CN105787723A - Method, device and system for processing SIM card applications - Google Patents

Abstract

The invention discloses a method, a device and a system for processing SIM card applications, which are used to solve the problem of low security in the prior art when operating card applications in SE chips. The method includes: the customer identification module SIM card receives the first card application operation instruction sent by the mobile terminal; wherein, the first card application operation instruction carries a card application identification; according to the card carried in the first card application operation instruction Application identification, sending an authentication request to the card application indicated by the card application identification, so as to realize two-way authentication with the card application indicated by the card application identification; when two-way authentication with the card application indicated by the card application identification When the authentication is successful, send a second card application operation instruction to the card application indicated by the card application identifier, so as to complete the operation on the card application indicated by the card application identifier.

Description

A method, device and system for processing SIM card applications

technical field

The invention relates to the technical field of mobile communication, in particular to a method, device and system for processing SIM card applications.

Background technique

Near Field Communication (Near Field Communication, NFC), also known as short-range wireless communication, is a short-range high-frequency wireless communication technology that allows non-contact point-to-point data transmission (within 10 cm) between electronic devices to exchange data.

Among the NFC technology solutions, the Near Field Communication-Single Wire Protocol (NFC-SWP) solution stands out among various NFC standards due to its advantages of high security and easy expansion, and has become the preferred solution of most operators and mainstream terminal manufacturers in the world. Supported standards. The NFC-SWP solution is to build a secure element (SecureElement, SE) chip into a customer identification module (Subscriber Identity Module, SIM) card, which is used to store applications, keys and sensitive data. When the user uses the NFC mobile phone terminal to perform business operations, such as using the bank card application stored in the SIM card for payment, the application protocol data unit (ApplicationProtocolDataUnit, APDU) instruction assembled by the client is directly connected to the bank card application stored in the SE. Data transfer to complete payment and other operations. FIG. 1 is a schematic structural diagram of an NFC mobile phone terminal supporting the NFC-SWP technology.

A schematic diagram of a system structure for business operations based on an NFC mobile phone terminal is shown in FIG. 2 , including an NFC mobile phone terminal, a point of sale (point of sale, POS) terminal, and an account platform. Among them, the account platform can be a business system of a certain bank or bus application, which is used to process business transactions; the POS terminal can be a financial consumer POS terminal with contactless payment function, or a dedicated POS terminal that supports recharge operations; The POS terminal accesses the financial institution or the account platform to which a certain card application belongs through the General Packet Radio Service (GPRS) network. When initiating transactions such as recharge or payment, the POS terminal interacts with the card application in the NFC mobile terminal to obtain card application-related data and upload it to the account platform for account verification; after the account platform confirms that it is valid, it completes the accounting processing and generates Operate the script and complete the delivery.

In the existing NFC-SWP solution, when recharging and consuming SIM card applications, it is necessary to directly interact with the card application on the SE chip through entities outside the card (such as mobile phone terminal clients and POS terminals). This can create problems like:

There are certain security risks in directly performing operations on the card application through the mobile terminal client. The mobile terminal client, as software on the mobile terminal operating system (Operating System, OS), can call an application programming interface (Application Programming Interface, API) through the OS to access the SE chip. In this case, the SE chip may be maliciously attacked, causing information loss, tampering and leakage, and causing losses to users.

Contents of the invention

Embodiments of the present invention provide a method, device and system for processing SIM card applications, so as to solve the problem of low security in the prior art when operating card applications in SE chips.

Embodiments of the present invention adopt the following technical solutions:

A method for processing SIM card applications, comprising:

The customer identification module SIM card receives the first card application operation instruction sent by the mobile terminal; wherein, the first card application operation instruction carries the card application identification;

According to the card application identification carried in the first card application operation instruction, send an authentication request to the card application indicated by the card application identification, so as to realize two-way authentication with the card application indicated by the card application identification;

When the two-way authentication with the card application indicated by the card application identification is successful, send a second card application operation instruction to the card application indicated by the card application identification to complete the authentication of the card application indicated by the card application identification operate.

Wherein, according to the card application identification carried in the first card application operation instruction, an authentication request is sent to the card application indicated by the card application identification, so as to realize two-way authentication with the card application indicated by the card application identification, Specifically include:

Sending an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction;

Receive the first encrypted ciphertext fed back by the card application indicated by the card application identifier; wherein, the first encrypted ciphertext is the card application indicated by the card application identifier according to the first key pre-agreed with the SIM card Generated;

judging whether the second encrypted ciphertext generated in advance according to the first key is the same as the received first encrypted ciphertext;

When the second encrypted ciphertext is the same as the first encrypted ciphertext, continue to generate a third encrypted ciphertext according to the second key pre-agreed with the card application indicated by the card application identification, and send it to the The card application indicated by the card application identification, the card application indicated by the card application identification determines whether the fourth encrypted ciphertext generated in advance according to the second key is the same as the received third encrypted ciphertext, so as to realize the identification of all authentication of the SIM card;

When the authentication success message sent by the card application indicated by the card application identifier is received, it is determined that the two-way authentication is successful.

Wherein, the first card application operation instruction is a recharge instruction, and the recharge instruction also carries a recharge amount and a recharge password; then

The second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries the recharge amount and the recharge password; and

Sending a second card application operation instruction to the card application indicated by the card application identifier to complete the operation on the card application indicated by the card application identifier, specifically including:

Sending a recharge initialization instruction to the card application indicated by the card application identifier;

The card application that receives the card application identifier indicates the transfer request fed back according to the recharge initialization instruction; wherein, the transfer request carries the recharge amount, the recharge password, and the card application indicated by the card application identifier. the account balance of the card application indicated by the card number and said card application identifier;

Sending the loading request to the accounting platform, so that the accounting platform completes loading processing according to the recharge amount, the recharge password, the card number and the account balance.

Wherein, the first card application operation instruction is a consumption instruction, and the consumption instruction also carries a consumption amount and a consumption password; then

The second card application operation instruction is a consumption initialization instruction; and

Sending a second card application operation instruction to the card application indicated by the card application identifier to complete the operation on the card application indicated by the card application identifier, specifically including:

sending a consumption initialization instruction to the card application indicated by the card application identifier;

Receive a consumption response message fed back by the card application indicated by the card application identifier; wherein, the consumption response message carries the consumption key generated by the card application indicated by the card application identifier according to the consumption initialization instruction;

Generate an encrypted first fee deduction instruction according to the consumption key in the consumption response message; wherein, the encrypted first fee deduction instruction carries the consumption amount and consumption password;

Send the encrypted first fee deduction instruction to the card application indicated by the card application identifier, and the card application indicated by the card application identifier The consumption amount and consumption password carried in the instruction complete the deduction.

Wherein, the first card application operation instruction is a transfer instruction, and the transfer instruction carries a card application identifier, a transfer amount, and a transfer password, and the card application identifier includes: a transfer-out account identifier and a transfer-in account identifier; but

The second card application operation instruction is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier;

Sending a second card application operation instruction to the card application indicated by the card application identifier to complete the operation on the card application indicated by the card application identifier, specifically including:

Sending a transfer initialization instruction to the card application indicated by the transfer-out account identifier in the card application identifier;

Receive a transfer response message fed back by the card application indicated by the transfer-out account identifier; wherein, the transfer response message carries the transfer key generated by the card application indicated by the transfer-out account identifier according to the transfer initialization instruction;

Generate an encrypted second deduction instruction according to the transfer key in the transfer response message; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password;

Send the encrypted second deduction instruction to the card application indicated by the transfer-out account identifier, and the card application indicated by the transfer-out account identifier uses the transfer key and the encrypted second The transfer amount and transfer password carried in the deduction command complete the deduction;

Sending a first transfer instruction carrying the transfer amount to the card application indicated by the transfer-in account identifier, and the card application indicated by the transfer-in account identifier completes the transfer according to the transfer amount carried in the first transfer instruction.

A method for processing SIM card applications, comprising:

The card application receives the authentication request sent by the customer identification module SIM card, and performs two-way authentication with the SIM card;

When the two-way authentication with the SIM card succeeds, receiving a second card application operation instruction sent by the SIM card;

According to the second card application operation instruction, the corresponding operation is completed.

Wherein, the card application receives the authentication request sent by the customer identification module SIM card, and performs two-way authentication with the SIM card, specifically including:

Receive the authentication request sent by the SIM card;

generating a first encrypted ciphertext according to the authentication request and the first key pre-agreed with the SIM card;

Send the first encrypted ciphertext to the SIM card, and the SIM card judges whether the second encrypted ciphertext generated in advance according to the first key is the same as the received first encrypted ciphertext, so as to realize The authentication of the card application by the SIM card;

When receiving the third encrypted ciphertext sent by the SIM card, continue to generate a fourth encrypted ciphertext according to the second key pre-agreed with the SIM card; wherein, the third encrypted ciphertext is the When the SIM card determines that the second encrypted ciphertext is the same as the first encrypted ciphertext, it is generated according to the second key;

judging whether the fourth encrypted ciphertext is the same as the received third encrypted ciphertext;

When the fourth encrypted ciphertext is the same as the received third encrypted ciphertext, it is determined that the two-way authentication is successful.

Wherein, the second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries a recharge amount and a recharge password; then

According to the second card application operation instruction, complete the corresponding operation, specifically including:

According to the recharge initialization instruction, a transfer request is generated; wherein, the transfer request carries the recharge amount, the recharge password, the card application card number indicated by the card application identification, and the card indicated by the card application identification App's account balance;

The loading request is sent to the account platform through the SIM card, so that the account platform completes the loading process according to the recharge amount, the recharge password, the card number and the account balance.

Wherein, the second card application operation instruction is a consumption initialization instruction; then

According to the second card application operation instruction, complete the corresponding operation, specifically including:

Generate a consumption key according to the consumption initialization instruction;

Carrying the consumption key in a consumption response message and sending it to the SIM card, and the SIM card generates an encrypted first deduction instruction according to the consumption key; wherein, the encrypted first The consumption amount and consumption password are carried in the deduction instruction;

receiving the encrypted first deduction instruction sent by the SIM card;

The fee deduction is completed according to the consumption key, the consumption amount and the consumption password carried in the encrypted first fee deduction instruction.

Wherein, the second card application operation instruction is a transfer initialization instruction, and the card application is a transfer-out account; then

According to the second card application operation instruction, complete the corresponding operation, specifically including:

generating a transfer key according to the transfer initialization instruction;

carrying the transfer key in a transfer response message and sending it to the SIM card, and the SIM card generates an encrypted second deduction instruction according to the transfer key; wherein, the encrypted second Carry the transfer amount and transfer password in the deduction instruction;

receiving the encrypted second deduction instruction sent by the SIM card;

According to the transfer key, and the transfer amount and transfer password carried in the encrypted second deduction instruction, the deduction is completed, and the second deduction result is fed back to the SIM card, and the SIM card according to the According to the second deduction result, a first transfer instruction carrying the transfer amount is generated and sent to the transfer-in account, so that the transfer-in account completes the transfer according to the transfer amount carried in the first transfer instruction.

A device for processing SIM card applications, comprising:

The first card application operation instruction receiving unit is configured to receive the first card application operation instruction sent by the mobile terminal; wherein, the first card application operation instruction carries a card application identifier;

The authentication unit is configured to send an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction received by the first card application operation instruction receiving unit, so as to realize the Two-way authentication between card applications indicated by the card application identifier;

The second card application operation instruction sending unit is configured to send a second card application to the card application indicated by the card application identifier when the two-way authentication between the authentication unit and the card application indicated by the card application identifier succeeds An operation instruction to complete the operation of the card application indicated by the card application identifier.

Wherein, the authentication unit specifically includes:

An authentication request sending module, configured to send an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction;

The ciphertext receiving module is used to receive the first encrypted ciphertext fed back by the card application indicated by the card application identification; wherein, the first encrypted ciphertext is the card application indicated by the card application identification according to the customer identification module SIM Generated by the first key pre-agreed by the card;

A judging module, configured to judge whether the second encrypted ciphertext generated in advance according to the first key is the same as the first encrypted ciphertext received by the ciphertext receiving module;

The ciphertext sending module is configured to continue to generate the second key according to the pre-agreed card application indicated by the card application identification when the judging module judges that the second encrypted ciphertext is the same as the first encrypted ciphertext The third encrypted ciphertext is sent to the card application indicated by the card application identifier, and the card application indicated by the card application identifier judges the fourth encrypted ciphertext generated in advance according to the second key and the received first encrypted ciphertext. whether the three encrypted ciphertexts are the same, so as to realize the authentication of the SIM card;

The two-way authentication success determining module is configured to determine that the two-way authentication is successful when receiving the authentication success message sent by the card application indicated by the card application identifier.

Wherein, the first card application operation instruction is a recharge instruction, and the recharge instruction also carries a recharge amount and a recharge password; then

The second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries the recharge amount and the recharge password;

The second card application operation command sending unit specifically includes:

A recharge initialization instruction sending module, configured to send a recharge initialization instruction to the card application indicated by the card application identifier;

The transfer request receiving module is configured to receive the transfer request fed back by the card application indicated by the card application identifier according to the recharge initialization instruction sent by the recharge initialization instruction sending module; wherein, the transfer request carries the recharge amount , the recharge password, the card application card number indicated by the card application identification, and the account balance of the card application indicated by the card application identification;

The loading request sending module is used to send the loading request received by the loading request receiving module to the account platform, so that the account platform can use the recharge amount, the recharge password, the card number and the The account balance has completed loading processing.

Wherein, the first card application operation instruction is a consumption instruction, and the consumption instruction also carries a consumption amount and a consumption password; then

The second card application operation instruction is a consumption initialization instruction;

The second card application operation command sending unit specifically includes:

A consumption initialization instruction sending module, configured to send a consumption initialization instruction to the card application indicated by the card application identifier;

The consumption response message receiving module is configured to receive the consumption response message fed back by the card application indicated by the card application identification; wherein, the consumption response message carries the card application indicated by the card application identification and sends the module according to the consumption initialization instruction The consumption key generated by the consumption initialization instruction sent;

The first deduction instruction sending module is configured to generate an encrypted first deduction instruction according to the consumption key in the consumption response message received by the consumption response message receiving module, and send it to the card indicated by the card application identifier application; wherein, the encrypted first deduction instruction carries the consumption amount and the consumption password, and the card application indicated by the card application identifier uses the consumption key and the encrypted first deduction The consumption amount and consumption password carried in the fee instruction are used to complete the deduction.

Wherein, the first card application operation instruction is a transfer instruction, and the transfer instruction carries a card application identifier, a transfer amount, and a transfer password, and the card application identifier includes: a transfer-out account identifier and a transfer-in account identifier; but

The second card application operation instruction is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier;

The second card application operation command sending unit specifically includes:

A transfer initialization instruction sending module, configured to send a transfer initialization instruction to the card application indicated by the transfer-out account identifier in the card application identifier;

A transfer response message receiving module, configured to receive a transfer response message fed back by the card application indicated by the transfer-out account identifier; wherein, the transfer response message carries the card application indicated by the transfer-out account identifier according to the transfer initialization instruction Send the transfer key generated by the transfer initialization command sent by the module;

The second deduction instruction sending module is configured to generate an encrypted second deduction instruction according to the transfer key in the transfer response message received by the transfer response message receiving module, and send it to the account indicated by the transfer-out account identifier Card application; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password, and the card application indicated by the transfer-out account identifier uses the transfer key and the encrypted second 2. The transfer amount and transfer password carried in the deduction instruction complete the deduction;

A first transfer instruction sending module, configured to send a first transfer instruction carrying the transfer amount to the card application indicated by the transfer-in account identifier, and the card application indicated by the transfer-in account identifier according to the first transfer instruction The transfer amount carried in the transfer is completed.

A device for processing SIM card applications, comprising:

The authentication unit is used to receive the authentication request sent by the customer identification module SIM card, and perform two-way authentication with the SIM card;

The second card application operation instruction receiving unit is configured to receive the second card application operation instruction sent by the SIM card when the two-way authentication between the authentication unit and the SIM card is successful;

The operation completion unit is configured to complete corresponding operations according to the second card application operation instruction received by the second card application operation instruction receiving unit.

Wherein, the authentication unit specifically includes:

An authentication request receiving module, configured to receive an authentication request sent by a SIM card;

The ciphertext sending module is used to generate a first encrypted ciphertext according to the authentication request received by the authentication request receiving module and the first key pre-agreed with the SIM card, and send it to the SIM card, and the The SIM card judges whether the second encrypted ciphertext generated in advance according to the first key is the same as the received first encrypted ciphertext, so as to realize the authentication of the card application by the SIM card;

A ciphertext receiving module, configured to receive the third encrypted ciphertext sent by the SIM card;

A judging module, configured to, when the ciphertext receiving module receives the third encrypted ciphertext sent by the SIM card, continue to generate a fourth encrypted ciphertext according to the second key pre-agreed with the SIM card, and judge Whether the fourth encrypted ciphertext is the same as the received third encrypted ciphertext; wherein, the third encrypted ciphertext is that the SIM card judges that the second encrypted ciphertext and the first encrypted ciphertext When the same, generated according to the second key;

The two-way authentication determining module is configured to determine that the two-way authentication is successful when the judging module judges that the fourth encrypted ciphertext is the same as the received third encrypted ciphertext.

Wherein, the second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries a recharge amount and a recharge password; then

The operation completion unit specifically includes:

A loading request generating module, configured to generate a loading request according to the recharging initialization instruction; wherein, the loading request carries the recharging amount, the recharging password, the card application card number indicated by the card application identification and The account balance of the card application indicated by the card application identifier;

A loading request sending module, configured to send the loading request generated by the loading request generating module to the account platform through the SIM card, so that the account platform can use the recharge amount, the recharge password, and the The above card number and the account balance are used to complete the loading process.

Wherein, the second card application operation instruction is a consumption initialization instruction; then

The operation completion unit specifically includes:

A consumption key generation module, configured to generate a consumption key according to the consumption initialization instruction;

A consumption response message sending module, configured to carry the consumption key generated by the consumption key generation module in the consumption response message and send it to the SIM card, and the SIM card generates an encrypted consumption key according to the consumption key A first fee deduction instruction; wherein, the encrypted first fee deduction instruction carries a consumption amount and a consumption password;

The first deduction instruction receiving module is configured to receive the encrypted first deduction instruction sent by the SIM card;

The fee deduction module is used to complete the deduction according to the consumption key generated by the consumption key generation module, and the consumption amount and consumption password carried in the encrypted first deduction instruction received by the first deduction instruction receiving module fee.

Wherein, the second card application operation instruction is a transfer initialization instruction, and the card application is a transfer-out account; then

The operation completion unit specifically includes:

A transfer key generating module, configured to generate a transfer key according to the transfer initialization instruction;

A transfer key sending module, configured to carry the transfer key generated by the transfer key generation module in a transfer response message and send it to the SIM card, and the SIM card generates an encrypted key according to the transfer key. A second fee deduction instruction; wherein, the encrypted second fee deduction instruction carries a transfer amount and a transfer password;

The second deduction instruction receiving module is configured to receive the encrypted second deduction instruction sent by the SIM card;

The deduction module is used to complete the deduction according to the transfer key generated by the transfer key generation module, and the transfer amount and the transfer password carried in the encrypted second deduction instruction received by the second deduction instruction receiving module fee, and feed back the second deduction result to the SIM card, and the SIM card generates the first transfer instruction carrying the transfer amount according to the second deduction result, and sends it to the transfer-in account, so that the The transfer-in account completes the transfer according to the transfer amount carried in the first transfer instruction.

A system for processing SIM card applications, comprising a mobile terminal and a SIM card containing at least one card application, wherein:

The mobile terminal is configured to send a first card application operation instruction to the SIM card; wherein, the first card application operation instruction carries a card application identifier;

The SIM card is configured to receive the first card application operation instruction; according to the card application identification carried in the first card application operation instruction, send an authentication request to the card application indicated by the card application identification, so as to realize the Two-way authentication between card applications indicated by the card application identifier; when the two-way authentication with the card application indicated by the card application identifier succeeds, send a second card application operation to the card application indicated by the card application identifier instruction;

The card application indicated by the card application identifier is used to receive the authentication request sent by the SIM card; perform two-way authentication with the SIM card according to the authentication request; when the two-way authentication with the SIM card is successful , receiving a second card application operation instruction sent by the SIM card; completing corresponding operations according to the second card application operation instruction.

Wherein, the SIM card is specifically used for:

According to the card application identification carried in the first card application operation instruction, send an authentication request to the card application indicated by the card application identification; receive the first encrypted ciphertext fed back by the card application indicated by the card application identification; judge in advance Whether the second encrypted ciphertext generated according to the first key is the same as the received first encrypted ciphertext; when the second encrypted ciphertext is the same as the first encrypted ciphertext, continue to The card application indicated by the card application identifier generates the third encrypted ciphertext with the pre-agreed second key, and sends it to the card application indicated by the card application identifier; when the authentication sent by the card application indicated by the card application identifier is received successfully message, it is determined that the two-way authentication is successful;

The card application indicated by the card application identifier is specifically used for:

Generate a first encrypted ciphertext according to the authentication request and the first key pre-agreed with the SIM card, and send it to the SIM card; when receiving the third encrypted ciphertext sent by the SIM card , continue to generate a fourth encrypted ciphertext according to the second key pre-agreed with the SIM card; judge whether the fourth encrypted ciphertext is the same as the received third encrypted ciphertext; when the fourth encrypted ciphertext When the text is the same as the received third encrypted ciphertext, send an authentication success message to the SIM card.

Wherein, the first card application operation instruction is a recharge instruction, and the recharge instruction also carries a recharge amount and a recharge password;

The second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries the recharge amount and the recharge password;

The SIM card is specifically used for:

Sending a recharge initialization instruction to the card application indicated by the card application identifier; receiving a loading request fed back by the card application indicated by the card application identifier according to the recharging initialization instruction; wherein, the loading request carries the recharge amount , the recharge password, the card number indicated by the card application identifier, and the account balance of the card application indicated by the card application identifier; The above-mentioned recharge amount, the above-mentioned recharge password, the above-mentioned card number and the above-mentioned account balance are completed;

The card application indicated by the card application identifier is specifically used for:

Generate a loading request according to the recharge initialization instruction and send it to the SIM card.

Wherein, the system also includes: a control platform;

The SIM card is specifically used for:

sending the loading request to a control platform, and the control platform sends the loading request to an accounting platform;

The SIM card is also used for:

receiving the recharge script sent by the control platform; wherein, the recharge script is generated after the control platform receives the loading processing result sent by the accounting platform;

sending the recharge script to the card application indicated by the card application identifier;

The card application indicated by the card application identifier is also used for:

The account balance is updated according to the recharge script.

Wherein, the first card application operation instruction is a consumption instruction, and the consumption instruction also carries a consumption amount and a consumption password;

The second card application operation instruction is a consumption initialization instruction;

The SIM card is specifically used for:

Send a consumption initialization instruction to the card application indicated by the card application identification; receive a consumption response message fed back by the card application indicated by the card application identification; wherein, the consumption response message carries a consumption key; according to the consumption response message In the consumption key, generate the encrypted first deduction instruction; wherein, the encrypted first deduction instruction carries the consumption amount and the consumption password; send the encrypted first deduction instruction giving the card application indicated by the card application identification;

The card application indicated by the card application identifier is specifically used for:

Generate a consumption key according to the consumption initialization instruction; carry the consumption key in a consumption response message and send it to the SIM card; receive the encrypted first deduction key sent by the SIM card; according to the consumption The key, as well as the consumption amount and consumption password carried in the encrypted first fee deduction instruction complete the fee deduction.

Wherein, the first card application operation instruction is a transfer instruction, and the transfer instruction carries a card application identifier, a transfer amount, and a transfer password, and the card application identifier includes: a transfer-out account identifier and a transfer-in account identifier; The second card application operation instruction is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier;

The SIM card is specifically used for:

Sending a transfer initialization instruction to the card application indicated by the transfer-out account identifier in the card application identifier; receiving a transfer response message fed back by the card application indicated by the transfer-out account identifier; wherein, the transfer response message carries a transfer key ; According to the transfer key, an encrypted second deduction instruction is generated; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password; the encrypted second deduction instruction The instruction is sent to the card application indicated by the transfer-out account identifier; and the first transfer instruction carrying the transfer amount is sent to the card application indicated by the transfer-in account identifier;

The card application indicated by the transfer-out account identifier is specifically used for:

According to the transfer initialization instruction, generate a transfer key; carry the transfer key in the transfer response message and send it to the SIM card; receive the encrypted second deduction instruction sent by the SIM card, according to the The transfer key, and the transfer amount and transfer password carried in the encrypted second deduction instruction complete the deduction;

The card application indicated by the transfer-in account identifier is specifically used for:

The encrypted first transfer instruction sent by the SIM card is received, and the transfer is completed according to the transfer amount carried in the first transfer instruction.

The beneficial effects of the embodiments of the present invention are as follows:

In the embodiment of the present invention, when the SIM card receives the first card application operation instruction sent by the mobile terminal, according to the card application identification carried in the first card application operation instruction, it sends an authentication request to the card application indicated by the card application identification, so as to Realize two-way authentication with the card application indicated by the card application identifier, and when the two-way authentication is successful, send a second card application operation instruction to the card application indicated by the card application identifier to complete the corresponding operation. Compared with the prior art, this solution can directly operate the card application through the entity in the card, so that the security of the operation can be improved.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Description of drawings

The accompanying drawings described here are used to provide a further understanding of the present invention, and constitute a part of the present invention. The schematic embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute improper limitations to the present invention. In the attached picture:

FIG. 1 is a schematic structural diagram of an NFC mobile phone terminal supporting NFC-SWP technology in the prior art;

FIG. 2 is a schematic structural diagram of a system for performing business operations based on an NFC mobile phone terminal in the prior art;

FIG. 3 is an implementation flowchart of a method for processing SIM card applications in an embodiment of the present invention;

Fig. 3a is a flow chart of realizing two-way authentication between a SIM card and a card application in an embodiment of the present invention;

Fig. 4 is in the embodiment of the present invention, the system structural diagram that operates based on NFC mobile phone terminal;

Fig. 5 is an implementation flow chart of a method for processing SIM card applications in a recharge scenario in an embodiment of the present invention;

Fig. 6 is an implementation flow chart of a method for processing SIM card applications in a consumption scenario in an embodiment of the present invention;

Fig. 7 is an implementation flow chart of a method for processing a SIM card application in a transfer scenario in an embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a device for processing SIM card applications in an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of a device for processing SIM card applications in an embodiment of the present invention;

FIG. 10 is a schematic structural diagram of a system for processing SIM card applications in an embodiment of the present invention.

detailed description

In order to solve the problem of low security in operating the card application in the SE chip in the prior art, the embodiment of the present invention provides a solution for processing the SIM card application. In this technical solution, when the SIM card receives the first card application operation instruction sent by the mobile terminal, according to the card application identification carried in the first card application operation instruction, it sends an authentication request to the card application indicated by the card application identification, so as to realize Two-way authentication with the card application indicated by the card application identifier. When the two-way authentication is successful, send a second card application operation instruction to the card application indicated by the card application identifier to complete the operation on the card application indicated by the card application identifier. Compared with the prior art, this solution can directly operate the card application through the entity in the card, so that the security of the operation can be improved.

The embodiments of the present invention will be described below in conjunction with the accompanying drawings. It should be understood that the embodiments described here are only used to illustrate and explain the present invention, and are not intended to limit the present invention. And in the case of no conflict, the embodiments and the features of the embodiments in the present invention can be combined with each other.

The embodiment of the present invention provides a method for processing SIM card applications, as shown in Figure 3, which is a flow chart for the implementation of the method, specifically including the following steps:

Step 31, the SIM card receives the first card application operation instruction sent by the mobile terminal; wherein, the first card application operation instruction carries the card application identifier.

Among them, the first card application operation instruction can be but not limited to:

Recharge instructions, consumption instructions and transfer instructions.

When the first card application operation instruction is a recharge instruction, in addition to the card application identification, the recharge instruction may also carry a recharge amount and a recharge password. Wherein, the recharge amount and the recharge password may be input by the user through the client software in the mobile terminal.

When the first card application operation instruction is a consumption instruction, in addition to the card application identification, the consumption instruction may also carry the consumption amount and the consumption password. Wherein, the consumption password may be input by the user through the client software in the mobile terminal.

When the first card application operation instruction is a transfer instruction, in addition to the card application identification, the transfer instruction may also carry the transfer amount and the transfer password, and the card application identification needs to include: the transfer-out account ID and the transfer-in account ID. Wherein, the transfer-out account, transfer-in account, transfer amount and transfer password may be input by the user through the client software in the mobile terminal.

Step 32: According to the card application identification carried in the first card application operation instruction, send an authentication request to the card application indicated by the card application identification, so as to realize two-way authentication with the card application indicated by the card application identification.

Specifically, step 32 can be implemented according to the process shown in Figure 3a:

Step 32a, the SIM card sends an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction;

Step 32b, the card application indicated by the card application identifier generates a first encrypted ciphertext according to the authentication request and the first key pre-agreed with the SIM card, and sends it to the SIM card;

Step 32c, after the SIM card receives the first encrypted ciphertext, judge whether the second encrypted ciphertext generated in advance according to the first key is the same as the received first encrypted ciphertext;

Step 32d, when the SIM card judges that the second encrypted ciphertext is the same as the first encrypted ciphertext, continue to generate the third encrypted ciphertext according to the pre-agreed second key of the card application indicated by the card application identification, and send it to the card the card application indicated by the application identification;

Step 32e, the card application indicated by the card application identifier judges whether the fourth encrypted ciphertext generated in advance according to the second key is the same as the received third encrypted ciphertext;

Step 32f, when the card application indicated by the card application identifier determines that the fourth encrypted ciphertext is the same as the third encrypted ciphertext, send an authentication success message to the SIM card;

Step 32g, when the SIM card receives the authentication success message sent by the card application indicated by the card application identifier, determine that the two-way authentication is successful.

Step 33, when the two-way authentication between the SIM card and the card application indicated by the card application identification is successful, the SIM card sends a second card application operation instruction to the card application indicated by the card application identification to complete the card application indicated by the card application identification operation.

When the first card application operation instruction is a recharge instruction, the second card application operation instruction in step 33 is a recharge initialization instruction, and the recharge initialization instruction may carry a recharge amount and a recharge password.

In this case, step 33 may specifically include:

Send a recharge initialization command to the card application indicated by the card application identifier;

Receive the loading request from the card application indicated by the card application identification according to the recharge initialization instruction; wherein, the loading request carries the recharge amount, the recharge password, the card number of the card application indicated by the card application identification, and the account balance of the card application indicated by the card application identification ;

Send the loading request to the accounting platform, so that the accounting platform can complete the loading process according to the recharge amount, recharge password, card number and account balance.

In the prior art, the user directly initiates a recharge instruction to the card application through the client software in the mobile terminal. However, in the embodiment of the present invention, when the user initiates a recharge instruction through the client software in the mobile terminal, the recharge instruction is received by the entity in the card, and after two-way authentication with the card application, the recharge initialization instruction is initiated to the card application, thereby Improved operational safety.

In addition, according to the prior art, it is known that in the operation process, after the accounting platform completes the accounting processing, it needs to generate a business script and issue it, which has higher requirements on the accounting platform. Therefore, in the embodiment of the present invention, a control platform may be added, so that the control platform is connected to the accounting platform, and instead of the accounting platform, the service script is issued.

Therefore, in the embodiment of the present invention, when sending the loading request to the accounting platform, it may specifically include:

Send the loading request to the control platform, and the control platform will send the loading request to the accounting platform;

In this case, the method may also include:

receiving the recharge script sent by the control platform; wherein, the recharge script is generated after the control platform receives the transfer processing result sent by the accounting platform;

The recharge script is sent to the card application indicated by the card application identifier, and the card application indicated by the card application identifier updates the account amount according to the recharge script.

Further, in order to improve the security when interacting between the SIM card and the control platform, in the embodiment of the present invention, before sending the load request to the control platform, first send an authentication request to the control platform, so as to realize the interaction between the SIM card and the control platform. Two-way authentication with the control platform, and when the two-way authentication with the control platform is successful, the load request is sent to the control platform.

When the first card application operation instruction is a consumption instruction, the second card application operation instruction in step 33 is a consumption initialization instruction.

In this case, step 33 may specifically include:

Send consumption initialization instructions to the card application indicated by the card application identifier;

Receive the consumption response message fed back by the card application indicated by the card application identification; wherein, the consumption response message carries the consumption key generated by the card application indicated by the card application identification according to the consumption initialization instruction; wherein, the consumption key is used for the entire consumption transaction During authentication and encryption;

According to the consumption key in the consumption response message, an encrypted first deduction instruction is generated; wherein, the encrypted first deduction instruction carries the consumption amount and the consumption password;

Send the encrypted first deduction instruction to the card application indicated by the card application identifier, and the card application indicated by the card application identifier completes the transaction according to the consumption key, the consumption amount and the consumption password carried in the encrypted first deduction instruction. Deduction.

In the prior art, the user directly initiates consumption instructions to the card application through the client software in the mobile terminal. However, in the embodiment of the present invention, when the user initiates a consumption instruction through the client software in the mobile terminal, the consumption instruction is received by the entity in the card, and after two-way authentication with the card application, the consumption initialization instruction is initiated to the card application, thereby Improved operational safety.

When the first card application operation instruction is a transfer instruction, the second card application operation instruction in step 33 is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier.

In this case, step 33 may specifically include:

Send a transfer initialization instruction to the card application indicated by the transfer-out account identifier in the card application identifier;

Receive the transfer response message fed back by the card application indicated by the transfer-out account identifier; wherein, the transfer response message carries the transfer key generated by the card application indicated by the transfer-out account identifier according to the transfer initialization instruction;

According to the transfer key in the transfer response message, an encrypted second deduction instruction is generated; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password;

The encrypted second deduction instruction is sent to the card application indicated by the transfer-out account identifier, and the card application indicated by the transfer-out account identifier is based on the transfer key, and the transfer amount and transfer amount carried in the encrypted second deduction instruction. Password to complete the deduction;

Send the first transfer instruction carrying the transfer amount to the card application indicated by the transfer-in account identifier, and the card application indicated by the transfer-in account identifier completes the transfer according to the transfer amount carried in the first transfer instruction.

In the prior art, according to the existing SWP-SIM card application architecture, each card application is allocated an independent space on the SE chip, there is no interactive interface between different card applications, and signaling between card applications cannot be performed Interaction, which leads to the need to transmit signaling between different card applications must be forwarded by an entity outside the card (such as the client software in the mobile terminal), which will occupy too much operating system resources of the mobile terminal and affect the operation. System processing efficiency. However, in the embodiment of the present invention, the signaling between different card applications can be transmitted through the entity in the card, so as to realize the signaling interaction between different card applications and avoid occupying operating system resources of the mobile terminal.

In order to better understand the embodiments of the present invention, the specific implementation process of the embodiments of the present invention will be described below in combination with specific implementations.

As shown in FIG. 4 , it is a schematic structural diagram of a system operating based on an NFC mobile phone terminal provided by an embodiment of the present invention. Among them, the system mainly includes: accounting platform, control platform, NFC mobile terminal and SWP-SIM card. The specific functions are introduced as follows:

1) There are two main aspects to the transformation of the SWP-SIM card:

1. New authentication processing unit

In addition to loading various card applications (bank cards, bus cards, access control cards, etc.), the built-in security chip SE in the SIM card also adds an authentication processing unit, which is a third-party authentication processing unit for other card applications. Believable. Its main functions are described as follows:

(1) Realize the unified registration and management functions of all card applications in the SWP-SIM card, including activation and deactivation of card applications, storage of card application data, and opening/closing of card application access rights, etc.;

(2) Storage of keys;

(3) Provide security authentication for SIM card applications and entities outside the card; after successful authentication, it can be used as a bridge between the entity outside the card and the card application and the security channel between different card applications;

(4) Composition and analysis of instructions related to recharge and consumption;

(5) Logical processing during card application authentication and transaction operations;

2. Expansion card interface

Modify the PBOC standard to define the security interface for the interaction between the authentication processing unit and other card applications, so as to complete the registration, authentication and instruction transmission of each card application by the authentication processing unit. The new interface functions in the card are described as follows:

(1) Card application registration function: For the card application preset or downloaded to the SE, it is necessary to register the relevant parameters of the card application (such as application serial number and other information) in the authentication processing unit through this interface;

(2) Card application activation/deactivation function: When a certain card application is selected as the default application for the current transaction, the authentication processing unit needs to set the card application to the activated state; when changing the default card application for the transaction operation, the authentication processing unit The unit needs to deactivate the activated card application;

(3) Card application lock/unlock function: When the authentication processing unit detects that the current transaction operation is abnormal (for example, the transaction password has been entered incorrectly for more than three consecutive times), for the security of the card application, the authentication processing unit will close the card application. Access, set it to locked state.

2) Provide mobile client interface

In order to facilitate the user to initiate transactions and complete operations anytime and anywhere using the mobile terminal, a client software can be installed in the NFC mobile terminal to provide the user with a visual interactive interface.

3) Control platform

Add one (or more) control platforms in the background to connect to the accounting platforms of bank, bus and other card applications. As a third party with credibility, the control platform can establish a secure channel with the authentication processing unit after mutual authentication with the accounting platform corresponding to the card application and the SIM card authentication processing unit, and replace the accounting platform to generate operation instructions and complete the next step. send.

After the transaction is completed, the control platform is responsible for generating transaction records and uploading them to the relevant accounting platform; the control platform can also temporarily store the transaction records, and after accumulating multiple records, send them to the accounting platform by email or other methods.

The embodiment of the present invention is applicable to multiple types of transactions such as recharging, consumption and transfer for card applications in the SIM card. The following three transaction scenarios of recharging, consumption and transfer are used as examples to illustrate the implementation process.

Recharge process:

As shown in Figure 5, the specific process of the method for processing the SIM card application in the recharge scenario is as follows:

1. The user initiates a recharge transaction through the client software, and selects the card application for recharging;

2. The client software sends an application selection instruction to the authentication processing unit in the SIM card;

3. The authentication processing unit returns a response to the application selection command, including information such as the application serial number;

4. The client software initiates a recharge request to the authentication processing unit;

5. The authentication processing unit processes the recharge request, activates the corresponding card application, performs mutual authentication with the card application through the newly added API in the card, and establishes a secure channel. Specific process:

1) The authentication processing unit sends the host challenge number to the card application to initialize the security channel;

2) After receiving the card application, generate its own challenge number; use the static key to generate a secure session key, and use the session key to generate an encrypted ciphertext; and return the card application challenge number and encrypted ciphertext to the authentication processing unit;

3) At this point, the authentication processing unit should have the same information to generate the encrypted ciphertext, the authentication processing unit should be able to generate the same session key, the same encrypted ciphertext, and authenticate the card application by performing comparison;

4) The authentication processing unit also uses a similar process to generate the second encrypted ciphertext, and returns it to the card application;

5) The card application should also have the same information as the second encrypted ciphertext, and the authentication processing unit can be authenticated by performing comparison; after the mutual authentication is completed, the secure channel between the authentication processing unit and the card application is established.

6. The authentication processing unit assembles a recharge initialization instruction that can be identified by the card application, and sends the recharge initialization instruction to the corresponding card application through a secure channel;

7. The card application receives the recharge initialization command and generates a recharge key for this transaction, which is used for authentication and encryption of the entire recharge transaction;

8. The card application generates a transfer request (carrying information such as card number, balance, recharge amount, etc.), encrypts the transfer request with the recharge key, calculates the first check value MAC1, and sends it to the authentication processing unit;

9. The authentication processing unit forwards the encrypted loading request to the control platform through the client software. The authentication processing platform can perform mutual authentication with the control platform through the client software (the authentication process is similar to step 5), and establish a safe channel between the control platform and the authentication processing unit. At this time, the authentication processing platform will control the platform and the bank The secure channel between card applications is connected;

10. The control platform forwards the loading request to the bank card accounting platform;

11. The bank card accounting platform uses the recharge key to decrypt and verify MAC1;

12. After the bank card account platform verifies the validity of the account, complete the account processing and update the bank card account balance;

13. The bank card accounting platform returns a loading request response to the control platform, and sends the processing result to the control platform;

14. The control platform generates a recharge script, uses the recharge key to encrypt the recharge script, and calculates the second check value MAC2;

15. The control platform transmits the recharge instruction to the bank card application through a secure channel, and completes the distribution of the recharge script;

16. The bank card application uses the recharge key to decrypt and verify MAC2;

17. After the verification is passed, the bank card application executes the recharge script, updates the balance, and generates transaction records.

Consumption process:

As shown in Figure 6, the specific process of the method for processing the SIM card application in the consumption scenario is as follows:

1. The user initiates a consumption transaction through the client software, and selects a bank card application for consumption;

2. The client software sends an application selection instruction to the authentication processing unit in the SIM card;

3. The authentication processing unit returns a response to the application selection command, including information such as the application serial number;

4. The client software requests the input of the payment password, and initiates a consumption request to the authentication processing unit (the request includes the identification of the card application, the payment password, and the payment amount), and establishes a secure channel with the authentication processing unit. The authentication processing unit can also Authenticate client software;

5. The authentication processing unit processes the consumption request, activates the card application to be consumed, performs mutual authentication with the card application through the new API in the card, and establishes a secure channel. The process is the same as step 5 of the above-mentioned recharge process. At this point, the authentication processing unit may connect the channel to the client with the channel to the card application;

6. The authentication processing unit generates a consumption initialization command, and sends the consumption initialization command to the corresponding card application through a secure channel;

7. After receiving the consumption initialization instruction, the card application generates a consumption key for this transaction, and informs the authentication processing unit through a response that the key is used for authentication and encryption of the entire consumption transaction.

8. The authentication processing unit generates a deduction instruction, encrypts it with the consumption key, and sends it to the card application; at the same time, it carries a MAC1, and the generation of the MAC1 also uses the consumption key;

9. The card application uses the consumption key to decrypt and verify MAC1;

10. After the verification is passed, the card application executes the script to complete the local deduction, and generates an instruction from the operation result, and then completes the encryption through the consumption key, and calculates MAC2; returns the response to the authentication processing unit;

11. The authentication processing unit uses the consumption key to decrypt the response and verify MAC2;

12. The authentication processing unit passes the verification, generates a transaction record, and sends the processing result to the client;

13. The client sends the transaction records to the control platform;

14. The control platform can accumulate multiple transaction records, and send them to the bank account platform by email or other methods at one time.

Transfer process:

As shown in Figure 7, the specific process of the method for processing the SIM card application in the transfer scenario is as follows:

1. The user initiates a transfer transaction through the client software, and selects the transfer account-card application 2;

2. The client software sends an application selection instruction to the authentication processing unit in the SIM card;

3. The authentication processing unit returns a response to the application selection command, including information such as the application serial number;

4. The client software prompts the user to enter the payment password of the card application 1, and selects the transfer-in account-card application 1;

5. The client software initiates a transfer request to the authentication processing unit, including the transfer-out account card number, payment password, transfer amount, transfer-in account card number, etc.;

6. The authentication processing unit processes the transfer request, activates the card application 2, performs mutual authentication with the card application 2 through the API in the card, and establishes a secure channel. Specific process:

1) The authentication processing unit sends the host challenge number to the card application to initialize the security channel;

2) After receiving the card application, generate its own challenge number; use the static key to generate a secure session key, and use the session key to generate an encrypted ciphertext; and return the card application challenge number and encrypted ciphertext to the authentication processing unit;

3) At this point, the authentication processing unit should have the same information to generate the encrypted ciphertext, the authentication processing unit should be able to generate the same session key, the same encrypted ciphertext, and authenticate the card application by performing comparison;

4) The authentication processing unit also uses a similar process to generate the second encrypted ciphertext, and returns it to the card application;

5) The card application should also have the same information as the second encrypted ciphertext, and the authentication processing unit can be authenticated by performing comparison; after the mutual authentication is completed, the secure channel between the authentication processing unit and the card application is established.

7. The authentication processing unit assembles the consumption initialization instruction that can be identified by the card application, and sends the consumption initialization instruction to the corresponding card application through a secure channel;

8. The card application 2 receives the consumption initialization command and generates a consumption key for this transaction, which is used for authentication and encryption of the entire consumption transaction;

9. The authentication processing unit generates a fee deduction instruction, encrypts the fee deduction instruction with the consumption key, and generates MAC1 at the same time;

10. The authentication processing unit sends the encrypted deduction instruction to the card application 2;

11. Card application 2 uses the consumption key to decrypt and verify MAC1;

12. After the card application 2 verifies that MAC1 is valid, the deduction is completed, the account balance of the bank card application 2 is updated, and MAC2 is generated;

13. The card application 2 returns a response to the deduction instruction, and sends the processing result to the authentication processing unit;

14. The authentication processing unit verifies MAC2;

15. The authentication processing unit generates a recharge instruction, and uses the recharge key to encrypt the recharge instruction;

16. The authentication processing unit sends the recharge instruction to the card application 1, carrying the card application identification and recharge amount;

17. Bank card application 1 uses the recharge key to decrypt;

18. The bank card application 1 executes the recharge command to complete the account recharge, update the balance, and generate transaction records;

19. The bank card application 1 returns a response to the recharge instruction.

Based on the same inventive concept, embodiments of the present invention also provide a device for processing SIM card applications implemented by the SIM card side, a device for processing SIM card applications implemented by the card application side, and a device for processing SIM card applications. system, because the principle of the above-mentioned device and system to solve the problem is similar to the method for processing the SIM card application implemented by the SIM card side and the method for processing the SIM card application implemented by the card application side, the implementation of the above-mentioned device and system can be Refer to the implementation of the method, and the repetition will not be repeated.

As shown in FIG. 8, it is a schematic structural diagram of the first device for processing SIM card applications provided by the embodiment of the present invention, including:

The first card application operation instruction receiving unit 81 is configured to receive the first card application operation instruction sent by the mobile terminal; wherein, the first card application operation instruction carries a card application identifier;

The authentication unit 82 is configured to send an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction received by the first card application operation instruction receiving unit 81, so as to realize the Two-way authentication between card applications indicated by the card application identifier;

The second card application operation instruction sending unit 83 is configured to send a second card application operation instruction to the card application indicated by the card application identifier when the two-way authentication between the authentication unit 82 and the card application indicated by the card application identifier is successful. The card application operation instruction is used to complete the operation of the card application indicated by the card application identification.

Wherein, the authentication unit 82 specifically includes:

An authentication request sending module 821, configured to send an authentication request to the card application indicated by the card application identifier according to the card application identifier carried in the first card application operation instruction;

The ciphertext receiving module 822 is configured to receive the first encrypted ciphertext fed back by the card application indicated by the card application identifier; wherein, the first encrypted ciphertext is the card application indicated by the card application identifier and the customer identification module Generated by the first key pre-agreed by the SIM card;

A judging module 823, configured to judge whether the second encrypted ciphertext generated in advance according to the first key is the same as the first encrypted ciphertext received by the ciphertext receiving module 822;

The ciphertext sending module 824 is configured to, when the judging module 823 judges that the second encrypted ciphertext is the same as the first encrypted ciphertext, continue to use the pre-agreed second ciphertext according to the card application indicated by the card application identification. key to generate a third encrypted ciphertext, and send it to the card application indicated by the card application identifier, and the card application indicated by the card application identifier judges the fourth encrypted ciphertext generated according to the second key in advance and the received Whether the third encrypted ciphertext of the same, to realize the authentication of the SIM card;

The two-way authentication success determining module 825 is configured to determine that the two-way authentication is successful when receiving the authentication success message sent by the card application indicated by the card application identifier.

Wherein, the first card application operation instruction is a recharge instruction, and the recharge instruction also carries a recharge amount and a recharge password; then

The second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries the recharge amount and the recharge password;

The second card application operation instruction sending unit 83 specifically includes:

A recharge initialization instruction sending module 831, configured to send a recharge initialization instruction to the card application indicated by the card application identifier;

The load request receiving module 832 is configured to receive the load request fed back by the card application indicated by the card application identifier according to the recharge initialization instruction sent by the recharge initialization instruction sending module 831; wherein, the load request carries the The recharge amount, the recharge password, the card number of the card application indicated by the card application identification, and the account balance of the card application indicated by the card application identification;

The loading request sending module 833 is configured to send the loading request received by the loading request receiving module 832 to the account platform, so that the account platform can use the recharge amount, the recharge password, the card number and The account balance has completed loading processing.

Wherein, the first card application operation instruction is a consumption instruction, and the consumption instruction also carries a consumption amount and a consumption password; then

The second card application operation instruction is a consumption initialization instruction;

The second card application operation instruction sending unit 83 specifically includes:

A consumption initialization instruction sending module 834, configured to send a consumption initialization instruction to the card application indicated by the card application identifier;

The consumption response message receiving module 835 is configured to receive the consumption response message fed back by the card application indicated by the card application identification; wherein, the consumption response message carries the card application indicated by the card application identification and sends it according to the consumption initialization instruction The consumption key generated by the consumption initialization command sent by module 834;

The first deduction instruction sending module 836 is configured to generate an encrypted first deduction instruction according to the consumption key in the consumption response message received by the consumption response message receiving module 835, and send it to the card application identification instruction The card application; wherein, the encrypted first deduction instruction carries the consumption amount and the consumption password, and the card application indicated by the card application identifier is based on the consumption key and the encrypted first deduction instruction The consumption amount and consumption password carried in the fee deduction instruction complete the deduction.

Wherein, the first card application operation instruction is a transfer instruction, and the transfer instruction carries a card application identifier, a transfer amount, and a transfer password, and the card application identifier includes: a transfer-out account identifier and a transfer-in account identifier; but

The second card application operation instruction is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier;

The second card application operation instruction sending unit 83 specifically includes:

A transfer initialization instruction sending module 837, configured to send a transfer initialization instruction to the card application indicated by the transfer-out account identifier in the card application identifier;

The transfer response message receiving module 838 is configured to receive a transfer response message fed back by the card application indicated by the transfer-out account identifier; wherein, the transfer response message carries the card application indicated by the transfer-out account identifier according to the transfer initialization The transfer key generated by the transfer initialization instruction sent by the instruction sending module 837;

The second deduction instruction sending module 839 is configured to generate an encrypted second deduction instruction according to the transfer key in the transfer response message received by the transfer response message receiving module 838, and send it to the transfer-out account identifier The indicated card application; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password, and the card application indicated by the transfer-out account identifier uses the transfer key and the encrypted The transfer amount and the transfer password carried in the second deduction instruction of the deduction fee are completed;

The first transfer instruction sending module 8310, configured to send a first transfer instruction carrying the transfer amount to the card application indicated by the transfer-in account identifier, and the card application indicated by the transfer-in account identifier according to the first transfer The transfer amount carried in the instruction completes the transfer.

For the convenience of description, the above parts are divided into modules (or units) according to their functions and described separately. Certainly, when implementing the present invention, the functions of each module (or unit) can be implemented in one or more pieces of software or hardware.

During specific implementation, the above-mentioned first device for processing SIM card applications may be set in the SIM card.

As shown in FIG. 9 , it is a schematic structural diagram of a second device for processing SIM card applications provided by an embodiment of the present invention, including:

The authentication unit 91 is used to receive the authentication request sent by the customer identification module SIM card, and carry out two-way authentication with the SIM card;

The second card application operation instruction receiving unit 92 is used for receiving the second card application operation instruction sent by the SIM card when the two-way authentication between the authentication unit 91 and the SIM card is successful;

The operation completion unit 93 is configured to complete corresponding operations according to the second card application operation instruction received by the second card application operation instruction receiving unit 92 .

Wherein, the authentication unit 91 specifically includes:

An authentication request receiving module 911, configured to receive an authentication request sent by a SIM card;

The ciphertext sending module 912 is configured to generate a first encrypted ciphertext according to the authentication request received by the authentication request receiving module 911 and the first key pre-agreed with the SIM card, and send it to the SIM card, The SIM card judges whether the second encrypted ciphertext generated in advance according to the first key is the same as the received first encrypted ciphertext, so as to realize the authentication of the card application by the SIM card;

A ciphertext receiving module 913, configured to receive the third encrypted ciphertext sent by the SIM card;

The judging module 914 is configured to continue to generate a fourth encrypted ciphertext according to the second key pre-agreed with the SIM card when the ciphertext receiving module 913 receives the third encrypted ciphertext sent by the SIM card, and judge whether the fourth encrypted ciphertext is the same as the received third encrypted ciphertext; When the ciphertexts are the same, generated according to the second key;

The two-way authentication determining module 915 is configured to determine that the two-way authentication is successful when the judging module 914 judges that the fourth encrypted ciphertext is the same as the received third encrypted ciphertext.

Wherein, the second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries a recharge amount and a recharge password; then

The operation completion unit 93 specifically includes:

Loading request generating module 931, configured to generate a loading request according to the recharging initialization instruction; wherein, the loading request carries the recharging amount, the recharging password, and the card application card number indicated by the card application identification and the account balance of the card application indicated by the card application identifier;

The loading request sending module 932 is configured to send the loading request generated by the loading request generating module 931 to the account platform through the SIM card, so that the account platform can use the recharge amount and the recharge password , the card number and the account balance complete the loading process.

Wherein, the second card application operation instruction is a consumption initialization instruction; then

The operation completion unit 93 specifically includes:

A consumption key generating module 933, configured to generate a consumption key according to the consumption initialization instruction;

A consumption response message sending module, configured to carry the consumption key generated by the consumption key generation module in the consumption response message and send it to the SIM card, and the SIM card generates an encrypted consumption key according to the consumption key A first fee deduction instruction; wherein, the encrypted first fee deduction instruction carries a consumption amount and a consumption password;

The first deduction instruction receiving module 934 is configured to receive the encrypted first deduction instruction sent by the SIM card;

The deduction module 935 is configured to use the consumption key generated by the consumption key generation module 933, and the consumption amount and the consumption amount carried in the encrypted first deduction instruction received by the first deduction instruction receiving module 934. Password to complete the deduction.

Wherein, the second card application operation instruction is a transfer initialization instruction, and the card application is a transfer-out account; then

The operation completion unit 93 specifically includes:

A transfer key generating module 936, configured to generate a transfer key according to the transfer initialization instruction;

The transfer key sending module 937 is configured to carry the transfer key generated by the transfer key generation module 936 in the transfer response message and send it to the SIM card, and the SIM card generates an encrypted key according to the transfer key. The second fee deduction instruction; wherein, the encrypted second fee deduction instruction carries the transfer amount and the transfer password;

The second deduction instruction receiving module 938 is configured to receive the encrypted second deduction instruction sent by the SIM card;

The deduction module 939 is configured to use the transfer key generated by the transfer key generation module 936, and the transfer amount and transfer amount carried in the encrypted second deduction instruction received by the second deduction instruction receiving module 938. The password completes the deduction, and feeds back the second deduction result to the SIM card, and the SIM card generates the first transfer instruction carrying the transfer amount according to the second deduction result, and sends it to the transfer-in account , enabling the transfer-in account to complete the transfer according to the transfer amount carried in the first transfer instruction.

For the convenience of description, the above parts are divided into modules (or units) according to their functions and described separately. Certainly, when implementing the present invention, the functions of each module (or unit) can be implemented in one or more pieces of software or hardware.

During specific implementation, the above-mentioned second device for processing the SIM card application may be set in the SIM card.

As shown in FIG. 10, a schematic structural diagram of a system for processing SIM card applications provided by an embodiment of the present invention includes: a mobile terminal 101 and a customer identification module SIM card 102 including at least one card application 103, wherein:

The mobile terminal 101 is configured to send a first card application operation instruction to the SIM card 102; wherein, the first card application operation instruction carries a card application identifier;

The SIM card 102 is configured to receive the first card application operation instruction; according to the card application identification carried in the first card application operation instruction, send an authentication request to the card application 103 indicated by the card application identification, to Realize the two-way authentication with the card application 103 indicated by the card application identification; when the two-way authentication with the card application 103 indicated by the card application identification succeeds, send The second card applies an operation instruction;

The card application 103 indicated by the card application identifier is used to receive the authentication request sent by the SIM card 102; perform two-way authentication with the SIM card 102 according to the authentication request; When the two-way authentication is successful, receive the second card application operation instruction sent by the SIM card 102; complete the corresponding operation according to the second card application operation instruction.

Wherein, the SIM card 102 is specifically used for:

According to the card application identification carried in the first card application operation instruction, send an authentication request to the card application 103 indicated by the card application identification; receive the first encrypted ciphertext fed back by the card application 103 indicated by the card application identification; Judging whether the second encrypted ciphertext generated in advance based on the first key is the same as the received first encrypted ciphertext; when the second encrypted ciphertext is identical to the first encrypted ciphertext, continue to The second key pre-agreed by the card application 103 indicated by the card application identifier generates a third encrypted ciphertext and sends it to the card application 103 indicated by the card application identifier; when receiving the card application indicated by the card application identifier When the authentication success message sent by 103, it is determined that the two-way authentication is successful;

The card application 103 indicated by the card application identifier is specifically used for:

According to the authentication request and the first key pre-agreed with the SIM card 102, a first encrypted ciphertext is generated and sent to the SIM card 102; when receiving the third encrypted ciphertext sent by the SIM card 102 When ciphertext, continue to generate the fourth encrypted ciphertext according to the second key pre-agreed with the SIM card 102; judge whether the fourth encrypted ciphertext is the same as the received third encrypted ciphertext; when the When the fourth encrypted ciphertext is the same as the received third encrypted ciphertext, an authentication success message is sent to the SIM card 102 .

Wherein, the first card application operation instruction is a recharge instruction, and the recharge instruction also carries a recharge amount and a recharge password;

The second card application operation instruction is a recharge initialization instruction, and the recharge initialization instruction carries the recharge amount and the recharge password;

The SIM card 102 is specifically used for:

Sending a recharge initialization instruction to the card application 103 indicated by the card application identifier; receiving a loading request fed back by the card application 103 indicated by the card application identifier according to the recharging initialization instruction; wherein, the loading request carries the The recharge amount, the recharge password, the card application card number indicated by the card application identification and the account balance of the card application indicated by the card application identification; sending the loading request to the account platform, so that the account platform completing loading processing according to the recharge amount, the recharge password, the card number and the account balance;

The card application 103 indicated by the card application identifier is specifically used for:

According to the recharge initialization instruction, a credit loading request is generated and sent to the SIM card 102 .

Wherein, the system also includes: a control platform 104;

The SIM card 102 is specifically used for:

Send the loading request to the control platform 104, and the control platform 104 sends the loading request to the accounting platform;

The SIM card 102 is also used for:

receiving the recharge script sent by the control platform 104; wherein, the recharge script is generated after the control platform 104 receives the transfer processing result sent by the account platform;

Send the recharge script to the card application 103 indicated by the card application identifier;

The card application 103 indicated by the card application identifier is also used for:

The account balance is updated according to the recharge script.

Wherein, the first card application operation instruction is a consumption instruction, and the consumption instruction also carries a consumption amount and a consumption password;

The second card application operation instruction is a consumption initialization instruction;

The SIM card 102 is specifically used for:

Send a consumption initialization instruction to the card application 103 indicated by the card application identification; receive a consumption response message fed back by the card application 103 indicated by the card application identification; wherein, the consumption response message carries a consumption key; according to the consumption Responding to the consumption key in the message, generate an encrypted first deduction instruction; wherein, the encrypted first deduction instruction carries the consumption amount and consumption password; The instruction is sent to the card application 103 indicated by the card application identifier;

The card application 103 indicated by the card application identifier is specifically used for:

Generate a consumption key according to the consumption initialization instruction; carry the consumption key in the consumption response message and send it to the SIM card 102; receive the encrypted first deduction key sent by the SIM card 102; The consumption key, and the consumption amount and consumption password carried in the encrypted first deduction instruction are used to complete deduction.

Wherein, the first card application operation instruction is a transfer instruction, and the transfer instruction carries a card application identifier, a transfer amount, and a transfer password, and the card application identifier includes: a transfer-out account identifier and a transfer-in account identifier; The second card application operation instruction is a transfer initialization instruction sent to the card application indicated by the transfer-out account identifier in the card application identifier;

The SIM card 102 is specifically used for:

Sending a transfer initialization instruction to the card application 103 indicated by the transfer-out account identifier in the card application identifier; receiving a transfer response message fed back by the card application 103 indicated by the transfer-out account identifier; wherein, the transfer response message carries the transfer key; according to the transfer key, an encrypted second deduction instruction is generated; wherein, the encrypted second deduction instruction carries the transfer amount and the transfer password; the encrypted second The deduction instruction is sent to the card application 103 indicated by the transfer-out account identifier; and the first transfer instruction carrying the transfer amount is sent to the card application 103 indicated by the transfer-in account identifier;

The card application 103 indicated by the transfer-out account identifier is specifically used for:

According to the transfer initialization instruction, generate a transfer key; carry the transfer key in the transfer response message and send it to the SIM card 102; receive the encrypted second deduction instruction sent by the SIM card 102, according to The transfer key, and the transfer amount and transfer password carried in the encrypted second deduction instruction complete the deduction;

The card application 103 indicated by the transfer-in account identifier is specifically used for:

The encrypted first transfer instruction sent by the SIM card 102 is received, and the transfer is completed according to the transfer amount carried in the first transfer instruction.

For the convenience of description, the above parts are divided into modules (or units) according to their functions and described separately. Certainly, when implementing the present invention, the functions of each module (or unit) can be implemented in one or more pieces of software or hardware.

Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (26)

1. one kind SIM is applied the method processed, it is characterised in that including:

Client identification module SIM receives the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in described first card application operating instruction；

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction；

When the two-way authentication success blocked between application of described card application identities instruction, send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application that described card application identities is indicated.

2. the method for claim 1, it is characterized in that, according to the card application identities carried in described first card application operating instruction, certification request is sent to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction, specifically include:

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction；

Receive the first encrypted cipher text of the card application feedback of described card application identities instruction；Wherein, described first encrypted cipher text is blocking of described card application identities instruction to apply the first key generation that basis is made an appointment with described SIM；

Judge that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received；

When described second encrypted cipher text is identical with described first encrypted cipher text, continue the second key according to the card application with the instruction of described card application identities is made an appointment and generate the 3rd encrypted cipher text, and it is sent to the card application of described card application identities instruction, judged that whether the 4th encrypted cipher text generated previously according to described second key is identical with the 3rd encrypted cipher text received by the card application of described card application identities instruction, to realize the certification to described SIM；

When the certification success message that the card application receiving the instruction of described card application identities sends, it is determined that two-way authentication success.

3. the method for claim 1, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money instruction also carry recharge amount and supplement password with money；Then

Described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry described recharge amount and described supplements password with money；And

Send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application to the instruction of described card application identities, specifically include:

Initialization directive is supplemented in card application transmission to the instruction of described card application identities with money；

Receive the circle supplementing initialization directive feedback described in the card application basis of described card application identities instruction with money and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

The described circle request of depositing is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

4. the method for claim 1, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；Then

Second card application operating instruction is consumption initialization directive；And

Send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application to the instruction of described card application identities, specifically include:

Consumption initialization directive is sent to the card application of described card application identities instruction；

Receive the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries the consumption key that the card application of described card application identities instruction generates according to described consumption initialization directive；

According to the consumption key in described consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password；

The first fee deduction instruction after described encryption is sent to the card application of described card application identities instruction, applied according to described consumption key by the card of described card application identities instruction, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

5. the method for claim 1, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Then

Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Send the second card application operating instruction to the card application of described card application identities instruction, to complete the operation of the card application to the instruction of described card application identities, specifically include:

Transfer accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；

The response message of transferring accounts of the card application feedback of account identification instruction is produced described in reception；Wherein, transfer accounts described in the card application of producing account identification instruction described in carrying in response message according to described in transfer accounts the key of transferring accounts that initialization directive generates；

According to the described key of transferring accounts transferred accounts in response message, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number；

The card application of account identification instruction is produced described in the second fee deduction instruction after described encryption being sent to, applied, by the described card producing account identification instruction, key of transferring accounts described in basis, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

Send, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts, the described card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

6. one kind SIM is applied the method processed, it is characterised in that including:

Card application receives the certification request that client identification module SIM sends, and carries out two-way authentication with described SIM；

During two-way authentication success between described SIM, receive the second card application operating instruction that described SIM sends；

According to described second card application operating instruction, complete corresponding operating.

7. method as claimed in claim 6, it is characterised in that card application receives the certification request that client identification module SIM sends, and carries out two-way authentication with described SIM, specifically includes:

Receive the certification request that SIM sends；

Ask according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text；

Described first encrypted cipher text is sent to described SIM, described SIM judges that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received, to realize the certification to described card application of the described SIM；

When receiving three encrypted cipher text that described SIM sends, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text；Wherein, described 3rd encrypted cipher text is that described SIM is judged when described second encrypted cipher text is identical with described first encrypted cipher text, generates according to described second key；

Judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；

When described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received, it is determined that two-way authentication success.

8. method as claimed in claim 6, it is characterised in that described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry recharge amount and supplements password with money；Then

According to described second card application operating instruction, complete corresponding operating, specifically include:

Supplement initialization directive with money according to described, generate circle and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

The request of being deposited by described circle is sent to account platform by described SIM, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

9. method as claimed in claim 6, it is characterised in that the second card application operating instruction is consumption initialization directive；Then

According to described second card application operating instruction, complete corresponding operating, specifically include:

According to described consumption initialization directive, generate consumption key；

Described consumption key is carried in consumption response message, is sent to described SIM, by described SIM according to described consumption key, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried spending amount and consumption password；

Receive the first fee deduction instruction after the encryption that described SIM sends；

According to described consumption key, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

10. method as claimed in claim 6, it is characterised in that described second card application operating instruction is initialization directive of transferring accounts, and described card application is for producing account；Then

According to described second card application operating instruction, complete corresponding operating, specifically include:

According to described initialization directive of transferring accounts, generate key of transferring accounts；

Described key of transferring accounts is carried in response message of transferring accounts, is sent to described SIM, by described SIM according to described in transfer accounts key, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries transfer amounts and secret number；

Receive the second fee deduction instruction after the encryption that described SIM sends；

According to described key of transferring accounts, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees, and feed back second to described SIM and deduct fees result, deducted fees result according to described second by described SIM, generate the first transfer instructions carrying described transfer amounts, and be sent to and proceed to account, proceed to account described in making and complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

11. the device processed applied by SIM by one kind, it is characterised in that including:

First card application operating instruction reception unit, for receiving the first card application operating instruction that mobile terminal sends；Wherein, card application identities is carried in described first card application operating instruction；

Authentication ' unit, for the card application identities carried in the first card application operating instruction according to described first card application operating instruction reception unit reception, certification request is sent, to realize the two-way authentication between the card application of described card application identities instruction to the card application of described card application identities instruction；

Second card application operating instruction sending unit, for when in described authentication ' unit and described card application identities indicate card application between two-way authentication success time, the second card application operating instruction is sent, to complete the operation of the card application to the instruction of described card application identities to the card application of described card application identities instruction.

12. device as claimed in claim 11, it is characterised in that described authentication ' unit, specifically include:

Certification request sending module, for according to the card application identities carried in described first card application operating instruction, sending certification request to the card application of described card application identities instruction；

Ciphertext receiver module, for receiving the first encrypted cipher text of the card application feedback of described card application identities instruction；Wherein, described first encrypted cipher text is blocking of described card application identities instruction to apply the first key generation that basis is made an appointment with client identification module SIM；

Whether judge module is identical with the first encrypted cipher text that described ciphertext receiver module receives for judging the second encrypted cipher text generated previously according to described first key；

Ciphertext sending module, for when described judge module judges that the second encrypted cipher text is identical with described first encrypted cipher text, continue the second key according to the card application with the instruction of described card application identities is made an appointment and generate the 3rd encrypted cipher text, and it is sent to the card application of described card application identities instruction, judged that whether the 4th encrypted cipher text generated previously according to described second key is identical with the 3rd encrypted cipher text received by the card application of described card application identities instruction, to realize the certification to described SIM；

Module is successfully determined in two-way authentication, for when receiving the certification success message of card application transmission of described card application identities instruction, it is determined that two-way authentication success.

13. device as claimed in claim 11, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money and instruction also carry recharge amount and supplements password with money；Then

Described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry described recharge amount and described supplements password with money；

Described second card application operating instruction sending unit, specifically includes:

Supplement initialization directive sending module with money, for supplementing initialization directive with money to the card application transmission of described card application identities instruction；

Enclosing and deposit request receiver module, request deposited by the circle supplementing initialization directive feedback with money supplementing the transmission of initialization directive sending module described in application basis with money that blocks being used for receiving the instruction of described card application identities；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module deposited by circle, and the circle request of depositing received for described circle is deposited request receiver module is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

14. device as claimed in claim 11, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；Then

Second card application operating instruction is consumption initialization directive；

Described second card application operating instruction sending unit, specifically includes:

Consumption initialization directive sending module, for sending consumption initialization directive to the card application of described card application identities instruction；

Consumption response message receiver module, for receiving the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries the consumption key that the card application of described card application identities instruction generates according to the consumption initialization directive that described consumption initialization directive sending module sends；

First fee deduction instruction sending module, for the consumption key consumed in response message received according to described consumption response message receiver module, generates the first fee deduction instruction after encryption, and is sent to the card application of described card application identities instruction；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password, applied according to described consumption key by the card of described card application identities instruction, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

15. device as claimed in claim 11, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Then

Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Described second card application operating instruction sending unit, specifically includes:

Transfer accounts initialization directive sending module, for transferring accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；

Transfer accounts response message receiver module, for producing the response message of transferring accounts of the card application feedback of account identification instruction described in receiving；Wherein, transfer accounts described in the card application of producing account identification instruction described in carrying in response message according to described in transfer accounts the key of transferring accounts that the initialization directive of transferring accounts that initialization directive sending module sends generates；

Second fee deduction instruction sending module, for according to described in transfer accounts the key of transferring accounts transferring accounts in response message that response message receiver module receives, generate the second fee deduction instruction after encryption, and produce the card application of account identification instruction described in being sent to；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number, applied, by the described card producing account identification instruction, key of transferring accounts described in basis, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

First transfer instructions sending module, for sending, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts, the described card application proceeding to account identification instruction complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

16. the device processed applied by SIM by one kind, it is characterised in that including:

Authentication ' unit, for receiving the certification request that client identification module SIM sends, carries out two-way authentication with described SIM；

Second card application operating instruction reception unit, for when two-way authentication success in described authentication ' unit and between described SIM, receiving the second card application operating instruction that described SIM sends；

Operate unit, for the second card application operating instruction received according to described second card application operating instruction reception unit, complete corresponding operating.

17. device as claimed in claim 16, it is characterised in that described authentication ' unit, specifically include:

Certification request receiver module, for receiving the certification request that SIM sends；

Ciphertext sending module, for asking the certification that receiver module receives to be asked according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text, and it is sent to described SIM, judged that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received by described SIM, to realize the certification to described card application of the described SIM；

Ciphertext receiver module, for receiving the 3rd encrypted cipher text that described SIM sends；

Judge module, for when described ciphertext receiver module receives three encrypted cipher text stating SIM transmission, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text, and judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；Wherein, described 3rd encrypted cipher text is that described SIM is judged when described second encrypted cipher text is identical with described first encrypted cipher text, generates according to described second key；

Module is determined in two-way authentication, for when to judge the 4th encrypted cipher text identical with the 3rd encrypted cipher text received for described judge module, it is determined that two-way authentication is successfully.

18. device as claimed in claim 16, it is characterised in that described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry recharge amount and supplements password with money；Then

Described operation completes unit, specifically includes:

Request generation module deposited by circle, supplements initialization directive with money described in basis, generates circle and deposits request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；

Request sending module deposited by circle, the circle request of depositing generated for described circle is deposited request generation module is sent to account platform by described SIM, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process.

19. device as claimed in claim 16, it is characterised in that the second card application operating instruction is consumption initialization directive；Then

Described operation completes unit, specifically includes:

Consumption key production module, for according to described consumption initialization directive, generating consumption key；

Consumption response message sending module, is sent to described SIM for being carried by the consumption key that described consumption key production module generates in consumption response message, by described SIM according to described consumption key, generates the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried spending amount and consumption password；

First fee deduction instruction receiver module, is used for the first fee deduction instruction after receiving the encryption that described SIM sends；

Deducting fees module, for the consumption key generated according to described consumption key production module, and the spending amount carried in the first fee deduction instruction after the encryption that receives of described first fee deduction instruction receiver module and consumption password complete to deduct fees.

20. device as claimed in claim 16, it is characterised in that described second card application operating instruction is initialization directive of transferring accounts, and described card application is for producing account；Then

Described operation completes unit, specifically includes:

Transfer accounts key production module, for according to described in transfer accounts initialization directive, generate key of transferring accounts；

Transfer accounts key sending module, in response message of transferring accounts, be sent to described SIM for being carried by the key of transferring accounts that described key production module of transferring accounts generates, by described SIM according to described in transfer accounts key, generate the second fee deduction instruction after encrypting；Wherein, the second fee deduction instruction after described encryption carries transfer amounts and secret number；

Second fee deduction instruction receiver module, is used for the second fee deduction instruction after receiving the encryption that described SIM sends；

Deduct fees module, the key of transferring accounts that key production module of transferring accounts described in basis generates, and the transfer amounts that carries and secret number complete to deduct fees in the second fee deduction instruction after the encryption that receives of described second fee deduction instruction receiver module, and feed back second to described SIM and deduct fees result, deducted fees result according to described second by described SIM, generate the first transfer instructions carrying described transfer amounts, and be sent to and proceed to account, proceed to account described in making and complete to transfer accounts according to the transfer amounts carried in described first transfer instructions.

21. the system processed applied by SIM by one kind, it is characterised in that include mobile terminal and comprise the client identification module SIM of at least one card application, wherein:

Described mobile terminal, for sending the first card application operating instruction to described SIM；Wherein, card application identities is carried in described first card application operating instruction；

Described SIM, is used for receiving described first card application operating instruction；According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction, to realize the two-way authentication between the card application of described card application identities instruction；When the two-way authentication success blocked between application of described card application identities instruction, send the second card application operating instruction to the card application of described card application identities instruction；

The card application of described card application identities instruction, for receiving the certification request that described SIM sends；Ask according to described certification, carry out two-way authentication with described SIM；During two-way authentication success between described SIM, receive the second card application operating instruction that described SIM sends；According to described second card application operating instruction, complete corresponding operating.

22. system as claimed in claim 21, it is characterised in that described SIM, specifically for:

According to the card application identities carried in described first card application operating instruction, send certification request to the card application of described card application identities instruction；Receive the first encrypted cipher text of the card application feedback of described card application identities instruction；Judge that whether the second encrypted cipher text generated previously according to described first key is identical with the first encrypted cipher text received；When described second encrypted cipher text is identical with described first encrypted cipher text, continues to generate the 3rd encrypted cipher text according to the second key that the card application with the instruction of described card application identities is made an appointment, and be sent to the card application of described card application identities instruction；When the certification success message that the card application receiving the instruction of described card application identities sends, it is determined that two-way authentication success；

The card application of described card application identities instruction, specifically for:

Ask according to described certification, and and the first key of making an appointment of described SIM, generate the first encrypted cipher text, and be sent to described SIM；When receiving three encrypted cipher text that described SIM sends, continue the second key that basis is made an appointment with described SIM, generate the 4th encrypted cipher text；Judge that whether described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received；When described 4th encrypted cipher text is identical with the 3rd encrypted cipher text received, send certification success message to described SIM.

23. system as claimed in claim 21, it is characterised in that described first card application operating instruction for supplementing instruction with money, and described in supplement with money and instruction also carry recharge amount and supplements password with money；

Described second card application operating instruction for supplementing initialization directive with money, and described in supplement with money and initialization directive carry described recharge amount and described supplements password with money；

Described SIM, specifically for:

Initialization directive is supplemented in card application transmission to the instruction of described card application identities with money；Receive the circle supplementing initialization directive feedback described in the card application basis of described card application identities instruction with money and deposit request；Wherein, described circle deposit request is carried described recharge amount, described in supplement with money password, described card application identities instruction card application card number and described card application identities instruction card application account balance；The described circle request of depositing is sent to account platform, in order to described account platform according to described recharge amount, described in supplement password, described card number and described account balance with money and complete circle and deposit process；

The card application of described card application identities instruction, specifically for:

Supplement initialization directive with money according to described, generate circle and deposit request, and be sent to described SIM.

24. the system as claimed in claim 22, it is characterised in that described system also includes: parametric controller；Then

Described SIM, specifically for:

The described circle request of depositing is sent to parametric controller, described parametric controller the described circle request of depositing is sent to account platform；

Described SIM is additionally operable to:

What receive the transmission of described parametric controller supplements script with money；Wherein, supplementing script described in money is that described parametric controller receives the circle that described account platform sends and deposits and generate after result；

Described script of supplementing with money is sent to the card application of described card application identities instruction；

The card application of described card application identities instruction, is additionally operable to:

According to described script of supplementing with money, described account balance is updated.

25. system as claimed in claim 21, it is characterised in that described first card application operating instruction is consumption order, and described consumption order also carries spending amount and consumption password；

Second card application operating instruction is consumption initialization directive；

Described SIM, specifically for:

Consumption initialization directive is sent to the card application of described card application identities instruction；Receive the consumption response message of the card application feedback of described card application identities instruction；Wherein, described consumption response message carries consumption key；According to the consumption key in described consumption response message, generate the first fee deduction instruction after encryption；Wherein, the first fee deduction instruction after described encryption is carried described spending amount and consumption password；The first fee deduction instruction after described encryption is sent to the card application of described card application identities instruction；

The card application of described card application identities instruction, specifically for:

According to described consumption initialization directive, generate consumption key；Described consumption key is carried in consumption response message, is sent to described SIM；Receive after the encryption that SIM sends first to deduct fees key；According to described consumption key, and the spending amount carried in the first fee deduction instruction after described encryption and consumption password complete to deduct fees.

26. system as claimed in claim 21, it is characterized in that, described first card application operating instruction is transfer instructions, and carries card application identities, transfer amounts and secret number in described transfer instructions, and described card application identities includes: produces account identification and proceeds to account identification；Described second card application operating instruction is the initialization directive of transferring accounts sent to the card application producing account identification instruction in described card application identities；

Described SIM, specifically for:

Transfer accounts initialization directive to the card application transmission producing account identification instruction in described card application identities；The response message of transferring accounts of the card application feedback of account identification instruction is produced described in reception；Wherein, transfer accounts described in and response message carries key of transferring accounts；According to described key of transferring accounts, generate the second fee deduction instruction after encryption；Wherein, the second fee deduction instruction after described encryption carries described transfer amounts and secret number；The card application of account identification instruction is produced described in the second fee deduction instruction after described encryption being sent to；And send, to the described card application proceeding to account identification instruction, the first transfer instructions carrying described transfer amounts；

The described card application producing account identification instruction, specifically for:

According to described initialization directive of transferring accounts, generate key of transferring accounts；Described key of transferring accounts is carried in response message of transferring accounts, is sent to described SIM；Receiving the second fee deduction instruction after the encryption that described SIM sends, according to described key of transferring accounts, and the transfer amounts carried in the second fee deduction instruction after described encryption and secret number complete to deduct fees；

The described card application proceeding to account identification instruction, specifically for:

Receiving the first transfer instructions after the encryption that described SIM sends, the transfer amounts according to carrying in described first transfer instructions completes to transfer accounts.