CN110366162A - The method of digital certificate authentication function is realized on the sim card - Google Patents
The method of digital certificate authentication function is realized on the sim card Download PDFInfo
- Publication number
- CN110366162A CN110366162A CN201910324875.XA CN201910324875A CN110366162A CN 110366162 A CN110366162 A CN 110366162A CN 201910324875 A CN201910324875 A CN 201910324875A CN 110366162 A CN110366162 A CN 110366162A
- Authority
- CN
- China
- Prior art keywords
- sim card
- digital certificate
- realizing
- certificate authentication
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
Abstract
The present invention relates to technical field of intelligent card, in particular to a kind of method for realizing digital certificate authentication function on the sim card.The method for realizing digital certificate authentication function on the sim card includes: that the communications applications communicated for realizing terminal wireless and the authentication application that can be realized digital certificate authentication are downloaded in SIM card;It establishes in the SIM card for logical channel communicated from terminal, different;Communicate the communications applications and the authentication application with terminal using the different logical channels.In the method provided by the invention for realizing digital certificate authentication function on the sim card, it can be under the premise of not changing SIM card physical structure, by dividing different logical channels in SIM card, to realize the function of realizing communication and digital certificate authentication on a SIM card.
Description
Technical field
The present invention relates to technical field of intelligent card, in particular to a kind of to realize digital certificate authentication function on the sim card
Method.
Background technique
Digital certificate authentication is the encryption technology using digital certificate as core, it can carry out the information of transmission over networks
Encryption and decryption, digital signature and signature verification, it is ensured that the safety and integrality of online transmitting information.Digital card is used
Book still can be protected even if the information sent is intercepted and captured on the net by other people, or even is lost the information such as personal account, password
Demonstrate,prove the safety of personal account.
Currently, when carrying out the certification of information transmission using digital authenticating certificate, usually there are two types of authentication mode, one is
Soft certificate mode, such as the soft certificate protection of Alipay, i.e., the number signed and issued one by believable third party's certification authority
Word certificate imported into IE certificate repository, then the CSP (Cryptographic for passing through Microsoft in the form of computer document
ServiceProvider, Cryptographic Service Provider) interface authenticated.Another kind is hard certificate mode, such as the U-shield of bank,
There is another independent equipment, digital certificate is stored in the independent equipment, and is protected by this equipment.This
The hard certificate mode of kind, is that the equipment is connected to computer end to realize digital authenticating.Hard certificate mode both may be used when being authenticated
To be authenticated by CSP interface, can also by special purpose interface (such as Password Management office publication standard quotient touch mouth) into
Row certification.Since soft certificate verification can not match in excellence or beauty hard certificate verification in terms of safety, hard certificate verification mode is obtained
It is widely applied.
With the high speed development of mobile network, people are more likely to handle routine work using portable mobile phone, therefore
It is necessary to propose that one kind can be in the scheme that mobile phone terminal is authenticated.Even to this day, the scheme authenticated in mobile phone terminal is main
There are several types of:
1, the certificate scheme based on audio-type encryption device
The program is similar to the hard certificate mode of computer end, is that digital certificate is deposited in storage in an equipment number
The equipment of certificate is communicated by the audio interface and mobile phone of 3.5mm, to realize that mobile phone terminal authenticates.It is this to rely on storage number
The authenticating device of word certificate and the certificate scheme of mobile phone 3.5mm audio interface, it is necessary to which additionally carrying a storage has digital card
The authenticating device (hardware device) of book, and it also requires making the audio processing chip of authenticating device matching mobile phone terminal.Based on these
Restrictive condition, this certificate scheme is easy to cause analog signal to lose data after being filtered, and also faces mobile phone terminal
3.5mm interface is cancelled and the predicament that is not available.
2, the certificate scheme based on storage-type cipher card
The program is deposited in digital certificate in TF card (Trans-flash Card, flash card), and mobile phone and TF are passed through
The channel bank of card come realize mobile phone terminal authenticate.Since most mobile phones currently on the market support installation TF card to store sky to expand
Between.This certificate scheme based on storage-type cipher card, it is more convenient compared with the certificate scheme based on audio-type encryption device, but by
It is sufficiently large in the middle and high end phone memory of present mainstream, TF card is inserted into mobile phone and carries out memory space expansion,
Seemed less necessary.Therefore, TF card shares card slot with phonecard in many mobile phones.If still passing through storage-type password
Card authenticates to realize, certainly will will cause can not be on a mobile phone while the case where using two phonecards.Obviously, using two
Phonecard has become the universal phenomenon in daily life, and the certificate scheme based on storage-type cipher card also will the gradually city Bu Bei
Field receives.
3, the certificate scheme based on SIM card type cipher card
The program is deposited in digital certificate in dedicated IC (Integrated Circuit, integrated circuit) chip,
Then IC chip encapsulation is entered into SIM (Subscriber Identification Module, the user identity for being used for communicating again
Identification module) card in.Due to storing the connection having be between the IC chip of digital certificate and SIM card physically, need to utilize indigo plant
Tooth or NFC (Near Field Communication, near-field communication) are communicated, and are authenticated with realizing in mobile phone terminal.The program
It needs user to open bluetooth or NFC function in time, but is easy to be done by ambient enviroment based on the wireless communication of bluetooth or NFC function
It disturbs, or even the data of user is easy to cause to be trapped without knowing it, there are some potential safety problemss.
Summary of the invention
The purpose of the present invention is to provide a kind of methods for realizing digital certificate authentication function on the sim card, existing to solve
The problem of some mobile terminal authentication mode safeties are low, complex steps.
In order to solve the above technical problems, the present invention provides a kind of method for realizing digital certificate authentication function on the sim card,
Include the following steps:
S1: will be under the communications applications that communicated for realizing terminal wireless and the authentication application that can be realized digital certificate authentication
It is loaded onto SIM card;
S2: it establishes in the SIM card for logical channel communicated from terminal, different;
S3: communicate the communications applications and the authentication application with terminal using the different logical channels.
Further, the operating system based on Java Card technological development is run in the SIM card.
Further, the communications applications and the authentication application are based on the Applet of Java programming language exploitation.
Further, application firewall is configured in the operating system.
Further, the terminal includes mobile phone, tablet computer, laptop with SIM card interface.
Further, the different logical channels is built according to the logical channel technical specification in ISO7816-4 standard
It is vertical.
Further, the communications applications can at least store address list, short message, the individual subscriber letter of user in SIM card
Breath and common carrier information.
Further, the authentication application at least being capable of digital certificate and realization digital signing operations in SIM card.
In the method provided by the invention for realizing digital certificate authentication function on the sim card, SIM card can not changed
Under the premise of physical structure, by dividing different logical channels in SIM card, realized on a SIM card to realize
The function of communication and digital certificate authentication.This method had not both needed additional external interface, was not take up the card of interior of mobile phone yet
Slot carries out upgrading without to existing terminal, reduces enterprise simultaneously because using the interface of existing SIM card
Input cost.
Detailed description of the invention
Fig. 1 is the flow chart for the method for realizing digital certificate authentication function on the sim card that one embodiment of the invention provides.
Specific embodiment
According to above content it is found that existing digital certificate authentication is usually required using individual hardware device, and utilize
Certification can be just finally completed at the terminal by connecting with the interface that terminal matches.These authentication modes are required to be individually for digital card
Independent hardware device and interface is arranged in book certification, and enterprise and user is caused to need to buy and carry and a variety of recognize for digital certificate
The hardware device of card has great inconvenience in today of mobile network's high speed development.
Unlike the prior art, the present invention, which is not separately provided, is able to carry out the independent hard of digital certificate authentication
Part, but the hardware configuration of existing SIM card is utilized both to retain original on the basis of not changing the hardware configuration of SIM card
SIM card function, while the function of digital certificate authentication is also realized on the sim card, it greatly simplifies real using the terminal of SIM card
The step of existing digital certificate authentication.
Digital certificate authentication is realized on the sim card to one kind proposed by the present invention below in conjunction with the drawings and specific embodiments
Method is described in further detail.According to claims and following explanation, advantages and features of the invention will be become apparent from.It needs
Bright, attached drawing is all made of very simplified form and using non-accurate ratio, only conveniently, lucidly to aid in illustrating
The purpose of the embodiment of the present invention.
A kind of method for realizing digital certificate authentication on the sim card is present embodiments provided, this method uses single core
Piece (SIM card), will realize communications applications (usually being provided by telecommunication service operator) that mobile terminal is interrogated all and
For realizing that the authentication application of digital certificate authentication concentrates in a chip, and it is logical so that communication applications is normally played script phone
While communication function, the function that authentication application plays digital certificate authentication is not influenced.
Referring to FIG. 1, Fig. 1 is the stream of the method provided in this embodiment for realizing digital certificate authentication function on the sim card
Cheng Tu, this method comprises the following steps:
S1: by (such as mobile phone, tablet computer, laptop etc. are set with the hardware of SIM card interface for realizing terminal
It is standby) communications applications of wireless telecommunications and it can be realized the authentication application of digital certificate authentication and be downloaded in SIM card;
S2: it establishes in the SIM card for logical channel communicated from terminal, different;
S3: communicate the communications applications and the authentication application with terminal using the different logical channels.
Java is a kind of computer programming language.And Java Card is a kind of application technology based on Java programming language,
The technology is mainly used in intelligent IC.When Java Card technology is applied in SIM card, can establish in SIM card can
The running environment of Java Card applet (calling Applet in the following text) is run, such as installation and operation is based on Java in SIM card
The operating system of Card technological development can thus directly download Applet, no longer need to carry out the behaviour such as being adapted to application program
Make.
The presentation content of program adaptation link can be reduced it is found that can also be with based on the above-mentioned Applet that downloads in SIM card
So that the communications applications and the authentication application is all based on the Applet of Java Card technological development, avoids using with this
The work of progress application program adaptation is also needed when the application program of other forms.
Further, application firewall is configured in the operating system, to carry out the write-in of data to SIM card, read
It can be protected by the control of authority mechanism Deng when operating.No matter which kind of card-reading apparatus and operating system, the application of downloading are used
Program all goes to access other resources not across permission.
In communication process, since SIM card only has a set of physical interface to connect with the terminal, and this set physical interface is former
Originally it is used only to realize the communication function of terminal.And when SIM card both needs to realize communication function, it is also necessary to realize that digital certificate is recognized
When demonstrate,proving function, terminal is easy for leading to the problem of data-crosstalk when accessing SIM card, it is therefore desirable to establish different logical channels
To prevent data-crosstalk.In order to realize the communications applications and the authentication application respectively in the different logical channels
In with the terminal carry out normal communication, can be according to the logical channel technical specification in ISO7816-4 standard come more convenient
Different logical channels is established on ground in the SIM card.In this way, when the application of lane terminal applied in access SIM card (including
The communications applications and the authentication application), all orders can be according to CLA (Class Byte of Command
Message, the classification byte of command message), INS (Instructional Byte of Command Message, order report
Text command byte), P1 (Parameter1, parameter 1), P2 (Parameter2, parameter 2), Lc (Length of command
Data field, the length in order data domain), Data (data bin data) and Le (Expected data length, it is expected that counting
According to length) sequence carry out a group organization data.According to the definition in ISO7816-4 standard, minimum two bit (bit) of CLA byte
For indicating the logical channel serial number of order, when for example, 00B, indicates basic channel, then distinguish when if 01B, 10B and 11B
Indicate that logical channel 1, logical channel 2 and logical channel 3, each logical channel possess a set of status information mark of oneself,
It is identified using these independent status informations.It is possible to prevente effectively from data-crosstalk problem mentioned above.Therefore, based on foundation
The different logical channels, the communications applications can be communicated by the basic channel with terminal, and the certification
Using can other logical channels (such as logical channel 2) communicated with the terminal.
The communications applications can at least store the address list of user, short message, userspersonal information in SIM card, and
Common carrier information, to guarantee the actual use demand of user.In addition, the authentication application can at least deposit in SIM card
It stores up digital certificate and realizes digital signing operations, to meet certification demand.
In conclusion the method provided in this embodiment for realizing digital certificate authentication function on the sim card, can not change
Under the premise of becoming SIM card physical structure, by dividing different logical channels in SIM card, to realize in a SIM card
The upper function of realizing communication and digital certificate authentication.This method had not both needed additional external interface, was not take up in mobile phone yet
The card slot in portion carries out upgrading without to existing terminal, reduces simultaneously because using the interface of existing SIM card
The input cost of enterprise.The SIM card made in this way, when carrying out digital certificate authentication, without carrying additionally
Hardware device without opening bluetooth or NFC function, and in verification process, be always by the physical interface of SIM card with
Terminal connection, brings very big guarantee to information security.
Foregoing description is only the description to present pre-ferred embodiments, not to any restriction of the scope of the invention, this hair
Any change, the modification that the those of ordinary skill in bright field does according to the disclosure above content, belong to the protection of claims
Range.
Claims (8)
1. a kind of method for realizing digital certificate authentication function on the sim card, which comprises the steps of:
S1: the communications applications communicated for realizing terminal wireless and the authentication application that can be realized digital certificate authentication are downloaded to
In SIM card;
S2: it establishes in the SIM card for logical channel communicated from terminal, different;
S3: communicate the communications applications and the authentication application with terminal using the different logical channels.
2. realizing the method for digital certificate authentication function on the sim card as described in claim 1, which is characterized in that the SIM
The operating system based on Java Card technological development is run in card.
3. realizing the method for digital certificate authentication function on the sim card as claimed in claim 2, which is characterized in that described logical
Letter application and the authentication application are all based on the Applet of Java programming language exploitation.
4. realizing the method for digital certificate authentication function on the sim card as claimed in claim 2, which is characterized in that the behaviour
Make in system configured with application firewall.
5. realizing the method for digital certificate authentication function on the sim card as claimed in claim 2, which is characterized in that the end
End includes mobile phone, tablet computer and laptop with SIM card interface.
6. realizing the method for digital certificate authentication function on the sim card as described in claim 1, which is characterized in that different
The logical channel is established according to the logical channel technical specification in ISO7816-4 standard.
7. realizing the method for digital certificate authentication function on the sim card as described in claim 1, which is characterized in that described logical
Letter applies the address list that user can be at least stored in SIM card, short message, userspersonal information and common carrier information.
8. realizing the method for digital certificate authentication function on the sim card as described in claim 1, which is characterized in that described to recognize
Card is applied at least being capable of digital certificate and realization digital signing operations in SIM card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910324875.XA CN110366162A (en) | 2019-04-22 | 2019-04-22 | The method of digital certificate authentication function is realized on the sim card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910324875.XA CN110366162A (en) | 2019-04-22 | 2019-04-22 | The method of digital certificate authentication function is realized on the sim card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110366162A true CN110366162A (en) | 2019-10-22 |
Family
ID=68215599
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910324875.XA Pending CN110366162A (en) | 2019-04-22 | 2019-04-22 | The method of digital certificate authentication function is realized on the sim card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110366162A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102087716A (en) * | 2011-03-02 | 2011-06-08 | 武汉天喻信息产业股份有限公司 | Multi-application Java smart card |
| CN103164738A (en) * | 2013-02-06 | 2013-06-19 | 厦门盛华电子科技有限公司 | Mobile phone user identification card based on mobile payment multichannel digital certificate |
-
2019
- 2019-04-22 CN CN201910324875.XA patent/CN110366162A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102087716A (en) * | 2011-03-02 | 2011-06-08 | 武汉天喻信息产业股份有限公司 | Multi-application Java smart card |
| CN103164738A (en) * | 2013-02-06 | 2013-06-19 | 厦门盛华电子科技有限公司 | Mobile phone user identification card based on mobile payment multichannel digital certificate |
Non-Patent Citations (2)
| Title |
|---|
| QQ_29605685: "Java-Card-技术简介", 《CSDN博客》 * |
| 孙森田: "基于openmobile的机卡协作安全方案的设计与实现", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4874288B2 (en) | Data storage and access to mobile devices and user modules | |
| CN101394615B (en) | Mobile payment terminal and payment method based on PKI technique | |
| JP5957487B2 (en) | Storage medium | |
| US9210573B2 (en) | Method and apparatus for registering a computing device with a service provider | |
| EP1688859B1 (en) | Application authentification system | |
| US6504932B1 (en) | Method of transferring information between a subscriber identification module and a radiocommunication mobile terminal, and a corresponding subscriber identification module and mobile terminal | |
| CN102026187B (en) | Subscriber identification module and transmission method and system based on subscriber identification module | |
| JP4009315B1 (en) | Security adapter | |
| US20070186115A1 (en) | Dynamic Password Authentication System and Method thereof | |
| CN103812649B (en) | Method and system for safety access control of machine-card interface, and handset terminal | |
| CN102202306B (en) | Mobile security authentication terminal and method | |
| CN101605325B (en) | Method for identity authentication, mobile terminal, server, and identity authentication system | |
| CN102497465A (en) | High-secrecy mobile information safety system and safety method for distributed secret keys | |
| CN103460186A (en) | Method for updating a data storage medium | |
| US7210044B2 (en) | Mobile phone with an encryption function | |
| EP1862948A1 (en) | IC card with OTP client | |
| CN1997188A (en) | A recognition method of the user identity and its handset | |
| CN1992948B (en) | Mobile communication terminal and program thereof, IC card and program thereof, and mobile communication terminal system | |
| RU2395930C2 (en) | Subsequent realisation of functionality of subscriber identification module in protected module | |
| CN110876144A (en) | Mobile application method, device and system of identity certificate | |
| CN102170638B (en) | Air loss reporting method and equipment | |
| CN103037071A (en) | Method of data exchanging between software and user identity identification card on mobile phone | |
| CN107111707A (en) | Smart card, mobile terminal and the method that network ID authentication is carried out using smart card | |
| CN110366162A (en) | The method of digital certificate authentication function is realized on the sim card | |
| CN101499152A (en) | Method, equipment and system for implementing security mobile payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191022 |
|
| RJ01 | Rejection of invention patent application after publication |