[go: up one dir, main page]

CN117615376A - Intelligent terminal authorization and restoration method and device based on ESAM module - Google Patents

Intelligent terminal authorization and restoration method and device based on ESAM module Download PDF

Info

Publication number
CN117615376A
CN117615376A CN202311568178.1A CN202311568178A CN117615376A CN 117615376 A CN117615376 A CN 117615376A CN 202311568178 A CN202311568178 A CN 202311568178A CN 117615376 A CN117615376 A CN 117615376A
Authority
CN
China
Prior art keywords
esam module
card
module
esam
intelligent terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311568178.1A
Other languages
Chinese (zh)
Inventor
焦征海
李冰
刘焱
崔永刚
李旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Newcapec Electronics Co Ltd
Original Assignee
Newcapec Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Newcapec Electronics Co Ltd filed Critical Newcapec Electronics Co Ltd
Priority to CN202311568178.1A priority Critical patent/CN117615376A/en
Publication of CN117615376A publication Critical patent/CN117615376A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an ESAM module-based intelligent terminal authorization and restoration method, which comprises the following steps: initializing and configuring an ESAM module, and carrying out encryption card issuing on a first non-contact card through an encryption system to obtain an authorization card; the second non-contact card is subjected to encryption card issuing through an encryption system, and a recovery card is obtained; authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module, and respectively writing client information and a service key into the ESAM module after the authorization authentication is successful to complete the authorization of the ESAM module; the method comprises the steps of restoring an intelligent terminal embedded with an ESAM module, carrying out external authentication on the ESAM module, writing initial information of client information into the ESAM module after the restoration authentication is successful, writing initial information of an ESAM module key into the ESAM module, and completing restoration of the ESAM module.

Description

Intelligent terminal authorization and restoration method and device based on ESAM module
Technical Field
The application relates to the technical field of intelligent terminal application, in particular to an intelligent terminal authorization and restoration method and device based on an ESAM module.
Background
At present, aiming at the release of intelligent terminal equipment embedded with an ESAM module, encryption release of the ESAM module is generally finished, then the ESAM module is welded on the intelligent terminal equipment, the process is complex, more intermediate links are involved, and once the ESAM module is in encryption error, the ESAM module is often required to be repeatedly disassembled and welded, so that not only is the manpower wasted, but also the ESAM module is easy to damage.
Therefore, how to overcome the above-mentioned technical problems and drawbacks becomes a major problem to be solved.
Disclosure of Invention
In order to solve the problems that the ESAM module is required to be repeatedly disassembled and welded at present, not only is labor wasted, but also the ESAM module is easy to damage, the application provides an intelligent terminal authorization and restoration method based on the ESAM module, and the following technical scheme is adopted:
in a first aspect, the present application provides an ESAM module-based intelligent terminal authorization and restoration method, including:
performing preset function configuration on the ESAM module to finish initialization configuration on the ESAM module;
the encryption system is used for encrypting and issuing the first non-contact card, and based on the initial key of the prefabricated ESAM module, the client information and the service key data, the authorized issuing of the first non-contact card is completed, and an authorized card is obtained;
encrypting and issuing the second non-contact card through an encryption system, and completing the restoration and issuing of the second non-contact card based on the card master control key, the application master control key, the customer initial information and the service initial key data of the prefabricated ESAM module to obtain a restored card;
authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, respectively writing client information and a service key into the ESAM module after the authorization authentication is successful, updating the authorization state of the ESAM module, and completing the authorization of the ESAM module;
and restoring the intelligent terminal embedded into the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restoring card, writing client information initial information into the ESAM module after the restoring authentication is successful, writing the ESAM module key initial information into the ESAM module, updating the restoring state, and finishing the restoring of the ESAM module.
Further, the performing the predetermined function configuration on the ESAM module to complete the initialization configuration on the ESAM module includes:
the ESAM module manufacturer creates a file structure according to the requirement, writes an ESAM module initial key, completes factory setting of the ESAM module, and realizes initialization configuration of the ESAM module.
Further, the encryption system encrypts the first non-contact card in the card issuing process to the first non-contact card, wherein the first non-contact card is a CPU card.
Further, the encryption system encrypts the second non-contact card in the card issuing process to the second non-contact card, wherein the second non-contact card is a CPU card.
Further, the intelligent terminal embedded with the ESAM module is authorized, external authentication is carried out on the ESAM module according to an initial key of the prefabricated ESAM module in the authorization card, after the authorization authentication is successful, client information and a service key are respectively written into the ESAM module, the authorization state of the ESAM module is updated, and the authorization of the ESAM module is completed, and the method specifically comprises the following steps:
(1) The intelligent terminal sends a first random number fetching instruction to the ESAM module;
(2) The intelligent terminal sends an internal authentication instruction to the authorization card, the intelligent terminal sends a first random number to the authorization card, the authorization card generates first random number ciphertext data according to an initial key of the ESAM module and the first random number, and the first random number ciphertext data is transmitted to the intelligent terminal;
(3) The intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes through, the intelligent terminal sends a file reading instruction to the authorization card, the authorization card obtains client information and key information, and the authorization card sends the client information and the key information to the intelligent terminal;
(4) The intelligent terminal sends a file writing and key command to the ESAM module;
(5) The ESAM module updates the card master control key to prevent unauthorized access and operation; the ESAM module updates the client information; the ESAM module updates key information;
(6) After the information updating is completed, the ESAM module returns the authorized result state to the intelligent terminal to represent the authorized result, and the ESAM module completes the authorization.
Further, the smart terminal embedded in the ESAM module performs external authentication on the ESAM module according to the prefabricated client key in the restore card, after the restore authentication is successful, the client information initial information is written into the ESAM module, the ESAM module key initial information is written into the ESAM module, the restore state is updated, and the restore of the ESAM module is completed, which is specifically expressed as follows:
(1) The intelligent terminal sends a second random number fetching instruction to the ESAM module;
(2) The intelligent terminal sends an internal authentication instruction to the reduction card, the intelligent terminal sends a second random number to the reduction card, the reduction card generates second random number ciphertext data according to a card main control password and the second random number of the ESAM module, and the second random number ciphertext data is sent to the intelligent terminal;
(3) The intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes through, the intelligent terminal sends a file reading instruction to the recovery card, the recovery card reads the initial client information and the initial service key data, and the recovery card sends the initial client information and the initial service key data to the intelligent terminal;
(4) The intelligent terminal sends a file writing and key command to the ESAM module;
(5) The ESAM module updates the card main control key, the ESAM module updates the client information into client initial information, and the ESAM module updates the key information into service key initial data.
(6) After the information updating is completed, the ESAM module returns the restored result state to the intelligent terminal to represent the restored result, and the ESAM module completes the restoration.
In a second aspect, the present application further provides an ESAM module-based intelligent terminal authorization and restoration device, including:
the initialization configuration module is used for carrying out preset functional configuration on the ESAM module and completing the initialization configuration on the ESAM module;
the authorization card issuing module is used for encrypting and issuing a card to the first non-contact card through the encryption system, and completing the authorization issuing of the first non-contact card based on the initial key, the client information and the service key data of the prefabricated ESAM module to acquire the authorization card;
the restoring card issuing module is used for encrypting and issuing the second non-contact card through the encryption system, and restoring and issuing the second non-contact card is completed based on the card master control key, the application master control key, the customer initial information and the service initial key data of the prefabricated ESAM module to obtain a restoring card;
the ESAM module authorization module is used for authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, writing the client information and the service key into the ESAM module respectively after the authorization authentication is successful, updating the authorization state of the ESAM module and completing the authorization of the ESAM module;
and the ESAM module restoring module is used for restoring the intelligent terminal embedded in the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restoring card, writing the client information initial information into the ESAM module after the restoring authentication is successful, writing the ESAM module key initial information into the ESAM module, updating the restoring state and finishing the restoring of the ESAM module.
In a third aspect, the present application provides an electronic device, including:
one or more processors; a memory; and one or more computer programs, wherein the one or more computer programs are stored in the memory, the one or more computer programs comprising instructions, which when executed by the device, cause the device to perform the method of the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having a computer program stored therein, which when run on a computer causes the computer to perform the method according to the first aspect.
In a fifth aspect, the present application provides a computer program for performing the method of the first aspect when the computer program is executed by a computer.
In one possible design, the program in the fifth aspect may be stored in whole or in part on a storage medium packaged with the processor, or in part or in whole on a memory not packaged with the processor.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
1. the method and the device realize that clients are not distinguished in the production link of the intelligent terminal equipment, so that the aim of mass production is fulfilled, meanwhile, the authorized intelligent terminal equipment can be restored, and the maintenance cost is reduced.
2. According to the method and the device, the ESAM module is customized, direct writing of the secret key in a ciphertext mode is supported, the ciphertext of the service secret key can be transmitted through the authorization card and the recovery card, and interaction of the writing secret key is reduced.
Drawings
FIG. 1 is an exemplary system architecture diagram in which embodiments of the present application may be applied;
FIG. 2 is a flowchart of an ESAM module-based intelligent terminal authorization and restoration method of the present application;
FIG. 3 is an ESAM module-based intelligent terminal authorization flowchart of the present application;
FIG. 4 is an ESAM module-based intelligent terminal authorization logic execution diagram of the present application;
FIG. 5 is a flowchart of the smart terminal restore process based on ESAM module of the present application;
FIG. 6 is an ESAM module-based intelligent terminal restoration logic execution diagram of the present application;
FIG. 7 is a schematic diagram of an ESAM module-based intelligent terminal authorization and restoration device of the present application;
fig. 8 is a schematic diagram of a computer device according to an embodiment of the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the description of the figures above are intended to cover non-exclusive inclusions. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In order to better understand the technical solutions of the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic video expert compression standard audio plane 3), MP4 (Moving Picture Experts GroupAudio Layer IV, dynamic video expert compression standard audio plane 4) players, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the smart terminal authorization and restoration method based on the ESAM module provided in the embodiments of the present application is generally executed by a server/terminal device, and accordingly, the smart terminal authorization and restoration device based on the ESAM module is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flowchart of an ESAM module-based intelligent terminal authorization and restoration method of the present application is shown, where the method includes the following steps:
step S1, carrying out preset functional configuration on an ESAM module to finish initialization configuration of the ESAM module;
the performing the predetermined function configuration on the ESAM module to complete the initialization configuration on the ESAM module includes: the ESAM module manufacturer creates a file structure according to the requirement, writes an ESAM module initial key, completes factory setting of the ESAM module, and realizes initialization configuration of the ESAM module.
Step S2, encrypting and issuing a card to the first non-contact card through an encryption system, and completing the authorized issuing of the first non-contact card based on the initial key of the prefabricated ESAM module, the client information and the service key data to obtain an authorized card;
and the first non-contact card in the encryption card issuing process of the first non-contact card is a CPU card through the encryption system.
Step S3, encrypting and issuing a second non-contact card through an encryption system, and completing the restoration and issuing of the second non-contact card based on a card master control key, an application master control key, customer initial information and service initial key data of a prefabricated ESAM module to obtain a restored card;
and the second non-contact card in the encryption card issuing process of the second non-contact card is a CPU card through the encryption system.
Step S4, authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, writing the client information and the service key into the ESAM module after the authorization authentication is successful, updating the authorization state of the ESAM module, and completing the authorization of the ESAM module;
the intelligent terminal embedded with the ESAM module is authorized, external authentication is carried out on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, after the authorization authentication is successful, the client information and the service key are respectively written into the ESAM module, the authorization state of the ESAM module is updated, and the authorization of the ESAM module is completed, and the method comprises the following specific steps:
step 401, an intelligent terminal sends a first random number fetching instruction to an ESAM module;
step 402, an intelligent terminal sends an internal authentication instruction to an authorization card, the intelligent terminal sends a first random number to the authorization card, the authorization card generates first random number ciphertext data according to an initial secret key of an ESAM module and the first random number, and the first random number ciphertext data is transmitted to the intelligent terminal;
step 403, the intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes, the intelligent terminal sends a file reading instruction to the authorization card, the authorization card obtains client information and key information, and the authorization card sends the client information and the key information to the intelligent terminal;
step 404, the intelligent terminal sends a file writing and key command to the ESAM module;
step 405, the esam module updates the card master key to prevent unauthorized access and operation; the ESAM module updates the client information; the ESAM module updates key information;
and step 406, after finishing the information updating, the ESAM module returns the authorized result state to the intelligent terminal to represent the authorized result, and the ESAM module finishes the authorization.
And S5, restoring the intelligent terminal embedded into the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restore card, writing client information initial information into the ESAM module after the restoration authentication is successful, writing ESAM module key initial information into the ESAM module, updating the restore state, and completing the restoration of the ESAM module.
The intelligent terminal embedded in the ESAM module is restored, external authentication is carried out on the ESAM module according to a prefabricated client key in a restore card, client information initial information is written into the ESAM module after the restoration authentication is successful, ESAM module key initial information is written into the ESAM module, a restore state is updated, and restoration of the ESAM module is completed, and the method specifically comprises the following steps:
step 501, the intelligent terminal sends a second random number fetching instruction to the ESAM module;
step 502, the intelligent terminal sends an internal authentication instruction to the reduction card, the intelligent terminal sends a second random number to the reduction card, the reduction card generates second random number ciphertext data according to a card master control password and the second random number of the ESAM module, and the second random number ciphertext data is sent to the intelligent terminal;
step 503, the intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes, the intelligent terminal sends a file reading instruction to the recovery card, the recovery card reads the initial client information and the initial service key data, and the recovery card sends the initial client information and the initial service key data to the intelligent terminal;
step 504, the intelligent terminal sends a file writing and key command to the ESAM module;
in step 505, the ESAM module updates the card master key, the ESAM module updates the client information to the client initial information, and the ESAM module updates the key information to the service key initial data.
And step 506, after the information updating is completed, the ESAM module returns the restored result state to the intelligent terminal to represent the restored result, and the ESAM module completes the restoration.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiment methods may be accomplished by way of a computer program stored in a computer-readable storage medium, which when executed, may comprise the steps of embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (RandomAccess Memory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
With continued reference to fig. 7, the smart terminal authorization and restoration device based on the ESAM module according to this embodiment includes: an initialization configuration module 701, an authorization card issuing module 702, a restoration card issuing module 703, an esam module authorization module 704, and an esam module restoration module 705;
an initialization configuration module 701, configured to perform a predetermined function configuration on the ESAM module, and complete the initialization configuration on the ESAM module;
the authorization card issuing module 702 is configured to encrypt and issue a card for the first contactless card through the encryption system, and complete authorization issuing for the first contactless card based on the initial key, the client information, and the service key data of the pre-made ESAM module, so as to obtain an authorization card;
the restoration card issuing module 703 is configured to encrypt and issue the second contactless card through the encryption system, and complete restoration and issuing of the second contactless card based on the card master control key, the application master control key, the client initial information, and the service initial key data of the pre-made ESAM module, so as to obtain a restoration card;
the ESAM module authorization module 704 is configured to authorize an intelligent terminal embedded in the ESAM module, perform external authentication on the ESAM module according to a pre-prepared ESAM module initial key in an authorization card, write client information and a service key into the ESAM module respectively after the authorization authentication is successful, update an authorization state of the ESAM module, and complete authorization of the ESAM module;
and the ESAM module restoring module 705 is used for restoring the intelligent terminal embedded in the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restoring card, writing the client information initial information into the ESAM module after the restoring authentication is successful, writing the ESAM module key initial information into the ESAM module, updating the restoring state and finishing the restoring of the ESAM module.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 8, fig. 8 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 8 comprises a memory 8a, a processor 8b, a network interface 8c communicatively connected to each other via a system bus. It should be noted that only computer device 8 having components 8a-8c is shown in the figures, but it should be understood that not all of the illustrated components need be implemented, and that more or fewer components may alternatively be implemented. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculations and/or information processing according to predetermined or stored instructions, and the hardware thereof includes, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (FPGAs), digital processors (Digital Signal Processor, DSPs), embedded devices, and the like.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 8a includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 8a may be an internal storage unit of the computer device 8, such as a hard disk or a memory of the computer device 8. In other embodiments, the memory 8a may also be an external storage device of the computer device 8, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 8. Of course, the memory 8a may also comprise both an internal memory unit of the computer device 8 and an external memory device. In this embodiment, the memory 8a is generally used for storing an operating system and various application software installed on the computer device 8, such as program codes of an ESAM module-based intelligent terminal authorization and restoration method. Further, the memory 8a may be used to temporarily store various types of data that have been output or are to be output.
The processor 8b may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 8b is typically used to control the overall operation of the computer device 8. In this embodiment, the processor 8b is configured to execute the program code stored in the memory 8a or process data, for example, execute the program code of the smart terminal authorization and restoration method based on the ESAM module.
The network interface 8c may comprise a wireless network interface or a wired network interface, which network interface 8c is typically used to establish a communication connection between the computer device 8 and other electronic devices.
The application also provides another embodiment, namely, a non-volatile computer readable storage medium, where a program of an ESAM module-based intelligent terminal authorization and restoration method is stored, where the ESAM module-based intelligent terminal authorization and restoration method can be executed by at least one processor, so that the at least one processor performs the steps of the ESAM module-based intelligent terminal authorization and restoration method described above.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
It is apparent that the embodiments described above are only some embodiments of the present application, but not all embodiments, the preferred embodiments of the present application are given in the drawings, but not limiting the patent scope of the present application. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a more thorough understanding of the present disclosure. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing, or equivalents may be substituted for elements thereof. All equivalent structures made by the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the protection scope of the application.

Claims (9)

1. An intelligent terminal authorization and restoration method based on an ESAM module is characterized by comprising the following steps:
performing preset function configuration on the ESAM module to finish initialization configuration on the ESAM module;
the encryption system is used for encrypting and issuing the first non-contact card, and based on the initial key of the prefabricated ESAM module, the client information and the service key data, the authorized issuing of the first non-contact card is completed, and an authorized card is obtained;
encrypting and issuing the second non-contact card through an encryption system, and completing the restoration and issuing of the second non-contact card based on the card master control key, the application master control key, the customer initial information and the service initial key data of the prefabricated ESAM module to obtain a restored card;
authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, respectively writing client information and a service key into the ESAM module after the authorization authentication is successful, updating the authorization state of the ESAM module, and completing the authorization of the ESAM module;
and restoring the intelligent terminal embedded into the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restoring card, writing client information initial information into the ESAM module after the restoring authentication is successful, writing the ESAM module key initial information into the ESAM module, updating the restoring state, and finishing the restoring of the ESAM module.
2. The method for authorizing and recovering an ESAM module-based intelligent terminal according to claim 1, wherein the performing the predetermined function configuration on the ESAM module to complete the initialization configuration on the ESAM module comprises:
the ESAM module manufacturer creates a file structure according to the requirement, writes an ESAM module initial key, completes factory setting of the ESAM module, and realizes initialization configuration of the ESAM module.
3. The ESAM module-based intelligent terminal authorization and restoration method according to claim 1, wherein the first contactless card in the encryption card issuing of the first contactless card is a CPU card by an encryption system.
4. The ESAM module-based intelligent terminal authorization and restoration method according to claim 1, wherein the second contactless card in the encryption card issuing of the second contactless card is a CPU card by an encryption system.
5. The method for authorizing and recovering an intelligent terminal based on an ESAM module according to claim 1, wherein the method for authorizing the intelligent terminal embedded in the ESAM module, externally authenticating the ESAM module according to an initial key of a prefabricated ESAM module in an authorization card, writing client information and a service key into the ESAM module after the authorization authentication is successful, updating an authorization state of the ESAM module, and completing the authorization of the ESAM module, comprises the following specific steps:
(1) The intelligent terminal sends a first random number fetching instruction to the ESAM module;
(2) The intelligent terminal sends an internal authentication instruction to the authorization card, the intelligent terminal sends a first random number to the authorization card, the authorization card generates first random number ciphertext data according to an initial key of the ESAM module and the first random number, and the first random number ciphertext data is transmitted to the intelligent terminal;
(3) The intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes through, the intelligent terminal sends a file reading instruction to the authorization card, the authorization card obtains client information and key information, and the authorization card sends the client information and the key information to the intelligent terminal;
(4) The intelligent terminal sends a file writing and key command to the ESAM module;
(5) The ESAM module updates the card master control key to prevent unauthorized access and operation; the ESAM module updates the client information; the ESAM module updates key information;
(6) After the information updating is completed, the ESAM module returns the authorized result state to the intelligent terminal to represent the authorized result, and the ESAM module completes the authorization.
6. The smart terminal authorization and restoration method based on an ESAM module according to claim 5, wherein the smart terminal embedded in the ESAM module is restored, external authentication is performed on the ESAM module according to a prefabricated client key in a restoration card, after the restoration authentication is successful, client information initial information is written into the ESAM module, the ESAM module key initial information is written into the ESAM module, a restoration state is updated, and restoration of the ESAM module is completed, which is specifically expressed as follows:
(1) The intelligent terminal sends a second random number fetching instruction to the ESAM module;
(2) The intelligent terminal sends an internal authentication instruction to the reduction card, the intelligent terminal sends a second random number to the reduction card, the reduction card generates second random number ciphertext data according to a card main control password and the second random number of the ESAM module, and the second random number ciphertext data is sent to the intelligent terminal;
(3) The intelligent terminal sends an external authentication instruction to the ESAM module, the external authentication instruction passes through, the intelligent terminal sends a file reading instruction to the recovery card, the recovery card reads the initial client information and the initial service key data, and the recovery card sends the initial client information and the initial service key data to the intelligent terminal;
(4) The intelligent terminal sends a file writing and key command to the ESAM module;
(5) The ESAM module updates the card main control key, the ESAM module updates the client information into client initial information, and the ESAM module updates the key information into service key initial data.
(6) After the information updating is completed, the ESAM module returns the restored result state to the intelligent terminal to represent the restored result, and the ESAM module completes the restoration.
7. An ESAM module-based intelligent terminal authorization and restoration device, characterized in that the device comprises:
the initialization configuration module is used for carrying out preset functional configuration on the ESAM module and completing the initialization configuration on the ESAM module;
the authorization card issuing module is used for encrypting and issuing a card to the first non-contact card through the encryption system, and completing the authorization issuing of the first non-contact card based on the initial key, the client information and the service key data of the prefabricated ESAM module to acquire the authorization card;
the restoring card issuing module is used for encrypting and issuing the second non-contact card through the encryption system, and restoring and issuing the second non-contact card is completed based on the card master control key, the application master control key, the customer initial information and the service initial key data of the prefabricated ESAM module to obtain a restoring card;
the ESAM module authorization module is used for authorizing the intelligent terminal embedded with the ESAM module, carrying out external authentication on the ESAM module according to the initial key of the prefabricated ESAM module in the authorization card, writing the client information and the service key into the ESAM module respectively after the authorization authentication is successful, updating the authorization state of the ESAM module and completing the authorization of the ESAM module;
and the ESAM module restoring module is used for restoring the intelligent terminal embedded in the ESAM module, carrying out external authentication on the ESAM module according to the prefabricated client key in the restoring card, writing the client information initial information into the ESAM module after the restoring authentication is successful, writing the ESAM module key initial information into the ESAM module, updating the restoring state and finishing the restoring of the ESAM module.
8. An electronic device, comprising:
one or more processors, memory, and one or more computer programs, wherein the one or more computer programs are stored in the memory, the one or more computer programs comprising instructions, which when executed by the device, cause the device to perform the method of any of claims 1-6.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the method according to any of claims 1 to 6.
CN202311568178.1A 2023-11-21 2023-11-21 Intelligent terminal authorization and restoration method and device based on ESAM module Pending CN117615376A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311568178.1A CN117615376A (en) 2023-11-21 2023-11-21 Intelligent terminal authorization and restoration method and device based on ESAM module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311568178.1A CN117615376A (en) 2023-11-21 2023-11-21 Intelligent terminal authorization and restoration method and device based on ESAM module

Publications (1)

Publication Number Publication Date
CN117615376A true CN117615376A (en) 2024-02-27

Family

ID=89959031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311568178.1A Pending CN117615376A (en) 2023-11-21 2023-11-21 Intelligent terminal authorization and restoration method and device based on ESAM module

Country Status (1)

Country Link
CN (1) CN117615376A (en)

Similar Documents

Publication Publication Date Title
US9280365B2 (en) Systems and methods for managing configuration data at disconnected remote devices
CN114218592A (en) Encryption and decryption method, device, computer equipment and storage medium for sensitive data
US20140089196A1 (en) Securing personal identification numbers for mobile payment applications by combining with random components
US20160048460A1 (en) Remote load and update card emulation support
CN103918292A (en) Authenticating a user of a system using near field communication
CN103649964A (en) Secure hosted execution architecture
CN112085469B (en) Data approval method, device, equipment and storage medium based on vector machine model
CN113259342A (en) Login verification method, device, computer equipment and medium
CN115361162B (en) System login method and related equipment
CN113157717B (en) Cache refreshing method, device, equipment and storage medium for long data link
US8904508B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN113724424A (en) Control method and device for equipment
CN117615376A (en) Intelligent terminal authorization and restoration method and device based on ESAM module
CN113411203A (en) Terminal configuration method and device, computer equipment and storage medium
CN106940851A (en) A kind of method of payment and system based on bar code
EP3410332A1 (en) A system and method for transferring data to an authentication device
CN112948817A (en) Permission control method and device of application program, computer equipment and medium
JP7073733B2 (en) Control device, data writing method and program
CN114697956B (en) Secure communication method and device based on double links
CN114584332A (en) A real-name authentication method and related equipment
JP7211472B2 (en) Data writing method
CN112632565B (en) Trusted startup method, device, computer equipment and medium for blockchain all-in-one machine
CN104778053A (en) Initialization control method and device of smart card
WO2022024431A1 (en) Sim, communication device, and writing method for application
KR102224570B1 (en) Method for providing rental service, system and computer-readable medium recording the method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination