication information from the smart card 102 by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card; sending the card data to the smart card 102 by calling the API and based on a case3 type message format in the APDU command;
the smart card 102 is configured to perform a card writing operation using the card data after receiving the card data.
It should be noted that: the specific processing procedures of the terminal 101 and the smart card 102 have been described in detail above, and are not described in detail here.
In an exemplary embodiment, the present invention further provides a storage medium, i.e. a computer storage medium, in particular a computer readable storage medium, for example comprising a first memory 83 storing a computer program, which is executable by a first processor 82 of the terminal 80 to perform the steps of the aforementioned method. For example, the second memory 92 stores a computer program that can be executed by the second processor 91 of the smart card 90 to perform the steps of the method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
It should be noted that: the technical schemes described in the embodiments of the present invention can be combined arbitrarily without conflict.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (25)

1. A card opening method is applied to a terminal, and the method comprises the following steps:
acquiring authentication information from the smart card by calling a corresponding native Application Programming Interface (API) of the terminal operating system and based on a case2 type message format in an Application Protocol Data Unit (APDU) command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
2. The method according to claim 1, wherein the obtaining the authentication information from the smart card based on a case2 type message format in the APDU command comprises:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
3. The method according to claim 1, wherein said sending the card data to the smart card by a message format based on a case3 type in an APDU command comprises:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
4. The method of claim 1, further comprising:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquisition command.
5. A card opening method is applied to a smart card, and comprises the following steps:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
6. The method according to claim 5, wherein the providing the authentication information for the terminal based on the case2 type message format in the APDU command comprises:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
7. The method according to claim 5, wherein the receiving card data sent by the terminal based on a case3 type message format in an APDU command comprises:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
8. The method of claim 5, further comprising:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
9. A card opening device, characterized in that the device comprises:
the acquiring unit is used for acquiring the authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
the first card writing unit is used for sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
10. The apparatus according to claim 9, wherein the obtaining unit is specifically configured to:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
11. The apparatus of claim 9, wherein the first card writing unit is specifically configured to:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
12. The apparatus of claim 9, wherein the first card writing unit is further configured to:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
13. A card opening device, characterized in that the device comprises:
a providing unit, configured to provide authentication information for the terminal based on a case2 type message format in the APDU command; the authentication information is used for authenticating the smart card;
a second card writing unit, configured to receive card data sent by the terminal based on a case3 type message format in the APDU command; and performing card writing operation by using the card data.
14. The apparatus according to claim 13, wherein the providing unit is specifically configured to:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
15. The apparatus of claim 13, wherein the second card writing unit is specifically configured to:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
16. The apparatus of claim 13, wherein the second card writing unit is further configured to:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the intelligent card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
17. A terminal, characterized in that the terminal comprises: a first processor and a first memory for storing a computer program capable of running on the first processor,
wherein the first processor, when executing the computer program, is configured to perform:
acquiring authentication information from the smart card by calling a corresponding native port API of the terminal operating system and based on a case2 type message format in an APDU command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
18. The terminal according to claim 17, wherein the first processor, when executing the computer program, is configured to perform:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
19. The terminal according to claim 17, wherein the first processor, when executing the computer program, is configured to perform:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
20. The terminal of claim 17, wherein the first processor, when executing the computer program, is further configured to perform:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
21. A smart card, characterized in that the smart card comprises: a second processor and a second memory for storing a computer program capable of running on the second processor,
wherein the second processor, when executing the computer program, is configured to perform:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
22. The smart card of claim 21, wherein the second processor, when executing the computer program, is configured to perform:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialized state, and returning the authentication information to the terminal.
23. The smart card of claim 21, wherein the second processor, when executing the computer program, is configured to perform:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
24. The smart card of claim 21, wherein the second processor, when executing the computer program, is further configured to perform:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
25. A computer storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the steps of a method according to any one of claims 1 to 4, or implementing the steps of a method according to any one of claims 5 to 8.
CN201810319863.3A 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium Active CN110366161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810319863.3A CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810319863.3A CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110366161A CN110366161A (en) 2019-10-22
CN110366161B true CN110366161B (en) 2023-01-03

Family

ID=68214346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810319863.3A Active CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110366161B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170794B (en) * 2023-04-25 2023-08-08 深圳市微付充科技有限公司 Online idle issuing system and method for smart card

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104918230A (en) * 2014-03-11 2015-09-16 中国移动通信集团内蒙古有限公司 Card writing method, device and system
CN106856465B (en) * 2015-12-08 2019-06-28 中国电信股份有限公司 For realizing the methods, devices and systems of mobile authentication
CN105825134A (en) * 2016-03-16 2016-08-03 中国联合网络通信集团有限公司 Intelligent card processing method, intelligent card management server and terminal
CN106709727A (en) * 2016-12-07 2017-05-24 深圳市久和久科技有限公司 Intelligent card management method and system thereof, terminal and card service management apparatus
CN107613487A (en) * 2017-11-07 2018-01-19 恒宝股份有限公司 A kind of eSIM cards and its method of work

Also Published As

Publication number Publication date
CN110366161A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
KR102242218B1 (en) User authentication method and apparatus, and wearable device registration method and apparatus
US9628981B2 (en) Method for changing MNO in embedded SIM on basis of special privilege, and embedded SIM and recording medium therefore
KR101511460B1 (en) Method for transmitting a sim application of a first terminal to a second terminal
US9516019B2 (en) Method, system and terminal for encrypting/decrypting application program on communication terminal
US20140140507A1 (en) Method for changing mno in embedded sim on basis of dynamic key generation and embedded sim and recording medium therefor
US10511965B2 (en) Method and system for downloading software based on mobile terminal
US9390259B2 (en) Method for activating an operating system in a security module
US9250930B2 (en) Configuration method for an electronic entity
US20160036587A1 (en) Secure Key Derivation Functions
CN111191252A (en) Encryption and decryption method and device for smart card operating system and storage medium
US9058498B2 (en) Runtime environment management of secure communications on card computing devices
CN110366161B (en) Card opening method and device, related equipment and storage medium
CN111093190B (en) Method, device, system, electronic equipment and storage medium for writing key data
KR20110005615A (en) System and method for managing wireless otp using user's media, wireless terminal and recording medium
CN108990046B (en) Connection method of mobile network
US9723483B2 (en) Mobile electronic device
US12022294B2 (en) Access control for Near Field Communication functions
JP2023046168A (en) Ic card, ic chip, and method of recording authentication result
US20240348427A1 (en) Method in a secure element
US20240129743A1 (en) Method for personalizing a secure element
CN114386111A (en) Chip circuit and access control method
US20210144554A1 (en) Method of managing a tamper-proof device comprising a plurality of software containers
KR100915227B1 (en) Mobile Device and Method for implementing SIM-LOCK thereof
CN118246039A (en) Protection of electronic devices
CN118246040A (en) Protection of electronic devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant