CN114244887B - Channel management method and device and electronic equipment - Google Patents

Channel management method and device and electronic equipment Download PDF

Info

Publication number
CN114244887B
CN114244887B CN202111544528.1A CN202111544528A CN114244887B CN 114244887 B CN114244887 B CN 114244887B CN 202111544528 A CN202111544528 A CN 202111544528A CN 114244887 B CN114244887 B CN 114244887B
Authority
CN
China
Prior art keywords
token
channel
command
information
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111544528.1A
Other languages
Chinese (zh)
Other versions
CN114244887A (en
Inventor
刘煜
翟京卿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202111544528.1A priority Critical patent/CN114244887B/en
Publication of CN114244887A publication Critical patent/CN114244887A/en
Application granted granted Critical
Publication of CN114244887B publication Critical patent/CN114244887B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a channel management method, a device and electronic equipment, belongs to the technical field of communication, and can solve the problem that a security policy in the aspect of channel management is insufficient; the method comprises the following steps: responding to a channel opening command of a universal integrated circuit card UICC, and acquiring token demand information of the UICC for the current service operation from the channel opening command; executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information; transmitting a first terminal response message to the UICC, wherein the information carried in the first terminal response message is determined by a processing result of a channel opening command and a token generation result; and responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command. According to the method, the service realization guarantee can be enhanced in the aspect of channel management.

Description

Channel management method and device and electronic equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a channel management method, a device, and an electronic device.
Background
The passage of data via a separate bearer protocol (Bearer Independent Protocol, BIP) is one of the usual way functions of a universal integrated circuit card (Universal Integrated Circuit Card, UICC) to enable remote data transmission and management. With the continuous development of services, the use scene is more complex, and the problem of insufficient security policy in the aspect of channel management is caused. Therefore, there is a need to strengthen the service implementation guarantee in terms of channel management.
Disclosure of Invention
Therefore, the invention provides a channel management method, a device and electronic equipment, which are used for solving the problem that the security policy in the aspect of channel management in the prior art is insufficient.
To achieve the above object, a first aspect of the present invention provides a channel management method, including: responding to a channel opening command of a universal integrated circuit card UICC, and acquiring token demand information of the UICC for the current service operation from the channel opening command; executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information; transmitting a first terminal response message to the UICC, wherein the information carried in the first terminal response message is determined by a processing result of a channel opening command and a token generation result; and responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
A second aspect of the present invention provides a channel management method, including: the method comprises the steps of sending a channel opening command to the terminal equipment based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel, and the channel opening command comprises: token demand information for the current business operation; responding to a first terminal response message of the terminal equipment, and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information; under the condition that BIP channels are used for completing data transmission, corresponding channel closing commands are generated according to token generation results of the current service operation; sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
A third aspect of the present invention provides a channel management apparatus, comprising: the information acquisition module is used for responding to a channel opening command of the universal integrated circuit card UICC and acquiring token demand information of the UICC for the service operation from the channel opening command; the first command processing module is used for executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information; the message sending module is used for sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is determined by the processing result of the channel opening command and the token generation result; and the second command processing module is used for responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information and generating an execution result of the channel closing command.
A fourth aspect of the present invention provides a channel management device, including: the command sending module is configured to send a channel opening command to the terminal device based on a data transmission requirement of the current service operation, where the channel opening command is used to instruct the terminal device to open a BIP channel of the independent bearer protocol, and the channel opening command includes: token demand information for the current business operation; the information acquisition module is used for responding to a first terminal response message of the terminal equipment and acquiring information carried in the first terminal response message; the acquired information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information; the command generation module is used for generating a corresponding channel closing command according to the token generation result of the service operation under the condition that the BIP channel is used for completing data transmission; the command sending module is also used for sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
A fifth aspect of the present invention provides an electronic device, comprising: one or more processors; and a memory having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement any one of the channel management methods of the embodiments of the present invention.
The invention has the following advantages: according to the Channel management method, the device and the electronic equipment in the embodiment of the invention, a token mechanism is introduced into the BIP Channel management command, when the terminal receives the Open Channel command sent by the UICC, a token generation result of the service operation is determined according to the token demand information carried in the Open Channel command, the processing result of the Open Channel command and the token generation result are returned after the Open Channel command is executed, when the Channel is opened and the data transmission is completed and the Close Channel command sent by the UICC is received, the Close Channel command is processed according to the token verification demand processing corresponding to the token demand information, an execution result of the Channel closing command is generated, the authority for managing the Channel between the terminal and the UICC is ensured through the token mechanism, and the service operation safety is improved.
Drawings
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate the invention and together with the description serve to explain, without limitation, the invention.
FIG. 1 is a flowchart of a channel management method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a channel management method according to another embodiment of the present invention;
FIG. 3 is a flowchart of a channel management method according to an exemplary embodiment of the present invention;
FIG. 4 is a schematic diagram of a channel management device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a channel management device according to another embodiment of the present invention;
fig. 6 is a block diagram of an exemplary hardware architecture of a computing device of a channel management method and apparatus according to an embodiment of the present invention.
Detailed Description
The following describes specific embodiments of the present invention in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the invention by showing examples of the invention.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
In an embodiment of the invention, the universal subscriber identity module (Universal Subscriber Identity Module, USIM) card is a continuation and advancement of the universal mobile telecommunications system (Universal Mobile Telecommunications System, UMTS) network in which the subscriber identity is used by the module (Subscriber Identity Module, SIM) card. The USIM card can be used for storing user identity information and personal data, guaranteeing the safety of accessing mobile network services, and carrying out user identification and user authorization when a user accesses the mobile network services by utilizing necessary functions and data, thereby realizing the requirements that the mobile network can express and identify user applications.
In contrast to a SIM card, a USIM card is no longer built on a single telecommunications application platform, but will become one of a variety of applications residing on the UICC. The physical entity of the USIM is the UICC, and the USIM is actually an application built on the UICC that is mainly used for end user identity recognition. In some embodiments, the UICC can be understood as a universal smart card platform, which provides a unified bottom support for its upper layer application, and besides the USIM, other smart card applications such as banks, ticketing and the like can also reside on the UICC, so that the separation of the load-bearing platform and the applications is truly realized.
In the actual application scene, the relation between the UICC and the terminal has a developing process, in the initial positioning, the UICC is in a completely passive state, the terminal sends a command to the UICC, the UICC returns a response to the terminal after executing the command, the terminal and the UICC interact in a command response mode, and the UICC responds in a mode that the terminal initiates the command, the mechanism does not allow the UICC to actively send the command to the terminal, the terminal is always dominant, and the UICC can only be in a state that the control of receiving the command from the terminal, executing the command and returning the response is dominant, so that the development and the use of the card-based application are limited.
With the development of UICC service requirements, in order to solve such a problem, a SIM card application toolkit (SIM Application Toolkit, STK)/USIM card application toolkit (USIM Application Toolkit, USAT) protocol layer is introduced into a protocol stack of an interface of a terminal and a UICC, i.e. a Cu interface, and the STK/USAT layer provides a service mechanism on the basis of a service provided by a transport layer, so that the UICC application is allowed to interact and operate with the terminal supporting such a mechanism, so that the UICC can actively request the terminal to perform a certain operation, and the STK/USAT instruction set is a basic and main mode for implementing services by the telecommunication smart card through the terminal. Various applications can also be implemented on the UICC by means of the STK/USAT protocol and provided to the user through the terminal.
The BIP is a basic protocol for realizing remote Data downloading and management by the UICC through a card application toolkit transport protocol (Card Application Toolkit Transport Protocol, CAT/TP), a secure hypertext transport protocol (Hypertext Transfer Protocol Secure, HTTPS) and the like, and is one of main capabilities of the UICC through an STK/USAT mechanism, and the BIP realizes downloading, updating and management of the UICC remote application, file and other contents through a set of active commands (Channel Open command Open Channel, channel Close command Channel, send Data command received Data, channel state Get Channel Status and the like) and events (Data available, channel state) by the UICC.
Currently, when the UICC application needs to use BIP to perform remote data transmission, the UICC application requires the terminal to Open a transmission Channel by sending an Open Channel command, and after the data transmission is finished, the UICC application requires the terminal to Close the transmission Channel by a Close Channel command, so as to complete a complete cycle of data transmission.
The prior art generally has basic channel management, such as limited number of channels, refused channel opening command when no available channels. However, there are also disadvantages in terms of service security and safety of management policies, and some possible problems and abnormal situations, such as when UICC multiple channels are opened in parallel or continuously, occur inevitably, and one channel data transmission is not completely closed by other applications with channel operation requirements, which definitely affects normal operation of the service, especially for some important remote data transmission and management (such as downloading of basic user subscription data, etc.), which is more likely to cause adverse consequences and hinder the safety of service operation.
The embodiment of the invention provides a channel management method, a device and electronic equipment, which can improve the safety of BIP channel management by proposing the expansion definition of terminal management commands between machine cards and requiring a terminal to use a dynamic token in key operation.
For a better understanding of the present invention, a channel management method according to embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be noted that these embodiments are not intended to limit the scope of the present disclosure.
Fig. 1 is a flowchart illustrating a channel management method according to an embodiment of the present invention. As shown in fig. 1, the channel management method in the embodiment of the present invention includes the following steps.
S110, responding to a channel opening command of the universal integrated circuit card UICC, and acquiring token demand information of the UICC for the service operation from the channel opening command.
S120, executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information.
S130, a first terminal response message is sent to the UICC, wherein the information carried in the first terminal response message is determined by the processing result of the channel opening command and the token generation result.
And S140, responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
According to the Channel management method provided by the embodiment of the invention, a token mechanism is introduced into the BIP Channel management command, when the terminal receives the Open Channel command sent by the UICC, a token generation result of the service operation is determined according to the token demand information carried in the Open Channel command, the processing result of the Open Channel command and the token generation result are returned after the Open Channel command is executed, when the Channel is opened and the data transmission is completed and the Close Channel command sent by the UICC is received, the Close Channel command is processed according to the token verification demand processing corresponding to the token demand information, and an execution result of the Channel closing command is generated, so that the authority for managing the Channel between the terminal and the UICC is ensured through the token mechanism, and the service operation safety is improved.
In order to implement the channel management method of the embodiment of the present invention, an existing management command needs to be modified and defined in an extension manner, including a channel opening command and a corresponding channel closing command, and the extended command structure is described by a specific example.
Table 1 shows a command structure of a channel opening command in accordance with an exemplary embodiment of the present invention.
TABLE 1
Figure BDA0003415466830000071
Figure BDA0003415466830000081
In the above table 1, "description" is used to indicate a command field included in the channel opening command; "content" is used to show the content of the command field; M/O indicates whether the command field is Mandatory (manager) or Optional (Optional), MIN is used to indicate whether the command field has minimum length requirements, Y indicates yes, N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes the minimum length.
In this embodiment of the present application, the channel opening command may include necessary information for requesting the terminal device to open the transmission channel by the channel opening command, so that the terminal establishes a data connection with a remote server in the network according to the command request information, thereby opening the BIP channel. As an example, the command requirement information includes at least the following field information as an optional data object: the active UICC card command tag, length, device identification, command details, bearer description and cache size.
The "active UICC card command flag" field is used for indicating the active command information to be sent by the UICC later, and the content of the flag can be set according to the needs, for example, the content is set to be "D0" in the embodiment of the present application; a "length" field for indicating the total byte length to be read backward for reading the complete channel opening command; a "command details" field for indicating command details of the command itself; this field may include, for example: information such as 01 or 81, length (indicating the total length of the subsequent command code, command type, and command qualifier), command code, command type, and command qualifier; a "device identification" field for indicating the originating device and the destination device of the command, which field may include, for example: a device identifier tag such as 02 or 82, a length (for indicating a total length of a subsequent initiator device identifier and a destination device identifier), an initiator device identifier (for identifying an initiator device such as UICC of a channel management command), a destination device identifier (for identifying a destination device such as a terminal device of a channel management command); a "bearer description" field for giving a recommendation to a parameter of the terminal device to establish a data link with the UICC, which field may include: bearer description labels such as 35 or B5, length X (indicating the total length of subsequent bearer types and bearer parameters), bearer types (e.g., single bearer mode or multiple bearer modes), and corresponding bearer parameters; a "buffer size" field, which indicates the number of bytes required by the UICC in the command or provided by the terminal Equipment (ME), includes a buffer size flag, such as 39 or B9, and a length (which indicates the length of the subsequent buffer size).
In the embodiment of the application, the command structure of the channel opening command is obtained by expanding the command structure based on the existing command structure. As an example, bit 5 (b 5) of the "command qualifier" is not enabled in existing command structures. That is, the original reserved bit b5 is enabled in the command qualifier of the channel opening command in the embodiment of the present application, and the content of the original reserved bit b5 of the command qualifier is used as the token requirement information of the channel opening command to indicate to the terminal device whether the channel management command sent by the UICC needs the terminal to generate a token, specifically, when b5=0, as an example, the token requirement information is used to indicate that the terminal device is not required to provide token information in the response message for the channel opening command in the current business operation; b5 When=1, the token requirement information is used for indicating that the terminal device is required to provide token information in a response message aiming at a channel opening command in the service operation, the specific definition is shown in the specific definition of a command qualifier b5 in the above table 1, and the rest bits keep the existing definition; in practical applications, the channel opening command may also include other optional data objects, which the present invention is not limited to.
Table 2 shows a command structure of a terminal response message according to an exemplary embodiment of the present invention.
TABLE 2
Figure BDA0003415466830000091
/>
Figure BDA0003415466830000101
In the above table 2, "description" is used for the command field included in the terminal response message; "content" is used to indicate the content of the command field; M/O/C indicates that the command field is Mandatory (M), optional (O), or conditional (Conditional Optional, C), MIN indicates whether the command field has a minimum length requirement, Y indicates yes, N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes the minimum length.
Table 2 the same fields as in table 1: the description, content, M/O, MIN and length may represent the same meaning, and are not repeated in the embodiments of the present application. As can be seen from comparing table 2 with table 1, table 2 differs in that: in some embodiments, the terminal response message of the channel-opening command includes a "result" field, which is used to indicate the execution result of the channel-opening command, and the field includes a "result flag" such as 03 or 83, a length (which is used to indicate the length of the subsequent general result), and a general result, where "0X" or "1X" indicates that the command has been completed, "2X" is used to tell the UICC that there is a later opportunity to retry the command, and "3X" indicates that the UICC does not have to or is not worth retrying with the same command (because only the same response can be obtained).
In some embodiments, the terminal response message of the channel-opening command further includes a "channel state" field, where the "channel state" is optional, for example, when responding to an acquire channel state (Get Channel Statue) command or a channel command of the UICC; the "bearer description" in the terminal response message of the channel opening command is optional, for example, when the terminal device responds to the channel opening command of the UICC; the "buffer size" is optional, for example, when the terminal device responds to a channel opening command of the UICC.
In some embodiments, the "token" in the channel-opening command is an optional extended data object, which represents token information of the channel for the current service operation, and the UICC may determine whether it is necessary to provide the token according to the importance of the current data transmission. The token is randomly generated and 8 bytes long, and the specific definition is shown in the table 2. The channel state, the bearing description and the buffer size are the existing data objects of the command, and respectively represent related data and information after the command is executed.
In the embodiment of the invention, the UICC stores the token contained in the terminal response after receiving the token, and when the BIP data transmission of the Channel is completed and the Channel is required to be closed, the token is carried in the Close Channel command so that the terminal can compare and authenticate the token in the received Close Channel command with the token stored by the terminal, and the prior Close Channel command needs to be expanded.
Table 3 shows a command structure of a Channel Close Channel command in accordance with an exemplary embodiment of the present invention.
Figure BDA0003415466830000111
/>
Figure BDA0003415466830000121
In table 3, "description" is used for the command field included in the terminal response message; "content" is used to indicate the content of the command field; M/O/C indicates that the command field is Mandatory (M), optional (O), or conditional (Conditional Optional, C), MIN indicates whether the command field has a minimum length requirement, Y indicates yes, N indicates no; the length indicates a field length (in bytes) when the corresponding command field takes the minimum length.
Table 3 the same fields as in table 1: the description, content, M/O, MIN and length may represent the same meaning, and are not repeated in the embodiments of the present application. As can be seen from comparison of table 3 and table 1, table 3 differs in that: in some embodiments, the Close Channel command further includes the following description fields: character string identification, icon identification and text attribute, wherein the description fields are existing data objects of the command and respectively represent related data and information after the command is executed. Also, in the command structure of the channel close command, the "command qualifier" is a reserved bit; after receiving the channel closing command sent by the UICC, the terminal equipment processes the channel closing command according to the token verification requirement of the service operation corresponding to the token requirement information in the channel opening command received before, and generates an execution result of the channel closing command.
In the embodiment of the invention, the transformation and expansion definition of the existing mechanism and management command are provided, the support of the necessary data object and the data domain setting content for representing the newly added requirement are increased, and meanwhile, the flow and the requirement for interaction between the terminal and the UICC are defined.
In some embodiments, in the case where the token requirement information is that the token needs to be provided, determining the token generation result of the current service operation includes: generating and storing token information of the service operation at the terminal; the information carried in the first terminal response message includes: the processing result of the channel opening command and the token information of the service operation stored in the terminal; the token verification requirements corresponding to the token requirement information are: token information verification is required.
In some embodiments, in the case where the token requirement information is that no token needs to be provided, determining the token generation result of the current business operation includes: determining token information which does not need to generate the service operation; the information carried in the first terminal response message includes: a processing result of the channel opening command; the token verification requirements corresponding to the token requirement information are: no token information verification is required.
In some embodiments, in the case where the token requirement information is that the token needs to be provided, the step of processing the channel shutdown command according to the token verification requirement corresponding to the token requirement information in the step S140, and generating the execution result of the channel shutdown command may specifically include: s11, comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal; s12, executing a channel closing command under the condition that the comparison result is determined to be consistent with the token information; s13, sending a second terminal response message to the UICC, wherein the second terminal response message is used for indicating that the execution result of the channel closing command is that the command is successfully executed.
In this embodiment, when the terminal receives the USAT command of the Open Channel sent by the UICC, a random token is generated and stored after the command is executed, and meanwhile, a dynamic token of the current operation needs to be provided in the response of the terminal, and when the UICC sends the Close Channel command to the terminal after the data transmission of the command is completed, the same token as the token provided by the corresponding Open Channel command needs to be provided, so as to ensure the authority of managing the Channel, and avoid the problem that the Channel is closed by error under the condition that the data transmission is not completed yet.
In some embodiments, in a case that the comparison result is that the token information is inconsistent, or in a case that the channel closing command does not carry the token information of the current service operation, the channel management method further includes: s150, refusing to execute the channel closing command; and S160, sending a third terminal response message to the UICC, wherein the third terminal response message is used for indicating that the execution result of the channel closing command is that the command fails to be executed.
In this embodiment, if the comparison result of the token information is inconsistent, the command fails to execute, and the result is returned to the UICC through the terminal response, so as to avoid the problem of error closing of the channel, improve the security of service operation, and better ensure the normal running of BIP data transmission.
In some embodiments, the channel opening command is used to instruct the terminal device to open a BIP channel of the independent bearer protocol, and the token requirement information is information that the UICC sets according to the importance level of the service operation requiring to use the BIP channel for data transmission.
In some embodiments, the token information is dynamic token information randomly generated by the terminal device, and the generation mode is determined according to the self-capability of the terminal.
In this embodiment, the dynamic token (One Time Password, OTP) generates an unpredictable combination of random numbers as passwords according to a specific algorithm, each of which can be used only once for providing secure and convenient verification of the validity and uniqueness of the function valid command. The dynamic token information has the greatest advantage that the token information used each time is different, so that the problem of error closing of a channel can be effectively prevented. According to the operation and processing capacity of the terminal, algorithms with different complexity degrees can be selected to generate the dynamic token, and the higher the capacity of the terminal, the more complex the algorithm for generating the dynamic token can be selected.
According to the channel management method provided by the embodiment of the invention, the existing channel management mechanism and commands are improved to support dynamic tokens, so that the operation safety of the service is improved, the normal running of BIP data transmission is better ensured, the coping capability of UICC remote data transmission to various service scenes is enhanced, the safety and the ordering of BIP channel management are improved by introducing the token mechanism, the authority of managing the channel is ensured, and the problem of error closing of the channel is avoided.
Fig. 2 is a flowchart illustrating a channel management method according to another embodiment of the present invention. As shown in fig. 2, the channel management method may include the following steps.
S210, sending a channel opening command to the terminal equipment based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal equipment to open the BIP channel, and the channel opening command comprises: and the token requirement information of the current business operation.
S220, responding to a first terminal response message of the terminal equipment, and acquiring information carried in the first terminal response message; the acquired information is information obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information.
S230, under the condition that BIP channels are used for completing data transmission, corresponding channel closing commands are generated according to token generation results of the current business operation.
S240, sending a channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
According to the Channel management method of the embodiment of the invention, a method for improving the existing Channel management mechanism and commands to support dynamic tokens is provided, when a UICC sends an OpenChannel command, a token mechanism can be introduced into a BIP Channel management command, whether the terminal equipment needs to provide token information or not is indicated to the terminal equipment through token requirement information, so that after the terminal equipment receives and executes the OpenChannel command sent by the UICC, a corresponding Close Channel command is generated according to a token generation result of the current service operation, the Close Channel command is sent to the terminal equipment, and the terminal equipment processes the Channel closing command according to a token verification requirement corresponding to the token requirement information to generate an execution result of the Channel closing command; the channel management method can ensure the authority of managing the channel between the terminal and the UICC through the token mechanism, and improves the operation safety of the service.
In some embodiments, in a case where the token requirement information is that the token needs to be provided, the information carried in the acquired first terminal response message includes: processing results and token information of the channel opening command; the token information is generated after executing the channel opening command under the condition that the terminal equipment determines that the token demand information is the token to be provided; and after obtaining the information carried in the first terminal response message, the channel management method further comprises the following steps: and storing the acquired token information of the current service operation.
In some embodiments, in a case where the token requirement information is that the token does not need to be provided, acquiring information carried in the first terminal response message includes: and processing results of the channel opening command.
In this embodiment, if the token requirement information is that the terminal device needs to provide the token information, after receiving the token information of the current service operation provided by the terminal device, the token information is stored, so that when a Close Channel command is subsequently sent for the current service operation, the token information is carried in the Close Channel command, and the security of the service operation is improved.
In some embodiments, in the case where the token requirement information is that the token needs to be provided, the channel management method further includes, after step S230 and before step S240: s21, carrying stored token information of the current service operation in the channel closing command, so that when the terminal equipment processes the channel closing command, comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal equipment, and executing the channel closing command under the condition that the comparison result is that the token information is consistent.
In this embodiment, when the UICC sends a Close Channel command to the terminal, token information of the corresponding service operation needs to be provided to ensure the authority of managing the Channel, and avoid the problem of error closing of the Channel, thereby improving the security of service operation, better ensuring normal running of BIP data transmission, and enhancing the coping capability of UICC remote data transmission to various service scenarios.
In some embodiments, if the channel closing command is a command under abnormal conditions, the channel closing command does not carry stored token information of the current service operation or carries token information of non-current service operation.
In this embodiment, the terminal device is further configured to: under the condition that the channel closing command does not carry the token information of the service operation, refusing to execute the channel closing command; and comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the comparison result is inconsistent with the token information.
In this embodiment, the situation that an abnormal channel closing command occurs in the actual application scenario is relatively complex, so if the channel closing command is a command generated under the abnormal situation, the channel closing command does not carry stored token information of the present service operation or carry token information of non-present operation. At this time, the terminal device may refuse to execute the channel closing command when it is determined that the channel closing command does not carry the token information of the present service operation, or the terminal device may refuse to execute the channel closing command when the comparison result is that the token information is inconsistent, thereby improving the security of service operation, ensuring normal running of BIP data transmission, and enhancing the capability of UICC remote data transmission for coping with various service scenarios.
In some embodiments, the channel management method further comprises the following steps.
S31, obtaining the execution result of the channel closing command from the second terminal response message as the successful command execution, so as to indicate that the terminal equipment has executed the channel closing command; s32, responding to a third terminal response message of the terminal equipment, and acquiring an execution result of the channel closing command from the third terminal response message as a command execution failure, wherein the command execution failure is used for indicating that the terminal equipment refuses to execute the channel closing command.
In some embodiments, before step S210, the channel management method further includes: s41, generating token demand information under the condition that the token information is required to be provided for the current business operation according to the importance information of the BIP channel for data transmission required by the current business operation.
In this embodiment, the UICC may determine whether it is necessary to provide a token based on the importance of the current data transmission.
According to the channel management method provided by the embodiment of the invention, the problem of channel management caused by the reasons of disordered service sequence, misoperation and the like in a complex service scene can be solved, the normal operation of BIP remote data transmission service can be guaranteed, the safety in the service execution process is enhanced, the USAT implementation mechanism of the BIP service is improved, and the rationality and the order of the remote data transmission service realized by the UICC through the BIP are improved.
Fig. 3 is a flowchart illustrating a channel management method according to an exemplary embodiment of the present invention. As shown in fig. 3, the channel management method in the embodiment of the present invention includes the following steps.
S301, the UICC generates a request for data transmission via BIP.
In this step, the UICC service needs to perform remote downloading, management and other services, and generates a requirement for data transmission through BIP, and the UICC can determine whether the present operation needs to provide a token according to factors such as importance of the present service.
S302, the UICC generates a Channel opening OpenChannel command.
In this step, the UICC generates a Channel Open Channel command, the command specific structure being as before, using the command qualifier b5 to indicate whether a token needs to be provided in the response message, b5 being set to 1 if required.
S303, the UICC sends a Channel opening OpenChannel command to the terminal.
S304, the terminal analyzes and processes after receiving the command. The process includes: BIP channels are established according to the Channel opening OpenChannel command, and whether tokens are provided is determined.
In this step, in the Channel Open Channel command, in addition to the predetermined data content and the setting requirement, whether a token needs to be provided is determined through parsing the command qualifier, and if so, the following step S305 is continued; if not, executing according to the preset existing flow. Specifically, if the token requirement information is that the token is not required to be provided, the token requirement information (b 5: whether the token is required to be provided) in the command qualifier of the Channel opening Open Channel command in the predetermined existing flow is described as that the token is not required to be provided.
S305, the terminal establishes data connection with a remote server in the network according to the command requirement, and opens the BIP channel.
S306, the terminal generates a random dynamic token for the service operation and stores the random dynamic token for the subsequent process, and the token generation mode is determined according to the self-capability of the terminal.
S307, the terminal generates a terminal response (Terminal Response) response message, which includes the generated token, and the specific structure of the response message is as in the foregoing table 2.
S308, the terminal sends a terminal response Terminal Response message.
S309, the UICC analyzes the response message after receiving the response message, and besides knowing the command processing result, the UICC also needs to store the token in the message for the subsequent flow.
S310, when BIP remote data transmission is completed, the BIP Channel needs to be closed, the UICC generates a Channel closing Close Channel command, the command comprises the token acquired and stored in the step 9), and the specific structure of the command is as before.
S311, the UICC sends a Channel closing Channel command to the terminal.
S312, the terminal obtains the token through processing after receiving the command, and compares the token with the token generated and stored in the step S306.
In the step, whether the received Channel closing Close Channel command is the Channel management command of the current operation or not is authenticated through the comparison result, if the comparison coincidence authentication is passed, the subsequent step is continued, if the comparison coincidence authentication is not passed, the command execution fails, and the response is returned to the UICC through Terminal Response.
And S313, the terminal ends data connection with a remote server in the network according to the command requirement, and closes the BIP channel.
S314, the terminal generates Terminal Response response information and contains command processing results.
S315, the terminal sends Terminal Response response information, returns the result to the terminal, and the process is ended.
According to the channel management method provided by the embodiment of the invention, aiming at the loopholes of the UICC in BIP channel management used for remote data transmission, particularly the problem that BIP channel error management operation is more likely to be generated in a complex scene so that channel security is affected, the method for improving the management command to support a dynamic token mechanism is provided. The channel management method adds new data objects supporting dynamic tokens and data domain setting contents representing newly added requirements through transformation and extension definition of the existing commands, and adjusts and prescribes the interactive flow and rules between the terminal and the USIM according to scheme targets so as to ensure the authority of managing the channel and avoid the listed problem of error closing of the channel.
The following describes in detail a channel management device according to an embodiment of the present invention with reference to the accompanying drawings.
Fig. 4 is a schematic structural diagram of a channel management device according to an embodiment of the present invention. As shown in fig. 4, the channel management device includes the following modules.
The information obtaining module 410 is configured to obtain, in response to a channel opening command of the UICC, token requirement information of the UICC for the current service operation from the channel opening command.
The first command processing module 420 is configured to execute the channel opening command, generate a processing result of the channel opening command, and determine a token generation result of the current service operation according to the token requirement information.
The message sending module 430 is configured to send a first terminal response message to the UICC, where information carried in the first terminal response message is information determined by a processing result of the channel opening command and a token generation result.
The second command processing module 440 is configured to process the channel closing command according to the token verification requirement corresponding to the token requirement information in response to the channel closing command of the UICC, and generate an execution result of the channel closing command.
In some embodiments, the token information is dynamic token information randomly generated by the terminal device, and the generation mode is determined according to the self-capability of the terminal.
In some embodiments, in the case where the token requirement information is that the token needs to be provided, determining the token generation result of the current service operation includes: generating and storing token information of the service operation at the terminal; the information carried in the first terminal response message includes: the processing result of the channel opening command and the token information of the service operation stored in the terminal; the token verification requirements corresponding to the token requirement information are: token information verification is required; in the case that the token requirement information is that no token needs to be provided, determining the token generation result of the current service operation comprises the following steps: determining token information which does not need to generate the service operation; the information carried in the first terminal response message includes: a processing result of the channel opening command; the token verification requirements corresponding to the token requirement information are: no token information verification is required.
In some embodiments, in the case where the token requirement information is that a token needs to be provided, the first command processing module 420 is specifically configured to process a channel shutdown command according to a token verification requirement corresponding to the token requirement information, and generate an execution result of the channel shutdown command, where the method specifically may include: the comparison unit is used for comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal; the execution unit is used for executing the channel closing command under the condition that the comparison result is determined to be consistent with the token information; the message sending module 430 is further configured to send a second terminal response message to the UICC, where the second terminal response message is used to indicate that the execution result of the channel shutdown command is that the command execution is successful.
In some embodiments, in a case that the comparison result is that the token information is inconsistent, or in a case that the channel closing command does not carry the token information of the current service operation, the channel management device further includes: the command rejecting module is used for rejecting the execution channel closing command; the message sending module 430 is further configured to send a third terminal response message to the UICC, where the third terminal response message is used to indicate that the execution result of the channel shutdown command is that the command fails to be executed.
In some embodiments, the channel opening command is used to instruct the terminal device to open a BIP channel of the independent bearer protocol; the token demand information is information which is set by the UICC according to the importance degree of the current business operation, which needs to use the BIP channel for data transmission.
According to the Channel management device provided by the embodiment of the invention, a token mechanism is introduced into the BIP Channel management command, when the terminal receives the USAT command of the OpenChannel sent by the UICC, a random token is generated and stored after the command is executed, and meanwhile, a dynamic token of the operation is required to be provided in the response of the terminal.
Fig. 5 is a schematic structural diagram of a channel management device according to an embodiment of the present invention. As shown in fig. 5, the channel management device includes the following modules.
The command sending module 510 is configured to send a channel opening command to the terminal device based on a data transmission requirement of the current service operation, where the channel opening command is used to instruct the terminal device to open a BIP channel of the independent bearer protocol, and the channel opening command includes: and the token requirement information of the current business operation.
An information obtaining module 520, configured to obtain information carried in a first terminal response message in response to the first terminal response message of the terminal device; the acquired information is information obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information.
The command generating module 530 is configured to generate a corresponding channel closing command according to a token generating result of the current service operation when the data transmission is completed using the BIP channel.
The command sending module 510 is further configured to send a channel closing command to the terminal device; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
In some embodiments, in a case where the token requirement information is that the token does not need to be provided, the information carried in the acquired first terminal response message includes: and processing results of the channel opening command.
In some embodiments, in a case where the token requirement information is that the token needs to be provided, the information carried in the acquired first terminal response message includes: processing results and token information of the channel opening command; the token information is generated after executing the channel opening command under the condition that the terminal equipment determines that the token requirement information is the token required to be provided.
In this embodiment, the channel management apparatus further includes: the token storage module is used for acquiring the information carried in the first terminal response message, and the method further comprises the following steps: and storing the acquired token information of the current service operation.
In some embodiments, the command generating module 530 is further configured to, when the token requirement information is that the token needs to be provided, carry stored token information of the current service operation in the channel shutdown command after generating the corresponding channel shutdown command according to the token generation result of the current service operation and before sending the channel shutdown command to the terminal device, so that when the terminal device processes the channel shutdown command, compare the token information of the current service operation carried in the channel shutdown command with the token information of the current service operation stored in the terminal device, and execute the channel shutdown command when the comparison result is that the token information is consistent.
In some embodiments, if the channel closing command is a command under abnormal conditions, the channel closing command does not carry stored token information of the current service operation or carries token information of non-current service operation; in this embodiment, the terminal device is further configured to: and refusing to execute the channel closing command under the condition that the channel closing command does not carry the token information of the service operation. And comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the comparison result is inconsistent with the token information.
In some embodiments, the channel management device further comprises: the execution result obtaining module is used for responding to the second terminal response message of the terminal equipment, obtaining the execution result of the channel closing command from the second terminal response message as the successful execution of the command, and indicating that the channel closing command is executed by the terminal equipment.
In some embodiments, the execution result obtaining module is further configured to, in response to a third terminal response message of the terminal device, obtain, from the third terminal response message, that the execution result of the channel shutdown command is a command execution failure, and indicate that the terminal device has refused to execute the channel shutdown command.
In some embodiments, the channel management device further comprises: the demand information generating module is used for generating token demand information under the condition that token information is required to be provided for the current service operation according to importance information of the current service operation, which is required to be transmitted by using the BIP channel, before a channel opening command is sent to the terminal equipment based on the data transmission demand of the current service operation.
According to the Channel management device of the embodiment of the invention, a method for improving the existing Channel management mechanism and commands to support dynamic tokens is provided, when a UICC sends an OpenChannel USAT command, a token mechanism can be introduced into a BIP Channel management command, the terminal equipment is indicated to provide a token through token requirement information, so that after receiving and executing the OpenChannel command sent by the UICC, the terminal equipment generates random token information and stores the random token information, meanwhile, a dynamic token of the operation is also required to be provided in a terminal response, when the data transmission through the command is completed, the UICC needs to provide the token provided by the corresponding OpenChannel command to ensure the authority to manage the Channel, thereby improving the security of service operation, better ensuring the normal running of BIP data transmission and enhancing the coping capability of the UICC remote data transmission to various service scenes.
It should be clear that the invention is not limited to the specific arrangements and processes described in the foregoing embodiments and shown in the drawings. For convenience and brevity of description, detailed descriptions of known methods are omitted herein, and specific working processes of the systems, modules and units described above may refer to corresponding processes in the foregoing method embodiments, which are not repeated herein.
Fig. 6 is a block diagram illustrating an exemplary hardware architecture of a computing device capable of implementing the channel management method and apparatus according to an embodiment of the present invention.
As shown in fig. 6, computing device 600 includes an input device 601, an input interface 602, a central processor 603, a memory 604, an output interface 605, and an output device 606. The input interface 602, the central processor 603, the memory 604, and the output interface 605 are connected to each other through a bus 610, and the input device 601 and the output device 606 are connected to the bus 610 through the input interface 602 and the output interface 605, respectively, and further connected to other components of the computing device 600.
Specifically, the input device 601 receives input information from the outside and transmits the input information to the central processor 603 through the input interface 602; the central processor 603 processes the input information based on computer executable instructions stored in the memory 604 to generate output information, temporarily or permanently stores the output information in the memory 604, and then transmits the output information to the output device 606 through the output interface 605; output device 606 outputs the output information to the outside of computing device 600 for use by a user.
In one embodiment, the computing device 600 shown in fig. 6 may be implemented as an electronic device that may include: a memory configured to store a program; and a processor configured to run a program stored in the memory to perform the channel management method described in the above embodiment.
The processes described above with reference to flowcharts may be implemented as computer software programs according to embodiments of the present invention. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method shown in the flowchart. In such embodiments, the computer program may be downloaded and installed from a network, and/or installed from a removable storage medium.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions which, when run on a computer, cause the computer to perform the methods described in the various embodiments described above. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.) means from one website, computer, server, or data center. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
It is to be understood that the above embodiments are merely illustrative of the application of the principles of the present invention, but not in limitation thereof. Various modifications and improvements may be made by those skilled in the art without departing from the spirit and substance of the invention, and are also considered to be within the scope of the invention.

Claims (14)

1. A channel management method, comprising:
responding to a channel opening command of a universal integrated circuit card UICC, and acquiring token demand information of the UICC for the service operation from the channel opening command;
Executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information;
transmitting a first terminal response message to the UICC, wherein information carried in the first terminal response message is determined by a processing result of the channel opening command and a token generation result;
and responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information, and generating an execution result of the channel closing command.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
and under the condition that the token requirement information is that a token needs to be provided, determining a token generation result of the current service operation comprises the following steps: generating and storing token information of the service operation at the terminal; the information carried in the first terminal response message includes: the processing result of the channel opening command and the token information of the current service operation stored in the terminal; the token verification requirement corresponding to the token requirement information is as follows: token information verification is required;
And under the condition that the token requirement information is that no token is required to be provided, determining the token generation result of the current service operation comprises the following steps: determining token information which does not need to generate the service operation; the information carried in the first terminal response message includes: a processing result of the channel opening command; the token verification requirement corresponding to the token requirement information is as follows: no token information verification is required.
3. The method according to claim 1 or 2, wherein in a case where the token requirement information is that a token needs to be provided, the processing the channel closing command according to a token verification requirement corresponding to the token requirement information, generating an execution result of the channel closing command, includes:
comparing the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal;
executing the channel closing command under the condition that the comparison result is determined to be consistent with the token information;
and sending a second terminal response message to the UICC, wherein the second terminal response message is used for indicating that the execution result of the channel closing command is that the command execution is successful.
4. A method according to claim 3, wherein in case the comparison result is that the token information is inconsistent, or in case the channel closing command does not carry the token information of the present service operation, the method further comprises:
refusing to execute the channel closing command;
and sending a third terminal response message to the UICC, wherein the third terminal response message is used for indicating that the execution result of the channel closing command is command execution failure.
5. A method according to claim 1 or 2, characterized in that,
the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol BIP channel;
the token requirement information is information which is set by the UICC according to the importance degree of the current business operation requirement for data transmission by using the BIP channel.
6. A channel management method, comprising:
the method comprises the steps of sending a channel opening command to terminal equipment based on the data transmission requirement of the service operation, wherein the channel opening command is used for indicating the terminal equipment to open an independent bearer protocol (BIP) channel, and the channel opening command comprises the following steps: token demand information for the current business operation;
Responding to a first terminal response message of terminal equipment, and acquiring information carried in the first terminal response message; the information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information;
under the condition that the BIP channel is used for completing data transmission, generating a corresponding channel closing command according to a token generation result of the service operation;
sending the channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
7. The method of claim 6, wherein the step of providing the first layer comprises,
in the case that the token requirement information is that no token is required to be provided, the acquired information comprises: a processing result of the channel opening command;
in the case that the token requirement information is that a token needs to be provided, the acquired information comprises: processing results and token information of the channel opening command; the token information is generated after executing the channel opening command under the condition that the terminal equipment determines that the token requirement information is the token required to be provided;
After the information carried in the first terminal response message is obtained, the method further comprises the following steps: and storing the acquired token information of the current service operation.
8. The method according to claim 7, wherein in the case where the token requirement information is that a token needs to be provided, after the corresponding channel closing command is generated according to the token generation result of the present service operation, and before the sending of the channel closing command to the terminal device, the method further comprises:
and carrying stored token information of the current service operation in the channel closing command, so that the terminal equipment compares the token information of the current service operation carried in the channel closing command with the token information of the current service operation stored in the terminal equipment when processing the channel closing command, and executes the channel closing command under the condition that the comparison result is that the token information is consistent.
9. The method of claim 7, wherein the step of determining the position of the probe is performed,
if the channel closing command is a command under abnormal conditions, the stored token information of the current service operation or the stored token information of the non-current service operation is not carried in the channel closing command;
The terminal device is further configured to: under the condition that the channel closing command does not carry the token information of the service operation, refusing to execute the channel closing command; and comparing the token information of the non-current business operation carried in the channel closing command with the stored token information of the current business operation, and refusing to execute the channel closing command under the condition that the comparison result is inconsistent with the token information.
10. The method of claim 6, wherein the method further comprises:
responding to a second terminal response message of terminal equipment, and acquiring an execution result of the channel closing command from the second terminal response message as a command execution success, wherein the command execution success is used for indicating that the terminal equipment has executed the channel closing command;
and responding to a third terminal response message of the terminal equipment, and acquiring an execution result of the channel closing command from the third terminal response message as a command execution failure, wherein the command execution failure is used for indicating that the terminal equipment refuses to execute the channel closing command.
11. The method of claim 6, wherein before the channel opening command is sent to the terminal device based on the data transmission requirement of the current service operation, the method further comprises:
And determining the token demand information of the current service operation as the token to be provided according to the importance information of the data transmission by using the BIP channel according to the requirement of the current service operation.
12. A channel management device, comprising:
the information acquisition module is used for responding to a channel opening command of the universal integrated circuit card UICC and acquiring token demand information of the UICC for the service operation from the channel opening command;
the first command processing module is used for executing the channel opening command, generating a processing result of the channel opening command, and determining a token generation result of the service operation according to the token demand information;
the message sending module is used for sending a first terminal response message to the UICC, wherein the information carried in the first terminal response message is determined by the processing result of the channel opening command and the token generation result;
and the second command processing module is used for responding to the channel closing command of the UICC, processing the channel closing command according to the token verification requirement corresponding to the token requirement information and generating an execution result of the channel closing command.
13. A channel management device, the device comprising:
the command sending module is configured to send a channel opening command to a terminal device based on a data transmission requirement of the current service operation, where the channel opening command is used to instruct the terminal device to open a BIP channel of an independent bearer protocol, and the channel opening command includes: token demand information for the current business operation;
the information acquisition module is used for responding to a first terminal response message of the terminal equipment and acquiring information carried in the first terminal response message; the information is obtained by the terminal equipment according to the processing result of the channel opening command and the token generation result of the service operation determined according to the token demand information;
the command generation module is used for generating a corresponding channel closing command according to the token generation result of the service operation under the condition that the BIP channel is used for completing data transmission;
the command sending module is further used for sending the channel closing command to the terminal equipment; the terminal device is used for processing the channel closing command according to the token verification requirement corresponding to the token requirement information so as to generate an execution result of the channel closing command.
14. An electronic device, comprising:
one or more processors;
a memory having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-5, or any of claims 6-11.
CN202111544528.1A 2021-12-16 2021-12-16 Channel management method and device and electronic equipment Active CN114244887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111544528.1A CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111544528.1A CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN114244887A CN114244887A (en) 2022-03-25
CN114244887B true CN114244887B (en) 2023-05-12

Family

ID=80757448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111544528.1A Active CN114244887B (en) 2021-12-16 2021-12-16 Channel management method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114244887B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277679B (en) * 2022-07-29 2024-04-12 山石网科通信技术股份有限公司 File synchronization method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105812127A (en) * 2016-05-24 2016-07-27 飞天诚信科技股份有限公司 NFC dynamic token and working method thereof
CN113273133A (en) * 2018-12-27 2021-08-17 贝宝公司 Token management layer for automatic authentication during communication channel interaction
CN113490211A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Auxiliary security domain establishing method, SM-SR and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3013085A1 (en) * 2014-10-23 2016-04-27 Gemalto Sa Method of sending data from a secure token to a distant server
EP3119032A1 (en) * 2015-07-13 2017-01-18 Gemalto Sa Security management system for performing a secure transmission of data from a token to a service provider server by means of an identity provider server
US10110582B2 (en) * 2016-05-13 2018-10-23 Sap Se Dual token based authentication and transport mechanism
WO2017202137A1 (en) * 2016-05-24 2017-11-30 飞天诚信科技股份有限公司 Nfc dynamic token and working method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105812127A (en) * 2016-05-24 2016-07-27 飞天诚信科技股份有限公司 NFC dynamic token and working method thereof
CN113273133A (en) * 2018-12-27 2021-08-17 贝宝公司 Token management layer for automatic authentication during communication channel interaction
CN113490211A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Auxiliary security domain establishing method, SM-SR and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SW-TPM便携式身份认证;杜玉杰 等;计算机安全(第03期);全文 *
流体系结构密码处理器存储系统的研究与设计;朱玉飞 等;电子学报(第12期);全文 *

Also Published As

Publication number Publication date
CN114244887A (en) 2022-03-25

Similar Documents

Publication Publication Date Title
US20200236147A1 (en) Brokered authentication with risk sharing
US11544378B2 (en) Tee access control method and mobile terminal implementing same
CN110222500A (en) Method for edition management, device, equipment and computer readable storage medium
MX2014009822A (en) Mobile apparatus supporting a plurality of access control clients, and corresponding methods.
CN106878250B (en) Cross-application single-state login method and device
WO2019134494A1 (en) Verification information processing method, communication device, service platform, and storage medium
WO2007002752A9 (en) Method and system for user-controlled, strong third-party-mediated authentication
CN109195157B (en) Application management method and device and terminal
CN114244887B (en) Channel management method and device and electronic equipment
CN107846676A (en) Safety communicating method and system based on network section security architecture
KR20150043150A (en) Method and apparatus for access control system using relationship information
KR101745919B1 (en) User authentication method and system using software-based HSM without password exposure
CN112581659A (en) Digital key user passing method, device, system and storage medium
KR101807520B1 (en) Apparatus and method for providing authorization based enhanced address book service in mobile communication system
KR100639992B1 (en) Security apparatus for distributing client module and method thereof
JP2009223502A (en) Authentication system, authentication method, server device, authentication device and program
CN116595495A (en) Automatic transfer method and system for personal data cross-network application program
CN116094814A (en) VPN access method, device, electronic equipment and storage medium
US11698994B2 (en) Method for a first start-up operation of a secure element which is not fully customized
CN111901792B (en) UICC application setting information management method, system and terminal
CN112367661B (en) USAT application matching implementation method, USIM, terminal, device and medium
US6811077B2 (en) Method for making secure access to a resident application on a user card co-operating with communication system terminal, and corresponding terminal
CN114221989B (en) Channel service management method and device and electronic equipment
CN114445204A (en) Cloud-plus-end-based tax control equipment service processing method and system
EP3425545A1 (en) Authentication processing device and authentication processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant