WO2013174321A1 - Command execution method and device, smart card and mobile terminal - Google Patents

Command execution method and device, smart card and mobile terminal Download PDF

Info

Publication number
WO2013174321A1
WO2013174321A1 PCT/CN2013/079851 CN2013079851W WO2013174321A1 WO 2013174321 A1 WO2013174321 A1 WO 2013174321A1 CN 2013079851 W CN2013079851 W CN 2013079851W WO 2013174321 A1 WO2013174321 A1 WO 2013174321A1
Authority
WO
WIPO (PCT)
Prior art keywords
command
smart card
card
usb key
user
Prior art date
Application number
PCT/CN2013/079851
Other languages
French (fr)
Chinese (zh)
Inventor
缪海翔
杨柯
尚江峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013174321A1 publication Critical patent/WO2013174321A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • the present invention relates to the field of smart card and smart card security, and in particular to a method, device, smart card and mobile terminal for executing a command.
  • BACKGROUND With the development and commercialization of the third generation mobile communication technology, wireless data cards have been widely used in various industries. In some regions, the banking system also commercializes wireless data cards. Because the banking system has high security requirements, the USB Key is also required on the personal computer (Personal Computer) device that uses the data card. This will take up two USB ports. In the related art, occupying two USB ports wastes the port resources of the PC, and a separate USB Key and a data card may cause a loss problem, and if any one of them is lost, the other cannot be used.
  • the present invention provides a method, an apparatus, a smart card, and a mobile terminal for executing a command, so as to at least solve the related art, occupying two USB ports to waste PC resources, and a separate USB Key and data card may cause loss Any one of them is lost, causing another problem that cannot be used.
  • a method for executing a command including: a smart card of a mobile terminal receives a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; the smart card executes the command Corresponding operation.
  • the USB key is stored in the smart card, and the smart card is internally configured with an application having an EF file, wherein the EF file is used to store a certificate supporting the USB Key function.
  • the method further comprises: determining whether the PIN2 code from the user matches the PIN2 code preset by the terminal; if yes, placing the smart card Execute the working status of the USB Key function.
  • the performing, by the smart card, the operation corresponding to the command comprises: performing an encryption or decryption operation according to the command; and feeding back a result of performing the encryption or decryption operation to the data card.
  • the receiving, by the smart card of the mobile terminal, the command required to be executed by means of the USB Key comprises: the smart card receiving a command after the format conversion process from the data card.
  • the method before the smart card receives the command from the data card for performing the format conversion process, the method further includes: the data card converting the operation command from the user; and transmitting the operation command of the converted user to the smart card
  • the smart card is used to execute an operation command corresponding to the USB Key function.
  • the operation command of the user includes at least one of the following: encrypting, decrypting, generating a key pair.
  • the data card performs conversion processing on the operation command from the user, including: parsing the operation command of the user; and converting the operation command of the parsed user into a command recognizable by the smart card for sending.
  • the smart card is a Subscriber Identity Module (SIM) card and a Universal Subscriber Identity Module (USIM) card.
  • SIM Subscriber Identity Module
  • USIM Universal Subscriber Identity Module
  • an apparatus for executing a command including: a receiving module, configured to receive a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; and an execution module is set to Execute the operation corresponding to the command.
  • the device further includes: a determining module, configured to determine whether the PIN2 code from the user matches the PIN2 code preset by the terminal; and a setting module configured to preset the PIN2 code from the user and the terminal In the case where the PIN2 codes match, the smart card is placed in an operating state in which the USB Key function is executed.
  • the execution module comprises: an encryption and decryption unit configured to perform an encryption or decryption operation according to the command; and a feedback unit configured to feed back a result of performing the encryption or decryption operation to the data card.
  • a smart card for use in a mobile terminal, wherein the smart card includes a storage device, and the storage device stores a USB Key.
  • the smart card includes at least one of the following: a SIM card and a USIM card.
  • a mobile terminal is provided, wherein the mobile terminal comprises: the smart card of any of the above.
  • the USB Key is set in the smart card, which solves the related technology, which occupies two USB ports to waste PC resources, and the separate USB Key and data card may cause loss, and any one of them is lost, resulting in Another problem that cannot be used, and then In order to interact with the smart card and the data card in the same device, the utility of the PC is saved, and the utility model has high practicability.
  • FIG. 1 is a flowchart of a method of executing a command according to an embodiment of the present invention
  • FIG. 2 is a block diagram showing a structure of an apparatus for executing a command according to an embodiment of the present invention
  • FIG. 3 is an execution according to an embodiment of the present invention.
  • FIG. 4 is a block diagram showing the structure of an execution module of a device for executing a command according to an embodiment of the present invention;
  • FIG. 5 is a schematic diagram of a system architecture according to a preferred embodiment of the present invention
  • FIG. 7 is a flowchart of implementing a USB Key function by using a SIM card according to a preferred embodiment 3 of the present invention.
  • Step S102 the smart card of the mobile terminal receives a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; S104.
  • the smart card performs an operation corresponding to the command.
  • a USB Key is stored, and when the smart card receives a command that needs to be executed by means of the USB Key, the corresponding operation can be directly performed according to the command.
  • the USB Key is set in the smart card, which solves the related technology, which occupies the USB port of the USB port, and the separate USB Key and the data card may cause loss, and any one of them is lost. This leads to another problem that cannot be used, and thus the smart card and the data card can be interoperated in the same device, which saves the PC's superior resources and has high practicability.
  • the USB Key is stored in the smart card. Initially, an application with an EF file is built in the smart card. The EF file is used to store a certificate supporting the USB Key function.
  • the smart card may be a card having the same or similar functions, such as a SIM card or a USIM card.
  • the verification step can be added, that is, the PIN code of the SIM card itself can be used to perform the related operation of the encryption.
  • the smart card can receive the PIN2 code from the user, and determine whether the PIN2 code input by the user matches the PIN2 code preset by the terminal; if it matches, the USB Key function of the smart card is turned on, so that the function is in a working state. If the entered PIN2 code does not match the preset PIN2 code, the user may be an illegal user, prohibit any subsequent operations, or set the number of times the password is entered. After the number of incorrect passwords reaches the preset number of times, the user is prohibited. action.
  • the operation corresponding to the smart card execution command may be to perform different operations in different situations. For example, if the command is encrypted, the encryption operation is performed according to the command; and the result of performing the encryption operation is fed back to the data card.
  • the command received by the smart card may be a command after the format conversion process of the data card. If the format of the command is identifiable by the smart card, the data card may be processed without direct processing and transparently transmitted. If the received command is after the data card performs format conversion processing, the data card converts the operation command from the user; and then sends the converted operation command of the user to the smart card, where the smart card is used to execute the USB Key
  • the corresponding operation command of the function for example, performs encryption, decryption, and generates a key pair operation.
  • the data card performs conversion processing from the user's operation command, including the following process: the data card parses the user's operation command; and converts the parsed user's operation command into a smart card identifiable command for transmission.
  • the embodiment of the present invention further provides an apparatus for executing a command.
  • the structural block diagram of the apparatus is as shown in FIG. 2, and includes: a receiving module 10 configured to receive a command that needs to be executed by means of a USB Key, where the smart card stores a USB
  • the execution module 20 is coupled to the receiving module 10 and configured to perform an operation corresponding to the command.
  • the device may further include: a determining module 30, configured to determine whether the PIN2 code from the user matches the PIN2 code preset by the terminal; the setting module 40 is coupled with the determining module 30 and the receiving module 10, and is configured to be In the case where the PIN2 code from the user matches the PIN2 code preset by the terminal, the smart card is placed in an operating state in which the USB Key function is executed.
  • the execution module 20, as shown in FIG. 4 includes: an encryption and decryption unit 202 configured to perform an encryption or decryption operation according to a command; a feedback unit 204 coupled with the encryption and decryption unit 202, configured to perform encryption or The result of the decryption operation is fed back to the data card.
  • the embodiment further provides a smart card, which can be applied to a mobile terminal, that is, a mobile terminal including any one of the above smart cards.
  • the smart card may include a storage device, and when implemented, store the related files of the USB Key in the storage device to support the related functions of the USB Key.
  • the naming of each module is slightly different from the naming of each module in the above embodiment, but all of them can achieve the same function. And can perform the above method.
  • the preferred embodiment is based on the related art, in which the USB Key and the data card are usually separated, and the problem of occupying two USB sockets is required.
  • the encryption and decryption function of the existing USB Key is embedded in the SIM card, that is, the encryption and decryption process.
  • the data card serves as a bridge between the USB Key function operation interface and the SIM card, and is responsible for parsing and transmitting the encryption and decryption data.
  • the module involved in this embodiment includes: a SIM card, a data card driver module, a Data Protocol Application Protocol Data Unit (APDU) processing module, and a user operation interface.
  • the method provided in this embodiment includes the following process. The user operates on the USB Key PC operation interface and issues related commands such as encryption, decryption, and key pair generation.
  • the data card driver module parses and calls the relevant processing interface provided by the APDU processing module of the data card; the APDU processing module of the data card converts the received command into an APDU string that the SIM card can recognize, and the APDU is The string is sent to the SIM card.
  • the SIM card After receiving the APDU string, the SIM card internally performs an associated encryption and decryption operation, and returns the execution result to the APDU processing module of the data card.
  • the data card APDU processing module sends the result returned by the SIM card to the driver module.
  • the driver module converts the received data into a format recognizable by the USB Key operating software on the PC and sends it to the USB Key PC operating interface.
  • the PC USB Key operating software verifies the returned execution result. If the result is legal, the subsequent operation is allowed, otherwise it is rejected.
  • Preferred Embodiment 2 This embodiment relates to a system having a USB Key function and a method for implementing an interaction process based on the system.
  • the data card side driver module parses the operation requirement of the user interface, and the software module inside the data card is converted into an APDU string that can be identified by the corresponding SIM card, and the APDU command is sent to the SIM card, and is performed inside the SIM card.
  • the data is encrypted and decrypted, and the execution result is returned.
  • This SIM card and data card are used together to make it have a USB Key function.
  • the SIM card is a smart card containing a large-scale integrated circuit for registering user identification data and information.
  • the APDU is an instruction for the terminal to interact with the SIM card.
  • the EF file mainly the EF file for storing the certificate file
  • the data card terminal does not issue a command to the SIM card to activate the USB Key application, the subsequent certificate file cannot be read and encrypted. If the user cannot provide the correct PIN2 code, the user is an illegal user. In this case, the user should be prohibited from continuing the subsequent operations.
  • 3GPP 3rd Generation Partnership Project
  • Module 1 is a PC security application operation interface module.
  • the user performs USB Key related operations on this interface.
  • the module converts the operations that the user needs to perform into standard commands and sends them to the data card through the USB port.
  • the module is also responsible for receiving the data.
  • Module 2 is a data card driver module. The module needs to map a USB port on the PC. It is responsible for parsing the commands sent by the module 1 through the USB port, and converting them into commands that the data card can recognize, and calling the relevant interfaces provided by the module 3.
  • the command is issued, and the result reported by the module 3 is also converted into a packet format that can be recognized by the PC and reported to the module 1 through the USB port.
  • the module 3 data card APDU processing module is responsible for the command and data packet received from the module 2 to be an APDU string that can be recognized by the SIM card, and sent to the SIM card, and the execution result of the SIM card is reported to the module 2.
  • Module 4 is a SIM card, which is responsible for performing the encryption and decryption work performed by the original USB Key within it, and returns the data to module 3. Based on the system architecture described above, the flow of implementing the USB Key function by using the SIM card in this embodiment is as shown in FIG. 6, and includes steps S602 to S622.
  • step S602 the user operates on the USB Key PC operation interface, and issues related commands, such as: encryption, decryption, and generation of a key pair.
  • step S604 the data card driving module parses the above command, and invokes an relevant processing interface provided by the APDU processing module of the data card.
  • Step S606 the APDU processing module of the data card converts the received command into a SIM card identifiable
  • the APDU string is sent to the SIM card.
  • Step S608 receiving a PIN2 code from the user. This step is to improve security, so the SIM card is designed to require the user to perform PIN2 code verification when receiving such an operation.
  • Step S610 determining whether the PIN2 code check is passed. If yes, step S612 is performed, and if no, step S622 is performed.
  • Step S612 the SIM card performs an encryption and decryption APDU instruction and returns an execution result of the APDU format.
  • Step S614 the data card APDU processing module parses the valid data in the APDU string returned by the SIM card, and reports it to the driver module.
  • Step S616 the driver module converts the received data into a format recognizable by the USB Key operating software on the PC and sends the format to the USB Key PC operation interface.
  • Step S618, the PC USB Key operation software checks the returned execution result to determine whether the verification is passed. If yes, go to step S620, otherwise, go to step S622.
  • step S620 the user is allowed to perform subsequent operations.
  • Step S622 the user is prohibited from performing the next operation.
  • the data card and the USB Key are combined into one, which gradually becomes the customization requirement of the user.
  • the mobile terminal after the integration provided by the embodiment can save the USB interface of the PC, and the encryption and decryption function of the USB Key can be completed internally by the SIM card, and only needs to modify the internal software of the SIM card when designing the SIM card. Realization, this can save the hardware cost of the original USB Key; SIM card itself has PIN1, PIN2 code protection mechanism, further enhances the security of USB Key related operations; this SIM card is used with data card, not only for banks
  • the system provides security support, and can also be applied to other scenarios that require the use of a USB Key, thereby providing users with more convenient, safe and efficient services.
  • the system architecture of this embodiment may be as shown in FIG. 5, and the process performed may be as shown in FIG. 7.
  • the process indicates a specific implementation process of the data card APDU processing module, and the process includes steps S702 to S716.
  • step S702 the APDU is sent in accordance with the format agreed by the SIM card card vendor, and the USB Key application of the SIM card is activated.
  • step S704 the SIM card module internally maintains a state machine, and accepts and processes the commands sent by the driver module at any time.
  • step S706 the state machine determines whether a command sent by the driver module is received. If yes, step S708 is performed, otherwise, the step is continued.
  • Step S708 parsing the command sent by the driver module, performing the APDU group packet according to the command according to the command, and filling in relevant parameters.
  • Step S710 opening a logical channel (OPEN CHANNEL) for the USB Key application related command, for performing APDU transmission related to the USB Key application.
  • Step S712 the grouped APDUs are sent to the SIM card through the opened channel.
  • Step S714 accepting the execution result of the SIM card, and returning the result to the driver module.
  • the process may continue to return to step S704 for repeated execution, that is, the state machine waits for the command issued by the next driver module.
  • the present invention achieves the following technical effects:
  • the security of the USB Key related operation is further enhanced;
  • the SIM card is used together with the data card to provide not only the banking system but also the banking system.
  • Security support can also be applied to other scenarios where a USB Key is required, thus providing users with more convenient, safe and efficient services.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed are a command execution method and device, a smart card and a mobile terminal. The method comprises: a smart card of a mobile terminal receiving a command to be executed by means of a USB Key, wherein the USB Key is stored in the smart card; and the smart card executing an operation corresponding to the command. The present invention is applied to solve the problems in the related art that PC USB port resources are wasted because two USB ports are occupied, and a single USB Key and a data card may be lost, with loss of either one rendering the other unusable, thereby being able to conduct an interaction operation on a smart card and a data card in one and the same device, save PC USB port resources, and have a high practicality.

Description

执行命令的方法、 装置、 智能卡及移动终端 技术领域 本发明涉及智能卡及智能卡安全领域, 具体而言, 涉及一种执行命令的方法、 装 置、 智能卡及移动终端。 背景技术 随着第三代移动通信技术的发展成熟和广泛商用, 无线数据卡在各行各业都有了 广泛的应用。 部分地区的银行系统也对无线数据卡进行了商用定制, 由于银行系统对 安全性要求较高, 所以在使用数据卡的个人电脑 (Personal Computer, 简称为 PC) 设 备上同时还需要使用 USB Key, 这样就会占用两个 USB端口。 相关技术中, 占用两个 USB端口浪费 PC的优口资源,并且单独的 USB Key和数 据卡可能造成丢失的问题, 如果其中任何一个丢失, 都导致另一个无法使用。 发明内容 本发明提供了一种执行命令的方法、 装置、 智能卡及移动终端, 以至少解决相关 技术中, 占用两个 USB端口浪费 PC的优口资源,并且单独的 USB Key和数据卡可能 造成丢失, 其中任何一个丢失, 都导致另一个无法使用的问题。 根据本发明的一个方面, 提供了一种执行命令的方法, 包括: 移动终端的智能卡 接收需要借助于 USB Key执行的命令, 其中, 所述智能卡中存储有 USB Key; 所述智 能卡执行所述命令对应的操作。 优选地, 所述智能卡中存储有 USB Key包括: 所述智能卡内部建立有具有 EF文 件的应用, 其中, 所述 EF文件用于存放支持 USB Key功能的证书。 优选地, 移动终端的智能卡接收需要借助于 USB Key执行的命令之前, 还包括: 判断来自用户的 PIN2码是否与所述终端预置的 PIN2码相匹配; 如果是, 则将所述智 能卡置于执行 USB Key功能的工作状态。 优选地, 所述智能卡执行所述命令对应的操作包括: 根据所述命令执行加密或解 密操作; 将执行所述加密或解密操作的结果反馈至数据卡。 优选地, 移动终端的智能卡接收需要借助于 USB Key执行的命令包括: 所述智能 卡接收来自数据卡的进行格式转换处理后的命令。 优选地,所述智能卡接收来自数据卡的进行格式转换处理后的命令之前,还包括: 所述数据卡将来自于用户的操作命令进行转换处理; 将转换处理后的用户的操作命令 发送至智能卡, 其中, 所述智能卡用于执行 USB Key功能相对应的操作命令。 优选地, 所述用户的操作命令至少包括以下之一: 加密, 解密, 生成密钥对。 优选地, 所述数据卡将来自于用户的操作命令进行转换处理包括: 对所述用户的 操作命令进行解析; 将解析后的用户的操作命令转化为所述智能卡能识别的命令进行 发送。 优选地, 所述智能卡为客户识别模块 (Subscriber Identity Module, 简称为 SIM) 卡、 全球用户识别模块 (Universal Subscriber Identity Module, 简称为 USIM) 卡。 根据本发明的另一个方面, 提供了一种执行命令的装置, 包括: 接收模块, 设置 为接收需要借助于 USB Key执行的命令, 其中, 所述智能卡中存储有 USB Key; 执行 模块, 设置为执行所述命令对应的操作。 优选地, 所述装置还包括: 判断模块, 设置为判断来自用户的 PIN2 码是否与所 述终端预置的 PIN2码相匹配; 设置模块, 设置为在来自用户的 PIN2码与所述终端预 置的 PIN2码相匹配的情况下, 将所述智能卡置于执行 USB Key功能的工作状态。 优选地, 所述执行模块包括: 加解密单元, 设置为根据所述命令执行加密或解密 操作; 反馈单元, 设置为将执行所述加密或解密操作的结果反馈至数据卡。 根据本发明的又一个方面, 提供了一种智能卡, 应用在移动终端中, 其中, 所述 智能卡中包括存储装置, 所述存储装置中存储有 USB Key。 优选地, 所述智能卡包括一下至少之一: SIM卡、 USIM卡。 根据本发明的再一个方面, 提供了一种移动终端, 其中, 所述移动终端包括: 上 述任一项的所述智能卡。 本发明的智能卡中存储有 USB Key,则智能卡接收需要借助于 USB Key执行的命 令时, 可直接根据命令进行对应的操作。 通过运用本发明, 将 USB Key设置在智能卡 中,解决了相关技术中,占用两个 USB端口浪费 PC的优口资源,并且单独的 USB Key 和数据卡可能造成丢失, 其中任何一个丢失, 都导致另一个无法使用的问题, 进而可 以将智能卡与数据卡在同一装置中进行交互操作, 节约了 PC 的优口资源, 具有很高 的实用性。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中- 图 1是根据本发明实施例的执行命令的方法的流程图; 图 2是根据本发明实施例的执行命令的装置的结构框图一; 图 3是根据本发明实施例的执行命令的装置的结构框图二; 图 4是根据本发明实施例的执行命令的装置的执行模块的结构框图; 图 5是根据本发明优选实施例二的系统架构示意图; 图 6是根据本发明优选实施例二的利用 SIM卡实现 USB Key功能的流程图; 以 及 图 7是根据本发明优选实施例三的利用 SIM卡实现 USB Key功能的流程图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的 情况下, 本申请中的实施例及实施例中的特征可以相互组合。 基于相关技术中, 占用两个 USB端口浪费 PC的优口资源, 并且单独的 USB Key 和数据卡可能造成丢失, 其中任何一个丢失, 都导致另一个无法使用的问题, 本发明 实施例提供了一种执行命令的方法,该方法的流程如图 1所示,包括步骤 S102至步骤 S104: 步骤 S102, 移动终端的智能卡接收需要借助于 USB Key执行的命令, 其中, 智 能卡中存储有 USB Key; 步骤 S104, 智能卡执行命令对应的操作。 本实施例的智能卡中存储有 USB Key,则智能卡接收需要借助于 USB Key执行的 命令时, 可直接根据命令进行对应的操作。 通过运用本实施例, 将 USB Key设置在智 能卡中, 解决了相关技术中, 占用两个 USB 端口浪费 PC 的优口资源, 并且单独的 USB Key和数据卡可能造成丢失,其中任何一个丢失,都导致另一个无法使用的问题, 进而可以将智能卡与数据卡在同一装置中进行交互操作, 节约了 PC 的优口资源, 具 有很高的实用性。 智能卡中存储有 USB Key是在初始时,在智能卡内部建立有具有 EF文件的应用, 其中, EF文件用于存放支持 USB Key功能的证书。其中,智能卡可以为 SIM卡或 USIM 卡等具有相同或类似功能的卡。 移动终端的智能卡接收需要借助于 USB Key执行的命令之前, 可以增加验证步 骤, 即可以利用 SIM卡本身的 PIN码来进行加密的相关操作。智能卡可以接收来自用 户的 PIN2码, 并判断用户输入的的 PIN2码是否与终端预置的 PIN2码相匹配; 如果 匹配, 则将智能卡的 USB Key功能开启, 使该功能处于工作状态。 如果输入的 PIN2 码与预置的 PIN2 码不匹配, 则说明用户可能是非法用户, 禁止后续的任何操作, 或 者设置输入密码的次数, 则在输入密码错误次数达到预设次数后, 在进行禁止动作。 实施时, 智能卡执行命令对应的操作可以是在不同情况下执行不同的操作,例如, 该命令为加密, 则根据命令执行加密操作; 并将执行加密操作的结果反馈至数据卡。 智能卡接收的命令可以是经过数据卡的进行格式转换处理后的命令, 如果命令的 格式是智能卡可以识别的, 也可以在数据卡处不进行处理, 直接进行透传。 如果接收的命令是数据卡进行格式转换处理后的, 则数据卡将来自于用户的操作 命令进行转换处理; 然后将转换处理后的用户的操作命令发送至智能卡, 其中, 智能 卡用于执行 USB Key功能相对应的操作命令, 例如, 进行加密, 解密, 生成密钥对等 操作。 实施时, 数据卡将来自于用户的操作命令进行转换处理包括如下过程: 数据卡对 用户的操作命令进行解析; 将解析后的用户的操作命令转化为智能卡能识别的命令进 行发送。 本发明实施例还提供了一种执行命令的装置, 该装置的结构框图如图 2所示, 包 括: 接收模块 10, 设置为接收需要借助于 USB Key执行的命令, 其中, 智能卡中存 储有 USB Key; 执行模块 20, 与接收模块 10耦合, 设置为执行命令对应的操作。 上述装置还可以如图 3所示包括: 判断模块 30, 设置为判断来自用户的 PIN2码 是否与终端预置的 PIN2码相匹配; 设置模块 40, 与判断模块 30和接收模块 10耦合, 设置为在来自用户的 PIN2码与终端预置的 PIN2码相匹配的情况下, 将智能卡置于执 行 USB Key功能的工作状态。 在一个实施例中, 执行模块 20可以如图 4所示, 包括: 加解密单元 202, 设置为 根据命令执行加密或解密操作; 反馈单元 204, 与加解密单元 202耦合, 设置为将执 行加密或解密操作的结果反馈至数据卡。 本实施例还提供了一种智能卡, 该智能卡可以应用在移动终端中, 即包括上述任 意一种智能卡的移动终端。 优选的, 该智能卡中可以包括一个存储装置, 实施时, 将 该存储装置中存储 USB Key的相关文件, 以支持 USB Key的相关功能。 下面结合优选实施例及附图对本发明的实施方式进行说明, 在下述实施例中, 具 有的各模块的命名与上述实施例中各模块的命名略有不同,但其都能实现相同的功能, 并都能执行上述方法。 优选实施例一 基于相关技术中 USB Key与数据卡通常都是分离的, 需要占用两个 USB插口的 问题, 本实施例将现有 USB Key的加解密功能植入 SIM卡中, 即加解密过程由 SIM 卡内部完成。 数据卡作为 USB Key功能操作界面和 SIM卡之间的桥梁, 负责解析及 传送加解密数据。 本实施例涉及的模块包括: SIM卡、 数据卡驱动模块、 数据卡应用协议数据单元 (Application Protocol Data Unit , 简称为 APDU) 处理模块以及用户操作界面。 本实 施例提供的方法包括如下过程。 用户在 USB Key PC操作界面进行操作, 下发相关命令, 如: 加密、 解密、 生成 密钥对等。 数据卡驱动模块收到上述命令后进行解析, 并且调用数据卡的 APDU处理模块提 供的相关处理接口;数据卡的 APDU处理模块将接收到的命令转化为 SIM卡可以识别 的 APDU串, 并将 APDU串发送给 SIM卡。 TECHNICAL FIELD The present invention relates to the field of smart card and smart card security, and in particular to a method, device, smart card and mobile terminal for executing a command. BACKGROUND With the development and commercialization of the third generation mobile communication technology, wireless data cards have been widely used in various industries. In some regions, the banking system also commercializes wireless data cards. Because the banking system has high security requirements, the USB Key is also required on the personal computer (Personal Computer) device that uses the data card. This will take up two USB ports. In the related art, occupying two USB ports wastes the port resources of the PC, and a separate USB Key and a data card may cause a loss problem, and if any one of them is lost, the other cannot be used. SUMMARY OF THE INVENTION The present invention provides a method, an apparatus, a smart card, and a mobile terminal for executing a command, so as to at least solve the related art, occupying two USB ports to waste PC resources, and a separate USB Key and data card may cause loss Any one of them is lost, causing another problem that cannot be used. According to an aspect of the present invention, a method for executing a command is provided, including: a smart card of a mobile terminal receives a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; the smart card executes the command Corresponding operation. Preferably, the USB key is stored in the smart card, and the smart card is internally configured with an application having an EF file, wherein the EF file is used to store a certificate supporting the USB Key function. Preferably, before the smart card of the mobile terminal receives the command required to be executed by means of the USB Key, the method further comprises: determining whether the PIN2 code from the user matches the PIN2 code preset by the terminal; if yes, placing the smart card Execute the working status of the USB Key function. Preferably, the performing, by the smart card, the operation corresponding to the command comprises: performing an encryption or decryption operation according to the command; and feeding back a result of performing the encryption or decryption operation to the data card. Preferably, the receiving, by the smart card of the mobile terminal, the command required to be executed by means of the USB Key comprises: the smart card receiving a command after the format conversion process from the data card. Preferably, before the smart card receives the command from the data card for performing the format conversion process, the method further includes: the data card converting the operation command from the user; and transmitting the operation command of the converted user to the smart card The smart card is used to execute an operation command corresponding to the USB Key function. Preferably, the operation command of the user includes at least one of the following: encrypting, decrypting, generating a key pair. Preferably, the data card performs conversion processing on the operation command from the user, including: parsing the operation command of the user; and converting the operation command of the parsed user into a command recognizable by the smart card for sending. Preferably, the smart card is a Subscriber Identity Module (SIM) card and a Universal Subscriber Identity Module (USIM) card. According to another aspect of the present invention, an apparatus for executing a command is provided, including: a receiving module, configured to receive a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; and an execution module is set to Execute the operation corresponding to the command. Preferably, the device further includes: a determining module, configured to determine whether the PIN2 code from the user matches the PIN2 code preset by the terminal; and a setting module configured to preset the PIN2 code from the user and the terminal In the case where the PIN2 codes match, the smart card is placed in an operating state in which the USB Key function is executed. Preferably, the execution module comprises: an encryption and decryption unit configured to perform an encryption or decryption operation according to the command; and a feedback unit configured to feed back a result of performing the encryption or decryption operation to the data card. According to still another aspect of the present invention, a smart card is provided for use in a mobile terminal, wherein the smart card includes a storage device, and the storage device stores a USB Key. Preferably, the smart card includes at least one of the following: a SIM card and a USIM card. According to still another aspect of the present invention, a mobile terminal is provided, wherein the mobile terminal comprises: the smart card of any of the above. When the USB card is stored in the smart card of the present invention, when the smart card receives a command that needs to be executed by means of the USB Key, the corresponding operation can be directly performed according to the command. By using the invention, the USB Key is set in the smart card, which solves the related technology, which occupies two USB ports to waste PC resources, and the separate USB Key and data card may cause loss, and any one of them is lost, resulting in Another problem that cannot be used, and then In order to interact with the smart card and the data card in the same device, the utility of the PC is saved, and the utility model has high practicability. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a flowchart of a method of executing a command according to an embodiment of the present invention; FIG. 2 is a block diagram showing a structure of an apparatus for executing a command according to an embodiment of the present invention; FIG. 3 is an execution according to an embodiment of the present invention. FIG. 4 is a block diagram showing the structure of an execution module of a device for executing a command according to an embodiment of the present invention; FIG. 5 is a schematic diagram of a system architecture according to a preferred embodiment of the present invention; FIG. A flowchart of implementing a USB Key function by using a SIM card in Embodiment 2; and FIG. 7 is a flowchart of implementing a USB Key function by using a SIM card according to a preferred embodiment 3 of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. In the related art, occupying two USB ports wastes the port resources of the PC, and the separate USB Key and the data card may cause loss, and any one of them is lost, which causes another problem that cannot be used. A method for executing a command, the flow of the method is as shown in FIG. 1 , including steps S102 to S104 : Step S102 , the smart card of the mobile terminal receives a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key; S104. The smart card performs an operation corresponding to the command. In the smart card of this embodiment, a USB Key is stored, and when the smart card receives a command that needs to be executed by means of the USB Key, the corresponding operation can be directly performed according to the command. By using the embodiment, the USB Key is set in the smart card, which solves the related technology, which occupies the USB port of the USB port, and the separate USB Key and the data card may cause loss, and any one of them is lost. This leads to another problem that cannot be used, and thus the smart card and the data card can be interoperated in the same device, which saves the PC's superior resources and has high practicability. The USB Key is stored in the smart card. Initially, an application with an EF file is built in the smart card. The EF file is used to store a certificate supporting the USB Key function. The smart card may be a card having the same or similar functions, such as a SIM card or a USIM card. Before the smart card of the mobile terminal receives the command required to be executed by means of the USB Key, the verification step can be added, that is, the PIN code of the SIM card itself can be used to perform the related operation of the encryption. The smart card can receive the PIN2 code from the user, and determine whether the PIN2 code input by the user matches the PIN2 code preset by the terminal; if it matches, the USB Key function of the smart card is turned on, so that the function is in a working state. If the entered PIN2 code does not match the preset PIN2 code, the user may be an illegal user, prohibit any subsequent operations, or set the number of times the password is entered. After the number of incorrect passwords reaches the preset number of times, the user is prohibited. action. In implementation, the operation corresponding to the smart card execution command may be to perform different operations in different situations. For example, if the command is encrypted, the encryption operation is performed according to the command; and the result of performing the encryption operation is fed back to the data card. The command received by the smart card may be a command after the format conversion process of the data card. If the format of the command is identifiable by the smart card, the data card may be processed without direct processing and transparently transmitted. If the received command is after the data card performs format conversion processing, the data card converts the operation command from the user; and then sends the converted operation command of the user to the smart card, where the smart card is used to execute the USB Key The corresponding operation command of the function, for example, performs encryption, decryption, and generates a key pair operation. In implementation, the data card performs conversion processing from the user's operation command, including the following process: the data card parses the user's operation command; and converts the parsed user's operation command into a smart card identifiable command for transmission. The embodiment of the present invention further provides an apparatus for executing a command. The structural block diagram of the apparatus is as shown in FIG. 2, and includes: a receiving module 10 configured to receive a command that needs to be executed by means of a USB Key, where the smart card stores a USB The execution module 20 is coupled to the receiving module 10 and configured to perform an operation corresponding to the command. The device may further include: a determining module 30, configured to determine whether the PIN2 code from the user matches the PIN2 code preset by the terminal; the setting module 40 is coupled with the determining module 30 and the receiving module 10, and is configured to be In the case where the PIN2 code from the user matches the PIN2 code preset by the terminal, the smart card is placed in an operating state in which the USB Key function is executed. In one embodiment, the execution module 20, as shown in FIG. 4, includes: an encryption and decryption unit 202 configured to perform an encryption or decryption operation according to a command; a feedback unit 204 coupled with the encryption and decryption unit 202, configured to perform encryption or The result of the decryption operation is fed back to the data card. The embodiment further provides a smart card, which can be applied to a mobile terminal, that is, a mobile terminal including any one of the above smart cards. Preferably, the smart card may include a storage device, and when implemented, store the related files of the USB Key in the storage device to support the related functions of the USB Key. The embodiments of the present invention will be described below in conjunction with the preferred embodiments and the accompanying drawings. In the following embodiments, the naming of each module is slightly different from the naming of each module in the above embodiment, but all of them can achieve the same function. And can perform the above method. The preferred embodiment is based on the related art, in which the USB Key and the data card are usually separated, and the problem of occupying two USB sockets is required. In this embodiment, the encryption and decryption function of the existing USB Key is embedded in the SIM card, that is, the encryption and decryption process. Completed internally by the SIM card. The data card serves as a bridge between the USB Key function operation interface and the SIM card, and is responsible for parsing and transmitting the encryption and decryption data. The module involved in this embodiment includes: a SIM card, a data card driver module, a Data Protocol Application Protocol Data Unit (APDU) processing module, and a user operation interface. The method provided in this embodiment includes the following process. The user operates on the USB Key PC operation interface and issues related commands such as encryption, decryption, and key pair generation. After receiving the above command, the data card driver module parses and calls the relevant processing interface provided by the APDU processing module of the data card; the APDU processing module of the data card converts the received command into an APDU string that the SIM card can recognize, and the APDU is The string is sent to the SIM card.
SIM卡收到 APDU串之后在内部执行相关加解密操作, 并将执行结果返回给数据 卡的 APDU处理模块。数据卡 APDU处理模块将 SIM卡返回的结果发送给驱动模块。 驱动模块将收到的数据转化为 PC机上的 USB Key操作软件可以识别的格式并且发送 给 USB Key PC操作界面。 After receiving the APDU string, the SIM card internally performs an associated encryption and decryption operation, and returns the execution result to the APDU processing module of the data card. The data card APDU processing module sends the result returned by the SIM card to the driver module. The driver module converts the received data into a format recognizable by the USB Key operating software on the PC and sends it to the USB Key PC operating interface.
PC机 USB Key操作软件对返回的执行结果进行校验, 如果结果合法, 允许进行 后续操作, 否则拒绝。 优选实施例二 本实施例涉及一种具有 USB Key功能的系统及基于该系统实现交互过程的方法。 本实施例通过数据卡侧驱动模块解析用户界面的操作要求, 由加数据卡内部的软件模 块转化成对应的 SIM卡可以识别的 APDU串, 并且将 APDU命令发送给 SIM卡, 在 SIM卡内部进行数据的加解密操作, 并且返回执行结果。 通过这种 SIM卡和数据卡配 合使用的方式, 使其具有了 USB Key功能。 The PC USB Key operating software verifies the returned execution result. If the result is legal, the subsequent operation is allowed, otherwise it is rejected. Preferred Embodiment 2 This embodiment relates to a system having a USB Key function and a method for implementing an interaction process based on the system. In this embodiment, the data card side driver module parses the operation requirement of the user interface, and the software module inside the data card is converted into an APDU string that can be identified by the corresponding SIM card, and the APDU command is sent to the SIM card, and is performed inside the SIM card. The data is encrypted and decrypted, and the execution result is returned. This SIM card and data card are used together to make it have a USB Key function.
SIM卡是一张内含大规模集成电路的智能卡,用来登记用户身份识别数据和信息。 APDU是终端和 SIM卡交互的指令。 为了使 SIM卡具有 USB Key功能, 首先需要在 SIM卡内部新建一个应用, 并且使该应用中涉及的 EF文件 (主要是用于存放证书文 件的 EF文件)操作受到 PIN2码保护。也就是说当用户需要将该 SIM卡作为 USB Key 使用时, 首先需要数据卡下发命令激活 SIM卡的 USB Key功能的应用; 然后需要用 户通过 PIN2码校验。 如果数据卡终端不给 SIM卡下发命令激活 USB Key应用, 则无法进行后续证书 文件的读取及加解密操作。 如果用户无法提供正确的 PIN2码, 说明用户为非法用户, 此时应禁止用户继续后续操作。 其次, 需要为 SIM卡设计用于进行 USB Key操作的 APDU指令, 至少应该实现 三个功能: 生成公私钥密钥对, 数据的加密以及数据的解密。 由于第三代移动通讯伙 伴计划 (3rd Generation partnership project, 简称为 3GPP) 标准协议关于 SIM卡的协 议中并没有此类功能的规定, 因此 APDU命令中的的 CLA、 INS两个参数可以由我们 自己定义, 加密、 解密功能可以合用一个 INS参数, 并通过 Pl, P2参数来进行区分。 如图 5所示, 表明了系统的基本架构图。 模块 1为 PC机安全应用操作界面模块, 用户在此界面进行 USB Key相关操作, 该模块将用户需要执行的操作转化为标准命令通过 USB端口下发给数据卡,同时该模 块还要负责接收由数据卡返回的执行结果并判断结果是否合法。 模块 2为数据卡驱动模块, 该模块需要在 PC机上映射出一个 USB端口, 负责解 析模块 1通过 USB端口下发的命令, 并且转化为数据卡可以识别的命令, 并调用模块 3提供的相关接口,进行命令的下发, 同时还要负责将模块 3上报的结果转化为 PC机 可以识别的数据包格式并且通过 USB口上报给模块 1。 模块 3数据卡 APDU处理模块, 负责将从模块 2收到的命令和数据组包成为 SIM 卡可以识别的 APDU串, 并发送给 SIM卡, 同时将 SIM卡的执行结果上报给模块 2。 模块 4为 SIM卡, 该模块负责在其内部执行原有 USB Key负责的加解密工作, 并将数据返回给模块 3。 基于上述的系统架构, 本实施例利用 SIM卡实现 USB Key功能的流程如图 6所 示, 包括步骤 S602至步骤 S622。 步骤 S602, 用户在 USB Key PC操作界面进行操作, 下发相关命令, 如: 加密、 解密、 生成密钥对等。 步骤 S604, 数据卡驱动模块收到上述命令后进行解析, 并且调用数据卡的 APDU 处理模块提供的相关处理接口。 步骤 S606, 数据卡的 APDU处理模块将接收到的命令转化为 SIM卡可以识别的The SIM card is a smart card containing a large-scale integrated circuit for registering user identification data and information. The APDU is an instruction for the terminal to interact with the SIM card. In order to make the SIM card have the USB Key function, it is first necessary to create a new application inside the SIM card, and the operation of the EF file (mainly the EF file for storing the certificate file) involved in the application is protected by the PIN2 code. That is to say, when the user needs to use the SIM card as a USB Key, the data card first needs to issue a command to activate the application of the USB Key function of the SIM card; then the user needs to pass the PIN2 code verification. If the data card terminal does not issue a command to the SIM card to activate the USB Key application, the subsequent certificate file cannot be read and encrypted. If the user cannot provide the correct PIN2 code, the user is an illegal user. In this case, the user should be prohibited from continuing the subsequent operations. Secondly, it is necessary to design an APDU command for USB card operation for the SIM card. At least three functions should be implemented: generating a public-private key pair, encrypting data, and decrypting data. Since the 3rd Generation Partnership Project (3GPP) standard protocol does not have such a function in the SIM card protocol, the CLA and INS parameters in the APDU command can be made by ourselves. Definition, encryption, decryption function can use an INS parameter, and distinguish by Pl, P2 parameters. As shown in Figure 5, the basic architecture of the system is shown. Module 1 is a PC security application operation interface module. The user performs USB Key related operations on this interface. The module converts the operations that the user needs to perform into standard commands and sends them to the data card through the USB port. The module is also responsible for receiving the data. The execution result returned by the data card and judge whether the result is legal. Module 2 is a data card driver module. The module needs to map a USB port on the PC. It is responsible for parsing the commands sent by the module 1 through the USB port, and converting them into commands that the data card can recognize, and calling the relevant interfaces provided by the module 3. The command is issued, and the result reported by the module 3 is also converted into a packet format that can be recognized by the PC and reported to the module 1 through the USB port. The module 3 data card APDU processing module is responsible for the command and data packet received from the module 2 to be an APDU string that can be recognized by the SIM card, and sent to the SIM card, and the execution result of the SIM card is reported to the module 2. Module 4 is a SIM card, which is responsible for performing the encryption and decryption work performed by the original USB Key within it, and returns the data to module 3. Based on the system architecture described above, the flow of implementing the USB Key function by using the SIM card in this embodiment is as shown in FIG. 6, and includes steps S602 to S622. In step S602, the user operates on the USB Key PC operation interface, and issues related commands, such as: encryption, decryption, and generation of a key pair. Step S604, the data card driving module parses the above command, and invokes an relevant processing interface provided by the APDU processing module of the data card. Step S606, the APDU processing module of the data card converts the received command into a SIM card identifiable
APDU串, 并将 APDU串发送给 SIM卡。 步骤 S608, 接收来自用户的 PIN2码。 本步骤是为了提高安全性, 因此设计 SIM 卡收到这类操作时要求用户进行 PIN2码校验。 步骤 S610, 判断 PIN2码校验是否通过。 如果是, 则执行步骤 S612, 如果否, 则 执行步骤 S622。 步骤 S612, SIM卡执行加解密 APDU指令并且返回 APDU格式的执行结果。 步骤 S614, 数据卡 APDU处理模块将 SIM卡返回的 APDU串中的有效数据解析 出来, 并且上报给驱动模块。 步骤 S616,驱动模块将收到的数据转化为 PC机上的 USB Key操作软件可以识别 的格式并且发送给 USB Key PC操作界面。 步骤 S618, PC机 USB Key操作软件对返回的执行结果进行校验, 判断校验是否 通过。 如果通过, 则执行步骤 S620, 否则, 执行步骤 S622 步骤 S620, 允许用户进行后续操作。 步骤 S622, 禁止用户进行下一步操作。 优选实施例三 将数据卡和 USB Key合二为一, 逐渐成为这部分用户的定制需求。本实施例提供 的合为一体之后的移动终端, 除了可以节省 PC机 USB接口之外, USB Key的加解密 功能可以由 SIM卡内部完成,只需要在设计 SIM卡时修改 SIM卡内部软件即可实现, 这样可以省去原有 USB Key的硬件成本费用; SIM卡本身具有 PIN1, PIN2码保护机 制, 进一步增强了 USB Key相关操作的安全性; 这种 SIM卡配合数据卡使用, 不仅 可以为银行系统提供安全支持, 也可以适用于其他需要使用 USB Key的场景, 从而为 用户带来更为便捷、 安全和高效的服务。 本实施例的系统架构可以如图 5所示, 执行的流程可以如图 7所示, 该流程表明 了数据卡 APDU处理模块的具体实现流程, 该流程包括步骤 S702至步骤 S716。 步骤 S702,按照和 SIM卡卡商约定好的格式下发 APDU,激活 SIM卡的 USB Key 应用。 步骤 S704, SIM卡模块内部维护一个状态机, 随时接受并处理驱动模块发送的命 令。 步骤 S706,状态机判断是否收到驱动模块发送的命令。如果是,则执行步骤 S708, 否则, 继续执行该步骤。 步骤 S708,解析驱动模块传来的命令,根据命令进行按照一定格式进行 APDU组 包, 填写相关参数。 步骤 S710, 为 USB Key应用相关命令打开一个逻辑信道 (OPEN CHANNEL), 用于进行 USB Key应用相关的 APDU传输。 步骤 S712, 通过已打开的信道将组好包的 APDU发送给 SIM卡。 步骤 S714, 接受 SIM卡的执行结果, 并将结果返回给驱动模块。 步骤 S716, 一条命令执行完成, 关闭该逻辑信道 (CLOSE CHANNEL )。 在该步 骤后,可以继续返回步骤 S704进行重复执行, 即状态机等待下一条驱动模块下发的命 令。 从以上的描述中, 可以看出, 本发明实现了如下技术效果: 通过运用本实施例, 进一步增强了 USB Key相关操作的安全性; 这种 SIM卡配 合数据卡使用, 不仅可以为银行系统提供安全支持, 也可以适用于其他需要使用 USB Key的场景, 从而为用户带来更为便捷、 安全和高效的服务。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 并且在某些情况下, 可以以不同于此处 的顺序执行所示出或描述的步骤, 或者将它们分别制作成各个集成电路模块, 或者将 它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任 何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技 术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 The APDU string is sent to the SIM card. Step S608, receiving a PIN2 code from the user. This step is to improve security, so the SIM card is designed to require the user to perform PIN2 code verification when receiving such an operation. Step S610, determining whether the PIN2 code check is passed. If yes, step S612 is performed, and if no, step S622 is performed. Step S612, the SIM card performs an encryption and decryption APDU instruction and returns an execution result of the APDU format. Step S614, the data card APDU processing module parses the valid data in the APDU string returned by the SIM card, and reports it to the driver module. Step S616, the driver module converts the received data into a format recognizable by the USB Key operating software on the PC and sends the format to the USB Key PC operation interface. Step S618, the PC USB Key operation software checks the returned execution result to determine whether the verification is passed. If yes, go to step S620, otherwise, go to step S622. In step S620, the user is allowed to perform subsequent operations. Step S622, the user is prohibited from performing the next operation. In the third embodiment, the data card and the USB Key are combined into one, which gradually becomes the customization requirement of the user. The mobile terminal after the integration provided by the embodiment can save the USB interface of the PC, and the encryption and decryption function of the USB Key can be completed internally by the SIM card, and only needs to modify the internal software of the SIM card when designing the SIM card. Realization, this can save the hardware cost of the original USB Key; SIM card itself has PIN1, PIN2 code protection mechanism, further enhances the security of USB Key related operations; this SIM card is used with data card, not only for banks The system provides security support, and can also be applied to other scenarios that require the use of a USB Key, thereby providing users with more convenient, safe and efficient services. The system architecture of this embodiment may be as shown in FIG. 5, and the process performed may be as shown in FIG. 7. The process indicates a specific implementation process of the data card APDU processing module, and the process includes steps S702 to S716. In step S702, the APDU is sent in accordance with the format agreed by the SIM card card vendor, and the USB Key application of the SIM card is activated. Step S704, the SIM card module internally maintains a state machine, and accepts and processes the commands sent by the driver module at any time. In step S706, the state machine determines whether a command sent by the driver module is received. If yes, step S708 is performed, otherwise, the step is continued. Step S708, parsing the command sent by the driver module, performing the APDU group packet according to the command according to the command, and filling in relevant parameters. Step S710, opening a logical channel (OPEN CHANNEL) for the USB Key application related command, for performing APDU transmission related to the USB Key application. Step S712, the grouped APDUs are sent to the SIM card through the opened channel. Step S714, accepting the execution result of the SIM card, and returning the result to the driver module. Step S716, a command execution is completed, and the logical channel (CLOSE CHANNEL) is closed. After this step, the process may continue to return to step S704 for repeated execution, that is, the state machine waits for the command issued by the next driver module. From the above description, it can be seen that the present invention achieves the following technical effects: By using the embodiment, the security of the USB Key related operation is further enhanced; the SIM card is used together with the data card to provide not only the banking system but also the banking system. Security support can also be applied to other scenarios where a USB Key is required, thus providing users with more convenient, safe and efficient services. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种执行命令的方法, 其中包括: 1. A method of executing a command, which includes:
移动终端的智能卡接收需要借助于 USB Key执行的命令, 其中, 所述智能 卡中存储有 USB Key;  The smart card of the mobile terminal receives a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key;
所述智能卡执行所述命令对应的操作。  The smart card performs an operation corresponding to the command.
2. 根据权利要求 1所述的方法, 其中, 所述智能卡中存储有 USB Key包括: 所述智能卡内部建立有具有 EF文件的应用, 其中, 所述 EF文件设置为存 放支持 USB Key功能的证书。 The method of claim 1 , wherein the storing the USB key in the smart card comprises: the smart card internally having an application having an EF file, wherein the EF file is set to store a certificate supporting the USB Key function .
3. 根据权利要求 1所述的方法,其中,移动终端的智能卡接收需要借助于 USB Key 执行的命令之前, 还包括: 3. The method according to claim 1, wherein before the smart card of the mobile terminal receives the command that needs to be executed by means of the USB Key, the method further includes:
判断来自用户的 PIN2码是否与所述终端预置的 PIN2码相匹配; 如果是, 则将所述智能卡置于执行 USB Key功能的工作状态。  Determining whether the PIN2 code from the user matches the PIN2 code preset by the terminal; if so, placing the smart card in an operating state in which the USB Key function is performed.
4. 根据权利要求 1所述的方法,其中,所述智能卡执行所述命令对应的操作包括: 根据所述命令执行加密或解密操作; 4. The method according to claim 1, wherein the operation of the smart card to execute the command comprises: performing an encryption or decryption operation according to the command;
将执行所述加密或解密操作的结果反馈至数据卡。  The result of performing the encryption or decryption operation is fed back to the data card.
5. 根据权利要求 1至 4中任一项所述的方法, 其中, 移动终端的智能卡接收需要 借助于 USB Key执行的命令包括: The method according to any one of claims 1 to 4, wherein the receiving, by the smart card of the mobile terminal, the command required to be executed by means of the USB Key comprises:
所述智能卡接收来自数据卡的进行格式转换处理后的命令。  The smart card receives a command from the data card for performing a format conversion process.
6. 根据权利要求 5所述的方法, 其中, 所述智能卡接收来自数据卡的进行格式转 换处理后的命令之前, 还包括: The method according to claim 5, wherein, before the smart card receives the command after the format conversion process from the data card, the method further includes:
所述数据卡将来自于用户的操作命令进行转换处理;  The data card performs conversion processing from an operation command of the user;
将转换处理后的用户的操作命令发送至智能卡, 其中, 所述智能卡设置为 执行 USB Key功能相对应的操作命令。  The operation command of the converted user is sent to the smart card, wherein the smart card is set to execute an operation command corresponding to the USB Key function.
7. 根据权利要求 6所述的方法, 其中, 所述用户的操作命令至少包括以下之一: 加密, 解密, 生成密钥对。 The method according to claim 6, wherein the operation command of the user includes at least one of the following: encrypting, decrypting, generating a key pair.
8. 根据权利要求 6所述的方法, 其中, 所述数据卡将来自于用户的操作命令进行 转换处理包括: 对所述用户的操作命令进行解析; The method according to claim 6, wherein the converting, by the data card, the operation command from the user comprises: parsing an operation command of the user;
将解析后的用户的操作命令转化为所述智能卡能识别的命令进行发送。  Translating the parsed user's operation command into a command that the smart card can recognize and transmitting.
9. 根据权利要求 1所述的方法, 其中, 所述智能卡为客户识别模块 SIM卡、 全球 用户识别模块 USIM卡。 9. The method according to claim 1, wherein the smart card is a customer identification module SIM card, a global subscriber identity module USIM card.
10. 一种执行命令的装置, 其包括: 10. An apparatus for executing a command, comprising:
接收模块, 设置为接收需要借助于 USB Key执行的命令, 其中, 所述智能 卡中存储有 USB Key;  a receiving module, configured to receive a command that needs to be executed by means of a USB Key, wherein the smart card stores a USB Key;
执行模块, 设置为执行所述命令对应的操作。  The execution module is set to execute the operation corresponding to the command.
11. 根据权利要求 10所述的装置, 其中, 还包括: 11. The device according to claim 10, further comprising:
判断模块, 设置为判断来自用户的 PIN2码是否与所述终端预置的 PIN2码 相匹配;  a determining module, configured to determine whether the PIN2 code from the user matches the PIN2 code preset by the terminal;
设置模块, 设置为在来自用户的 PIN2码与所述终端预置的 PIN2码相匹配 的情况下, 将所述智能卡置于执行 USB Key功能的工作状态。  The setting module is configured to place the smart card in an operating state in which the USB Key function is performed in a case where the PIN2 code from the user matches the PIN2 code preset by the terminal.
12. 根据权利要求 10或 11所述的装置, 其中, 所述执行模块包括: The device according to claim 10 or 11, wherein the execution module comprises:
加解密单元, 设置为根据所述命令执行加密或解密操作;  An encryption and decryption unit configured to perform an encryption or decryption operation according to the command;
反馈单元, 设置为将执行所述加密或解密操作的结果反馈至数据卡。  A feedback unit is arranged to feed back the result of performing the encryption or decryption operation to the data card.
13. 一种智能卡, 应用在移动终端中, 其中, 所述智能卡中包括存储装置, 所述存 储装置中存储有 USB Key。 A smart card, which is applied to a mobile terminal, wherein the smart card includes a storage device, and the storage device stores a USB Key.
14. 根据权利要求 13所述的智能卡, 其中, 所述智能卡包括一下至少之一: 客户识 别模块 SIM卡、 全球用户识别模块 USIM卡。 The smart card according to claim 13, wherein the smart card comprises at least one of the following: a customer identification module SIM card, a global subscriber identity module USIM card.
15. 一种移动终端, 所述移动终端包括: 权利要求 13或 14的所述智能卡。 A mobile terminal, comprising: the smart card of claim 13 or 14.
PCT/CN2013/079851 2012-11-13 2013-07-23 Command execution method and device, smart card and mobile terminal WO2013174321A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210454385.X 2012-11-13
CN201210454385XA CN103020547A (en) 2012-11-13 2012-11-13 Method and device for executing commands, intelligent card and mobile terminal

Publications (1)

Publication Number Publication Date
WO2013174321A1 true WO2013174321A1 (en) 2013-11-28

Family

ID=47969141

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079851 WO2013174321A1 (en) 2012-11-13 2013-07-23 Command execution method and device, smart card and mobile terminal

Country Status (2)

Country Link
CN (1) CN103020547A (en)
WO (1) WO2013174321A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020547A (en) * 2012-11-13 2013-04-03 中兴通讯股份有限公司 Method and device for executing commands, intelligent card and mobile terminal
CN105279647A (en) * 2014-07-16 2016-01-27 中兴通讯股份有限公司 Method, device and intelligent card for achieving remote payment
CN105321069A (en) * 2014-07-16 2016-02-10 中兴通讯股份有限公司 Method and device for realizing remote payment
CN107111729A (en) * 2015-11-03 2017-08-29 国民技术股份有限公司 Communication card Net silver KEY and its method of work

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101587458A (en) * 2009-06-30 2009-11-25 北京握奇数据系统有限公司 Operation method and device for intelligent storing card
CN102044040A (en) * 2009-10-26 2011-05-04 中国移动通信集团公司 Online banking transaction method and device as well as mobile terminal
CN102307188A (en) * 2011-08-17 2012-01-04 东信和平智能卡股份有限公司 Subscriber identity module (SIM)-based universal serial bus (USB) key encryption/decryption system and encryption/decryption method
CN103020547A (en) * 2012-11-13 2013-04-03 中兴通讯股份有限公司 Method and device for executing commands, intelligent card and mobile terminal

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005360A (en) * 2006-10-08 2007-07-25 富少坚 Network game indulging system based on embedded identity identification
CN200980081Y (en) * 2006-12-08 2007-11-21 西安电子科技大学 A network identity authentication system
CN100566253C (en) * 2007-01-15 2009-12-02 北京飞天诚信科技有限公司 A kind of method and system of using intelligent key apparatus safely
US8162227B2 (en) * 2007-11-12 2012-04-24 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
CN100557617C (en) * 2007-12-20 2009-11-04 国民技术股份有限公司 SD storage card by hardware to identifying identification
CN101833676B (en) * 2009-11-02 2013-08-14 上海阳扬电子科技有限公司 Method for controlling reading and writing of intelligent card with USBKEY module and reader thereof
CN101794420A (en) * 2009-12-31 2010-08-04 卓望数码技术(深圳)有限公司 Payment authentication method, terminal and system
CN101841525A (en) * 2010-03-02 2010-09-22 中国联合网络通信集团有限公司 Secure access method, system and client
CN201757903U (en) * 2010-06-25 2011-03-09 北京天地融科技有限公司 Usb key device
CN201993769U (en) * 2010-11-17 2011-09-28 北京曙光天演信息技术有限公司 Encryption card supporting USB intelligent secret keys

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101587458A (en) * 2009-06-30 2009-11-25 北京握奇数据系统有限公司 Operation method and device for intelligent storing card
CN102044040A (en) * 2009-10-26 2011-05-04 中国移动通信集团公司 Online banking transaction method and device as well as mobile terminal
CN102307188A (en) * 2011-08-17 2012-01-04 东信和平智能卡股份有限公司 Subscriber identity module (SIM)-based universal serial bus (USB) key encryption/decryption system and encryption/decryption method
CN103020547A (en) * 2012-11-13 2013-04-03 中兴通讯股份有限公司 Method and device for executing commands, intelligent card and mobile terminal

Also Published As

Publication number Publication date
CN103020547A (en) 2013-04-03

Similar Documents

Publication Publication Date Title
CN102026187B (en) Subscriber identification module and transmission method and system based on subscriber identification module
CN108282467B (en) Application method and system of digital certificate
JP5116846B2 (en) System and method for providing OTA service
CN102523095B (en) User digital certificate remote update method with intelligent card protection function
CN101916388A (en) Smart SD card and method for using same for mobile payment
CN107994985B (en) A kind of cipher card and the method to data processing
CN102542449A (en) Wireless communication device and payment authentication method
CN102694782A (en) Internet-based device and method for security information interaction
CN111160508B (en) Dual-chip safe SIM card
WO2013174321A1 (en) Command execution method and device, smart card and mobile terminal
CN201936334U (en) Mobile payment data secure digital card
CN107948170A (en) Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing
EP2902934B1 (en) Portable Security Device, Method for Securing a Data Exchange and Computer Program Product
US9058498B2 (en) Runtime environment management of secure communications on card computing devices
CN102118745B (en) Method and device for secure encryption for mobile payment data, and mobile phone
CN105162605A (en) Digital signature and authentication method
CN112100586A (en) System and method for accessing different password devices
CN109088733B (en) Method and device for realizing application expansion of smart card
CN104732166A (en) Data storing and reading method and device and equipment
CN110636491A (en) Service-oriented trusted execution module and communication method
CN106685931B (en) Smart card application management method and system, terminal and smart card
CN202600714U (en) Embedded terminal based on SD (Secure Digital) trusted computing module
KR101075792B1 (en) Usb hardware security module, system for security certifincluding usb hardware security module and method thereof
US11516215B2 (en) Secure access to encrypted data of a user terminal
CN1889431A (en) Multifunction intelligent key equipment and safety controlling method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13794154

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13794154

Country of ref document: EP

Kind code of ref document: A1