WO2013097351A1 - Method, device, and system for key interaction - Google Patents

Method, device, and system for key interaction Download PDF

Info

Publication number
WO2013097351A1
WO2013097351A1 PCT/CN2012/072192 CN2012072192W WO2013097351A1 WO 2013097351 A1 WO2013097351 A1 WO 2013097351A1 CN 2012072192 W CN2012072192 W CN 2012072192W WO 2013097351 A1 WO2013097351 A1 WO 2013097351A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
remote server
channel
processing device
service processing
Prior art date
Application number
PCT/CN2012/072192
Other languages
French (fr)
Chinese (zh)
Inventor
傅启洪
朱渊
范勇
魏攀
赵栋
Original Assignee
中兴通讯股份有限公司
杨杰
张芝萍
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司, 杨杰, 张芝萍 filed Critical 中兴通讯股份有限公司
Publication of WO2013097351A1 publication Critical patent/WO2013097351A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a method, device, and system for key interaction. The method comprises: a user equipment (UE) receiving a key transmitted by a remote server; in a scenario when use of the received key is required, the UE establishing a near field communication (NFC) channel with a service processing device; and the UE transmitting the received key to the service processing device via the NFC channel established. When using the key, the present invention obviates for a user the need to search manually for the key and to present same to a key verifying party, thus allowing for convenient and expeditious key interaction operations, and for enhanced user experience.

Description

密钥的交互方法、 装置及系统 技术领域 本发明涉及通信领域, 具体而言, 涉及一种密钥的交互方法、 装置及系统。 背景技术 近场通讯 (Near Field Communication, 简称为 FC) 是一种适合于手持式移动设 备的近距离无线通讯技术, 结合了射频识别 (Radio Frequency Identification, 简称为 The present invention relates to the field of communications, and in particular to a key interaction method, device and system. BACKGROUND OF THE INVENTION Near Field Communication (FC) is a short-range wireless communication technology suitable for handheld mobile devices. It combines radio frequency identification (Radio Frequency Identification, referred to as
RFID) 读卡器和智能卡的功能特点。 NFC的通讯距离通常是 0-10厘米, 是一种非常 安全的通信范围。 在该距离范围内, 可在极短的时间内完成两台设备间的数据传输。RFID) Features of card readers and smart cards. NFC's communication distance is usually 0-10 cm, which is a very safe communication range. Within this distance, data transfer between the two devices can be completed in a very short time.
FC技术具有连接简单便捷, 通信安全、 自动等优点, 是一种非常适合于手机的无线 通讯技术。 空中下载技术 (Over-the- Air Technology, 简称为 OTA), 是一种通过移动通信的 空中接口对通用集成电路卡 (Universal Integrated Circuit Card, 简称为 UICC) 数据及 应用进行远程管理的技术。 目前, 0TA业务支持的方式包括短消息方式和承载无关协 议 (Bearer Independent Protocol, 简称为 BIP) 方式。 BIP协议支持的承载方式包括: 通用分组无线服务技术 (General Packet Radio Service, 简称为 GPRS;)、 无线局域网络 (Wireless Local Area Networks, 简称为 WLAN;)、 蓝牙、 无线保真 (Wireless Fidelity, 简称为 WiFi)等。 OTA技术的应用使得移动通信不仅可以提供语音和数据服务, 而且 还能提供新业务下载。 随着网络通信交易的不断发展, 越来越多的网上消费交易逐渐进入并影响着广大 用户的日常生活。 例如, 网上团购交易, 用户只需网上付款, 手机终端获取短信后即 可到实店凭借该短信作为密钥凭证享受服务。 然而, 这种以短信、 验证码等方式作为密钥的消费交易, 操作步骤繁琐, 短消息 查找困难, 尤其当短消息量大时, 更是增大了用户的查找难度。 首先, 用户手机终端 须存储此类信息, 然后, 享受服务前用户需要从手机终端中手动查找到该信息并出示 给商家, 最后, 由服务商家手动查看用户手机信息并核对, 确认无误后方可通过密钥 审核。 由此可见, 相关技术中的以短信或验证码等方式作为密钥凭证的方式的操作比 较繁琐, 降低了用户体验, 并且, 由于在核对时需要人工参与读取信息, 从而增加了 失误发生的机率。 发明内容 针对现有技术中密钥使用操作繁琐的问题, 本发明提供了一种密钥的交互方案, 以至少解决上述问题。 根据本发明的一个方面, 提供了一种密钥的交互方法, 包括: 用户设备 UE接收 远端服务器发送的密钥; 在需要使用接收到的所述密钥的情况下, 所述 UE与业务处 理设备建立近场通讯 FC通道; 所述 UE通过建立的所述 FC通道向所述业务处理 设备传输所述密钥。 优选地, 用户设备 UE接收远端服务器发送的密钥, 包括: 所述 UE接收远端服 务器通过空中下载技术 OTA中的承载无关协议 BIP方式发送的密钥。 优选地, UE接收远端服务器通过 OTA中的 BIP方式发送的密钥之前, 所述方法 还包括: 所述 UE接收所述远端服务器发送的 BIP通道开启请求; 所述 UE开启所述 BIP通道; 所述 UE向所述远端服务器发送 BIP通道开启确认消息。 优选地, 用户设备 UE接收远端服务器通过承载无关协议 BIP方式发送的密钥之 后, 所述方法还包括: 所述 UE将所述密钥作为 FC标签存储于所述 UE的通用集成 电路卡 UICC中。 优选地,所述 UE通过建立的所述 FC通道向所述业务处理设备传输所述密钥之 后, 所述方法还包括: 所述业务处理设备将所述 UE传输的所述密钥传输给所述远端 服务器; 所述业务处理设备接收所述远端服务器对所述密钥审核后返回的审核结果。 优选地,在所述 UE通过建立的所述 FC向所述业务处理设备传输所述密钥之后, 所述方法还包括: 将所述密钥从所述 UE中删除。 根据本发明的另一方面, 提供了一种密钥的交互装置, 位于用户设备侧, 包括: 通信处理模块, 设置为接收远端服务器发送的密钥; 近场通讯模块, 设置为与业务处 理设备建立近场通讯 FC通道, 通过建立的所述 FC通道向所述业务处理设备传输 所述密钥。 优选地,所述通信处理模块,还设置为接收远端服务器通过空中下载技术 OTA中 的承载无关协议 BIP方式发送的密钥。 优选地, 所述装置还包括: 通用集成电路卡 UICC模块, 设置为接收所述远端服 务器发送的 BIP通道开启请求, 通知所述通信处理模块打开 BIP通道; 所述通信处理 模块包括: 开启单元, 设置为根据所述 BIP通道开启请求开启 BIP通道; 确认单元, 设置为向所述 UICC模块发送 BIP通道开启的确认消息。 优选地, 所述 UICC模块, 还设置为将所述通信处理模块接收到的所述密钥作为 FC标签存储至 UICC中。 优选地, 所述装置还包括: 删除模块, 设置为在所述近场通讯模块向所述业务处 理设备传输所述密钥之后, 将所述密钥从所述 UICC中删除。 根据本发明的又一方面, 提供了一种用户设备 UE, 包括: 本发明提供的上述密钥 的交互装置。 根据本发明的再一方面, 提供了一种密钥的交互系统, 包括: 远端服务器、 用户 设备 UE和业务处理设备, 其中, 远端服务器, 设置为向所述 UE发送密钥; 所述 UE, 本发明提供的上述密钥的交互装置, 设置为接收所述远端服务器发送的密钥; 在需要 使用接收到的所述密钥的情况下, 与所述业务处理设备建立近场通讯 FC通道; 并通 过建立的所述 FC通道向所述业务处理设备传输所述密钥; 所述业务处理设备, 设置 为接收所述 UE通过 NFC通道传输的所述密钥。 优选地,所述远端服务器通过空中下载技术 OTA中的承载无关协议 BIP方式向所 述 UE发送密钥。 优选地, 所述业务处理设备, 还设置为在接收到所述密钥后, 向所述远端服务器 发送接收到的所述密钥; 所述远端服务器, 还设置为接收所述业务处理设备发送的所 述密钥, 验证接收到的所述密钥, 并将验证结果返回给所述业务处理设备。 通过本发明, 用户设备接收远端服务器发送的密钥, 在需要使用接收到的密钥的 情况下, 用户设备与业务处理设备建立 FC通道, 并通过建立的 FC通道向业务处 理设备传输接收到的密钥, 因此, 在使用密钥时, 无需用户手动查找密钥并出示给密 钥验证方, 使得密钥交互操作方便快捷, 提高了用户体验。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1是根据本发明实施例的密钥的交互系统的示意图; 图 2是根据本发明实施例的密钥的交互装置的结构框图; 图 3是根据本发明实施例的优选密钥的交互装置的结构框图; 图 4是根据本发明实施例的另一优选密钥的交互装置的结构框图; 图 5是根据本发明实施例的密钥的交互方法的流程图; 图 6是根据本发明实施例的密钥的分发通信子系统的示意图; 图 7是根据本发明实施例的密钥的使用通信子系统的示意图; 图 8是根据本发明实施例的用户设备的结构框图; 图 9是根据本发明实施例的密钥分发方法的流程图; 图 10是根据本发明实施例的密钥使用方法的流程图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的 情况下, 本申请中的实施例及实施例中的特征可以相互组合。 针对相关技术中用户设备获取和使用网上消费交易密钥操作繁琐、密钥查找困难、 密钥易丢失、 安全系数低等问题, 本发明实施例提供了一种密钥的交互方法、 装置及 系统。本发明实施例的密钥的交互方案融合 OTA、 BIP和 NFC技术, 远端服务器可以 通过 OTA方式支持的 BIP通道将密钥分发至用户设备,避免了以短信、验证码等方式 作为密钥的不便。用户设备可以将密钥作为 FC标签存储在 UICC卡中, 使得获取的 密钥不容易丢失。在使用密钥时,用户设备与业务处理设备触碰,建立传输密钥的 FC 通道, 通过 FC通道将密钥发送至业务处理设备, 从而无需用户手动查找密钥并出示 给密钥验证方。 业务处理设备接收用户设备发送的密钥, 并请求远端服务器验证接收 到的密钥, 使得验证方无需手动查看验证用户设备的密钥。 根据本发明实施例, 提供了一种密钥的交互系统, 如图 1所示, 该系统可以包括: 远端服务器 1、 用户设备 2 (UE)和业务处理设备 3。 其中, 远端服务器 1, 设置为向 用户设备 2发送密钥。 用户设备 2, 设置为接收远端服务器 1发送的密钥, 在需要使 用接收到的密钥的情况下, 与业务处理设备 3建立近场通讯 ( FC) 通道, 并通过建 立的 FC通道向业务处理设备 3传输上述密钥。 业务处理设备 3, 设置为接收用户设 备 2通过 FC传输的密钥。 通过本发明实施例, 用户设备接收远端服务器发送的密钥, 在需要使用接收到的 密钥的情况下, 与业务处理设备建立 FC通道, 例如, 用户设备 2与业务处理设备 3 之间的 FC P2P连接, 并通过建立的 FC通道向业务处理设备传输上述密钥, 业务 处理设备接收用户设备通过 FC通道传输的密钥,从而无需用户手动查找密钥并出示 给密钥验证方。 在本发明实施例的一个优选实施方式中, 远端服务器 1 可以通过空中下载技术 (OTA)中的承载无关协议(BIP)方式向用户设备 2发送密钥,从而可以避免以短信、 验证码等方式作为密钥的不便。 然而本发明实施例并不限于此, 远端服务器 1也可以 通过短信、 彩信、 电子邮件等其他方式向用户设备 2发送密钥, 用户设备 2将接收到 的密钥作为 FC标签进行存储。 为了增强使用密钥的安全性, 业务处理设备 3接收到用户设备 2发送的密钥后, 可以对接收到的密钥进行验证。 在本发明实施例的一个优选实施方式中, 业务处理设 备 3可以向远端服务器发送接收到的密钥, 请求远端服务器 1验证密钥。 因此, 业务 处理设备 3, 还设置为在接收到密钥后, 向远端服务器 1发送接收到的密钥。 此时, 远端服务器 1, 还设置为接收业务处理设备 3发送的密钥, 验证接收到的密钥, 并将 验证结果返回给业务处理设备 3。 通过本优选实施例, 业务处理设备请求远端服务器 验证接收到的密钥, 使得验证方无需手动查看验证用户设备的密钥,提高了用户体验。 根据本发明实施实例, 还提供了一种密钥的交互装置, 位于本发明上述实施例的 用户设备 2, 可以接收远端服务器 1通过 OTA方式支持的 BIP通道发送的密钥, 并向 业务处理设备 3发送接收到的密钥, 实现简便的密钥交互过程。 图 2是根据本发明实施例的密钥的交互装置的结构框图, 如图 2所示, 该装置可 以包括: 通信处理模块 202和近场通讯模块 204。 其中, 通信处理模块 202, 设置为接 收远端服务器 1发送的密钥。 近场通讯模块 204, 设置为在需要使用接收到的密钥的 情况下, 与业务处理设备 3建立近场通讯( FC)通道, 通过建立的 NFC通道向业务 处理设备 3传输所述密钥。 通过本发明实施例, 通信处理模块接收远端服务器发送的密钥, 在需要使用接收 到的密钥的情况下,近场通讯模块与业务处理设备建立 FC通道,并通过建立的 NFC 通道向业务处理设备传输接收到的密钥, 从而无需用户手动查找密钥并出示给密钥验 证方, 使得密钥交互操作简单, 提高了用户体验。 在本发明实施例的一个优选实施方式中, 远端服务器 1可以通过 OTA中的 BIP 方式向用户设备 2发送密钥。通信处理模块 202,还设置为接收远端服务器 1通过 OTA 中的 BIP方式发送的密钥。 因此, 在本发明实施例中, 通信处理模块 202也称为 BIP 通信处理模块 202。 远端服务器 1在发送密钥之前, 可以请求用户终端 2打开 BIP通道, 用户终端 2 响应请求打开 BIP通道, 并反馈 BIP通道打开成功的信息给远端服务器 1。 远端服务 器 1采用 OTA技术, 将密钥通过已打开的 BIP通道传输给用户设备 2。 因此, 在本发 明实施例的一个优选实施方式中,如图 3所示,上述装置还可以包括: UICC模块 206, 与 BIP通信处理模块 202相耦合,设置为接收远端服务器 1发送的 BIP通道开启请求, 通知 BIP通信处理模块 202打开 BIP通道。 此时, 为了实现上述功能, BIP通信处理 模块 202可以包括: 开启单元 2022, 设置为根据 BIP通道开启请求开启 BIP通道; 确 认单元 2024,设置为向 UICC模块 206发送 BIP通道开启的确认消息。进一步的, UICC 模块 206接收到 BIP通道开启的确认消息后, 可以向远端服务器 1反馈 BIP通道打开 成功消息。 为了避免了以短信、 验证码等方式作为密钥而导致的密钥易丢失的问题, 用户设 备可以将接收到的密钥存储到 UICC中, 在需要使用密钥时从 UICC中读取存储的密 钥数据。在本发明实施例的一个优选实施方式中, UICC模块 206, 还设置为将 BIP通 信处理模块接收到的密钥作为 FC标签存储到 UICC中。通过本优选实施方式, 将密 钥存储到 UICC中, 避免密钥数据与其他数据混淆, 从而避免了密钥数据因用户操作 失误而丢失的问题, 使得密钥数据使用更加安全, 进一步提高了用户体验。 在远端服务器 1通过短信、 彩信、 电子邮件等其他方式发送密钥的情况下, UICC 模块 206可以将接收到的密钥进行转换, 将接收到的密钥作为 FC标签进行存储。例 如, 从彩信中获取密钥数据, 并将获取到的密钥数据作为 FC标签, 存储到 UICC卡 中。 进一步的, 用户设备 1的近场通讯模块 204向业务处理设备发送密钥后, 为了避 免当前密钥与下次使用的密钥混淆,用户设备 1可以将已使用的密钥从 UICC中删除。 因此, 在本发明实施例的一个优选实施方式中, 如图 4所示, 上述装置还可以包括: 删除模块 208, 设置为在近场通讯模块 204向业务处理设备 3传输密钥之后, 将密钥 从 UICC中删除。 但是, 本发明实施例并不限于此, 在实际应用中, 还可以在下一次 接收密钥时, 删除 UICC中存储的已使用的密钥。 通过本优选实施方式, 避免了不同 密钥之间的混淆, 节省了 UICC存储空间。 根据本发明实施例, 还提供了一种用户设备, 可以包括本发明上述实施例提供的 密钥的交互装置。 通过本发明实施例的用户设备, 在使用密钥时, 仅需将用户设备与 业务处理设备触碰, 建立传输密钥的 FC通道, 通过 FC通道将密钥发送至业务处 理设备, 从而无需用户手动查找密钥并出示给密钥验证方。 根据本发明实施例, 还提供了一种密钥的交互方法, 可以通过本发明上述实施例 提供的密钥的交互装置、 系统, 实现便捷的密钥交互过程。 图 5是根据本发明实施例的密钥的交互方法的流程图, 如图 5所示, 该方法可以 包括以下几个步骤 (步骤 S502-步骤 S506): 步骤 S502, 用户设备 (UE) 接收远端服务器发送的密钥。 步骤 S504, 在需要使用接收到的密钥的情况下, 用户设备与业务处理设备建立近 场通讯 ( FC) 通道。 步骤 S506, 用户设备通过建立的 NFC通道向业务处理设备传输接收到的密钥。 通过本发明实施例, 用户设备接收远端服务器发送的密钥, 在需要使用接收到的 密钥的情况下, 用户设备与业务处理设备建立 FC通道, 并通过建立的 NFC通道向 业务处理设备传输接收到的密钥, 因此, 在使用密钥时, 无需用户手动查找密钥并出 示给密钥验证方, 使得密钥交互操作方便快捷, 提高了用户体验。 在本发明实施例的一个优选实施方式中, 远端服务器 1可以通过 OTA中的 BIP 方式向 UE发送密钥, 在该优选实施方式中, 远端服务器 1发送密钥之前, 可以请求 用户终端 2开启 BIP通道, 用户终端 2响应请求开启 BIP通道, 并向远端服务器 1反 馈 BIP通道打开成功消息。远端服务器 1接收到 BIP通道打开成功消息后, 采用 OTA 技术通过已打开的 BIP通道将密钥传输给用户设备 2。 用户设备接收远端服务器发送 的密钥之前, 远端服务器 2向用户设备 1发送 BIP通道开启请求, 用户设备 1接收远 端服务器 2发送的 BIP通道开启请求, 根据 BIP通道开启请求开启 BIP通道, 并向远 端服务器 1发送 BIP通道开启确认消息。 为了避免了以短信、 验证码等方式作为密钥而导致的密钥易丢失的问题, 在本发 明实施例的一个优选实施方式中, 用户设备 1在接收到远端服务器 2发送的密钥后, 可以将接收到的密钥作为 FC标签存储到 UICC中, 在需要使用密钥时, 用户设备 1 从 UICC中读取存储的密钥数据。优选地, 用户设备 1可以对接收到的密钥进行封装, 生成 FC通信传输可识别的 DEF消息格式。 通过本优选实施方式, 将密钥存储到 UICC 中, 避免密钥数据与其他数据 (如短信方式时的其他短信息) 混淆, 从而避免 了密钥数据因用户操作失误而丢失的问题, 使得密钥数据使用更加安全, 进一步提高 了用户体验。 进一步的, 用户设备 1的向业务处理设备发送密钥后, 为了避免当前密钥与下次 使用的密钥混淆, 在向业务处理设备 3传输密钥之后, 用户设备 1可以将已使用的密 钥从 UICC中删除。 但是, 本发明实施例并不限于此, 在实际应用中, 还可以在下一 次接收密钥时, 删除 UICC中存储的已使用的密钥。 通过本优选实施方式, 避免了不 同密钥之间的混淆, 节省了 UICC存储空间。 为了增强使用密钥的安全性, 业务处理设备 3接收到用户设备 2发送的密钥后, 进行数据解析提取用户设备 2发送的密钥, 并对接收到的密钥进行验证。 在本发明实 施例的一个优选实施方式中,用户设备 2通过建立的 FC通道向业务处理设备 3传输 所述密钥之后, 业务处理设备 3将用户设备 2传输的密钥传输给远端服务器 1, 请求 远端服务器 1验证密钥。 远端服务器 1验证密钥完成后, 可以向业务处理设备返回审 核结果。 业务处理设备 3接收远端服务器 1对密钥审核后返回的审核结果。 下面通过具体实施例进行描述。 实施例一 本实施例的密钥的交互系统如图 1所示, 包括远端服务器 1、 用户设备 2和业务 处理设备 3。 其中, 远端服务器 1, 设置为分发和审核用户密钥。 用户设备 2, 设置为 接收和使用远端服务器 1分发的密钥; 业务处理设备 3, 设置为接收用户设备 2发送 的密钥, 以及与远端服务器交互, 请求远端服务器 1审核接收到的密钥。 远端服务器 1通过 BIP通道分发用户密钥, 用户设备 2通过 BIP通道接收远端服 务器 1分发的密钥, 并将接收到的密钥存储于 UICC中, 供用户终端 2使用。 用户使 用该密钥时, 将用户设备 2靠近业务处理设备 3, 建立用户设备 2与业务处理设备 3 之间的 FC通道, 用户设备 2通过已建立的 FC通道, 将密钥传输给业务处理设备 3。业务处理设备 3通过网路通道将该密钥传输给远端服务器 1,供远端服务器 1审核。 审核结束后, 远端服务器 1将审核结果返回给业务处理设备 3。 在本发明实施例的一 个优选实施方式中,业务处理设备 3还可以通过 FC通道向用户设备 2反馈审核结果。 在实际应用中, 可以根据密钥的分发和使用, 将本实施例的上述系统分为两个子 系统, 即密钥的分发通信子系统和密钥的使用通信子系统, 下面分别对这两个子系统 进行描述。 图 6是根据本发明实施例的密钥的分发通信子系统的示意图, 示出了密钥分发的 通信系统的结构, 如图 6所示, 该子系统可以包括: 远端服务器 1, BIP通信处理模块 202和 UICC模块 206。 远端服务器 1, 设置为分发用户密钥; BIP通信处理模块 202 (位于用户设备侧), 设置为打开 BIP通道, 供远端服务器 1通过 OTA传输密钥; UICC模块 206 (位于用 户设备侧), 设置为存储密钥。 远端服务器 1请求 UICC模块 206打开 BIP通道, UICC模块 206响应该请求,通 知 BIP通信处理模块 202打开 BIP通道。 BIP通信处理模块 202反馈 BIP通道打开成 功的信息给 UICC模块 206。 UICC模块 206通知远端服务器 1, BIP通道已被成功打 开。远端服务器 1采用 OTA技术将密钥通过已打开的 BIP通道传输给 UICC模块 206。 图 7是根据本发明实施例的密钥的使用通信子系统的示意图, 示出了密钥使用的 通信系统结构, 如图 7所示, 该子系统包括: 近场通讯模块 204、 UICC模块 206、 密 钥管理模块 302 (位于业务处理设备侧) 和远端服务器 1。 近场通讯模块 204, 设置为建立 NFC数据通道连接; UICC模块 206, 设置为存储 密钥; 密钥管理模块 302, 设置为管理读取自用户设备 2的密钥, 并负责与远端服务 器 1通信; 远端服务器 1, 设置为审核用户使用的密钥是否有效。 用户发起密钥使用业务后, 提示用户将用户设备 2靠近服务提供商的业务处理设 备 3, 通过近场通讯模块 204与业务处理设备 3建立 FC通道。 业务处理设备 3通过 已建立的 FC通道从 UICC模块 206中读取密钥标签数据, 并传输给密钥管理模块 302。读取结束后, 密钥管理模块 302与远端服务器 1通信, 通知远端服务器 1核密钥 数据。 实施例二 图 8是根据本实施例的用户设备的结构框图, 如图 8所示, 该用户设备包括: BIP 通信处理模块 202、 近场通讯模块 204、 UICC模块 206和业务应用处理模块 210。 BIP通信处理模块 202, 设置为打开 BIP通道, 使得手机终端可以通过 OTA技术 接收远端服务器分发的密钥;近场通讯模块 204,设置为建立 FC数据通道连接; UICC 模块 206, 设置为存储密钥; 业务应用处理模块 210, 设置为提供查看和使用密钥的用 户操作界面。 实施例三 在本发明实施例中,密钥的交互过程可以分为密钥的分发、密钥的使用两个过程。 本实施例中对密钥的分发过程进行描述。 图 9是根据本发明实施例的密钥分发方法的流程图, 如图 9所示, 该方法可以包 括以下几个步骤 (步骤 S902-步骤 S912): 步骤 S902, 服务提供商的远端服务器向用户设备的 UICC卡发送 BIP通道打开请 求。 步骤 S904,用户 UICC卡响应服务器请求,通知 BIP通信处理模块打开 BIP通道。 步骤 S906, BIP通信处理模块响应 UICC卡的请求通知, 打开 BIP通道。 并将通 道打开消息反馈给 UICC卡。 步骤 S908, UICC卡接收到 BIP通信处理模块的反馈信息后, 向远端服务器发送 BIP通道已打开的确认消息。 步骤 S910, 远端服务器接收到 BIP通道打开的反馈信息后, 通过 OTA技术将密 钥通过已打开的 BIP通道传输给用户 UICC卡。 步骤 S912, 用户设备接收密钥数据, 并将其作为 FC电子标签存储于 UICC卡 中, 供用户使用。 通过上述步骤完成密钥分发的过程, 用户可通过用户设备查看和使用密钥。 实施例四 本实施例对密钥分发到 UE后, 使用该密钥的流程进行描述。 图 10是根据本发明实施例的密钥使用方法的流程图, 如图 10所示, 该方法可以 包括以下几个步骤 (步骤 S1002-步骤 S1012): 步骤 S1002, 用户首先选择待使用的密钥标签, 发起使用密钥的用户业务。 业务 发起后, 用户设备提示用户将用户设备靠近 FC读取设备 (即业务处理设备)。 步骤 S1004, 用户将用户设备靠近服务提供商的业务处理设备 ( FC读取设备), 建立 FC通道连接。 步骤 S1006, 业务处理设备通过已建立的 FC数据通道从用户设备中读取密钥标 签数据。 步骤 S1008用户设备发出提示音, 提示用户密钥数据被读取完成。 应用程序自动 将该密钥标签删除。 步骤 S1010, 业务处理设备与远端服务器通信, 通知远端服务器审核该密钥。 步骤 S1012, 远端服务器审核结束后, 将审核结果反馈给业务处理设备。 业务处 理设备显示审核结果。 通过上述步骤, 完成密钥使用的过程, 用户通过用户设备触碰业务处理设备, 即 可结束密钥的使用审核, 使得密钥使用安全便捷。 简化了操作步骤, 使用更加便捷, 较好的改善了用户体验。 从以上的描述中, 可以看出, 本发明实现了如下技术效果: 用户设备接收远端服 务器发送的密钥, 在需要使用接收到的密钥的情况下, 用户设备与业务处理设备建立 FC通道, 并通过建立的 NFC通道向业务处理设备传输接收到的密钥, 因此, 在使 用密钥时,无需用户手动查找密钥并出示给密钥验证方, 使得密钥交互操作方便快捷, 提高了用户体验。进一步的,远端服务器通过 OTA方式支持的 BIP通道将密钥分发至 用户设备, 避免了以短信、 验证码等方式作为密钥的不便。 用户设备可以将密钥存储 在 UICC卡中, 使得获取的密钥不容易丢失。业务处理设备接收用户设备发送的密钥, 并请求远端服务器验证接收到的密钥,使得验证方无需手动查看验证用户设备的密钥。 为了避免当前密钥与下次使用的密钥混淆, 以及节省 UICC存储空间, 用户设备可以 将已使用的密钥从 UICC中删除, 避免了不同密钥之间的混淆, 节省了 UICC存储空 间。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 并且在某些情况下, 可以以不同于此处 的顺序执行所示出或描述的步骤, 或者将它们分别制作成各个集成电路模块, 或者将 它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任 何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技 术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 FC technology has the advantages of simple and convenient connection, safe communication and automatic, and is a wireless communication technology that is very suitable for mobile phones. Over-the-Air Technology (OTA) is a technology for remotely managing data and applications of Universal Integrated Circuit Card (UICC) through the air interface of mobile communications. At present, the mode of the 0TA service support includes a short message mode and a Bearer Independent Protocol (BIP). The bearer modes supported by the BIP protocol include: General Packet Radio Service (GPRS); Wireless Local Area Networks (WLAN); Bluetooth, Wireless Fidelity (abbreviation) For WiFi) and more. The application of OTA technology enables mobile communications to not only provide voice and data services, but also to provide new service downloads. With the continuous development of network communication transactions, more and more online consumer transactions have gradually entered and affected the daily lives of users. For example, in an online group purchase transaction, the user only needs to pay online, and after the mobile terminal obtains the short message, the mobile phone can use the short message as a key certificate to enjoy the service. However, such a consumer transaction using a short message, a verification code, or the like as a key is cumbersome in operation and difficult to find in a short message, especially when the amount of short messages is large, which increases the difficulty of searching by the user. First, the user's mobile terminal must store such information. Then, before enjoying the service, the user needs to manually find the information from the mobile terminal and present it to the merchant. Finally, the service merchant manually checks the user's mobile phone information and checks it, and then confirms that it is correct. Key review. It can be seen that the operation in the related art as a method of using a short message or a verification code as a key certificate is cumbersome, reduces the user experience, and, because of the need to manually participate in reading information during verification, thereby increasing the occurrence of errors. Probability. SUMMARY OF THE INVENTION In view of the cumbersome operation of the key usage in the prior art, the present invention provides a key interaction scheme to solve at least the above problems. According to an aspect of the present invention, a key interaction method is provided, including: a user equipment UE receives a key sent by a remote server; and in a case where the received key is needed, the UE and the service The processing device establishes a near field communication FC channel; the UE transmits the key to the service processing device by using the established FC channel. Preferably, the user equipment UE receives the key sent by the remote server, and the method includes: the UE receiving a key sent by the remote server by using a bearer-independent protocol BIP in the over-the-air technology OTA. Preferably, before the UE receives the key that is sent by the remote server through the BIP mode in the OTA, the method further includes: the UE receiving a BIP channel open request sent by the remote server; and the UE starting the BIP channel The UE sends a BIP channel open confirmation message to the remote server. Preferably, after the user equipment UE receives the key that is sent by the remote server by using the bearer-independent protocol BIP, the method further includes: the UE storing the key as an FC tag in the universal integrated circuit card UICC of the UE. in. Preferably, after the UE transmits the key to the service processing device by using the established FC channel, the method further includes: the service processing device transmitting the key transmitted by the UE to the The remote processing server receives the audit result returned by the remote server after reviewing the key. Preferably, after the UE transmits the key to the service processing device by using the established FC, the method further includes: deleting the key from the UE. According to another aspect of the present invention, a key interaction apparatus is provided, located on a user equipment side, including: a communication processing module, configured to receive a key sent by a remote server; and a near field communication module, configured to process with a service The device establishes a near field communication FC channel, and transmits the key to the service processing device through the established FC channel. Preferably, the communication processing module is further configured to receive a key sent by the remote server through a bearer-independent protocol BIP in the over-the-air technology OTA. Preferably, the device further includes: a universal integrated circuit card UICC module, configured to receive a BIP channel open request sent by the remote server, to notify the communication processing module to open a BIP channel; The module includes: an opening unit, configured to enable a BIP channel according to the BIP channel open request; and an acknowledgment unit configured to send a confirmation message that the BIP channel is opened to the UICC module. Preferably, the UICC module is further configured to store the key received by the communication processing module as an FC tag into the UICC. Preferably, the apparatus further includes: a deleting module, configured to delete the key from the UICC after the near field communication module transmits the key to the service processing device. According to still another aspect of the present invention, a user equipment UE is provided, including: the interaction device of the above key provided by the present invention. According to a further aspect of the present invention, a key interaction system is provided, including: a remote server, a user equipment UE, and a service processing device, where the remote server is configured to send a key to the UE; The interaction device of the above-mentioned key provided by the present invention is configured to receive a key sent by the remote server, and establish a near field communication with the service processing device if the received key is needed to be used. The FC channel is configured to transmit the key to the service processing device by using the established FC channel; the service processing device is configured to receive the key that is transmitted by the UE through an NFC channel. Preferably, the remote server sends a key to the UE by means of a bearer-independent protocol BIP in the over-the-air technology OTA. Preferably, the service processing device is further configured to: after receiving the key, send the received key to the remote server; the remote server is further configured to receive the service processing. The key sent by the device verifies the received key and returns the verification result to the service processing device. With the present invention, the user equipment receives the key sent by the remote server. When the received key is needed, the user equipment establishes an FC channel with the service processing device, and transmits and receives the FC channel to the service processing device through the established FC channel. The key, therefore, when the key is used, the user does not need to manually find the key and present it to the key authenticator, so that the key interaction operation is convenient and fast, and the user experience is improved. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a schematic diagram of an interaction system of keys according to an embodiment of the present invention; 2 is a structural block diagram of an apparatus for interacting with a key according to an embodiment of the present invention; FIG. 3 is a structural block diagram of an apparatus for interacting with a preferred key according to an embodiment of the present invention; FIG. 4 is another preferred embodiment of the present invention according to an embodiment of the present invention. FIG. 5 is a flowchart of a key interaction method according to an embodiment of the present invention; FIG. 6 is a schematic diagram of a key distribution communication subsystem according to an embodiment of the present invention; FIG. 8 is a block diagram showing a structure of a user equipment according to an embodiment of the present invention; FIG. 9 is a flowchart of a key distribution method according to an embodiment of the present invention; FIG. A flowchart of a method for using a key in an embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The present invention provides a key interaction method, device and system for the problem that the user equipment is cumbersome to operate and obtain the online consumer transaction key, the key is difficult to find, the key is easy to be lost, and the security factor is low. . The key interaction scheme of the embodiment of the present invention integrates OTA, BIP, and NFC technologies, and the remote server can distribute the key to the user equipment through the BIP channel supported by the OTA mode, thereby avoiding the use of a short message, a verification code, or the like as a key. inconvenient. The user equipment can store the key as an FC tag in the UICC card, so that the acquired key is not easily lost. When the key is used, the user equipment touches the service processing device, establishes an FC channel for transmitting the key, and sends the key to the service processing device through the FC channel, so that the user does not need to manually find the key and present it to the key authenticator. The service processing device receives the key sent by the user equipment, and requests the remote server to verify the received key, so that the authenticator does not need to manually check the key of the authentication user equipment. According to an embodiment of the present invention, a key interaction system is provided. As shown in FIG. 1, the system may include: a remote server 1, a user equipment 2 (UE), and a service processing device 3. The remote server 1 is configured to send a key to the user equipment 2. The user equipment 2 is configured to receive the key sent by the remote server 1, and establish a near field communication (FC) channel with the service processing device 3, and use the established FC channel to the service, if the received key is needed. The processing device 3 transmits the above key. The service processing device 3 is configured to receive a key transmitted by the user equipment 2 through the FC. In the embodiment of the present invention, the user equipment receives the key sent by the remote server, and establishes an FC channel with the service processing device, for example, between the user equipment 2 and the service processing device 3, if the received key is needed. The FC P2P connects and transmits the key to the service processing device through the established FC channel. The service processing device receives the key transmitted by the user equipment through the FC channel, so that the user does not need to manually find the key and present it to the key authenticator. In a preferred embodiment of the embodiment of the present invention, the remote server 1 can send a key to the user equipment 2 through a bearer-independent protocol (BIP) in the over-the-air (OTA) technology, thereby avoiding short messages, verification codes, and the like. The inconvenience of the way as a key. However, the embodiment of the present invention is not limited thereto, and the remote server 1 may also send a key to the user equipment 2 by using a short message, a multimedia message, an email, or the like, and the user equipment 2 stores the received key as an FC label. In order to enhance the security of the used key, the service processing device 3 can verify the received key after receiving the key sent by the user equipment 2. In a preferred embodiment of the embodiment of the present invention, the service processing device 3 may send the received key to the remote server, requesting the remote server 1 to verify the key. Therefore, the service processing device 3 is further arranged to transmit the received key to the remote server 1 after receiving the key. At this time, the remote server 1 is further configured to receive the key sent by the service processing device 3, verify the received key, and return the verification result to the service processing device 3. With the preferred embodiment, the service processing device requests the remote server to verify the received key, so that the authenticator does not need to manually check the key of the user equipment, thereby improving the user experience. According to an embodiment of the present invention, a key interaction device is further provided. The user equipment 2 located in the foregoing embodiment of the present invention can receive a key sent by the remote server 1 through a BIP channel supported by the OTA mode, and process the service to the service. The device 3 transmits the received key to implement a simple key interaction process. FIG. 2 is a structural block diagram of a key interaction apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus may include: a communication processing module 202 and a near field communication module 204. The communication processing module 202 is configured to receive a key sent by the remote server 1. The near field communication module 204 is configured to establish a Near Field Communication (FC) channel with the service processing device 3 in the case where the received key is required to be used, and transmit the key to the service processing device 3 through the established NFC channel. According to the embodiment of the present invention, the communication processing module receives the key sent by the remote server. When the received key is needed, the near field communication module establishes an FC channel with the service processing device, and provides the service through the established NFC channel. The processing device transmits the received key, so that the user does not need to manually find the key and present it to the key authenticator, so that the key interaction operation is simple and the user experience is improved. In a preferred embodiment of the embodiment of the present invention, the remote server 1 can send a key to the user equipment 2 through a BIP manner in the OTA. The communication processing module 202 is further configured to receive the remote server 1 through the OTA The key sent by the BIP method. Therefore, in the embodiment of the present invention, the communication processing module 202 is also referred to as a BIP communication processing module 202. Before transmitting the key, the remote server 1 may request the user terminal 2 to open the BIP channel, and the user terminal 2 opens the BIP channel in response to the request, and feeds back the BIP channel to open the successful information to the remote server 1. The remote server 1 uses the OTA technology to transmit the key to the user equipment 2 through the opened BIP channel. Therefore, in a preferred embodiment of the present invention, as shown in FIG. 3, the foregoing apparatus may further include: a UICC module 206 coupled to the BIP communication processing module 202, configured to receive a BIP channel sent by the remote server 1. The request is opened, and the BIP communication processing module 202 is notified to open the BIP channel. At this time, in order to implement the above functions, the BIP communication processing module 202 may include: an opening unit 2022, configured to enable a BIP channel according to a BIP channel open request; and an acknowledgment unit 2024 configured to send a confirmation message that the BIP channel is opened to the UICC module 206. Further, after receiving the confirmation message that the BIP channel is enabled, the UICC module 206 may feed back the BIP channel open success message to the remote server 1. In order to avoid the problem that the key is easily lost by using a short message, a verification code, etc. as a key, the user equipment can store the received key in the UICC, and read the stored content from the UICC when the key needs to be used. Key data. In a preferred embodiment of the embodiment of the present invention, the UICC module 206 is further configured to store the key received by the BIP communication processing module as an FC tag into the UICC. Through the preferred embodiment, the key is stored in the UICC to avoid confusion between the key data and other data, thereby avoiding the problem that the key data is lost due to user operation errors, making the key data use more secure and further improving the user. Experience. In the case where the remote server 1 transmits a key by other means such as a short message, a multimedia message, an email, or the like, the UICC module 206 can convert the received key and store the received key as an FC tag. For example, the key data is obtained from the multimedia message, and the obtained key data is stored as an FC tag in the UICC card. Further, after the near field communication module 204 of the user equipment 1 transmits the key to the service processing device, in order to prevent the current key from being confused with the key used next time, the user equipment 1 may delete the used key from the UICC. Therefore, in a preferred embodiment of the embodiment of the present invention, as shown in FIG. 4, the apparatus may further include: a deleting module 208, configured to be dense after the near field communication module 204 transmits the key to the service processing device 3. The key is removed from the UICC. However, the embodiment of the present invention is not limited thereto. In an actual application, the used key stored in the UICC may also be deleted when the key is received next time. With the preferred embodiment, confusion between different keys is avoided, and UICC storage space is saved. According to an embodiment of the present invention, a user equipment is provided, which may include the interaction device of the key provided by the foregoing embodiment of the present invention. With the user equipment of the embodiment of the present invention, when the key is used, only the user equipment needs to be The service processing device touches the FC channel that establishes the transmission key, and sends the key to the service processing device through the FC channel, so that the user does not need to manually find the key and present it to the key authenticator. According to an embodiment of the present invention, a key interaction method is also provided, and a key interaction process and system provided by the foregoing embodiment of the present invention can implement a convenient key interaction process. FIG. 5 is a flowchart of a method for interacting a key according to an embodiment of the present invention. As shown in FIG. 5, the method may include the following steps (step S502 - step S506): Step S502, the user equipment (UE) receives the far The key sent by the end server. Step S504: The user equipment establishes a Near Field Communication (FC) channel with the service processing device if the received key needs to be used. Step S506: The user equipment transmits the received key to the service processing device by using the established NFC channel. In the embodiment of the present invention, the user equipment receives the key sent by the remote server, and the user equipment establishes an FC channel with the service processing device and transmits the data to the service processing device through the established NFC channel. The received key, therefore, when the key is used, the user does not need to manually find the key and present it to the key authenticator, so that the key interaction operation is convenient and fast, and the user experience is improved. In a preferred embodiment of the present invention, the remote server 1 may send a key to the UE in a BIP manner in the OTA. In the preferred embodiment, the remote server 1 may request the user terminal 2 before sending the key. When the BIP channel is enabled, the user terminal 2 opens the BIP channel in response to the request, and feeds back the BIP channel open success message to the remote server 1. After receiving the BIP channel open success message, the remote server 1 transmits the key to the user equipment 2 through the opened BIP channel by using OTA technology. Before the user equipment receives the key sent by the remote server, the remote server 2 sends a BIP channel open request to the user equipment 1, and the user equipment 1 receives the BIP channel open request sent by the remote server 2, and starts the BIP channel according to the BIP channel open request. And sending a BIP channel open confirmation message to the remote server 1. In a preferred embodiment of the present invention, the user equipment 1 receives the key sent by the remote server 2, in order to avoid the problem that the key is easily lost as a key by using a short message, a verification code, or the like. The received key can be stored as an FC tag in the UICC, and when the key needs to be used, the user device 1 reads the stored key data from the UICC. Preferably, the user equipment 1 may encapsulate the received key to generate a DEF message format recognizable by the FC communication transmission. Through the preferred embodiment, the key is stored in the UICC to avoid confusion between the key data and other data (such as other short messages in the short message mode), thereby avoiding The problem that the key data is lost due to user operation errors makes the use of the key data more secure and further improves the user experience. Further, after the user equipment 1 sends a key to the service processing device, in order to prevent the current key from being confused with the key used next time, after transmitting the key to the service processing device 3, the user equipment 1 may use the used secret. The key is removed from the UICC. However, the embodiment of the present invention is not limited thereto. In an actual application, the used key stored in the UICC may also be deleted when the key is received next time. With the preferred embodiment, confusion between different keys is avoided, and UICC storage space is saved. In order to enhance the security of the used key, the service processing device 3 receives the key transmitted by the user equipment 2, performs data analysis to extract the key transmitted by the user equipment 2, and verifies the received key. In a preferred embodiment of the present invention, after the user equipment 2 transmits the key to the service processing device 3 through the established FC channel, the service processing device 3 transmits the key transmitted by the user equipment 2 to the remote server 1 , request remote server 1 to verify the key. After the remote server 1 verifies that the key is completed, it can return the audit result to the service processing device. The service processing device 3 receives the audit result returned by the remote server 1 after the key audit. The following description is made by way of specific embodiments. The interaction system of the key in this embodiment is shown in FIG. 1 and includes a remote server 1, a user equipment 2, and a service processing device 3. Among them, the remote server 1, is set to distribute and audit the user key. The user equipment 2 is configured to receive and use the key distributed by the remote server 1; the service processing device 3 is configured to receive the key sent by the user equipment 2, and interact with the remote server to request the remote server 1 to review the received Key. The remote server 1 distributes the user key through the BIP channel, and the user device 2 receives the key distributed by the remote server 1 through the BIP channel, and stores the received key in the UICC for use by the user terminal 2. When the user uses the key, the user equipment 2 is located close to the service processing device 3, and the FC channel between the user equipment 2 and the service processing device 3 is established. The user equipment 2 transmits the key to the service processing device through the established FC channel. 3. The service processing device 3 transmits the key to the remote server 1 through the network channel for the remote server 1 to audit. After the audit is completed, the remote server 1 returns the audit result to the service processing device 3. In a preferred embodiment of the embodiment of the present invention, the service processing device 3 can also feed back the audit result to the user equipment 2 through the FC channel. In practical applications, the above system of the embodiment can be divided into two subsystems according to the distribution and use of the key, that is, the key distribution communication subsystem and the key usage communication subsystem, and the following two sub-substrates respectively The system is described. 6 is a schematic diagram of a distribution communication subsystem of a key according to an embodiment of the present invention, showing a structure of a communication system for key distribution. As shown in FIG. 6, the subsystem may include: a remote server 1, BIP communication Processing module 202 and UICC module 206. The remote server 1 is configured to distribute the user key; the BIP communication processing module 202 (located on the user equipment side) is configured to open the BIP channel for the remote server 1 to transmit the key through the OTA; the UICC module 206 (located on the user equipment side) , set to store the key. The remote server 1 requests the UICC module 206 to open the BIP channel, and the UICC module 206 notifies the BIP communication processing module 202 to open the BIP channel in response to the request. The BIP communication processing module 202 feeds back the information that the BIP channel is successfully opened to the UICC module 206. The UICC module 206 notifies the remote server 1 that the BIP channel has been successfully opened. The remote server 1 uses OTA technology to transmit the key to the UICC module 206 through the opened BIP channel. 7 is a schematic diagram of a communication subsystem using a key according to an embodiment of the present invention, showing a communication system structure for key usage. As shown in FIG. 7, the subsystem includes: a near field communication module 204, a UICC module 206. The key management module 302 (located on the service processing device side) and the remote server 1. The near field communication module 204 is configured to establish an NFC data channel connection; the UICC module 206 is configured to store a key; the key management module 302 is configured to manage a key read from the user device 2, and is responsible for interacting with the remote server 1 Communication; Remote Server 1, set to audit whether the key used by the user is valid. After the user initiates the key usage service, the user is prompted to bring the user equipment 2 close to the service processing device 3 of the service provider, and establish a FC channel with the service processing device 3 through the near field communication module 204. The service processing device 3 reads the key tag data from the UICC module 206 through the established FC channel and transmits it to the key management module 302. After the reading is completed, the key management module 302 communicates with the remote server 1 to notify the remote server 1 of the core key data. Embodiment 2 FIG. 8 is a structural block diagram of a user equipment according to this embodiment. As shown in FIG. 8, the user equipment includes: a BIP communication processing module 202, a near field communication module 204, a UICC module 206, and a service application processing module 210. The BIP communication processing module 202 is configured to open the BIP channel, so that the mobile terminal can receive the key distributed by the remote server through the OTA technology; the near field communication module 204 is configured to establish an FC data channel connection; and the UICC module 206 is set to store the confidentiality. Key; business application processing module 210, configured to provide a user interface for viewing and using keys. Embodiment 3 In the embodiment of the present invention, the key interaction process may be divided into two processes: key distribution and key usage. The distribution process of the key is described in this embodiment. FIG. 9 is a flowchart of a key distribution method according to an embodiment of the present invention. As shown in FIG. 9, the method may include the following steps (step S902 to step S912): Step S902, a remote server of a service provider The UICC card of the user equipment sends a BIP channel open request. Step S904, the user UICC card responds to the server request, and notifies the BIP communication processing module to open the BIP channel. Step S906, the BIP communication processing module opens the BIP channel in response to the request notification of the UICC card. The channel open message is fed back to the UICC card. Step S908: After receiving the feedback information of the BIP communication processing module, the UICC card sends an acknowledgement message that the BIP channel has been opened to the remote server. Step S910: After receiving the feedback information of the BIP channel opening, the remote server transmits the key to the UICC card through the opened BIP channel through the OTA technology. Step S912, the user equipment receives the key data and stores it as an FC electronic tag in the UICC card for use by the user. Through the above steps, the key distribution process is completed, and the user can view and use the key through the user equipment. Embodiment 4 This embodiment describes a procedure for using a key after the key is distributed to the UE. FIG. 10 is a flowchart of a method for using a key according to an embodiment of the present invention. As shown in FIG. 10, the method may include the following steps (step S1002 - step S1012): Step S1002, the user first selects a key to be used. Label, initiates the user service that uses the key. After the service is initiated, the user equipment prompts the user to bring the user equipment closer to the FC reading device (ie, the service processing device). In step S1004, the user sets the user equipment to the service processing device (FC reading device) of the service provider to establish an FC channel connection. Step S1006: The service processing device reads the key tag data from the user equipment by using the established FC data channel. Step S1008: The user equipment sends a prompt tone, prompting the user that the key data is read. The application automatically deletes the key label. Step S1010: The service processing device communicates with the remote server, and notifies the remote server to review the key. Step S1012: After the remote server is audited, the audit result is fed back to the service processing device. The business processing device displays the audit results. Through the above steps, the process of using the key is completed, and the user can end the use of the key by using the user device to touch the service processing device, so that the key is safe and convenient to use. Simplified operation steps, easier to use, and better user experience. From the above description, it can be seen that the present invention achieves the following technical effects: The user equipment receives the key sent by the remote server, and the user equipment establishes an FC channel with the service processing device if the received key needs to be used. And transmitting the received key to the service processing device through the established NFC channel. Therefore, when the key is used, the user does not need to manually find the key and present it to the key verification party, so that the key interaction operation is convenient and fast, and the key is improved. user experience. Further, the remote server distributes the key to the user equipment through the BIP channel supported by the OTA mode, thereby avoiding the inconvenience of using a short message, a verification code, or the like as a key. The user equipment can store the key in the UICC card so that the acquired key is not easily lost. The service processing device receives the key sent by the user equipment, and requests the remote server to verify the received key, so that the authenticator does not need to manually check the key of the authentication user equipment. In order to avoid confusion between the current key and the next used key, and save the UICC storage space, the user equipment can delete the used key from the UICC, avoiding confusion between different keys, and saving UICC storage space. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种密钥的交互方法, 包括: 1. A key interaction method, including:
用户设备 UE接收远端服务器发送的密钥;  The user equipment UE receives the key sent by the remote server;
在需要使用接收到的所述密钥的情况下, 所述 UE与业务处理设备建立近 场通讯 FC通道;  In the case that the received key is needed, the UE establishes a near field communication FC channel with the service processing device;
所述 UE通过建立的所述 NFC通道向所述业务处理设备传输所述密钥。  Transmitting, by the UE, the key to the service processing device by using the established NFC channel.
2. 根据权利要求 1所述的方法, 其中, 用户设备 UE接收远端服务器发送的密钥, 包括: 2. The method according to claim 1, wherein the user equipment UE receives the key sent by the remote server, and includes:
所述 UE接收远端服务器通过空中下载技术 OTA中的承载无关协议 BIP方 式发送的密钥。  The UE receives a key sent by the remote server through a bearer-independent protocol BIP in the over-the-air technology OTA.
3. 根据权利要求 2所述的方法, 其中, UE接收远端服务器通过 OTA中的 BIP方 式发送的密钥之前, 所述方法还包括: The method according to claim 2, wherein, before the UE receives the key that is sent by the remote server through the BIP in the OTA, the method further includes:
所述 UE接收所述远端服务器发送的 BIP通道开启请求;  Receiving, by the UE, a BIP channel open request sent by the remote server;
所述 UE开启所述 BIP通道; 以及  Transmitting, by the UE, the BIP channel; and
所述 UE向所述远端服务器发送 BIP通道开启确认消息。  The UE sends a BIP channel open confirmation message to the remote server.
4. 根据权利要求 2所述的方法, 其中, 用户设备 UE接收远端服务器通过承载无 关协议 BIP方式发送的密钥之后, 所述方法还包括: The method according to claim 2, wherein after the user equipment UE receives the key that is sent by the remote server by using the BIP mode, the method further includes:
所述 UE将所述密钥作为 FC标签存储于所述 UE的通用集成电路卡 UICC 中。  The UE stores the key as an FC tag in a universal integrated circuit card UICC of the UE.
5. 根据权利要求 1至 4中任一项所述的方法,其中,所述 UE通过建立的所述 NFC 通道向所述业务处理设备传输所述密钥之后, 所述方法还包括: The method according to any one of claims 1 to 4, wherein after the UE transmits the key to the service processing device by using the established NFC channel, the method further includes:
所述业务处理设备将所述 UE传输的所述密钥传输给所述远端服务器; 所述业务处理设备接收所述远端服务器对所述密钥审核后返回的审核结 Transmitting, by the service processing device, the key transmitted by the UE to the remote server; the service processing device receiving an auditing result returned by the remote server after reviewing the key
6. 根据权利要求 1至 4中任一项所述的方法, 其中, 在所述 UE通过建立的所述 FC向所述业务处理设备传输所述密钥之后, 所述方法还包括: 将所述密钥从 所述 UE中删除。 The method according to any one of claims 1 to 4, wherein after the UE transmits the key to the service processing device by using the established FC, the method further includes: The key is deleted from the UE.
7. 一种密钥的交互装置, 位于用户设备侧, 包括: A key interaction device, located on the user equipment side, includes:
通信处理模块, 设置为接收远端服务器发送的密钥;  a communication processing module, configured to receive a key sent by the remote server;
近场通讯模块,设置为与业务处理设备建立近场通讯 FC通道,通过建立 的所述 FC通道向所述业务处理设备传输所述密钥。  The near field communication module is configured to establish a near field communication FC channel with the service processing device, and transmit the key to the service processing device by using the established FC channel.
8. 根据权利要求 7所述的装置, 其中, 所述通信处理模块, 还设置为接收远端服 务器通过空中下载技术 OTA中的承载无关协议 BIP方式发送的密钥。 The device according to claim 7, wherein the communication processing module is further configured to receive a key that is sent by the remote server through a bearer-independent protocol BIP in the over-the-air technology OTA.
9. 根据权利要求 8所述的装置, 其中, 9. The device according to claim 8, wherein
所述装置还包括: 通用集成电路卡 UICC模块, 设置为接收所述远端服务 器发送的 BIP通道开启请求, 通知所述 BIP通信处理模块打开 BIP通道; 所述通信处理模块包括:  The device further includes: a universal integrated circuit card UICC module, configured to receive a BIP channel open request sent by the remote server, to notify the BIP communication processing module to open a BIP channel; the communication processing module includes:
开启单元, 设置为根据所述 BIP通道开启请求开启 BIP通道; 确认单元, 设置为向所述 UICC模块发送 BIP通道开启的确认消息。  The opening unit is configured to enable the BIP channel according to the BIP channel open request; and the confirming unit is configured to send a confirmation message that the BIP channel is opened to the UICC module.
10. 根据权利要求 9所述的装置, 其中, 所述 UICC模块, 还设置为将所述通信处 理模块接收到的所述密钥作为 FC标签存储至 UICC中。 The device according to claim 9, wherein the UICC module is further configured to store the key received by the communication processing module as an FC tag into the UICC.
11. 根据权利要求 10所述的装置, 其中, 所述装置还包括: The device according to claim 10, wherein the device further comprises:
删除模块, 设置为在所述近场通讯模块向所述业务处理设备传输所述密钥 之后, 将所述密钥从所述 UICC中删除。  And deleting a module, configured to delete the key from the UICC after the near field communication module transmits the key to the service processing device.
12. 一种用户设备 UE, 包括: 权利要求 7至 11中任一项所述的装置。 12. A user equipment UE, comprising: the apparatus of any one of claims 7 to 11.
13. 一种密钥的交互系统, 包括: 远端服务器、 用户设备 UE和业务处理设备, 其 中, 13. A key interaction system, comprising: a remote server, a user equipment UE, and a service processing device, wherein
所述远端服务器, 设置为向所述 UE发送密钥;  The remote server is configured to send a key to the UE;
所述 UE, 包括权利要求 7至 11中任一项所述的装置, 设置为接收所述远 端服务器发送的密钥; 在需要使用接收到的所述密钥的情况下, 与所述业务处 理设备建立近场通讯 FC通道; 并通过建立的所述 FC通道向所述业务处理 设备传输所述密钥; The UE, comprising the apparatus according to any one of claims 7 to 11, configured to receive a key sent by the remote server; and in a case where the received key is required to be used, At The device establishes a near field communication FC channel; and transmits the key to the service processing device through the established FC channel;
所述业务处理设备, 设置为接收所述 UE通过 FC通道传输的所述密钥。  The service processing device is configured to receive the key that is transmitted by the UE through an FC channel.
14. 根据权利要求 13所述的系统, 其中, 所述远端服务器通过空中下载技术 OTA 中的承载无关协议 BIP方式向所述 UE发送密钥。 14. The system according to claim 13, wherein the remote server transmits a key to the UE by a bearer-independent protocol BIP manner in an over-the-air technology OTA.
15. 根据权利要求 13或 14所述的系统, 其中, 所述业务处理设备, 还设置为在接收到所述密钥后, 向所述远端服务器发 送接收到的所述密钥; The system according to claim 13 or 14, wherein the service processing device is further configured to: after receiving the key, send the received key to the remote server;
所述远端服务器, 还设置为接收所述业务处理设备发送的所述密钥, 验证 接收到的所述密钥, 并将验证结果返回给所述业务处理设备。  The remote server is further configured to receive the key sent by the service processing device, verify the received key, and return the verification result to the service processing device.
PCT/CN2012/072192 2011-12-27 2012-03-12 Method, device, and system for key interaction WO2013097351A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110445050.7 2011-12-27
CN2011104450507A CN103188206A (en) 2011-12-27 2011-12-27 Interactive method, interactive device and interactive system for key

Publications (1)

Publication Number Publication Date
WO2013097351A1 true WO2013097351A1 (en) 2013-07-04

Family

ID=48679175

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/072192 WO2013097351A1 (en) 2011-12-27 2012-03-12 Method, device, and system for key interaction

Country Status (2)

Country Link
CN (1) CN103188206A (en)
WO (1) WO2013097351A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202621A (en) * 2006-12-13 2008-06-18 联想(北京)有限公司 Method and system for security verification of data among non-contact equipments
CN101958026A (en) * 2010-09-15 2011-01-26 宇龙计算机通信科技(深圳)有限公司 User authentication module setting method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7628322B2 (en) * 2005-03-07 2009-12-08 Nokia Corporation Methods, system and mobile device capable of enabling credit card personalization using a wireless network
CN101729246B (en) * 2008-10-24 2012-02-08 中兴通讯股份有限公司 Method and system for distributing key
CN101742478B (en) * 2008-11-10 2013-06-05 中兴通讯股份有限公司 Method and system for updating and distributing key of slave security domain of intelligent card and mobile terminal
CN101540804B (en) * 2009-05-06 2011-07-20 候万春 Value-added service smart card capable of loading mobile communication smart card
CN101883142A (en) * 2010-06-22 2010-11-10 中兴通讯股份有限公司 Method for backing up information of terminal user
CN101997678A (en) * 2010-11-18 2011-03-30 东莞宇龙通信科技有限公司 Password acquisition method and terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202621A (en) * 2006-12-13 2008-06-18 联想(北京)有限公司 Method and system for security verification of data among non-contact equipments
CN101958026A (en) * 2010-09-15 2011-01-26 宇龙计算机通信科技(深圳)有限公司 User authentication module setting method and system

Also Published As

Publication number Publication date
CN103188206A (en) 2013-07-03

Similar Documents

Publication Publication Date Title
US9628585B2 (en) Systems and methods for cross-layer secure connection set up
JP5415600B2 (en) Method and apparatus for deploying a dynamic credential infrastructure based on proximity
US9806558B2 (en) Wireless charging equipment, terminal, wireless charging system comprising the same, control method thereof and non-transitory computer readable storage medium having computer program recorded thereon
US7965983B1 (en) Method and system for conveying medical information to a medical service person
KR101674903B1 (en) Method and apparatus for providing service using personal network
WO2011160584A1 (en) Short-range secure data communication method based on sound wave or audio, and apparatus thereof
CN104982021A (en) Authenticating a wireless dockee to a wireless docking service
WO2012091351A2 (en) System and method for provisioning over the air of confidential information on mobile communicative devices with non-uicc secure elements
US9432364B2 (en) System and method for providing a service to end terminal that uses authentication information of another mobile communication terminal, service server, mobile communication terminal, end terminal, and storage medium
EP2583409B1 (en) Apparatus and method for registering personal network
US9940618B2 (en) Method and apparatus for transmitting wallets between mobile devices
CN101309143A (en) Method and system for interactive sharing data between mobile terminals
CN112956155A (en) Device and method for SSP device and server to negotiate digital certificate
US20090015374A1 (en) User authentication system and method
CN102685704A (en) Method and system for mobile phone trading
WO2013097351A1 (en) Method, device, and system for key interaction
KR20120126468A (en) Method and System for Relaying Authentication Number, Program
CN102843658A (en) SIM (Subscriber Identity Module) chip card and method for safely processing short message by same
KR20070039368A (en) System and method for processing security of card payment by using mobile internet communication network, devices for payment and recording medium
CN106533686B (en) Encrypted communication method and system, communication unit and client
KR101952439B1 (en) Method for Controlling Inverse Multiple Communication
JP2023128329A (en) Method of communication authentication and communication authentication terminal device
KR101962471B1 (en) Method for Controlling Inverse Multiple Communication
CN103188280B (en) Method, terminal and the system of the self-service acquisition of a kind of media resource
CN116916087A (en) Video screen projection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12862315

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12862315

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 12862315

Country of ref document: EP

Kind code of ref document: A1