WO2010045824A1 - Procédé et système de distribution de clés - Google Patents

Procédé et système de distribution de clés Download PDF

Info

Publication number
WO2010045824A1
WO2010045824A1 PCT/CN2009/073457 CN2009073457W WO2010045824A1 WO 2010045824 A1 WO2010045824 A1 WO 2010045824A1 CN 2009073457 W CN2009073457 W CN 2009073457W WO 2010045824 A1 WO2010045824 A1 WO 2010045824A1
Authority
WO
WIPO (PCT)
Prior art keywords
security domain
management platform
application provider
key
slave
Prior art date
Application number
PCT/CN2009/073457
Other languages
English (en)
Chinese (zh)
Inventor
马景旺
余万涛
贾倩
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010045824A1 publication Critical patent/WO2010045824A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • NFC Near Field Communication
  • Radio Frequency Identification Radio Frequency Identification
  • IC cards especially non-contact IC cards
  • mobile phones have been applied. Basically popularized, and brought great convenience to people's work and life. As mobile phones become more powerful, combining mobile phones with contactless IC card technology, and applying mobile phones to the field of electronic payment, will further Expanding the use of mobile phones, bringing convenience to people's lives, there is a broad application prospect.
  • a security domain is a representation of the card's external entities (including card issuers and application providers) on the card, which contain encryption keys to support secure channel protocol operation and card content management.
  • the security domains are responsible for their own key management, which ensures that applications and data from different application providers can coexist on the same card.
  • the keys and certificates on the security domain need to include: the public and private keys of the security domain, the certificate of the security domain, and the trusted root of the certificate of the entity outside the authentication card. key.
  • the application provider's security domain on the smart card is the slave security domain. Before downloading and installing the application provider's electronic payment application to the smart card, it is necessary to first pass the card publisher's wisdom on the smart card.
  • the card master security domain creates the application provider's slave security domain and then sets the key from the security domain.
  • the secure domain key needs to adopt reliable and secure methods and techniques to import the relevant keys and certificates into the secure domain, and implement secure distribution of keys from the secure domain, where the creation of the secure domain needs to be issued by the card.
  • the commerce management platform indicates the creation of the primary security domain on the smart card, and after the security domain is created, the initial key from the security domain needs to be set and distributed by the card issuer management platform.
  • the card issuer management platform can notify the application provider management platform to generate a public-private key pair and certificate from the secure i or the application; the application provider management platform generates the public-private key pair and certificate from the secure i or Then, the card issuer management platform transmits the public domain private key pair and the certificate from the security domain to the slave security domain through the smart card primary security domain, thereby completing key distribution from the security domain.
  • the card issuer management platform is responsible for obtaining the security domain key data from the security domain key data, and may use the obtained key pair to perform operations from the security domain, thus the application provider's electronic Payment application security poses a threat, and therefore, there is an urgent need for a technical solution to solve the problem of unsecure distribution of secret domain keys.
  • SUMMARY OF THE INVENTION The present invention has been made in view of the problem of unsafe distribution of a security domain key in the related art.
  • a main object of the present invention is to provide a key distribution method and system to avoid a secret domain key. Obtained by the card issuer management platform, resulting in a problem that the key is not secure.
  • a key distribution method is provided, which is applied to a mobile communication system including an application provider management platform of an application provider, a card issuer management platform, and an OTA server.
  • the key distribution method according to the present invention includes: the card issuer management platform generates an initial key of the secure i or the corresponding to the application provider, and passes the initial key, the trusted public key for external authentication, through the OTA server.
  • the application provider management platform receives the information from the security domain and the initial key, and based on the information from the security domain and the initial secret
  • the key selects the slave security zone of the smart card through the OTA server;
  • the application provider management platform generates the public and private keys from the secure i or from the secure domain
  • the book and the public key and private key are encrypted by the OTA server and sent from the secure i or certificate to the slave security domain.
  • the specific process of generating the initial key by the card issuer management platform is: the application provider management platform determines whether there is a slave security domain corresponding to the application provider in the smart card; if the determination is yes, determining that the application exists in the smart card The slave's slave security domain, and no longer the security domain creation and key distribution process; if the judgment is no, the application provider management platform creates the slave security domain on the smart card through the card issuer management platform, and The initial Mihu is generated by the card issuer management platform.
  • the application provider management platform creates a specific process from the security domain on the smart card through the card issuer management platform as follows: The card issuer management platform communicates with the smart card through the application provider management platform, and selects the smart card through the OTA server.
  • the primary security domain establishes a secure channel with the primary security domain through the OTA server; the card issuer management platform notifies the primary security domain to establish a secondary security domain corresponding to the application provider through the secure channel; the primary security domain establishes the secondary security domain on the smart card.
  • the method may further include: the application provider management platform records the information of the slave security domain in its database.
  • the method may further include: the application provider management platform through the OTA server and the slave security The domain establishes a secure channel.
  • the method may further include: updating from the security i or updating the initial key to Public or private key, and will be written from secure i or certificate to secure i or.
  • a key distribution system is provided.
  • the key distribution system includes: a card issuer management platform, including: a first generation module, configured to generate an initial key of the slave security domain corresponding to the application provider; and an import module, configured to initialize the key The key, the trusted root public key for external authentication is imported into the secondary security domain through the OTA server; the first sending module is configured to send the information of the secondary security domain and the initial key to the application provider management platform; the application provider management platform, The method includes: a receiving module, configured to receive a card issuer management platform The information from the security domain and the initial key; a selection module, the slave security domain for selecting the smart card according to the information from the security domain and the initial key through the OTA server; the second generation module, configured to generate the public domain from the security domain a key and a private key and a slave security domain certificate; a second sending module, configured to encrypt the public key and the private key and the secure domain certificate from the secure domain by using the OTA server, and complete the distribution from the secure domain key ;
  • the OTA server is connected to the card issuer management platform and the application provider management platform, and is used for communication between the card issuer management platform and the smart card, and realizes communication between the application provider management platform and the smart card; the smart card is located at the mobile terminal Including the security domain, wherein the security domain is used to set the initial key and the trusted root public key sent by the application provider management platform via the OTA server, and is sent via the OTA server according to the application provider management platform. Set the key and private key as well as from the secure domain certificate, and install the certificate from the secure domain.
  • the application provider management platform may further include: a determining module, configured to determine whether there is a slave security domain corresponding to the application provider in the smart card; and a creating module, configured to issue the card by using the card if the determining module determines to be no
  • the business management platform creates a secure domain from the smart card.
  • the application provider management platform may further include: a database, configured to record the information from the security domain after the application provider management platform receives the information of the security domain and the initial key sent by the card issuer management platform .
  • the application provider management platform may further include: an establishing module, configured to establish a secure channel with the slave security domain via the OTA server after selecting the slave security domain of the smart card according to the information from the security domain and the initial key through the OTA server .
  • an establishing module configured to establish a secure channel with the slave security domain via the OTA server after selecting the slave security domain of the smart card according to the information from the security domain and the initial key through the OTA server .
  • the application provider management platform and the smart card communicate with each other through the OTA server, and no longer pass the card issuer management platform, thereby effectively realizing the isolation of the card issuer management platform, thereby avoiding the card issuer management platform being able to
  • the problem that the key transmission caused by the security domain public key, the private key and the certificate generated by the application provider management platform has security risks, and the security of the application provider from the security domain key distribution is effectively ensured.
  • FIG. 1 is a block diagram showing the structure of an electronic payment system for a mobile terminal according to an embodiment of the system of the present invention
  • FIG. 2 is a block diagram showing the structure of a key distribution system according to an embodiment of the system of the present invention
  • a flowchart of a key distribution method of a distribution embodiment of the present invention Fig.
  • the card issuer management platform is responsible for obtaining the transmitted slave security key data from the transmission of the security domain key data, and may use the obtained key pair from the security domain.
  • the present invention proposes a technical solution for transmitting security domain key data through the OTA server, which can effectively isolate the card issuer management platform and ensure The security of key transmission.
  • a mobile terminal electronic payment system is mainly composed of a card issuer management platform 1, an application provider management platform 2, and a mobile terminal 3 including a smart card, and there may be many in the system.
  • Application provider management platform is mainly composed of a card issuer management platform 1, an application provider management platform 2, and a mobile terminal 3 including a smart card, and there may be many in the system.
  • the card issuer management platform 1 includes a card management subsystem 10, an application management subsystem 11, a key management subsystem 12, a certificate management subsystem 13, and an application provider management subsystem 14, wherein the certificate management subsystem 13
  • the mobile terminal electronic payment system based on the near field communication technology supports the use of an asymmetric key, and the certificate management system 13 is connected to the card issuer CA system; the application management subsystem 11 is responsible for the card issuer's own application or its responsible hosting. Application provisioning and management functions; application provider management subsystem 14 can record information about application providers, Set the service authority of the application provider, etc.
  • the card issuer to which the card issuer management platform 1 belongs only uses the certificate management system 13 only in the case of supporting an asymmetric key.
  • the card issuer manages the card's resources and lifecycle, keys, and certificates. It also creates security domains for other application providers and interacts with other security domains to apply data.
  • the application provider management platform 2 includes an application management subsystem 20, a key management subsystem 21, and a certificate management subsystem 22, wherein the certificate management subsystem 22 is used when the mobile payment system supports an asymmetric key, and the certificate manager The system 22 is connected to the application provider CA system and uses the certificate management system only if an asymmetric key is supported.
  • the application provider can provide various service applications through the application provider management platform 2, and manage the security domain corresponding to the card, control the application key, certificate, data, etc. of the security domain, and provide the application. Secure download function.
  • the application provider can be an operator, a bank, a bus company, a retailer, and the like.
  • the application provider may have a service terminal management system and a service terminal, and may provide services to users through the service terminal.
  • the mobile terminal 3 is provided with a smart card (not shown) supporting electronic payment, and in order to implement the security management of the smart card and the downloading and installation functions of the payment application, the smart card needs to be established with the card issuer management platform and the application provider management platform. Communication.
  • the communication between the smart card and the management platform can be achieved in two ways: (1) The smart card establishes communication through the mobile terminal using the mobile communication network and the management platform, generally adopting OTA ( Over The Air technology enables communication between smart cards and management platforms. (2) Realize the connection between the smart card and the management platform through the business terminal of the management platform.
  • the service terminal is configured with a contactless card reader or a card reader that directly reads the smart card, and the service terminal can establish communication with the management platform, thereby realizing communication between the smart card and the management platform.
  • the user can perform operations such as downloading, installing, and using the electronic payment application, and the user operates the mobile terminal and the card by interacting with the card issuer or the application provider, and downloads and installs the new in the security domain.
  • Applications using a variety of business applications from application providers or card issuers.
  • the mobile terminal electronic payment system based on the near field communication technology supports a multi-electronic payment application, and multiple electronic payment applications can be installed on the smart card.
  • the smart card adopts the Global Platform Card Specification V2. 2.2 specification, and the smart card is divided into several independent Establish a security domain to ensure the isolation and independence of multiple applications. Each application provider manages its own security domain and applications, application data, and so on.
  • the smart card that supports the Global Platform specification mentioned here refers to an IC chip or smart card conforming to the Global Platform Card Specification V2.1.1/V2.2 specification.
  • the physical form can be a SIM USIM card, a pluggable smart memory card or integrated in The IC chip on the mobile terminal.
  • the security domain is a representation of the card's external entities, including card issuers and application providers, on the card, which contain encryption keys to support secure channel protocol operation and card content management, if the electronic payment system supports Global Platform Card Specification V2.1.1 Specification, the secure channel protocol supports Secure Channel Protocol '02' (based on symmetric key); if the electronic payment system supports the Global Platform Card Specification V2.2 specification, the secure channel ten supports Secure Channel Protocol '10, (based on non- Symmetric key).
  • the security domain is responsible for its own key management, which ensures that applications and data from different application providers can coexist on the same card.
  • the keys and certificates on the security domain need to include: the public key (also called public key) and the private key (also called private key) of the security domain. , the certificate of the security domain, and the trusted root public key used to authenticate the certificate of the entity outside the card.
  • the security domain of the application provider on the smart card is the secondary security domain. Before downloading and installing the application provider's electronic payment application to the smart card, the slave security domain of the application provider needs to be created on the smart card through the smart card master security domain owned by the card issuer, and then the key from the security domain is set.
  • a secure domain key requires reliable and secure methods and techniques to import the relevant keys and certificates into the secondary security domain for secure distribution of security domain keys.
  • the creation of the security domain requires the card issuer management platform to instruct the primary security domain creation on the smart card, and after the security domain is created, the initial key from the security domain needs to be set up and distributed by the card issuer management platform.
  • the card issuer management platform can notify the application provider management platform to generate a public-private key pair and certificate from the security domain; the application provider management platform generates the public-private key pair and certificate from the security domain.
  • the card issuer management platform transmits the public domain private key pair and the certificate from the security domain to the slave security domain through the smart card primary security domain, thereby completing key distribution from the security domain.
  • the card issuer management platform can obtain the transmitted security domain key data when transmitting the key data, and may use the obtained key pair to perform operations from the security domain, thus the electronic payment to the application provider.
  • Application security poses a threat and needs to address the issue of secure distribution of keys from secure domains.
  • the OTA server shown in Figure 1 is capable of addressing the above-described problem of secure distribution of secure domain keys. Based on the above electronic payment system, the present invention proposes a key distribution system. As shown in FIG.
  • the key distribution system includes: a card issuer management platform 202, including a first generation module (not shown) for generating a slave security domain corresponding to the application provider ( An initial key (not shown) (the initial key may include an initial public key and an initial private key); an import module (not shown) for ⁇ ) an initial key, a root of trust for external authentication
  • the public key is imported to the secondary security domain through the OTA server 206; a first sending module (not shown) for transmitting information of the secondary security domain and the initial key to the application provider management platform 204; the card issuer management platform 202 and the application
  • the provider management platform 204 can be connected by a dedicated line or the Internet, and the card issuer management platform 202 can establish communication through the application provider management platform 204 and the OTA server 206 and the smart card 208.
  • the first generation module, the import module, and the first transmission module may be disposed in the key management subsystem 12, and the foregoing one may be selected according to actual application requirements. Or multiple modules are set in other subsystems.
  • the application provider management platform 204 includes: a receiving module (not shown) for receiving information from the security domain of the card issuer management platform 202 and an initial key; a selection module (not shown) for security The information of the domain and the initial key are selected by the OTA server 206 from the security domain of the smart card 208; a second generation module (not shown) for generating the public and private keys from the security domain and the security domain certificate; a second sending module (not shown) for transmitting the public key and the private key and encrypting the security key or certificate from the secure i or certificate to the slave security i or, and completing the distribution from the secure domain key;
  • the provider management platform 202 can provide related services for electronic payment through the OTA server 206, for example, providing a list of downloadable electronic payment applications, participating in creation of security domains and key division, downloading of electronic payment applications, and electronic payment applications.
  • the receiving module, the selecting module, the second generating module, and the second sending module may be disposed in the key management subsystem 21, and may be based on actual application requirements.
  • the application provider management platform needs to first check whether the smart card has its own slave security domain. If there is no corresponding slave security domain, the application provider management platform needs to request the card issuer management platform to create its own slave security domain on the smart card.
  • the 2 further includes: an OTA server 206, connected to the card issuer management platform 202, and an application provider management platform 204 for implementing the card issuer management platform 202.
  • Communication with the smart card 208 communication between the application provider management platform 204 and the smart card 208; that is, the smart card 208 can establish a connection through the OTA server 206 and the application provider management platform 202 and the card issuer management platform 204.
  • the OTA server 206 is configured to transmit communication data between the smart card 208 and the application provider management platform 204, between the smart card 208 and the card issuer management platform 202.
  • the smart card 208 located at the mobile terminal (not shown), includes a slave security domain (not shown), wherein the slave security domain is used to generate an initial key and a root of trust via the OTA server 206 according to the application provider management platform 204.
  • the public key is set up and set according to the public and private keys sent by the application provider management platform 204 via the OTA server 206 and from the secure domain certificate, and the security domain certificate is installed.
  • the smart card 208 and the mobile terminal should support the OTA function, ensuring that the smart card 208 can communicate with the OTA server 206 through the mobile terminal; and, the electronic payment application that can be downloaded can be displayed on the screen of the mobile terminal, and the downloaded electronic device can be selected.
  • the application provider management platform 204 further includes: a database (not shown) for recording after the application provider management platform 204 receives the information from the security domain and the initial key sent by the card issuer management platform 202 Information from the security domain.
  • the application provider management platform 204 may further include: an establishing module (not shown), configured to, after selecting the slave security domain of the smart card 208 through the OTA server according to the information from the security domain and the initial key, via the OTA server 206 Establish a secure channel from the security domain.
  • the application provider management platform 204 may further include: a determining module (not shown) for determining whether there is a slave security domain corresponding to the application provider in the smart card 208; and creating a module (not shown) for In the case where the determination module determines to be no, the slave security zone is created on the smart card 208 by the card issuer management platform 202.
  • the card issuer management platform 202 communicates with the OTA server 206 and the smart card 208 via the application provider management platform 204, and the card issuer management platform 202 selects the primary security i or of the smart card 208, and the primary security i or Establish a secure communication channel, notify the primary security i or create an application provider from the security domain.
  • the card issuer management platform After the security domain is created, the card issuer management platform generates an initial public key and a private key from the security domain, and imports the initial key and the trusted public key to the secondary security domain through the OTA server.
  • the smart card can conform to the Global Platform Card.
  • the smart card security domain uses an asymmetric key system. The keys that need to be imported from the security domain are created: From the public and private keys of the security domain, from the security domain certificate and the trust used by external authentication.
  • One Public Key for Trust Point for External Authentication PK.TP-EX.AUT).
  • the public key and private key from the security i or the private key and the private key are generated by the application provider management platform, and the security domain certificate is generated by the application provider management platform according to the public key from the security domain, and the trust used by the external authentication is the public key (PK.TP).
  • EX. AUT is provided by the CA that issues the application provider certificate and can be obtained from the application provider management platform, which is used to authenticate the application provider's certificate from the security domain, and can be managed by the card issuer. Import to a slave security domain when creating a security domain.
  • the public key and private key of the security domain can be generated by the RSA algorithm, and the length of the public key and the private key can be selected to be 1024 bits.
  • the application provider management platform is connected to the OTA server, and the OTA server establishes a communication connection with the GPRS/PDSN gateway or the short message gateway in the mobile communication network.
  • the OTA server can establish a communication connection with the smart card through a data service or a short message.
  • a data service manner can be adopted.
  • the BIP communication protocol can be adopted between the smart card and the mobile terminal, and the mobile terminal establishes communication through the TCP/IP protocol and the OTA server.
  • the card issuer management platform After the card issuer management platform returns the basic information and the initial key of the security domain to the application provider management platform, the application provider management platform and the slave security domain The key distribution is resumed. At this time, the communication between the application provider management platform and the smart card is no longer transmitted through the card issuer management platform, but is transmitted through the OTA server, thereby realizing the isolation of the card issuer management platform.
  • the publisher management platform cannot obtain the slave domain public key, private key and certificate generated by the application provider management platform, which effectively ensures the security of the application provider from the secure domain key distribution.
  • a key distribution method for a mobile communication system including an application provider management platform of an application provider, a card issuer management platform, and an OTA server.
  • the key distribution method according to this embodiment includes the following steps S302 to S306: Step S302, the card issuer management platform generates an initial key of the slave security domain corresponding to the application provider (the The initial key can include the initial public key and the initial private key), ⁇ ) the initial key, trust The root public key is imported into the slave security domain through the OTA server, and sends the information from the security i or the initial key to the application provider management platform; Step S304, the application provider management platform receives the information of the slave security domain and the initial key, And selecting a slave security domain of the smart card according to the information from the security domain and the initial key through the OTA server; Step S306, the application provider management platform generates a public key and a private key from the security domain and the security i or certificate, and passes The OTA server en
  • the specific process of generating the initial key by the card issuer management platform is: the application provider management platform determines whether there is a slave security domain corresponding to the application provider in the smart card; if the determination is yes, it may determine that the smart card has been There is a slave security domain of the application provider, and the creation of the security domain and the distribution process of the key are no longer performed; in the case of a negative determination, the application provider management platform creates a secure on the smart card through the card issuer management platform. Domain, and the initial key is generated by the card issuer management platform.
  • the method for checking (determining) whether there is a slave security domain belonging to the application provider in the smart card may include the following process: the application provider management platform sends a command to the smart card through the OTA server to read the smart card feature information ICCID, and then The application provider management platform retrieves whether the smart card has created its own slave security domain based on the acquired ICCID in the system's created smart card database from the security domain.
  • the application provider management platform can send a SELECT message to the smart card through the OTA server, that is, select the packet, and the object parameter in the packet is the slave security domain ID.
  • the application provider management platform creates a specific process from the security domain on the smart card through the card issuer management platform as follows: The card issuer management platform communicates with the smart card through the application provider management platform, and selects the smart card through the OTA server. The primary security domain establishes a secure channel with the primary security domain through the OTA server; the card issuer management platform notifies the primary security domain to establish a secondary security domain corresponding to the application provider through the secure channel; the primary security domain establishes the secondary security domain on the smart card. .
  • the method may further include: the application provider management platform records the information of the slave security domain in its database.
  • the method may further include: applying the provider management platform through the server and the slave The security domain establishes a secure channel.
  • the method may further include: updating from the security i or updating the initial key to Public or private key, and will be written from secure i or certificate to secure i or.
  • FIG. 4 shows a signaling flow of a processing example of the key distribution method according to the present embodiment.
  • the application provider from the security domain creation and key distribution process according to the embodiment specifically includes the following processing:
  • the application provider management platform sends a command to the smart card through the OTA server to read the feature information ICCID of the smart card, and then the smart card sends the smart card feature information ICCID to the application provider management platform.
  • the application provider ID (ASP-ID) and the smart card identification information ICCID are included in the request.
  • the card issuer management platform After receiving the request from the security domain, the card issuer management platform verifies that the request information is created from the security domain and determines whether the request is allowed. The card issuer can determine whether to allow the application provider's slave security domain to be created through the application provider management platform according to the application provider's business rights and the like.
  • the card issuer management platform After the card issuer management platform confirms that the slave security management domain can create the slave security domain, the card issuer management platform retrieves the smart card related information according to the smart card ICCID in the database in the platform, including the smart card primary security domain ID ( ISD ID) and so on.
  • ISD ID smart card primary security domain ID
  • the card issuer management platform sends a SELECT message to the smart card through the application provider management platform, and selects the primary security domain of the smart card.
  • the card issuer management platform and the smart card master security domain are in accordance with the Global Platform Card Specification V2.2 Appendix F Secure Channel Protocol '10, requires the establishment of an SCP10 secure channel to complete the authentication of both parties and the negotiation of the session key.
  • the card issuer management platform sends a message from the security domain to the primary security domain.
  • INSTALL [for Install].
  • the primary security domain is created from the security domain. After the creation is complete, the primary security domain sends an INSTALL Response, which is from the security i or create a response to the card issuer management platform.
  • the card issuer management platform receives a response from the security domain and confirms that the initial public-private key pair was generated from the secure i or after the security domain has been created.
  • the card issuer management platform passes the PUT KEY 4 message, that is, the key is transmitted from the security i or the public and private keys and the external 4 authentication used by the public key (One Public Key for Trust Point for External) Authentication, PK.TP EX.AUT ) Send to smart card master security i or.
  • Smart Card Master Security i may send the initial public or private key from Security i or PK.TP_EX.AUT to Secure i or, from Security i or to the initial public and private key and PK. TP_EX.AUT settings , then send PUT KEY RESPONSE, that is, send the key 4 response to the card issuer management platform.
  • the application provider management platform adds information about the security domain from the database.
  • the application provider management platform sends a SELECT message to the smart card through the OTA server, and selects the slave security domain created by the card issuer management platform (step 53 corresponds to step S304 in FIG. 3).
  • the application provider management platform generates a public key and a private key from the security domain, and the certificate management system in the application provider management platform sends the public key and the certificate application information of the security domain to the application provider CA, and is issued by the CA. From a secure domain certificate.
  • the application provider management platform sends the public domain private key and certificate from the security domain to the secondary security domain through the PUT KEY 4 message.
  • the secure domain public private key and certificate are encrypted with the session key (steps 55 and 56 correspond to step S304 in Fig. 3).
  • the card issuer management platform after the card issuer management platform returns the basic information and the initial key of the security domain to the application provider management platform, the application provider management platform and the slave security The key distribution is re-established between the domains, and the application provider management platform and the smart card are no longer communicated through the card issuer management platform through the server, thereby effectively separating the card issuer management platform and avoiding the card.
  • the issuer management platform can obtain the security risk of key transmission caused by the security domain public key, private key and certificate generated by the application provider management platform, effectively ensuring the application provider to distribute the key from the security domain. Security.
  • the implementation of the present invention does not modify the system architecture and the current processing flow, is easy to implement, facilitates promotion in the technical field, and has strong industrial applicability.
  • the above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un système de distribution de clés, ledit procédé comportant les étapes suivantes : une plate-forme de gestion de l’émetteur de cartes génère une clé initiale du domaine de sécurité asservi correspondant au fournisseur d´application, guide la clé initiale et la clé publique de racine de confiance servant à l’authentification externe dans le domaine de sécurité asservi par l’intermédiaire d’un serveur OTA et envoie les informations du domaine de sécurité asservi et la clé initiale à la plate-forme de gestion du fournisseur d´application ; la plate-forme de gestion du fournisseur d´application reçoit les informations du domaine de sécurité asservi et la clé initiale, et sélectionne le domaine de sécurité asservi de la carte à puce en fonction des informations du domaine de sécurité asservi et de la clé initiale par l’intermédiaire du serveur OTA ; la plate-forme de gestion du fournisseur d´application génère une clé publique et une clé privée du domaine de sécurité asservi ainsi que le certificat du domaine de sécurité asservi et, après les avoir chiffrés, envoie la clé publique et la clé privée ainsi que le certificat du domaine de sécurité asservi au domaine de sécurité asservi. La présente invention assure la sécurité de la distribution de clés du domaine de sécurité asservi du fournisseur d´application.
PCT/CN2009/073457 2008-10-24 2009-08-24 Procédé et système de distribution de clés WO2010045824A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810171917.2 2008-10-24
CN2008101719172A CN101729246B (zh) 2008-10-24 2008-10-24 密钥分发方法和系统

Publications (1)

Publication Number Publication Date
WO2010045824A1 true WO2010045824A1 (fr) 2010-04-29

Family

ID=42118938

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073457 WO2010045824A1 (fr) 2008-10-24 2009-08-24 Procédé et système de distribution de clés

Country Status (2)

Country Link
CN (1) CN101729246B (fr)
WO (1) WO2010045824A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143777A (zh) * 2021-12-03 2022-03-04 天翼物联科技有限公司 基于sim卡的物联网终端的证书密钥下载方法及系统

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106355048A (zh) * 2010-12-06 2017-01-25 交互数字专利控股公司 具有域信任评估和域策略管理功能的智能卡
CN102123146A (zh) * 2011-03-02 2011-07-13 成都四方信息技术有限公司 移动支付交易密钥远程下载工作方法
US9185089B2 (en) * 2011-12-20 2015-11-10 Apple Inc. System and method for key management for issuer security domain using global platform specifications
CN103188206A (zh) * 2011-12-27 2013-07-03 中兴通讯股份有限公司 密钥的交互方法、装置及系统
CN106034020B (zh) * 2015-03-09 2019-02-01 深圳华智融科技股份有限公司 一种密钥发散方法及装置
CN106911625B (zh) * 2015-12-22 2020-04-24 国民技术股份有限公司 一种安全输入法的文本处理方法、装置和系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070110248A1 (en) * 1999-02-05 2007-05-17 Yunzhou Li Method for key distribution in a hierarchical multicast traffic security system for an internetwork
KR100806186B1 (ko) * 2007-01-08 2008-02-22 에스케이 텔레콤주식회사 스마트 카드에서 시큐리티 도메인의 키를 초기화하는 방법및 이동통신 단말기
CN101164086A (zh) * 2005-03-07 2008-04-16 诺基亚公司 能够使用无线网络实现信用卡个人化的方法、系统和移动设备

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100350816C (zh) * 2005-05-16 2007-11-21 航天科工信息技术研究院 基于gsm网络实现无线身份认证和数据安全传输的方法
CN1881878A (zh) * 2006-05-10 2006-12-20 上海市电信有限公司 在可控因特网网络环境下基于智能卡业务安全认证方法
CN101267307B (zh) * 2008-02-29 2011-07-06 北京中电华大电子设计有限责任公司 利用ota系统实现手机数字证书远程管理的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070110248A1 (en) * 1999-02-05 2007-05-17 Yunzhou Li Method for key distribution in a hierarchical multicast traffic security system for an internetwork
CN101164086A (zh) * 2005-03-07 2008-04-16 诺基亚公司 能够使用无线网络实现信用卡个人化的方法、系统和移动设备
KR100806186B1 (ko) * 2007-01-08 2008-02-22 에스케이 텔레콤주식회사 스마트 카드에서 시큐리티 도메인의 키를 초기화하는 방법및 이동통신 단말기

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143777A (zh) * 2021-12-03 2022-03-04 天翼物联科技有限公司 基于sim卡的物联网终端的证书密钥下载方法及系统
CN114143777B (zh) * 2021-12-03 2024-04-23 天翼物联科技有限公司 基于sim卡的物联网终端的证书密钥下载方法及系统

Also Published As

Publication number Publication date
CN101729246B (zh) 2012-02-08
CN101729246A (zh) 2010-06-09

Similar Documents

Publication Publication Date Title
WO2010045807A1 (fr) Procédé et système de distribution de clés
JP5508428B2 (ja) 鍵の配布方法及びシステム
US8781131B2 (en) Key distribution method and system
CN102202307B (zh) 基于数字证书的移动终端身份认证系统及方法
EP2587715B1 (fr) Enregistrement de certificat assisté
JP6185152B2 (ja) サービスにアクセスする方法、アクセスするためのデバイスおよびシステム
CN103067914B (zh) 存在于wtru上的移动置信平台(mtp)
WO2010051715A1 (fr) Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce
KR20160124648A (ko) 프로파일 다운로드 및 설치 장치
WO2010045824A1 (fr) Procédé et système de distribution de clés
CN202696901U (zh) 基于数字证书的移动终端身份认证系统
WO2010051714A1 (fr) Procédé, système et terminal mobile de mise à jour et distribution de clé d’un domaine de sécurité d’une carte à puce
US20220311625A1 (en) Certificate Application Method And Device
WO2018209986A1 (fr) Procédé et dispositif de téléchargement de données d'abonnement d'euicc
CN103765831A (zh) 用于向异构服务终端提供服务的装置和方法
WO2010051713A1 (fr) Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce
WO2010045825A1 (fr) Procédé et système pour la distribution de clés
WO2010051716A1 (fr) Procédé, système et terminal mobile de mise à jour et distribution de clé d’un domaine de sécurité d’une carte à puce
CN116097636A (zh) 用于设备之间的链接或配置文件传输的装置和方法
KR102149313B1 (ko) 유심기반 전자서명 처리 방법
KR20210034475A (ko) 기기 간 번들 또는 프로파일 이동 시 기기 간 상호 인증 방법 및 장치
KR102149315B1 (ko) 금융사의 유심기반 전자서명 처리 방법
KR20210020770A (ko) 기기 간 번들 이동 방법 및 장치
KR20150023144A (ko) 유심을 이용한 전자서명 처리 방법
KR20150023150A (ko) 통신사의 유심기반 전자서명 처리 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09821545

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09821545

Country of ref document: EP

Kind code of ref document: A1