CN110366161B - Card opening method and device, related equipment and storage medium - Google Patents

Card opening method and device, related equipment and storage medium Download PDF

Info

Publication number
CN110366161B
CN110366161B CN201810319863.3A CN201810319863A CN110366161B CN 110366161 B CN110366161 B CN 110366161B CN 201810319863 A CN201810319863 A CN 201810319863A CN 110366161 B CN110366161 B CN 110366161B
Authority
CN
China
Prior art keywords
card
writing
smart card
terminal
message format
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810319863.3A
Other languages
Chinese (zh)
Other versions
CN110366161A (en
Inventor
陈国华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810319863.3A priority Critical patent/CN110366161B/en
Publication of CN110366161A publication Critical patent/CN110366161A/en
Application granted granted Critical
Publication of CN110366161B publication Critical patent/CN110366161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a card opening method, a card opening device, a terminal, an intelligent card and a storage medium. Wherein the method comprises the following steps: the terminal acquires authentication information from the smart card by calling a corresponding native Application Programming Interface (API) of the terminal operating system and based on a case2 type message format in an Application Protocol Data Unit (APDU) command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card; sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.

Description

开卡方法、装置、相关设备及存储介质Card opening method, device, related equipment and storage medium

技术领域technical field

本发明涉及通信中的智能卡领域,尤其涉及一种开卡方法、装置、终端、智能卡及存储介质。The invention relates to the field of smart cards in communication, in particular to a card opening method, device, terminal, smart card and storage medium.

背景技术Background technique

用户识别模块卡(包括UIM(User Identity Module)卡和SIM(SubscriberIdentity Module)卡),是用户移动身份的重要物理标识,也是运营商掌握的重要资源。用户识别模块卡是一个独立的安全载体,其上可承载安全相关的卡应用,如卡盾((即将U盾的功能在卡片上实现)等。The Subscriber Identity Module (including UIM (User Identity Module) card and SIM (Subscriber Identity Module) card) is an important physical identification of the user's mobile identity and an important resource held by the operator. The subscriber identity module card is an independent security carrier, which can carry security-related card applications, such as card shield (i.e. realize the function of U-shield on the card), etc.

目前,用户自助开卡的方式主要有以下两种:At present, there are mainly two ways for users to open a card by themselves:

第一种,利用智能卡(可以是UIM卡或SIM卡)的用户识别应用发展工具(STK)功能进行写卡,然而这种方式存在安全风险。The first is to use the user identification application development tool (STK) function of the smart card (which can be a UIM card or a SIM card) to write the card, but this method has security risks.

第二种,利用Open Mobile API进行写卡,然而这种方式需要终端集成有OpenMobile API,然而大部分终端是没有集成Open Mobile API的,因此不利于推广。The second way is to use the Open Mobile API to write cards. However, this method requires the terminal to be integrated with the OpenMobile API. However, most terminals do not integrate the Open Mobile API, so it is not conducive to promotion.

综上所述,相关技术的开卡方式均存在一定缺陷。To sum up, there are certain defects in the card opening methods of related technologies.

发明内容Contents of the invention

为解决现有存在的技术问题,本发明实施例提供一种开卡方法、装置、终端、智能卡及存储介质。In order to solve the existing technical problems, embodiments of the present invention provide a card opening method, device, terminal, smart card and storage medium.

本发明实施例的技术方案是这样实现的:The technical scheme of the embodiment of the present invention is realized like this:

本发明实施例提供了一种开卡方法,应用于终端,所述方法包括:An embodiment of the present invention provides a method for opening a card, which is applied to a terminal, and the method includes:

通过调用所述终端操作系统的对应原生应用程序编程接口(API,ApplicationProgramming Interface),并基于应用协议数据单元(APDU,Application Protocol DataUnit)命令中的case2类型的消息格式,从智能卡获取认证信息;Obtain authentication information from the smart card by calling the corresponding native application programming interface (API, Application Programming Interface) of the terminal operating system, and based on the message format of case2 type in the application protocol data unit (APDU, Application Protocol DataUnit) command;

将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;Send the authentication information to the platform; the authentication information is used to authenticate the smart card;

接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;receiving the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated;

通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;发送的卡数据用于供所述智能卡进行写卡操作;其中,Send the card data to the smart card based on the message format of case3 in the APDU command by calling the API; the sent card data is used for the smart card to perform card writing operations; wherein,

所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。The terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

上述方案中,所述基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息,包括:In the above scheme, the message format based on the case2 type in the APDU command is used to obtain authentication information from the smart card, including:

基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息;Based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card;

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

上述方案中,所述通过基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据,包括:In the above solution, the sending of the card data to the smart card through the message format based on the case3 type in the APDU command includes:

基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, send a card write message instruction carrying the card data to the smart card.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;receiving the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of the case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, based on the message format of the case2 type in the APDU command, send a command to obtain the writing status of the smart card to the smart card;

接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。receiving the card writing status returned by the smart card based on the acquire writing card status command.

本发明实施例还提供了一种开卡方法,应用于智能卡,所述方法包括:The embodiment of the present invention also provides a method for opening a card, which is applied to a smart card, and the method includes:

基于APDU命令中的case2类型的消息格式,为终端提供认证信息;所述认证信息用于对所述智能卡进行认证;Based on the message format of the case2 type in the APDU command, provide authentication information for the terminal; the authentication information is used to authenticate the smart card;

基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;Based on the message format of the case3 type in the APDU command, receive the card data sent by the terminal;

利用所述卡数据,进行写卡操作。Using the card data, write card operation.

上述方案中,所述基于APDU命令中的case2类型的消息格式,为终端提供认证信息,包括:In the above solution, the message format based on the case2 type in the APDU command provides authentication information for the terminal, including:

基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

上述方案中,所述基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据,包括:In the above solution, the receiving of the card data sent by the terminal based on the message format of the case3 type in the APDU command includes:

基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, receive a card write message instruction carrying the card data sent by the terminal.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing state sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

本发明实施例又提供了一种开卡装置,包括:An embodiment of the present invention provides a card opening device, including:

获取单元,用于通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;并接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;The obtaining unit is used to obtain authentication information from the smart card by calling the corresponding native API of the terminal operating system and based on the message format of case2 type in the APDU command; send the authentication information to the platform; and use the authentication information for Authenticating the smart card; and receiving the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated;

第一写卡单元,用于通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;发送的卡数据用于供所述智能卡进行写卡操作;其中,The first card writing unit is used to send the card data to the smart card based on the message format of case3 in the APDU command by calling the API; the sent card data is used for the smart card to perform card writing operations ;in,

所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。The terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

上述方案中,所述获取单元,具体用于:In the above solution, the acquisition unit is specifically used for:

基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息;Based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card;

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

上述方案中,所述第一写卡单元,具体用于:In the above solution, the first card writing unit is specifically used for:

基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, send a card write message instruction carrying the card data to the smart card.

上述方案中,所述第一写卡单元,还用于:In the above solution, the first card writing unit is also used for:

接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;receiving the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of the case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, based on the message format of the case2 type in the APDU command, send a command to obtain the writing status of the smart card to the smart card;

接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。receiving the card writing status returned by the smart card based on the acquire writing card status command.

本发明实施例还提供了一种开卡装置,包括:The embodiment of the present invention also provides a card opening device, including:

提供单元,用于基于APDU命令中的case2类型的消息格式,为终端提供认证信息;所述认证信息用于对所述智能卡进行认证;A providing unit, configured to provide authentication information for the terminal based on the message format of the case2 type in the APDU command; the authentication information is used to authenticate the smart card;

第二写卡单元,用于基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;以及利用所述卡数据,进行写卡操作。The second card writing unit is configured to receive the card data sent by the terminal based on the message format of case3 in the APDU command; and use the card data to perform a card writing operation.

上述方案中,所述提供单元,具体用于:In the above solution, the providing unit is specifically used for:

基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

上述方案中,所述第二写卡单元,具体用于:In the above solution, the second card writing unit is specifically used for:

基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, receive a card write message instruction carrying the card data sent by the terminal.

上述方案中,所述第二写卡单元,还用于:In the above solution, the second card writing unit is also used for:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing state sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

本发明实施例又提供了一种终端,包括:第一处理器和用于存储能够在所述第一处理器上运行的计算机程序的第一存储器,An embodiment of the present invention further provides a terminal, including: a first processor and a first memory for storing a computer program that can run on the first processor,

其中,所述第一处理器用于运行所述计算机程序时,执行:Wherein, when the first processor is used to run the computer program, it executes:

通过调用所述终端操作系统的对应原生口API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;Obtain authentication information from the smart card by calling the corresponding original port API of the terminal operating system, and based on the message format of case2 type in the APDU command;

将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;Send the authentication information to the platform; the authentication information is used to authenticate the smart card;

接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;receiving the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated;

通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;发送的卡数据用于供所述智能卡进行写卡操作;其中,Send the card data to the smart card based on the message format of case3 in the APDU command by calling the API; the sent card data is used for the smart card to perform card writing operations; wherein,

所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。The terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

上述方案中,所述第一处理器,用于运行所述计算机程序时,执行:In the above solution, when the first processor is configured to run the computer program, execute:

基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息;Based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card;

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

上述方案中,所述第一处理器,用于运行所述计算机程序时,执行:In the above solution, when the first processor is configured to run the computer program, execute:

基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, send a card write message instruction carrying the card data to the smart card.

上述方案中,所述第一处理器,还用于运行所述计算机程序时,执行:In the above solution, the first processor is further configured to execute when running the computer program:

接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;receiving the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of the case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, based on the message format of the case2 type in the APDU command, send a command to obtain the writing status of the smart card to the smart card;

接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。receiving the card writing status returned by the smart card based on the acquire writing card status command.

本发明实施例还提供了一种智能卡,包括:第二处理器和用于存储能够在所述第二处理器上运行的计算机程序的第二存储器,An embodiment of the present invention also provides a smart card, including: a second processor and a second memory for storing a computer program that can run on the second processor,

其中,所述第二处理器用于运行所述计算机程序时,执行:Wherein, when the second processor is used to run the computer program, it executes:

基于APDU命令中的case2类型的消息格式,为终端提供认证信息;所述认证信息用于对所述智能卡进行认证;Based on the message format of the case2 type in the APDU command, provide authentication information for the terminal; the authentication information is used to authenticate the smart card;

基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;Based on the message format of the case3 type in the APDU command, receive the card data sent by the terminal;

利用所述卡数据,进行写卡操作。Using the card data, write card operation.

上述方案中,所述第二处理器,用于运行所述计算机程序时,执行:In the above solution, when the second processor is configured to run the computer program, execute:

基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

上述方案中,所述第二处理器,用于运行所述计算机程序时,执行:In the above solution, when the second processor is configured to run the computer program, execute:

基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, receive a card write message instruction carrying the card data sent by the terminal.

上述方案中,所述第二处理器,还用于运行所述计算机程序时,执行:In the above solution, the second processor is also configured to execute when running the computer program:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing state sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

本发明实施例又提供了一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述终端侧任一方法的步骤,或者实现上述智能卡侧任一方法的步骤。The embodiment of the present invention further provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any method on the terminal side are realized, or the steps of any method on the smart card side are realized.

本发明实施例提供的开卡方法、装置、终端、智能卡及存储介质,终端通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;所述终端将所述认证信息发送至平台;并接收所述平台发送的卡数据;这里,所述卡数据是所述平台对所述智能卡认证成功后发送的,所述终端通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;所述智能卡收到卡数据后,利用卡数据进行写卡操作。本发明实施例提供的方案,借助终端操作系统的原生API来实现与智能卡的交互,且这种交互过程有安全机制的保护,如此,能够保证写卡过程的信息不给其它应用获取、篡改及删除,提高写卡的安全性,且利用广泛推广。同时,通过case2和case3类型指令的组合实现写卡流程,而case2和case3类型指令能够被终端的基带芯片准确识别,进而使得APP能够从智能卡准确获取执行结果,如此,能够大大提高写卡的成功率。In the card opening method, device, terminal, smart card and storage medium provided by the embodiments of the present invention, the terminal obtains authentication information from the smart card based on the message format of case2 type in the APDU command by calling the corresponding native API of the terminal operating system; The terminal sends the authentication information to the platform; and receives the card data sent by the platform; here, the card data is sent by the platform after the smart card is successfully authenticated, and the terminal calls the API , and based on the message format of case3 in the APDU command, send the card data to the smart card; after receiving the card data, the smart card uses the card data to perform a card writing operation. The solution provided by the embodiment of the present invention uses the native API of the terminal operating system to realize the interaction with the smart card, and this interaction process is protected by a security mechanism, so that it can ensure that the information in the card writing process will not be obtained, tampered with, or accessed by other applications. Delete, improve the security of writing cards, and use widely promotion. At the same time, the card writing process is realized through the combination of case2 and case3 type instructions, and the case2 and case3 type instructions can be accurately recognized by the baseband chip of the terminal, so that the APP can accurately obtain the execution result from the smart card, so that the success of writing the card can be greatly improved Rate.

附图说明Description of drawings

图1为本发明实施例终端侧开卡方法流程示意图;FIG. 1 is a schematic flow chart of a method for opening a card at a terminal side according to an embodiment of the present invention;

图2为本发明实施例智能卡侧开卡方法流程示意图;Fig. 2 is a schematic flow chart of a method for opening a smart card on the side of the smart card according to an embodiment of the present invention;

图3为本发明实施例开卡方法流程示意图;Fig. 3 is a schematic flow chart of a method for opening a card according to an embodiment of the present invention;

图4为本发明应用实施例开卡流程示意图;Fig. 4 is a schematic diagram of a card opening process of an application embodiment of the present invention;

图5为本发明应用实施例智能卡状态示意图;Fig. 5 is a schematic diagram of the state of the smart card in the application embodiment of the present invention;

图6本发明实施例一种开卡装置结构示意图;Fig. 6 is a schematic structural diagram of a card opening device according to an embodiment of the present invention;

图7为本发明实施例另一种开卡装置结构示意图;Fig. 7 is a schematic structural diagram of another card opening device according to an embodiment of the present invention;

图8为本发明实施例终端结构示意图;FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

图9为本发明实施例智能卡结构示意图;Fig. 9 is a schematic structural diagram of a smart card according to an embodiment of the present invention;

图10为本发明实施例开卡系统结构示意图。Fig. 10 is a schematic structural diagram of a card opening system according to an embodiment of the present invention.

具体实施方式detailed description

下面结合附图及实施例对本发明再作进一步详细的描述。The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

利用智能卡(可以是UIM卡或SIM))的STK功能进行写卡的过程包括:利用智能卡上STK的通讯录功能,终端的应用程序(APP)在STK的通讯录中写入写卡指令,然后智能卡获取该写卡指令并执行写卡操作,并在写卡完成后把写卡结果写到通讯特定区域;APP再从该区域获取写卡结果。该方法中,写卡和获取结果是异步处理,APP需要定期获取,而且STK的通讯录容许其他APP访问,存在其他应用获取、删除和篡改写卡指令和写卡结果的风险。也就是书存在安全风险。The process of using the STK function of the smart card (which can be a UIM card or SIM) to write the card includes: using the address book function of the STK on the smart card, the application program (APP) of the terminal writes the card writing instruction in the address book of the STK, and then The smart card obtains the card writing command and executes the card writing operation, and writes the card writing result to the communication specific area after the card writing is completed; the APP then obtains the card writing result from this area. In this method, writing the card and obtaining the result are asynchronous processes, and the APP needs to obtain it periodically, and STK’s address book allows other APPs to access it, so there is a risk that other applications may obtain, delete, and tamper with the card writing instruction and the card writing result. In other words, the book is a security risk.

利用Open Mobile API进行写卡的过程主要包括:The process of writing a card using the Open Mobile API mainly includes:

Open Mobile API提供的智能卡(可以是UIM卡或SIM卡)发送APDU指令的接口,可以提供给第三方应用调用,通过调用Open Mobile API发送写卡指令,完成写卡过程;但是Open Mobile API是开源的第三方方案,需要在终端出厂前在系统中集成,也就是说,终端出厂前需要预制Open Mobile API。当前市场上除近场通信(NFC,Near FieldCommunication)终端,大部分终端没有Open Mobile API,因此这种开卡方式不利于广泛推广。The smart card (which can be a UIM card or SIM card) provided by the Open Mobile API provides an interface for sending APDU commands, which can be called by third-party applications, and the card writing process can be completed by calling the Open Mobile API to send the card writing command; but the Open Mobile API is open source The third-party solution needs to be integrated in the system before the terminal leaves the factory, that is, the Open Mobile API needs to be prefabricated before the terminal leaves the factory. Except for Near Field Communication (NFC, Near Field Communication) terminals in the current market, most of the terminals do not have Open Mobile API, so this card opening method is not conducive to widespread promotion.

另一方面,一些操作系统自带的API能够提供访问智能卡((可以是UIM卡或SIM卡)等)的接口,这样,第三方应用可以通过调用这些标准的API向智能卡发送APDU指令实现与卡的交互操作,如此,能够解决Open Mobile需要终端出厂预制的问题和STK的异步交互操作。On the other hand, the APIs that come with some operating systems can provide interfaces for accessing smart cards (such as UIM cards or SIM cards), so that third-party applications can send APDU instructions to smart cards by calling these standard APIs. In this way, the interactive operation of Open Mobile can solve the problem that Open Mobile requires terminal factory prefabrication and the asynchronous interactive operation of STK.

同时,这些接口能够提供强制访问控制(ACE,Access Control Enforce)机制,即提供安全机制,这种机制中,只有在智能卡上授权的APP才能通过该API访问智能卡,如此,能够解决STK存在的被其他应用在写卡过程中获取、删除和篡改指令和结果的风险,也就是说,通过这种机制能够提高写卡的安全性。At the same time, these interfaces can provide a mandatory access control (ACE, Access Control Enforce) mechanism, that is, provide a security mechanism. In this mechanism, only the APP authorized on the smart card can access the smart card through this API. The risk of other applications obtaining, deleting and tampering with instructions and results during the card writing process, that is to say, the security of writing cards can be improved through this mechanism.

第三方面,需要考虑提高写卡的成功率,可以使用APDU命令来实现写卡。其中,APDU命令有四种类型的格式,分别是:case1、case2、case3及case4。下面对这四种类型命令进行分析。In the third aspect, it is necessary to consider improving the success rate of writing the card, and you can use the APDU command to write the card. Among them, the APDU command has four types of formats, namely: case1, case2, case3 and case4. These four types of commands are analyzed below.

case1类型的命令中没有数据送到智能卡,也没有数据从智能卡中返回终端,然而,在写卡的过程中,终端与智能卡之间有数据交互,所以这种类型的命令不适用于写卡过程中。In the case1 type of command, no data is sent to the smart card, and no data is returned from the smart card to the terminal. However, during the process of writing the card, there is data interaction between the terminal and the smart card, so this type of command is not suitable for the process of writing the card. middle.

case2类型的命令中没有数据送到智能卡中,有数据从智能卡中返回,且终端的基带芯片平台可以正确的处理case2类型的APDU指令。In case2 type commands, no data is sent to the smart card, and data is returned from the smart card, and the baseband chip platform of the terminal can correctly process case2 type APDU commands.

case3类型的命令中有数据送到智能卡中,没有数据从智能卡中返回,且终端的基带芯片平台可以正确的处理case3类型的APDU指令。In case3 type commands, data is sent to the smart card, but no data is returned from the smart card, and the baseband chip platform of the terminal can correctly process case3 type APDU commands.

Case4类型的命令中既有数据送到智能卡卡中,也有数据从智能卡中返回终端。对于这种类型的命令,由于终端的基带芯片在处理case4类型的命令时,各厂商的基带芯片存在个体差异,有的基带芯片不能够正确处理该类型的命令,从而使得APP无法按预制从智能卡上获取指令执行结果,进而导致使用case4类型的指令无法完成写卡操作。In the command of Case4 type, both data is sent to the smart card and data is returned to the terminal from the smart card. For this type of command, when the baseband chip of the terminal processes the command of case4 type, there are individual differences in the baseband chip of each manufacturer, and some baseband chips cannot correctly process this type of command, so that the APP cannot be downloaded from the smart card according to the prefabrication. The execution result of the command is obtained on the above, which leads to the inability to complete the card writing operation using the case4 type command.

基于上述分析,在本发明的各种实施例中:采用能够提供安全机制的操作系统的API去与智能卡进行交互,通过case2和case3类型指令的组合实现写卡流程。Based on the above analysis, in various embodiments of the present invention: use the API of the operating system that can provide a security mechanism to interact with the smart card, and realize the card writing process through the combination of case2 and case3 type instructions.

本发明实施例提供的方案,采用能够提供安全机制的操作系统的API与智能卡进行交互,如此,能够保证写卡过程的信息不给其它应用获取、篡改及删除,提高写卡的安全性,且利用广泛推广。同时,通过case2和case3类型指令的组合实现写卡流程,而case2和case3类型指令能够被终端的基带芯片准确识别,进而使得APP能够从智能卡准确获取执行结果,如此,能够大大提高写卡的成功率。The solution provided by the embodiment of the present invention uses the API of the operating system that can provide a security mechanism to interact with the smart card, so that the information in the card writing process can be guaranteed not to be acquired, tampered with or deleted by other applications, and the security of the card writing is improved, and Take advantage of widespread promotion. At the same time, the card writing process is realized through the combination of case2 and case3 type instructions, and the case2 and case3 type instructions can be accurately recognized by the baseband chip of the terminal, so that the APP can accurately obtain the execution result from the smart card, so that the success of writing the card can be greatly improved Rate.

本发明实施例提供了一种写卡方法,应用于终端,如图1所示,该方法包括:The embodiment of the present invention provides a method for writing a card, which is applied to a terminal, as shown in Figure 1, the method includes:

步骤101:通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;Step 101: Obtain authentication information from the smart card by calling the corresponding native API of the terminal operating system and based on the message format of case2 type in the APDU command;

具体地,基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息。Specifically, based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card .

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

也就是说,所述初始化写卡指令的格式是case2类型的消息格式。That is to say, the format of the initialization card writing instruction is a message format of case2 type.

这里,由于所述终端发送给智能卡的命令的格式是case2类型的消息格式,因此,所述智能卡发送的认证信息的数据结构也是与case2类型的消息格式相对应的,也可以理解为相匹配的。Here, since the format of the command sent by the terminal to the smart card is a case2 type message format, the data structure of the authentication information sent by the smart card is also corresponding to the case2 type message format, and can also be understood as matching .

所述终端与所述智能卡的通信途径是:所述终端调用自身操作系统的对应原生API,由原生API与所述终端的基带芯片交互,而基带芯片与所述智能卡通信。The communication path between the terminal and the smart card is: the terminal calls the corresponding native API of its own operating system, and the native API interacts with the baseband chip of the terminal, and the baseband chip communicates with the smart card.

所述原生API可以理解为所述操作系统自带的(已有的)API。The native API can be understood as an (existing) API that comes with the operating system.

其中,实际应用时,所述操作系统可以是安卓(Android)、或iOS等。Wherein, in actual application, the operating system may be Android, iOS or the like.

实际应用时,所述智能卡为空白卡。In actual application, the smart card is a blank card.

步骤102:将所述认证信息发送至平台;Step 102: Send the authentication information to the platform;

这里,所述认证信息用于对所述智能卡进行认证。Here, the authentication information is used to authenticate the smart card.

实际应用时,所述认证信息可以包含所述智能卡的空卡序列号、写卡随机数等。In practical application, the authentication information may include the empty card serial number of the smart card, a random number written to the card, and the like.

步骤103:接收所述平台发送的卡数据;Step 103: receiving the card data sent by the platform;

这里,所述卡数据是所述平台对所述智能卡认证成功后发送的。Here, the card data is sent after the platform successfully authenticates the smart card.

实际应用时,所述平台返回的卡数据是加密的,所述终端将加密的卡数据发送给智能卡,由智能卡对卡数据进行解密,并进行写卡操作。In actual application, the card data returned by the platform is encrypted, and the terminal sends the encrypted card data to the smart card, and the smart card decrypts the card data and performs card writing operation.

步骤104:通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据。Step 104: Send the card data to the smart card by calling the API and based on the message format of case3 in the APDU command.

这里,发送的卡数据用于供所述智能卡进行写卡操作。Here, the sent card data is used for the smart card to perform a card writing operation.

需要说明的是:所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的上述交互过程通过建立的安全连接实现。It should be noted that: the terminal can establish a secure connection with the smart card by calling the API; the above interaction process between the terminal and the smart card is realized through the established secure connection.

实际应用时,只要操作系统能够提供安全访问机制即可。实际应用时,这种安全机制可以是多种多样的,比如:当调用所述API时,终端的操作系统将调用所述API的APP的验证信息发送给智能卡,智能卡利用验证信息对相应的APP进行验证,验证成功后,操作系统允许相应的APP调用所述API。In actual application, as long as the operating system can provide a security access mechanism. In actual application, this security mechanism can be various. For example: when the API is called, the operating system of the terminal sends the verification information of the APP calling the API to the smart card, and the smart card uses the verification information to verify the corresponding APP. After verification, the operating system allows the corresponding APP to call the API after the verification is successful.

再比如:智能卡上存储有访问控制规则,操作系统从智能卡获取访问控制规则,当调用所述API时,操作系统利用获取的访问控制规则,判断调用所述API的相应APP是否有对智能卡的访问权限,当根据访问控制规则确定所述相应APP有对智能卡的访问权限时,允许所述相应APP调用所述API。Another example: access control rules are stored on the smart card, and the operating system obtains the access control rules from the smart card. When the API is called, the operating system uses the obtained access control rules to determine whether the corresponding APP that calls the API has access to the smart card. Permission, when it is determined according to the access control rule that the corresponding APP has the access right to the smart card, allowing the corresponding APP to call the API.

对于上述两种例子,当操作系统允许相应APP调用所述API时,表明终端与智能卡之间的安全连接已经建立。For the above two examples, when the operating system allows the corresponding APP to call the API, it indicates that the secure connection between the terminal and the smart card has been established.

需要说明的是:实际应用时,安全机制还可以是其它方式实现,本发明实施例对此不作限定。It should be noted that in actual application, the security mechanism may also be implemented in other ways, which is not limited in this embodiment of the present invention.

在一实施例中,所述终端基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令,以向所述智能卡发送卡数据。In an embodiment, the terminal sends a card write message instruction carrying the card data to the smart card based on the message format of case3 in the APDU command, so as to send the card data to the smart card.

也就是说,所述写卡报文指令的格式是case3类型的消息格式。That is to say, the format of the write card message command is a message format of case3 type.

实际应用时,所述智能卡会向所述终端反馈写卡执行状态,以通知所述终端是否写卡成功。In actual application, the smart card will feed back the execution status of card writing to the terminal, so as to inform the terminal whether the card writing is successful.

基于此,在一实施例中,该方法还可以包括:Based on this, in an embodiment, the method may also include:

所述终端接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;The terminal receives the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,所述终端基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, the terminal sends a command to obtain the writing status of the smart card to the smart card based on the message format of the case2 type in the APDU command;

所述终端接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。The terminal receives the card writing status returned by the smart card based on the acquire writing card status command.

这里,所述智能卡返回的写卡状态的数据结构也是与case2类型的消息格式相对应的。Here, the data structure of the card writing status returned by the smart card also corresponds to the message format of the case2 type.

对应地,本发明实施例还提供了一种写卡方法,应用于终端,如图2所示,该方法包括:Correspondingly, the embodiment of the present invention also provides a method for writing a card, which is applied to a terminal, as shown in Figure 2, the method includes:

步骤201:基于APDU命令中的case2类型的消息格式,为终端提供认证信息;Step 201: Based on the message format of the case2 type in the APDU command, provide authentication information for the terminal;

具体地,基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Specifically, based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

也就是说,所述智能卡收到初始化写卡指令后,进入写卡初始化状态,以便等待所述终端发送的卡数据对应的命令,入股接收到其它命令,则所述智能卡则进入空闲(idle)状态。That is to say, after the smart card receives the initialization card writing instruction, it enters the card writing initialization state, so as to wait for the command corresponding to the card data sent by the terminal, and when other commands are received, the smart card enters the idle state. state.

这里,所述认证信息用于对所述智能卡进行认证。Here, the authentication information is used to authenticate the smart card.

步骤202:基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;Step 202: Based on the message format of case3 in the APDU command, receive the card data sent by the terminal;

具体地,基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Specifically, based on the message format of the case3 type in the APDU command, the card write message instruction carrying the card data sent by the terminal is received.

实际应用时,所述智能卡接收的卡数据是加密的,需要对加密的卡数据进行解密,然后再进行写卡操作。In actual application, the card data received by the smart card is encrypted, and the encrypted card data needs to be decrypted before writing to the card.

步骤203:利用所述卡数据,进行写卡操作。Step 203: Use the card data to perform a card writing operation.

实际应用时,所述智能卡会向所述终端反馈写卡执行状态,以通知所述终端是否写卡成功。In actual application, the smart card will feed back the execution status of card writing to the terminal, so as to inform the terminal whether the card writing is successful.

基于此,在一实施例中,该方法还可以包括:Based on this, in an embodiment, the method may also include:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing state sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

本发明实施例还提供了一种写卡方法,如图3所示,该方法包括:The embodiment of the present invention also provides a method for writing a card, as shown in Figure 3, the method includes:

步骤301:终端通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;Step 301: The terminal obtains authentication information from the smart card by calling the corresponding native API of the terminal operating system and based on the message format of case2 type in the APDU command;

换句话说,所述智能卡基于APDU命令中的case2类型的消息格式,为终端提供认证信息。In other words, the smart card provides authentication information for the terminal based on the message format of case2 in the APDU command.

步骤302:所述终端将所述认证信息发送至平台;Step 302: the terminal sends the authentication information to the platform;

这里,所述认证信息用于对所述智能卡进行认证。Here, the authentication information is used to authenticate the smart card.

步骤303:所述终端接收所述平台发送的卡数据;Step 303: the terminal receives the card data sent by the platform;

这里,所述卡数据是所述平台对所述智能卡认证成功后发送的。Here, the card data is sent after the platform successfully authenticates the smart card.

步骤304:所述终端通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;Step 304: the terminal sends the card data to the smart card based on the message format of case3 in the APDU command by calling the API;

步骤305:所述智能卡收到卡数据后,利用卡数据进行写卡操作。Step 305: After receiving the card data, the smart card uses the card data to perform a card writing operation.

其中,所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。Wherein, the terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

需要说明的是:终端与智能卡的具体处理过程已在上文详述,这里不再赘述。It should be noted that: the specific processing process of the terminal and the smart card has been described in detail above, and will not be repeated here.

本发明实施例提供的开卡方法,终端通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;所述终端将所述认证信息发送至平台;并接收所述平台发送的卡数据;这里,所述卡数据是所述平台对所述智能卡认证成功后发送的,所述终端通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;所述智能卡收到卡数据后,利用卡数据进行写卡操作。本发明实施例提供的方案,借助终端操作系统的原生API来实现与智能卡的交互,且这种交互过程有安全机制的保护,如此,能够保证写卡过程的信息不给其它应用获取、篡改及删除,提高写卡的安全性,且利用广泛推广。同时,通过case2和case3类型指令的组合实现写卡流程,而case2和case3类型指令能够被终端的基带芯片准确识别,进而使得APP能够从智能卡准确获取执行结果,如此,能够大大提高写卡的成功率。In the card opening method provided by the embodiment of the present invention, the terminal obtains the authentication information from the smart card based on the message format of case2 type in the APDU command by calling the corresponding native API of the terminal operating system; the terminal sends the authentication information to the platform; and receive the card data sent by the platform; here, the card data is sent by the platform after the smart card is successfully authenticated, and the terminal calls the API based on the case3 type in the APDU command send the card data to the smart card; after receiving the card data, the smart card uses the card data to write to the card. The solution provided by the embodiment of the present invention uses the native API of the terminal operating system to realize the interaction with the smart card, and this interaction process is protected by a security mechanism, so that it can ensure that the information in the card writing process will not be obtained, tampered with, or accessed by other applications. Delete, improve the security of writing cards, and use widely promotion. At the same time, the card writing process is realized through the combination of case2 and case3 type instructions, and the case2 and case3 type instructions can be accurately recognized by the baseband chip of the terminal, so that the APP can accurately obtain the execution result from the smart card, so that the success of writing the card can be greatly improved Rate.

另外,在整个过程中,智能卡只有收到特定的指令才去进行相应的操作,如此,进一步保证了写卡的安全性。In addition, during the whole process, the smart card only performs corresponding operations after receiving specific instructions, thus further ensuring the security of writing the card.

下面结合一个应用实施例对本发明进行更详细的描述。The present invention will be described in more detail below in conjunction with an application example.

在本应用实施例中,以Android系统(Android5.1以上)为例来说明。本发明实施例的方案是通过软件的方式实现的,在本应用实施例中,称之为APP。智能卡可以是SIM卡,也可以是UIM卡等。In this application embodiment, an Android system (above Android 5.1) is used as an example for illustration. The solution of the embodiment of the present invention is realized by means of software, which is called APP in this application embodiment. The smart card can be a SIM card or a UIM card, etc.

需要说明的是:在进行写卡之前,APP已经通过Android系统的API与智能卡建立安全连接,也就是说,该APP是智能卡上授权的APP,即具有访问权限的APP,Android系统允许APP调用API。It should be noted that: before writing the card, the APP has established a secure connection with the smart card through the API of the Android system, that is to say, the APP is an APP authorized on the smart card, that is, an APP with access rights. .

本应用实施例写卡的流程,如图4所示,包括以下步骤:The process of writing the card in this application embodiment, as shown in Figure 4, includes the following steps:

步骤401:APP向智能卡发送case2类型格式的初始化写卡指令;Step 401: APP sends an initialization card writing command in the format of case2 to the smart card;

其中,case2类型格式的初始化写卡指令(APDU指令)-B5010000指令格式定义如表1所示:Among them, the initialization card writing instruction (APDU instruction)-B5010000 instruction format of the case2 type format is defined as shown in Table 1:

表1Table 1

Figure BDA0001624979330000141
Figure BDA0001624979330000141

步骤402:智能卡收到该指令后,进入写卡初始化状态,并向APP返回写卡需要的卡片信息;Step 402: After receiving the instruction, the smart card enters the initialization state of writing the card, and returns the card information required for writing the card to the APP;

这里,写卡需要的卡片信息即为认证信息。Here, the card information required for writing the card is the authentication information.

实际应用时,所述卡片信息可以包括:空卡序列号、写卡随机数等。In actual application, the card information may include: the serial number of the empty card, the random number for writing the card, and the like.

智能卡相应返回卡片信息的数据结构如表2所示:The data structure of the card information returned by the smart card is shown in Table 2:

表2Table 2

Figure BDA0001624979330000151
Figure BDA0001624979330000151

这里,实际应用时,智能卡会利用空卡序列号和写卡随机数这两个分散因子、及卡片的skey生成写卡包名加密的写卡会话秘钥,用于后续解密卡数据。Here, in actual application, the smart card will use the two dispersion factors of the empty card serial number and the random number of writing the card, and the skey of the card to generate the writing card session key encrypted with the writing card package name, which is used for subsequent decryption of card data.

步骤403:APP收到卡片信息后,向写卡平台发送智能卡的卡片信息;Step 403: After receiving the card information, the APP sends the card information of the smart card to the card writing platform;

步骤404:写卡平台收到卡片信息后,根据空卡序列号找到该智能卡的skey,并利用空卡序列号和写卡随机数两个分散因子及该智能卡的skey生成会话秘钥,利用回话秘钥加密写卡报文,然后发送给APP;Step 404: After receiving the card information, the card writing platform finds the skey of the smart card according to the serial number of the empty card, and generates a session secret key by using the two dispersion factors of the serial number of the empty card and the random number of writing the card and the skey of the smart card, and uses the The secret key encrypts and writes the card message, and then sends it to the APP;

步骤405:APP收到加密写卡报文后,向智能卡发送case3类型格式的写卡报文指令;Step 405: After receiving the encrypted card writing message, the APP sends a card writing message command in case3 format to the smart card;

这里,发送写卡报文指令后,表明智能卡进入写卡状态。Here, after the card writing message command is sent, it indicates that the smart card enters the card writing state.

其中case3类型格式的写卡报文指令-A50000XX+Data格式定义如表3所示:Among them, the definition of the card writing message command in the case3 format - A50000XX+Data format is shown in Table 3:

表3table 3

代码the code 值(Hex)Value (Hex) INSINS 0xA50xA5 P1P1 0x000x00 P2P2 0x000x00 P3P3 0xXX:XX是Data数据的长度0xXX: XX is the length of Data data 数据(Data)Data 加密生成的写卡报文Write card message generated by encryption

步骤406:智能卡收到写卡报文指令后,根据该指令下发的卡数据完成写卡操作;Step 406: After the smart card receives the card writing instruction, it completes the card writing operation according to the card data issued by the instruction;

具体地,智能卡会判断该指令中Data的长度是否为P3的0xXX字节,如果写卡报文长度正确,用生成的会话秘钥解密命令中Data部分的卡数据,把卡数据写入智能卡中,完成写卡操作。Specifically, the smart card will judge whether the length of Data in the command is 0xXX bytes of P3, and if the length of the card writing message is correct, use the generated session key to decrypt the card data in the Data part of the command, and write the card data into the smart card , to complete the card writing operation.

步骤407:智能卡完成写卡操作后,向APP返回写卡执行状态;Step 407: After the smart card completes the card writing operation, return the card writing execution status to the APP;

这里,相应写卡执行状态数据结构表4所示:Here, the corresponding write card execution state data structure is shown in Table 4:

表4Table 4

Figure BDA0001624979330000161
Figure BDA0001624979330000161

步骤408:当APP收到9E0X后,APP向智能卡发送case2类型格式的获取写卡状态命令;Step 408: After the APP receives 9E0X, the APP sends a command to obtain the card writing state in the format of case2 to the smart card;

这里,case2类型格式的获取写卡状态指令-A900000X,其中X就是指9E0X中的X,代表卡返相应返回的字节数。Here, the command to obtain and write card status in the format of case2 - A900000X, where X refers to the X in 9E0X, which represents the corresponding number of bytes returned by the card.

步骤409:智能卡收到获取写卡状态命令后,向APP返回写卡状态。Step 409: The smart card returns the card writing status to the APP after receiving the command to obtain the card writing status.

这里,相应的写卡状态数据结构如表5所示:Here, the corresponding write card status data structure is shown in Table 5:

表5table 5

返回值return value 含义meaning 0x00+MAC校验值0x00+MAC check value 写卡成功Write card successfully 0x02+MAC校验值0x02+MAC check value 写卡数据MAC错Write card data MAC error 0x03+MAC校验值0x03+MAC check value 写卡数据异常(tag错等)Data writing to the card is abnormal (wrong tag, etc.)

至此,完成写卡流程。在这个过程中,APP通过调用Android系统的API,与智能卡进行交互。At this point, the card writing process is completed. In this process, the APP interacts with the smart card by calling the API of the Android system.

另外,在这个过程中,如图5所示,智能卡具有三个状态,具体地,In addition, in this process, as shown in Figure 5, the smart card has three states, specifically,

第一个状态,上电启动后,智能卡进入IDLE状态;In the first state, after power-on, the smart card enters the IDLE state;

第二个状态,在IDLE状态智能卡收到特定的指令(写卡初始化状态指令,具体为B5010000指令)且执行完成后,进入写卡初始化状态;In the second state, in the IDLE state, the smart card receives a specific instruction (write card initialization state instruction, specifically the B5010000 instruction) and after the execution is completed, it enters the write card initialization state;

进入写卡初始化状态后,当接收写卡报文指令(即A50000XX+Data指令)时,进行写卡操作,完成后进入第三个状态。After entering the card writing initialization state, when receiving the card writing message command (that is, A50000XX+Data command), the card writing operation is performed, and it enters the third state after completion.

如果收到其他指令,智能卡回到IDLE状态。If other instructions are received, the smart card returns to the IDLE state.

第三个状态,在写卡初始化状态时收到特定的指令(写卡报文指令,即A50000XX+Data指令),执行完成后进入写卡完成状态。In the third state, a specific instruction (card writing message instruction, namely A50000XX+Data instruction) is received during the card writing initialization state, and enters the card writing completion state after execution is completed.

其中,在写卡完成状态收到特定的指令(获取写卡状态命令,即A900000X指令)时,可以获取到写卡结果。当智能卡掉电重启后写卡结果丢失。Wherein, when a specific command (obtaining a card writing state command, ie A900000X command) is received in the card writing completion state, the card writing result can be obtained. When the smart card is powered off and restarted, the result of writing to the card will be lost.

从上面的描述可以看出,本发明实施例提供的方案,通过case2和case3命令组合的方式实现写卡流程;在这个过程中,利用操作系统提供的安全机制保证APP与智能卡交互过程中信息的安全性,不需要在终端出厂前预置其它第三方方案,就可以实现二者的安全交互,避免了信息的篡改、删除等,如此,利用广泛推广。而且通过case2和case3命令组合的方式实现写卡,整个写卡过程有严谨的交互过程和智能卡的状态保护机制,如此,大大提高了写卡的成功率。As can be seen from the above description, the solution provided by the embodiment of the present invention implements the card writing process through the combination of case2 and case3 commands; Security, it is not necessary to preset other third-party solutions before the terminal leaves the factory, and the secure interaction between the two can be realized, avoiding information tampering, deletion, etc., so it is widely used. Moreover, the card writing is realized through the combination of case2 and case3 commands. The entire card writing process has a rigorous interactive process and a smart card status protection mechanism. In this way, the success rate of card writing is greatly improved.

为实现本发明实施例的方法,本发明实施例还提供了一种开卡装置,设置在终端上,如图6所示,所述装置包括:In order to implement the method of the embodiment of the present invention, the embodiment of the present invention also provides a card opening device, which is set on the terminal, as shown in Figure 6, the device includes:

获取单元61,用于通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;并接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;The obtaining unit 61 is used to obtain the authentication information from the smart card based on the message format of case2 type in the APDU command by calling the corresponding native API of the terminal operating system; the authentication information is sent to the platform; the authentication information is used To authenticate the smart card; and receive the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated;

第一写卡单元62,用于通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;发送的卡数据用于供所述智能卡进行写卡操作;其中,The first card writing unit 62 is used to send the card data to the smart card based on the message format of the case3 type in the APDU command by calling the API; the card data sent is used for the smart card to write the card operation; among them,

所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。The terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

其中,所述终端与所述智能卡的通信途径是:所述终端调用自身操作系统的对应原生API,由原生API与所述终端的基带芯片交互,而基带芯片与所述智能卡通信。Wherein, the communication path between the terminal and the smart card is: the terminal calls the corresponding native API of its own operating system, and the native API interacts with the baseband chip of the terminal, and the baseband chip communicates with the smart card.

所述原生API可以理解为所述操作系统自带的(已有的)API。The native API can be understood as an (existing) API that comes with the operating system.

在一实施例中,所述获取单元61,具体用于:In an embodiment, the acquiring unit 61 is specifically configured to:

基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息;Based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card;

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

也就是说,所述初始化写卡指令的格式是case2类型的消息格式。That is to say, the format of the initialization card writing instruction is a message format of case2 type.

在一实施例中,所述第一写卡单元,具体用于:In one embodiment, the first card writing unit is specifically used for:

基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, send a card write message instruction carrying the card data to the smart card.

也就是说,所述写卡报文指令的格式是case3类型的消息格式。That is to say, the format of the write card message command is a message format of case3 type.

实际应用时,所述智能卡会向所述终端反馈写卡执行状态,以通知所述终端是否写卡成功。In actual application, the smart card will feed back the execution status of card writing to the terminal, so as to inform the terminal whether the card writing is successful.

基于此,在一实施例中,所述第一写卡单元62,还用于:Based on this, in one embodiment, the first card writing unit 62 is also used for:

接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;receiving the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of the case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, based on the message format of the case2 type in the APDU command, send a command to obtain the writing status of the smart card to the smart card;

接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。receiving the card writing status returned by the smart card based on the acquire writing card status command.

实际应用时,所述获取单元61、第一写卡单元62可由开卡装置中的处理器实现。In actual application, the acquisition unit 61 and the first card writing unit 62 may be implemented by a processor in the card opening device.

需要说明的是:上述实施例提供的开卡装置在进行开卡时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的开卡装置与开卡方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: when the card opening device provided by the above-mentioned embodiment performs card opening, the division of the above-mentioned program modules is used as an example for illustration. In practical applications, the above-mentioned processing can be allocated by different program modules according to needs. That is, the internal structure of the device is divided into different program modules to complete all or part of the processing described above. In addition, the card opening device and the card opening method embodiment provided by the above embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

为实现本发明实施例的方法,本发明实施例还提供了一种开卡装置,设置在智能卡上,如图7所示,所述装置包括:In order to implement the method of the embodiment of the present invention, the embodiment of the present invention also provides a card opening device, which is set on the smart card, as shown in Figure 7, the device includes:

提供单元71,用于基于APDU命令中的case2类型的消息格式,为终端提供认证信息;所述认证信息用于对所述智能卡进行认证;The providing unit 71 is configured to provide authentication information for the terminal based on the message format of the case2 type in the APDU command; the authentication information is used to authenticate the smart card;

第二写卡单元72,用于基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;以及利用所述卡数据,进行写卡操作。The second card writing unit 72 is configured to receive the card data sent by the terminal based on the message format of case3 in the APDU command; and use the card data to perform a card writing operation.

在一实施例中,所述提供单元71,具体用于:In one embodiment, the providing unit 71 is specifically used for:

基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

在一实施例中,所述第二写卡单元72,具体用于:In one embodiment, the second card writing unit 72 is specifically used for:

基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, receive a card write message instruction carrying the card data sent by the terminal.

实际应用时,所述智能卡会向所述终端反馈写卡执行状态,以通知所述终端是否写卡成功。In actual application, the smart card will feed back the execution status of card writing to the terminal, so as to inform the terminal whether the card writing is successful.

基于此,在一实施例中,所述第二写卡单元72,还用于:Based on this, in one embodiment, the second card writing unit 72 is also used for:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing state sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

实际应用时,所述提供单元71、第二写卡单元72可由开卡装置中的处理器实现。In actual application, the providing unit 71 and the second card writing unit 72 can be implemented by a processor in the card opening device.

需要说明的是:上述实施例提供的开卡装置在进行开卡时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的开卡装置与开卡方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: when the card opening device provided by the above-mentioned embodiment performs card opening, the division of the above-mentioned program modules is used as an example for illustration. In practical applications, the above-mentioned processing can be allocated by different program modules according to needs. That is, the internal structure of the device is divided into different program modules to complete all or part of the processing described above. In addition, the card opening device and the card opening method embodiment provided by the above embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

基于上述装置的硬件实现,且为了实现本发明实施终端侧的方法,本发明实施例还提供了一种终端,如图8所示,该终端80包括:Based on the hardware implementation of the above device, and in order to implement the terminal-side method of the present invention, an embodiment of the present invention also provides a terminal, as shown in FIG. 8 , the terminal 80 includes:

第一通信接口81,能够与其它设备进行信息交互;The first communication interface 81 is capable of information interaction with other devices;

第一处理器82,与第一通信接口81连接,以实现与其它设备进行信息交互,用于运行计算机程序时,执行上述终端侧一个或多个技术方案提供的方法。而能够在所述第一处理器82上运行的计算机程序存储在第一处理器81上。The first processor 82 is connected to the first communication interface 81 to implement information interaction with other devices, and is used to execute the methods provided by one or more technical solutions on the terminal side when running the computer program. The computer programs that can run on the first processor 82 are stored on the first processor 81 .

具体地,所述第一处理器82用于运行所述计算机程序时,执行:Specifically, when the first processor 82 is used to run the computer program, execute:

通过调用所述终端操作系统的对应原生口API,并基于APDU命令中的case2类型的消息格式,从智能卡获取认证信息;Obtain authentication information from the smart card by calling the corresponding original port API of the terminal operating system, and based on the message format of case2 type in the APDU command;

将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;Send the authentication information to the platform; the authentication information is used to authenticate the smart card;

接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;receiving the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated;

通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡发送所述卡数据;发送的卡数据用于供所述智能卡进行写卡操作;其中,Send the card data to the smart card based on the message format of case3 in the APDU command by calling the API; the sent card data is used for the smart card to perform card writing operations; wherein,

所述终端能够通过调用所述API与所述智能卡建立安全连接;所述终端与智能卡的交互通过建立的安全连接实现。The terminal can establish a secure connection with the smart card by calling the API; the interaction between the terminal and the smart card is realized through the established secure connection.

在一实施例中,所述第一处理器82,用于运行所述计算机程序时,执行:In one embodiment, when the first processor 82 is configured to run the computer program, execute:

基于APDU命令中的case2类型的消息格式,向所述智能卡发送初始化写卡指令;所述初始化写卡指令用于指示所述智能卡进入写卡初始化状态,并获取所述智能卡的认证信息;Based on the message format of the case2 type in the APDU command, send an initialization card writing instruction to the smart card; the initialization card writing instruction is used to instruct the smart card to enter the card writing initialization state, and obtain the authentication information of the smart card;

接收所述智能卡发送的认证信息。Receive the authentication information sent by the smart card.

在一实施例中,所述第一处理器82,用于运行所述计算机程序时,执行:In one embodiment, when the first processor 82 is configured to run the computer program, execute:

基于APDU命令中的case3类型的消息格式,向所述智能卡发送携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, send a card write message instruction carrying the card data to the smart card.

在一实施例中,所述第一处理器82,还用于运行所述计算机程序时,执行:In one embodiment, the first processor 82 is also configured to, when running the computer program, execute:

接收所述智能卡返回的写卡执行状态;所述智能卡返回的写卡执行状态是基于APDU命令中的case3类型的消息格式生成的;receiving the card writing execution status returned by the smart card; the card writing execution status returned by the smart card is generated based on the message format of the case3 type in the APDU command;

当所述写卡执行状态表征所述智能卡写卡成功时,基于APDU命令中的case2类型的消息格式,向所述智能卡发送获取写卡状态命令;When the execution state of writing the card indicates that the writing of the smart card is successful, based on the message format of the case2 type in the APDU command, send a command to obtain the writing status of the smart card to the smart card;

接收所述智能卡基于所述获取写卡状态命令返回的写卡状态。receiving the card writing status returned by the smart card based on the acquire writing card status command.

所述第一处理器82的具体处理过程可参照方法来理解,这里不再赘述。The specific processing process of the first processor 82 can be understood with reference to the method, and will not be repeated here.

当然,实际应用时,所述终端80还可以包括:用户接口84。所述终端80中的各个组件通过总线系统85耦合在一起。可理解,总线系统85用于实现这些组件之间的连接通信。总线系统85除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图8中将各种总线都标为总线系统85。Certainly, in actual application, the terminal 80 may further include: a user interface 84 . Various components in the terminal 80 are coupled together through a bus system 85 . It can be understood that the bus system 85 is used to realize connection and communication between these components. In addition to the data bus, the bus system 85 also includes a power bus, a control bus and a status signal bus. However, the various buses are labeled as bus system 85 in FIG. 8 for clarity of illustration.

其中,所述第一处理器82的个数为至少一个。Wherein, the number of the first processor 82 is at least one.

用户接口84可以包括按钮、触感板或者触摸屏等。The user interface 84 may include buttons, a touch pad, or a touch screen, among others.

本发明实施例中的第一存储器83用于存储各种类型的数据以支持终端80的操作。这些数据的示例包括:用于在终端80上操作的任何计算机程序。The first memory 83 in the embodiment of the present invention is used to store various types of data to support the operation of the terminal 80 . Examples of such data include: any computer program for operating on terminal 80 .

上述本发明实施例揭示的方法可以应用于所述第一处理器82中,或者由所述第一处理器82实现。所述第一处理器82可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过所述第一处理器82中的硬件的集成逻辑电路或者软件形式的指令完成。上述的所述第一处理器82可以是通用处理器、数字信号处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。所述第一处理器82可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于第一存储器83,所述第一处理器82读取第一存储器83中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the foregoing embodiments of the present invention may be applied to the first processor 82 or implemented by the first processor 82 . The first processor 82 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the first processor 82 or an instruction in the form of software. The aforementioned first processor 82 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The first processor 82 may implement or execute various methods, steps and logic block diagrams disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the first memory 83, and the first processor 82 reads the information in the first memory 83, and completes the steps of the aforementioned method in combination with its hardware.

在示例性实施例中,终端80可以被一个或多个应用专用集成电路(ASIC,Application Specific Integrated Circuit)、DSP、可编程逻辑器件(PLD,ProgrammableLogic Device)、复杂可编程逻辑器件(CPLD,Complex Programmable Logic Device)、现场可编程门阵列(FPGA,Field-Programmable Gate Array)、通用处理器、控制器、微控制器(MCU,Micro Controller Unit)、微处理器(Microprocessor)、或者其他电子元件实现,用于执行前述方法。In an exemplary embodiment, the terminal 80 may be implemented by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, ProgrammableLogic Device), Complex Programmable Logic Device (CPLD, Complex Programmable Logic Device), field-programmable gate array (FPGA, Field-Programmable Gate Array), general-purpose processor, controller, microcontroller (MCU, Micro Controller Unit), microprocessor (Microprocessor), or other electronic components to achieve , used to execute the aforementioned method.

基于上述装置的硬件实现,且为了实现本发明实施智能卡侧的方法,本发明实施例还提供了一种智能卡,如图9所示,该智能卡90包括:Based on the hardware realization of the above-mentioned device, and in order to implement the method on the smart card side of the present invention, the embodiment of the present invention also provides a smart card, as shown in FIG. 9 , the smart card 90 includes:

第二处理器91和用于存储能够在所述第二处理器上运行的计算机程序的第二存储器92,a second processor 91 and a second memory 92 for storing a computer program capable of running on said second processor,

其中,所述第二处理器91用于运行所述计算机程序时,执行:Wherein, when the second processor 91 is used to run the computer program, execute:

基于APDU命令中的case2类型的消息格式,为终端提供认证信息;所述认证信息用于对所述智能卡进行认证;Based on the message format of the case2 type in the APDU command, provide authentication information for the terminal; the authentication information is used to authenticate the smart card;

基于APDU命令中的case3类型的消息格式,接收所述终端发送的卡数据;Based on the message format of the case3 type in the APDU command, receive the card data sent by the terminal;

利用所述卡数据,进行写卡操作。Using the card data, write card operation.

在一实施例中,所述第二处理器91,用于运行所述计算机程序时,执行:In one embodiment, when the second processor 91 is configured to run the computer program, execute:

基于APDU命令中的case2类型的消息格式,接收所述终端发送的初始化写卡指令;Based on the message format of the case2 type in the APDU command, receive the initialization card writing instruction sent by the terminal;

响应所述初始化写卡指令,进入写卡初始化状态,并向所述终端返回所述认证信息。In response to the initialization card writing instruction, enter the card writing initialization state, and return the authentication information to the terminal.

在一实施例中,所述第二处理器91,用于运行所述计算机程序时,执行:In one embodiment, when the second processor 91 is configured to run the computer program, execute:

基于APDU命令中的case3类型的消息格式,接收所述终端发送的携带所述卡数据的写卡报文指令。Based on the message format of the case3 type in the APDU command, receive a card write message instruction carrying the card data sent by the terminal.

在一实施例中,所述第二处理器91,还用于运行所述计算机程序时,执行:In one embodiment, the second processor 91 is further configured to execute the computer program when executing:

基于APDU命令中的case3类型的消息格式,向所述终端返回写卡执行状态;所述写卡执行状态表征所述智能卡写卡成功;Based on the message format of the case3 type in the APDU command, return the card writing execution status to the terminal; the writing card execution status indicates that the smart card writing card is successful;

基于APDU命令中的case2类型的消息格式,接收所述智能卡发送的获取写卡状态命令;Based on the message format of the case2 type in the APDU command, receive the command to obtain the card writing status sent by the smart card;

响应所述获取写卡状态命令,向所述终端返回写卡状态。Responding to the command of obtaining the card writing status, returning the card writing status to the terminal.

所述第二处理器91的具体处理过程可参照方法来理解,这里不再赘述。The specific processing process of the second processor 91 can be understood with reference to the method, and will not be repeated here.

当然,实际应用时,所述智能卡90还可以包括第二通信接口93,与终端进行交互。所述智能卡90中的各个组件通过总线系统94耦合在一起。可理解,总线系统94用于实现这些组件之间的连接通信。总线系统94除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图9中将各种总线都标为总线系统94。Of course, in actual application, the smart card 90 may also include a second communication interface 93 to interact with the terminal. Various components in the smart card 90 are coupled together through a bus system 94 . It can be understood that the bus system 94 is used to realize connection and communication between these components. In addition to the data bus, the bus system 94 also includes a power bus, a control bus and a status signal bus. However, the various buses are labeled as bus system 94 in FIG. 9 for clarity of illustration.

本发明实施例中的第二存储器92用于存储各种类型的数据以支持智能卡90的操作。这些数据的示例包括:用于在智能卡90上操作的任何计算机程序。The second memory 92 in the embodiment of the present invention is used to store various types of data to support the operation of the smart card 90 . Examples of such data include any computer programs for operating on smart card 90 .

上述本发明实施例揭示的方法可以应用于所述第二处理器91中,或者由所述第二处理器91实现。所述第二处理器91可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过所述第二处理器91中的硬件的集成逻辑电路或者软件形式的指令完成。上述的所述第二处理器91可以是通用处理器、DSP,或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。所述第二处理器91可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于第二存储器92,所述第二处理器91读取第二存储器92中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the foregoing embodiments of the present invention may be applied to the second processor 91 or implemented by the second processor 91 . The second processor 91 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the second processor 91 or instructions in the form of software. The aforementioned second processor 91 may be a general-purpose processor, DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The second processor 91 may implement or execute various methods, steps and logic block diagrams disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present invention can be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the second memory 92, and the second processor 91 reads information in the second memory 92, and completes the steps of the foregoing method in combination with its hardware.

在示例性实施例中,智能卡90可以被一个或多个ASIC、DSP、PLD、CPLD、FPGA、通用处理器、控制器、MCU、Microprocessor、或者其他电子元件实现,用于执行前述方法。In an exemplary embodiment, the smart card 90 may be implemented by one or more ASICs, DSPs, PLDs, CPLDs, FPGAs, general purpose processors, controllers, MCUs, Microprocessors, or other electronic components for performing the aforementioned methods.

可以理解,本发明实施例的存储器(第一存储器83和第二存储器92)可以是易失性存储器或者非易失性存储器,也可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(ROM,Read Only Memory)、可编程只读存储器(PROM,ProgrammableRead-Only Memory)、可擦除可编程只读存储器(EPROM,Erasable Programmable Read-Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically ErasableProgrammable Read-Only Memory)、磁性随机存取存储器(FRAM,ferromagnetic randomaccess memory)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(CD-ROM,Compact Disc Read-Only Memory);磁表面存储器可以是磁盘存储器或磁带存储器。易失性存储器可以是随机存取存储器(RAM,Random Access Memory),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(SRAM,StaticRandom Access Memory)、同步静态随机存取存储器(SSRAM,Synchronous Static RandomAccess Memory)、动态随机存取存储器(DRAM,Dynamic Random Access Memory)、同步动态随机存取存储器(SDRAM,Synchronous Dynamic Random Access Memory)、双倍数据速率同步动态随机存取存储器(DDRSDRAM,Double Data Rate Synchronous Dynamic RandomAccess Memory)、增强型同步动态随机存取存储器(ESDRAM,Enhanced SynchronousDynamic Random Access Memory)、同步连接动态随机存取存储器(SLDRAM,SyncLinkDynamic Random Access Memory)、直接内存总线随机存取存储器(DRRAM,Direct RambusRandom Access Memory)。本发明实施例描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。It can be understood that the memories (the first memory 83 and the second memory 92 ) in this embodiment of the present invention may be volatile memories or nonvolatile memories, and may also include both volatile and nonvolatile memories. Wherein, the non-volatile memory can be a read-only memory (ROM, Read Only Memory), a programmable read-only memory (PROM, Programmable Read-Only Memory), an erasable programmable read-only memory (EPROM, Erasable Programmable Read-Only Memory) Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), Magnetic Random Access Memory (FRAM, ferromagnetic random access memory), Flash Memory (Flash Memory), magnetic surface memory, optical disc, Or CD-ROM (Compact Disc Read-Only Memory); magnetic surface storage can be disk storage or tape storage. The volatile memory may be random access memory (RAM, Random Access Memory), which is used as an external cache. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM, Static Random Access Memory), Synchronous Static Random Access Memory (SSRAM, Synchronous Static Random Access Memory), Dynamic Random Access Memory ( DRAM, Dynamic Random Access Memory), Synchronous Dynamic Random Access Memory (SDRAM, Synchronous Dynamic Random Access Memory), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory). The memory described by embodiments of the present invention is intended to include, but not be limited to, these and any other suitable types of memory.

为实现本发明实施例的方法,本发明实施例还提供了一种开卡系统,如图10所示,该系统包括:In order to implement the method of the embodiment of the present invention, the embodiment of the present invention also provides a card opening system, as shown in Figure 10, the system includes:

终端101,用于通过调用所述终端操作系统的对应原生API,并基于APDU命令中的case2类型的消息格式,从智能卡102获取认证信息;将所述认证信息发送至平台;所述认证信息用于对所述智能卡进行认证;接收所述平台发送的卡数据;所述卡数据是所述平台对所述智能卡认证成功后发送的;以及通过调用所述API,并基于APDU命令中的case3类型的消息格式,向所述智能卡102发送所述卡数据;The terminal 101 is used to obtain authentication information from the smart card 102 based on the message format of case2 type in the APDU command by calling the corresponding native API of the terminal operating system; the authentication information is sent to the platform; the authentication information is used To authenticate the smart card; receive the card data sent by the platform; the card data is sent by the platform after the smart card is successfully authenticated; and call the API based on the case3 type in the APDU command message format, send the card data to the smart card 102;

所述智能卡102,用于收到卡数据后,利用卡数据进行写卡操作。The smart card 102 is configured to use the card data to write to the card after receiving the card data.

需要说明的是:终端101和智能卡102的具体处理过程已在上文详述,这里不再赘述。It should be noted that: the specific processing procedures of the terminal 101 and the smart card 102 have been described in detail above, and will not be repeated here.

在示例性实施例中,本发明实施例还提供了一种存储介质,即计算机存储介质,具体为计算机可读存储介质,例如包括存储计算机程序的第一存储器83,上述计算机程序可由终端80的第一处理器82执行,以完成前述方法所述步骤。再比如包括存储计算机程序的第二存储器92,上述计算机程序可由智能卡90的第二处理器91执行,以完成前述方法所述步骤。计算机可读存储介质可以是FRAM、ROM、PROM、EPROM、EEPROM、Flash Memory、磁表面存储器、光盘、或CD-ROM等存储器。In an exemplary embodiment, the embodiment of the present invention also provides a storage medium, that is, a computer storage medium, specifically a computer-readable storage medium, for example, including a first memory 83 storing a computer program, and the above-mentioned computer program can be executed by the terminal 80 The first processor 82 executes to complete the steps described in the foregoing method. Another example includes the second memory 92 storing computer programs, and the above computer programs can be executed by the second processor 91 of the smart card 90 to complete the steps in the aforementioned method. The computer-readable storage medium may be memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, or CD-ROM.

需要说明的是:本发明实施例所记载的技术方案之间,在不冲突的情况下,可以任意组合。It should be noted that: the technical solutions described in the embodiments of the present invention can be combined arbitrarily if there is no conflict.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (25)

1. A card opening method is applied to a terminal, and the method comprises the following steps:
acquiring authentication information from the smart card by calling a corresponding native Application Programming Interface (API) of the terminal operating system and based on a case2 type message format in an Application Protocol Data Unit (APDU) command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
2. The method according to claim 1, wherein the obtaining the authentication information from the smart card based on a case2 type message format in the APDU command comprises:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
3. The method according to claim 1, wherein said sending the card data to the smart card by a message format based on a case3 type in an APDU command comprises:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
4. The method of claim 1, further comprising:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquisition command.
5. A card opening method is applied to a smart card, and comprises the following steps:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
6. The method according to claim 5, wherein the providing the authentication information for the terminal based on the case2 type message format in the APDU command comprises:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
7. The method according to claim 5, wherein the receiving card data sent by the terminal based on a case3 type message format in an APDU command comprises:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
8. The method of claim 5, further comprising:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
9. A card opening device, characterized in that the device comprises:
the acquiring unit is used for acquiring the authentication information from the smart card by calling a corresponding native API of the terminal operating system and based on a case2 type message format in the APDU command; sending the authentication information to a platform; the authentication information is used for authenticating the smart card; receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
the first card writing unit is used for sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write the card; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
10. The apparatus according to claim 9, wherein the obtaining unit is specifically configured to:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
11. The apparatus of claim 9, wherein the first card writing unit is specifically configured to:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
12. The apparatus of claim 9, wherein the first card writing unit is further configured to:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
13. A card opening device, characterized in that the device comprises:
a providing unit, configured to provide authentication information for the terminal based on a case2 type message format in the APDU command; the authentication information is used for authenticating the smart card;
a second card writing unit, configured to receive card data sent by the terminal based on a case3 type message format in the APDU command; and performing card writing operation by using the card data.
14. The apparatus according to claim 13, wherein the providing unit is specifically configured to:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialization state, and returning the authentication information to the terminal.
15. The apparatus of claim 13, wherein the second card writing unit is specifically configured to:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
16. The apparatus of claim 13, wherein the second card writing unit is further configured to:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the intelligent card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
17. A terminal, characterized in that the terminal comprises: a first processor and a first memory for storing a computer program capable of running on the first processor,
wherein the first processor, when executing the computer program, is configured to perform:
acquiring authentication information from the smart card by calling a corresponding native port API of the terminal operating system and based on a case2 type message format in an APDU command;
sending the authentication information to a platform; the authentication information is used for authenticating the smart card;
receiving card data sent by the platform; the card data is sent after the platform successfully authenticates the smart card;
sending the card data to the smart card by calling the API and based on a case3 type message format in an APDU command; the sent card data is used for the smart card to write; wherein,
the terminal can establish a secure connection with the smart card by calling the API; and the interaction between the terminal and the intelligent card is realized through the established safe connection.
18. The terminal according to claim 17, wherein the first processor, when executing the computer program, is configured to perform:
sending an initialization card writing instruction to the smart card based on a case2 type message format in the APDU command; the initialization card writing instruction is used for indicating the intelligent card to enter a card writing initialization state and acquiring the authentication information of the intelligent card;
and receiving the authentication information sent by the intelligent card.
19. The terminal according to claim 17, wherein the first processor, when executing the computer program, is configured to perform:
and sending a card writing message instruction carrying the card data to the smart card based on a case3 type message format in the APDU command.
20. The terminal of claim 17, wherein the first processor, when executing the computer program, is further configured to perform:
receiving a card writing execution state returned by the smart card; the card writing execution state returned by the intelligent card is generated based on the case3 type message format in the APDU command;
when the card writing execution state represents that the smart card is successfully written, sending a card writing state acquisition command to the smart card based on a case2 type message format in an APDU command;
and receiving the card writing state returned by the smart card based on the card writing state acquiring command.
21. A smart card, characterized in that the smart card comprises: a second processor and a second memory for storing a computer program capable of running on the second processor,
wherein the second processor, when executing the computer program, is configured to perform:
based on the case2 type message format in the APDU command, providing authentication information for the terminal; the authentication information is used for authenticating the smart card;
receiving card data sent by the terminal based on a case3 type message format in an APDU command;
and performing card writing operation by using the card data.
22. The smart card of claim 21, wherein the second processor, when executing the computer program, is configured to perform:
receiving an initialization card writing instruction sent by the terminal based on a case2 type message format in an APDU command;
and responding to the initialized card writing instruction, entering a card writing initialized state, and returning the authentication information to the terminal.
23. The smart card of claim 21, wherein the second processor, when executing the computer program, is configured to perform:
and receiving a card writing message instruction which is sent by the terminal and carries the card data based on a case3 type message format in the APDU command.
24. The smart card of claim 21, wherein the second processor, when executing the computer program, is further configured to perform:
returning a card writing execution state to the terminal based on a case3 type message format in the APDU command; the card writing execution state represents that the card writing of the smart card is successful;
receiving a card writing state acquisition command sent by the smart card based on a case2 type message format in the APDU command;
and responding to the command for acquiring the card writing state, and returning the card writing state to the terminal.
25. A computer storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the steps of a method according to any one of claims 1 to 4, or implementing the steps of a method according to any one of claims 5 to 8.
CN201810319863.3A 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium Active CN110366161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810319863.3A CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810319863.3A CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110366161A CN110366161A (en) 2019-10-22
CN110366161B true CN110366161B (en) 2023-01-03

Family

ID=68214346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810319863.3A Active CN110366161B (en) 2018-04-11 2018-04-11 Card opening method and device, related equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110366161B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170794B (en) * 2023-04-25 2023-08-08 深圳市微付充科技有限公司 Online idle issuing system and method for smart card

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104918230A (en) * 2014-03-11 2015-09-16 中国移动通信集团内蒙古有限公司 Card writing method, device and system
CN106856465B (en) * 2015-12-08 2019-06-28 中国电信股份有限公司 For realizing the methods, devices and systems of mobile authentication
CN105825134A (en) * 2016-03-16 2016-08-03 中国联合网络通信集团有限公司 Intelligent card processing method, intelligent card management server and terminal
CN106709727A (en) * 2016-12-07 2017-05-24 深圳市久和久科技有限公司 Intelligent card management method and system thereof, terminal and card service management apparatus
CN107613487A (en) * 2017-11-07 2018-01-19 恒宝股份有限公司 A kind of eSIM cards and its method of work

Also Published As

Publication number Publication date
CN110366161A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
EP2988470B1 (en) Automatic purposed-application creation
US9880830B2 (en) On-board applet migration
CN111311251B (en) Binding processing method, device and equipment
CN108055132B (en) Method, device and equipment for service authorization
CN105678192B (en) A kind of key application method and application apparatus based on smart card
US20160103716A1 (en) Method for using shared device in apparatus capable of operating two operating systems
JP2023521997A (en) Determination of specific conditions for contactless card activation
US20170124339A1 (en) Implementing method for javacard application function expansion
KR20240026922A (en) Cryptographic authentication to control access to storage devices
CN210627203U (en) UICC device with safe storage function
CN111191252A (en) Encryption and decryption method and device for smart card operating system and storage medium
US9058498B2 (en) Runtime environment management of secure communications on card computing devices
WO2022165771A1 (en) Virtual electronic card management method and system, security chip, terminal, and storage medium
CN105592072A (en) Method for obtaining login certification in intelligent terminal, intelligent terminal and operation system thereof
KR20220115919A (en) Secure authentication based on passport data stored on contactless card
CN105337995A (en) Rapid personalization method and system for smart card
CN110366161B (en) Card opening method and device, related equipment and storage medium
US10531296B2 (en) Method for loading a subscription into an embedded security element of a mobile terminal
CN101425120B (en) Card reader and executing method thereof
CN110351703B (en) Card opening method, device, related equipment and storage medium
CN105871840A (en) Certificate management method and system
US20230376936A1 (en) Configuring applications on a device using a contactless card
CN112017330A (en) Intelligent lock parameter configuration method and device, intelligent lock and storage medium
CN105574425B (en) Access the method and device of storage data
CN107851044B (en) Integrated circuit card adapted to transfer first data from a first application for use by a second application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant