[go: up one dir, main page]

CN118803712A - SIM card application download method and system - Google Patents

SIM card application download method and system Download PDF

Info

Publication number
CN118803712A
CN118803712A CN202311338896.XA CN202311338896A CN118803712A CN 118803712 A CN118803712 A CN 118803712A CN 202311338896 A CN202311338896 A CN 202311338896A CN 118803712 A CN118803712 A CN 118803712A
Authority
CN
China
Prior art keywords
application
sim card
downloading
instruction
download
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311338896.XA
Other languages
Chinese (zh)
Inventor
宁吉
刘洋
刘志鹏
赵家枫
李万松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Financial Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Financial Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Financial Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202311338896.XA priority Critical patent/CN118803712A/en
Publication of CN118803712A publication Critical patent/CN118803712A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a SIM card application downloading method and a system, and belongs to the technical field of communication. When receiving an application downloading instruction, the invention applies for downloading through a service downloading page; when receiving a downloading action notification fed back by the SIM card management platform, determining a downloading content category according to the application downloading action notification; and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install. By the method, the starting of downloading operation based on the application downloading instruction is realized, the instruction is downloaded through the SIM management platform, repeated butt joint is not needed, the security and standardization of data downloading are uniformly managed through the SIM card management center, the personalized instruction uniform management configuration is added in the SIM card management center, the access flexibility and diversification of an application party are increased, the access threshold and difficulty of the personalized instruction are reduced, and the application ecological environment and the application richness of the SIM are enlarged.

Description

SIM card application downloading method and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and a system for downloading an application of a SIM card.
Background
With the rapid development of new generation information technology in society, digitization and intelligence have become the development direction of various industry fields. The application can be downloaded to the mobile terminal through a network, so that the application is downloaded in a mobile phone terminal application store and the like quite commonly at present, but the application cannot be immediately synchronized every time the terminal is replaced, and the problems can be well solved if the application is downloaded based on SIM card hardware. In the information age scene, the application management capability of the multi-terminal multi-form super SIM card is an important ring in super SIM service expansion by realizing the application management capability of the super SIM card on various Internet of things devices.
However, each application partner needs to be built in advance, or each partner designs different interfaces, which causes huge pressure to terminal manufacturers and is unfavorable for multiple partners to access and popularize the card application ecology based on the hardware download of the SIM card. The operation of downloading, updating, deleting and other core instructions can be only carried out at present, no access standard exists for the personalized instruction downloading of the cooperators, if each application wants to add functions such as recharging, the cooperators can only call the terminal to carry out respective recharging, and no interface of the personalized instruction standard exists.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a method and a system for downloading an SIM card application, which aim to solve the technical problems that the SIM card application in the prior art has single downloading instruction and needs customized development.
In order to achieve the above object, the present invention provides a method for downloading an application of a SIM card, where the method for downloading an application of a SIM card is applied to a hardware device;
The SIM card application downloading method comprises the following steps:
when receiving an application downloading instruction, applying for downloading through a service downloading page;
when receiving a downloading action notification fed back by the SIM card management platform, determining a downloading content category according to the application downloading action notification;
and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install.
Optionally, when the downloaded content category is application specific service downloading, invoking a personal instruction downloading instruction to perform downloading installation, including:
When the downloaded content category is application special service, calling a personal instruction downloading instruction to send an interface calling request to a hardware device management platform and the SIM card management platform for authentication;
And when the authentication is successful and an application installation instruction fed back by the application management platform is received, writing the application installation instruction into the SIM card according to the application installation instruction, and completing the downloading and installation of the application special service in the SIM card.
Optionally, when the downloaded content category is application specific service downloading, the method further includes:
When a card swiping operation instruction is received, acquiring SIM card swiping data according to the card swiping operation instruction;
And converting the SIM card swiping data into a target data format, reporting the target data format to the SIM card management platform for updating and storing.
Optionally, when receiving the card swiping operation instruction, acquiring the card swiping data of the SIM card according to the card swiping operation instruction includes:
when a card swiping operation instruction is received, selecting a current application according to the card swiping operation instruction;
When the application selection is successful, the current parameters are obtained through updating the operation command;
and encrypting the current parameters to obtain SIM card swiping data.
Optionally, the converting the card swiping data of the SIM card into a target data format and reporting the target data format to the SIM card management platform for updating and storing includes:
And converting the SIM card swiping data into a target data format through a hardware equipment management platform, and transmitting the target data format to the SIM card management platform for updating and storing.
The invention provides a SIM card application downloading method, which is applied to a SIM card management platform;
The SIM card application downloading method comprises the following steps:
when an interface calling request is received, configuring a digital identity recognition framework for hardware equipment according to the interface calling request, and carrying out caching and table falling recording;
Sending a verification token to the hardware equipment through a personalized instruction interface, and carrying out signature verification according to the digital identity recognition framework and an interface signature of the verification token;
And when the signature passes the signature verification and the application management platform completes authentication, feeding back an application installation instruction to the hardware equipment through the application management platform.
Optionally, when receiving the interface call request, after configuring the digital identification framework to the hardware device according to the interface call request and performing caching and table falling recording, the method further includes:
inquiring the operation flow water meter to obtain an access application record;
Inquiring the access application records according to the digital identity recognition framework to obtain access application times;
And determining an access request processing mode according to the access application times.
Optionally, the determining the access request processing mode according to the access application times includes:
inquiring data records of a remote dictionary service and the operation flow water meter according to the access application times;
responding to the current access request when the data record exists;
And rejecting the access request when the data record does not exist.
Optionally, before signature verification according to the verification token and the digital identity recognition framework, the method further comprises:
constructing signature source data through the personalized instruction interface;
performing abstract extraction on the signature source data through a first encryption algorithm to obtain a hash abstract;
and signing the hash abstract through a second encryption algorithm and performing character conversion to obtain an interface signature.
In addition, to achieve the above object, a SIM card application download system includes: hardware equipment and a SIM card management platform.
When receiving an application downloading instruction, the invention applies for downloading through a service downloading page; when receiving a downloading action notification fed back by the SIM card management platform, determining a downloading content category according to the application downloading action notification; and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install. By the method, the starting of downloading operation based on the application downloading instruction is realized, the instruction is downloaded through the SIM management platform, repeated butt joint is not needed, the security and standardization of data downloading are uniformly managed through the SIM card management center, the personalized instruction uniform management configuration is added in the SIM card management center, the access flexibility and diversification of an application party are increased, the access threshold and difficulty of the personalized instruction are reduced, and the application ecological environment and the application richness of the SIM are enlarged.
Drawings
Fig. 1 is a flowchart of a first embodiment of a method for downloading an application of a SIM card according to the present invention;
FIG. 2 is a flowchart of a personalization command download method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a SIM card application download method according to an embodiment of the present invention;
Fig. 4 is a flowchart of a second embodiment of a method for downloading an application of a SIM card according to the present invention;
FIG. 5 is a diagram illustrating a secure encryption scheme in an embodiment of a SIM card application download method according to the present invention;
fig. 6 is a schematic structural diagram of a SIM card application download system according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
An embodiment of the present invention provides a method for downloading an application of a SIM card, and referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the method for downloading an application of a SIM card of the present invention.
In this embodiment, the method for downloading the SIM card application includes the following steps:
Step S10: and when receiving an application downloading instruction, applying for downloading through a service downloading page.
In this embodiment, the execution body of the embodiment may be the SIM card application downloading device, where the SIM card application downloading device has functions of data processing, data communication, program running, and the like, and the SIM card application downloading device may be a hardware terminal device or a computer, and the like. Of course, other devices with similar functions may be used, and the implementation conditions are not limited thereto. For convenience of explanation, this embodiment will be described by taking a SIM card application download device as an example.
It should be noted that, with the rapid development of new generation information technology in society, digitization and intelligence have become the development directions in various industries. The application can be downloaded to the mobile terminal through a network, so that the application is downloaded in a mobile terminal application store and the like, but the application cannot be immediately synchronized every time the terminal is replaced, and although some mobile terminal manufacturers provide a one-key machine replacing function or a cloud data backup function, the mobile terminal manufacturers have the problem of cross-platform mobility, such as data synchronization loss caused by compatibility problems, the problem that different mobile terminal manufacturers cannot migrate due to mismatching of the types of the mobile terminal manufacturers, the problem that data is missed when equipment is lost due to cloud data backup, and the like. At present, most mobile phone terminals are android operating systems developed based on Google corporation in America, application stores built in each terminal or third party application stores are basically adapted to main stream android versions, portability is poor, compatibility to different operating systems is insufficient, and safety problems exist. But can well solve the problems described above if the application is downloaded based on SIM card hardware. In the information age scene, the application management capability of the multi-terminal multi-form super SIM card is an important ring in super SIM service expansion by realizing the application management capability of the super SIM card on various Internet of things devices. The mobile super SIM card is a security chip with computing capability, has a security domain capable of independently setting a key partition, and can carry out encryption storage and security management on financial level data of an application. Unlike the mobile super SIM card downloading application stored in the memory of the terminal equipment, the mobile super SIM card downloading application is stored in the memory space in the SIM card, and the downloading only depends on the instruction issuing function of the SIM card, so that the mobile super SIM card downloading application can be migrated as long as the mobile super SIM card downloading application can be inserted into the equipment terminal of the mobile phone SIM card. As long as the user uses the mobile super SIM card, the multi-platform multi-mobile terminal migration can be performed, various terminal models do not need to be adapted, various system plug-in cards can be used, various free open-source real-time operating systems can be compatible, and dependence on a single operating system is eliminated. By mobile super SIM card download, generally, it is possible to only use the following methods: 1. the terminal manufacturer embeds an application 2 in each terminal in advance, and an application party invokes the super SIM card core downloading capability to download basic functions. However, there are some problems that, for example, only a single download function is provided, and special personalized instruction download such as recharging payment has no universal interface, and can only be customized and developed by different application parties. When the terminal is input, the non-universal functions of different applications are directly built in the terminal, and the non-universal functions are not written into the terminal in a downloading mode by calling a personalized instruction downloading interface, so that problems are brought to the terminal application, such as the problems that the workload of the built-in application is too large in the early stage of terminal initialization, and a new function iteration version cannot be flexibly added. Meanwhile, the single function also causes the obstruction to the popularization of the application, the application partner directly interfaces with equipment terminal manufacturers, excessive customized development functions and repeated functions are caused, and the unified access standard is not available, so that a large number of applications cannot be accessed, and the downloading ecology of the SIM card hardware is influenced. Most importantly, because each application party lacks the capability of a secure channel, the method has a very large potential safety hazard, and the problem that information such as a secret key, a certificate and the like is easily stolen and intercepted in the process of air interface transmission of network access verification exists. And the binding and activating processes need to be carried out again after the terminal is replaced. Meanwhile, the application download has the security problems of incapability of real names and the like, and the terminal has a very high risk. At present, terminal systems such as android and RTOS systems need to be built in each terminal in advance if applications need to be downloaded, or only basic functions can be downloaded, so that the workload of the terminals is excessive, and the terminals are built with great safety problems in advance, so that the applications cannot be managed and updated in time. Meanwhile, the terminal operation feedback system is notified, and the current common data reporting mode in the field of the SIM card in the industry is as follows: ① BIP mode, adopting 102 267 defined connection API to use HTTPS interface to send number, this mode is applied to smart phone and other terminals; ② The method is characterized in that a mobile phone client APP is obtained through a GetData instruction in a machine-card channel mode, the method is applied to an android system, an android terminal operating system provides OMA (Open Mobile API) and a Google API for the APP to call, and a terminal establishes communication for the APP through a SIM card 7816 port; ③ In the SMS mode, one piece of record data is reported each time. triggering conditions: status event, this way is used for a simple operating system. At present, the solution is mostly applied to smart phones and intelligent terminals, but is not applied to other fields.
It should be appreciated that the above prior art solutions have drawbacks/problems: 1. built-in or custom development is required. The method has the advantages that huge waste is caused to resources, each application partner needs to be built in advance, or different interfaces are designed for all the parties, so that huge pressure is caused to terminal manufacturers, and the method is not beneficial to multiple partners to access and popularize the SIM card hardware download-based card application ecology. 2. The instruction download is single. At present, only core instructions such as downloading, updating, deleting and the like can be operated, no access standard exists for the personalized instruction downloading of the cooperators, if each application wants to add functions such as recharging and the like, the cooperators can only call the terminal to carry out respective recharging, and no interface of the personalized instruction standard exists. 3. There is a great safety hazard. Firstly, each cooperative application party has respective encryption algorithm and access rule, and when information such as a secret key, a certificate and the like is stolen and intercepted in the process or equipment is lost, serious leakage is caused to terminal data. Secondly, when each application party downloads the personalized service, the encryption of a secure channel is not carried out, and the risks of information loss and tampering are increased. And 4, the SIM card operation information reporting mode has defects. Many terminal systems in the market are relatively simple, only have basic communication functions, lack rich interactive designs, and although a baseband chip supports data short messages, in view of cost, various manufacturers simplify the sending and receiving of the data short messages during hardware integration, so that conventional BIP data reporting cannot be used. The implementation standard of each manufacturer needs to be considered in the preparation of the SDK by the RTOS real-time operation system on the market, each time different manufacturers are accessed, customized adaptation is needed, other manufacturers cannot be influenced, the SDK is more and more bulky, the maintenance cost is higher, and the large-scale use is not facilitated.
In specific implementation, the proposal designs a safe and efficient blank solution based on a safe storage mechanism of the SIM card, the unified management and scheduling are carried out by the middle station of the SIM card, unified access standards are provided for the interfacing application party and the equipment terminal party, the safety and the universality based on the downloading of the SIM card are improved, the access threshold is reduced, and the application ecology of the card is enlarged. The method mainly comprises the following steps: 1. the SIM card management platform establishes a unified access standard flow, an application party and a manufacturer access the SIM card management platform through the standard flow, and then the application party downloads instructions through the SIM unified platform, and after the application party puts on shelf once on the SIM platform, the accessed manufacturer can directly call without repeated butt joint, and the SIM card management platform performs unified management on the safety and standardization of data downloading. 2. The problem of single instruction downloading is solved, personalized instruction unified management configuration is added in the SIM card management center, the access flexibility and diversification of an application party are increased, the access threshold and difficulty of the personalized instruction are reduced, such as recharging, card opening and other special functions, the application party can download the instruction through a unified interface, and the application ecological environment and the application richness of the SIM are enlarged. 3. The problem of instruction downloading safety is solved, and the processing flow with improved safety is increased. By using a form of a token operation instruction of a terminal, the request instruction needs to apply for an authorized password with effectiveness on the platform side in advance, and the terminal needs to generate a corresponding terminal time stamp each time of reading, so that replay attack is prevented. Only the reading terminal with the authorization code can read the data, and the authorization code is expired and needs to be reapplied. The interface initiator needs to apply openid on the platform in advance, and signs the data by using the SM3withSM2 algorithm of the national cipher. For sensitive data such as personalized instructions and the like which can be designed to the amount of money, the encryption is performed by using a national encryption SM4 algorithm, and a device manufacturer can select a unified encryption mode or a multi-key mode to perform key configuration on the device. The problem of reporting SIM operation information, the universality of communication between the platform and the equipment, the realizability and the safety are limited by the BIP mode, the dependence of the machine-card mode on hardware of an operating system layer, the problem of the dependence of a safety channel on the operating system layer is solved by introducing SDK to be bloated, the problem of the universality of the communication between the platform and the equipment is solved, the communication between the equipment and the platform is transmitted by using HTTP, the interactive mode adopts the RESTful+JSON style which is more mature and universal in the market, the universality of the communication is ensured, and the complicated process of developing the SDK caused by the difference between the equipment is reduced. The safety problem of communication between platforms adopts OpenAPI standard analysis and OAuth2.0 open authorization between platforms, which are used for guaranteeing the safety problem of terminal equipment manufacturers and super SIM card management platforms. The safety problem of the communication between the platform and the equipment is that a one-machine-one-certificate mode is adopted between equipment manufacturers and the equipment, so that each machine is ensured to be an independent safety terminal.
It should be noted that the present disclosure provides a method for implementing an application idle mode on a multi-terminal and multi-form internet of things device based on a super SIM card application, where when a user needs to download an application, a service party provides a service download page to trigger and apply for a download service.
Step S20: and when receiving the downloading action notification fed back by the SIM card management platform, determining the type of the downloaded content according to the application downloading action notification.
It should be understood that, when applying, the device terminal or the device terminal management platform will be notified, and the device downloading action is triggered. And after the notification is successful, the device terminal or the device terminal management platform invokes the downloading instruction.
Step S30: and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install.
In specific implementation, if the ordinary download is performed, the SIM platform core download is called to perform application download, and if the personalized instruction download of the application specific service is performed, the personalized instruction download is called to perform cyclic download installation of the instruction.
Further, in order to download and install the personal instruction download instruction, step S30 includes: when the downloaded content category is application special service, calling a personal instruction downloading instruction to send an interface calling request to a hardware device management platform and the SIM card management platform for authentication; and when the authentication is successful and an application installation instruction fed back by the application management platform is received, writing the application installation instruction into the SIM card according to the application installation instruction, and completing the downloading and installation of the application special service in the SIM card.
It should be noted that, as shown in fig. 2, a personalized instruction downloading flow chart is shown, after determining that the type of the downloaded content is an application specific service, a personalized instruction downloading instruction is called from a hardware device end and sent to a device management platform and a SIM card management platform, and downloading is performed after authentication is completed.
In specific implementation, the personalized instruction downloading improves the prior special function downloading mode of the application side, namely, the application side is internally provided with an application in advance, the terminal pulls up a personalized downloading interface for downloading, a SIM card management center platform is provided for carrying out standardized definition on the interface, the same general check logic and write-in instruction logic as the SIM card core function downloading are adopted for carrying out unified management on the safety and standardization of data downloading, and the terminal equipment carries out downloading and application function installation on related instructions by repeatedly calling the personalized instruction downloading interface.
It should be understood that all terminals with pluggable phone cards can perform application personalized download through the capability of null transmission, establish a download generalized platform mechanism, and perform unified processing specification on the customized functions of different applications.
In the specific implementation, the special functions of different application parties are subjected to unified management configuration of the personalized instruction issuing addresses, so that the access flexibility and diversification of the application parties are improved, the access threshold and difficulty of the personalized instruction are reduced, and the application ecological environment and the application richness of the SIM are enlarged.
Further, in order to implement the card swiping operation, and after step S30, the SIM card management platform performs data updating, further includes: when a card swiping operation instruction is received, acquiring SIM card swiping data according to the card swiping operation instruction; and converting the SIM card swiping data into a target data format, reporting the target data format to the SIM card management platform for updating and storing.
It should be noted that, as shown in fig. 3, which is a flowchart of reporting card swiping data, the hardware device terminal obtains the card swiping data through the super SIM card instruction, and uses the secure encryption algorithm of the super SIM card to splice the card swiping data into a corresponding format. And establishing HTTPS secure communication with the background through hardware equipment, transmitting the encrypted data to a background system, acquiring byte code data by the background system through transcoding the card swiping data, analyzing the encrypted data through corresponding technical specifications, and shunting the decrypted data to a corresponding service system.
Further, in order to acquire the card swiping data, when receiving a card swiping operation instruction, the step of acquiring the SIM card swiping data according to the card swiping operation instruction includes: when a card swiping operation instruction is received, selecting a current application according to the card swiping operation instruction; when the application selection is successful, the current parameters are obtained through updating the operation command; and encrypting the current parameters to obtain SIM card swiping data.
It should be appreciated that SELECT command is issued first to SELECT the current application, and when successful operation is returned, the STORE DATA command is continued for updating TRIGGERING PARAMETERS. After the current parameters are obtained, two encryption steps are needed: TRIGGERING PARAMETERS the plaintext is firstly encrypted by using a sensitive data encryption interface (DEK) provided by SCP 02; the command data field uses ciphertext (second encryption) +C-MAC mode, the ciphertext and the C-MAC calculate a session key generated when the security channel is opened, and finally SIM card swiping data is obtained.
Further, in order to upload the card swiping data, the step of converting the card swiping data of the SIM card into a target data format and reporting the target data format to the SIM card management platform for updating and storing includes: and converting the SIM card swiping data into a target data format through a hardware equipment management platform, and transmitting the target data format to the SIM card management platform for updating and storing.
In specific implementation, the card instruction is used for acquiring and encrypting the uploaded data, an HTTPS (hypertext transfer protocol secure protocol) secure channel is established with the hardware device management platform, the uploaded data is transmitted to the hardware device management platform, the hardware device management platform and the SIM card management platform establish secure communication by using OpenAPI open authorization authentication, the data is transmitted to the SIM management platform in a specified data format, and the SIM card management platform completes subsequent related services.
In the embodiment, when an application downloading instruction is received, the application is downloaded through a service downloading page; when receiving a downloading action notification fed back by the SIM card management platform, determining a downloading content category according to the application downloading action notification; and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install. By the method, the starting of downloading operation based on the application downloading instruction is realized, the instruction is downloaded through the SIM management platform, repeated butt joint is not needed, the security and standardization of data downloading are uniformly managed through the SIM card management center, the personalized instruction uniform management configuration is added in the SIM card management center, the access flexibility and diversification of an application party are increased, the access threshold and difficulty of the personalized instruction are reduced, and the application ecological environment and the application richness of the SIM are enlarged.
An embodiment of the present invention provides a method for downloading an application of a SIM card, and referring to fig. 4, fig. 4 is a schematic flow chart of a second embodiment of the method for downloading an application of a SIM card of the present invention.
The SIM card application downloading method is applied to the SIM card management platform and comprises the following steps:
Step S11: when an interface calling request is received, a digital identity recognition framework is configured to hardware equipment according to the interface calling request, and caching and table falling recording are carried out.
It should be noted that, as shown in fig. 5, a secure encryption design is shown, an access party first needs to apply for access on a SIM card management platform, and the SIM card management platform uniformly distributes openId (digital identity identification framework), exchanges public keys of both parties, binds applications that the access party can operate, and sets rights on accessible interfaces.
It should be appreciated that in order to prevent an interface replay attack, each application will be cached in redis while the drop table of the operation flow meter is performed.
Further, in order to prevent replay attack, after step S11, the method further includes: inquiring the operation flow water meter to obtain an access application record; inquiring the access application records according to the digital identity recognition framework to obtain access application times; and determining an access request processing mode according to the access application times.
In a specific implementation, if the same openId application with the same serial number exists in the record and the repeated access exists, the redis cache and the operation flow water meter are checked in sequence to determine the access request processing mode.
Further, in order to accurately determine whether to respond to the access request, the step of determining the access request processing mode according to the access application times includes: inquiring data records of a remote dictionary service and the operation flow water meter according to the access application times; responding to the current access request when the data record exists; and rejecting the access request when the data record does not exist.
It should be noted that if the data already exists, access is denied, preventing replay attacks of the interface.
Step S21: and sending a verification token to the hardware equipment through a personalized instruction interface, and carrying out signature verification according to the digital identity identification framework and the interface signature of the verification token.
In specific implementation, a token is issued through an application interface, the valid period of the token is 2 hours, the application flow id is contained, encryption of a cryptographic algorithm of SM4 of China is carried out, an instruction of the SM4 of China is filled by an ECB mode and PKCS5, transmission is carried out by hexString, and identity verification is carried out by the token in the subsequent operation process.
Further, in order to preset an interface signature, before signature verification is performed according to the verification token and the digital identity recognition framework, the method further comprises: constructing signature source data through the personalized instruction interface; performing abstract extraction on the signature source data through a first encryption algorithm to obtain a hash abstract; and signing the hash abstract through a second encryption algorithm and performing character conversion to obtain an interface signature.
It should be noted that, signature verification is performed on the personalized instruction interface, the source data of the signature are sequenced by other fields except signature in the interface according to field names, then the values of the fields are spliced, and then the source data are converted into byte streams according to UTF-8 to be used as the source data of the signature, the signature uses the national secret SM3withSM2 algorithm, the hash abstract (hash abstract) is obtained through the national secret SM3 algorithm, signature adding is performed through the national secret SM2 algorithm, and the signature result is converted into hexadecimal character strings to be used as the values of the signature fields in the message, so that the interface signature is finally obtained.
Step S31: and when the signature passes the signature verification and the application management platform completes authentication, feeding back an application installation instruction to the hardware equipment through the application management platform.
It should be understood that the response returned by the personalized instruction interface downloads the instruction sensitive data and encrypts the cryptographic SM4 encryption algorithm. In the case of interfacing to a hardware device management platform (tob), the SM4 cryptographic key configures the management platform end default key for encryption. In the case of directly interfacing with the device terminal (toc), the SM4 secret key is configured to be the same key for 10 devices in order to prevent the associated information leakage due to the loss of the devices. The key generation rule is the JDK1.8 version SecureRandom method that randomly generates 256-bit keys, seed 128-bit byte.
In a specific implementation, the personalized instruction application download establishes a unified secure channel through the SIM card management platform as the SIM card application ordinary download, and complies with the APDU protocol.
When an interface call request is received, the digital identity recognition framework is configured to the hardware equipment according to the interface call request, and caching and table falling recording are carried out; sending a verification token to the hardware equipment through a personalized instruction interface, and carrying out signature verification according to the digital identity recognition framework and an interface signature of the verification token; and when the signature passes the signature verification and the application management platform completes authentication, feeding back an application installation instruction to the hardware equipment through the application management platform. In this way, a process flow with increased security is achieved. By using a form of a terminal-to-token operation instruction, a request instruction needs to apply for an authorized password with effectiveness on a platform side in advance, and a corresponding terminal time stamp needs to be generated for each reading of the terminal, so that replay attack is prevented.
In addition, the embodiment of the invention also provides a system for downloading the SIM card application, and referring to fig. 6, the system for downloading the SIM card application comprises: the hardware device is used for realizing the SIM card application downloading method in the first embodiment, and the SIM card management platform is used for realizing the SIM card application downloading method in the second embodiment.
It should be understood that, although the steps in the flowcharts in the embodiments of the present application are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily occurring in sequence, but may be performed alternately or alternately with other steps or at least a portion of the other steps or stages.
It should be understood that the foregoing is illustrative only and is not limiting, and that in specific applications, those skilled in the art may set the invention as desired, and the invention is not limited thereto.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
In addition, technical details not described in detail in this embodiment may refer to the method for downloading the SIM card application provided in any embodiment of the present invention, which is not described herein.
Furthermore, it should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. Read Only Memory)/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. The SIM card application downloading method is characterized in that the SIM card application downloading method is applied to hardware equipment;
The SIM card application downloading method comprises the following steps:
when receiving an application downloading instruction, applying for downloading through a service downloading page;
when receiving a downloading action notification fed back by the SIM card management platform, determining a downloading content category according to the application downloading action notification;
and when the download content category is application specific service download, invoking a personal instruction download instruction to download and install.
2. The SIM card application download method of claim 1, wherein when the downloaded content category is application specific service download, invoking a personalized instruction download instruction for download installation comprises:
When the downloaded content category is application special service, calling a personal instruction downloading instruction to send an interface calling request to a hardware device management platform and the SIM card management platform for authentication;
And when the authentication is successful and an application installation instruction fed back by the application management platform is received, writing the application installation instruction into the SIM card according to the application installation instruction, and completing the downloading and installation of the application special service in the SIM card.
3. The method for downloading a SIM card application according to claim 1, wherein when the downloaded content category is application specific service download, invoking a personalized instruction for downloading and installing the download instruction further comprises:
When a card swiping operation instruction is received, acquiring SIM card swiping data according to the card swiping operation instruction;
And converting the SIM card swiping data into a target data format, reporting the target data format to the SIM card management platform for updating and storing.
4. The method for downloading a SIM card application of claim 3, wherein when receiving the instruction for swiping the card, obtaining the data for swiping the card of the SIM card according to the instruction for swiping the card, includes:
when a card swiping operation instruction is received, selecting a current application according to the card swiping operation instruction;
When the application selection is successful, the current parameters are obtained through updating the operation command;
and encrypting the current parameters to obtain SIM card swiping data.
5. The method for downloading the SIM card application as claimed in claim 3, wherein said converting the data of the swipe card of the SIM card into the target data format and reporting the target data format to the SIM card management platform for updating and storing includes:
And converting the SIM card swiping data into a target data format through a hardware equipment management platform, and transmitting the target data format to the SIM card management platform for updating and storing.
6. The SIM card application downloading method is characterized in that the SIM card application downloading method is applied to an SIM card management platform;
The SIM card application downloading method comprises the following steps:
when an interface calling request is received, configuring a digital identity recognition framework for hardware equipment according to the interface calling request, and carrying out caching and table falling recording;
Sending a verification token to the hardware equipment through a personalized instruction interface, and carrying out signature verification according to the digital identity recognition framework and an interface signature of the verification token;
And when the signature passes the signature verification and the application management platform completes authentication, feeding back an application installation instruction to the hardware equipment through the application management platform.
7. The method for downloading the SIM card application as claimed in claim 6, wherein when the interface call request is received, after the digital identification framework is configured to the hardware device according to the interface call request and the buffering and the table-falling recording are performed, the method further comprises:
inquiring the operation flow water meter to obtain an access application record;
Inquiring the access application records according to the digital identity recognition framework to obtain access application times;
And determining an access request processing mode according to the access application times.
8. The method for downloading the SIM card application as claimed in claim 7, wherein said determining the processing mode of the access request according to the number of access applications includes:
inquiring data records of a remote dictionary service and the operation flow water meter according to the access application times;
responding to the current access request when the data record exists;
And rejecting the access request when the data record does not exist.
9. The SIM card application download method of claim 6, wherein prior to signing the authentication token and the digital identification framework, further comprising:
constructing signature source data through the personalized instruction interface;
performing abstract extraction on the signature source data through a first encryption algorithm to obtain a hash abstract;
and signing the hash abstract through a second encryption algorithm and performing character conversion to obtain an interface signature.
10. A SIM card application download system, the SIM card application download system comprising: hardware equipment for implementing the SIM card application downloading method according to claims 1-5, and a SIM card management platform for implementing the SIM card application downloading method according to claims 6-9.
CN202311338896.XA 2023-10-16 2023-10-16 SIM card application download method and system Pending CN118803712A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311338896.XA CN118803712A (en) 2023-10-16 2023-10-16 SIM card application download method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311338896.XA CN118803712A (en) 2023-10-16 2023-10-16 SIM card application download method and system

Publications (1)

Publication Number Publication Date
CN118803712A true CN118803712A (en) 2024-10-18

Family

ID=93022222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311338896.XA Pending CN118803712A (en) 2023-10-16 2023-10-16 SIM card application download method and system

Country Status (1)

Country Link
CN (1) CN118803712A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1946203A (en) * 2006-11-09 2007-04-11 中国移动通信集团江苏有限公司 Method for realizing user identifying module service and application for specific group users
CN101321191A (en) * 2008-07-24 2008-12-10 大唐微电子技术有限公司 Subscriber Identity Module Service Issuing Terminal Based on Wireless Communication
CN103392319A (en) * 2010-12-30 2013-11-13 交互数字专利控股公司 Authentication and secure channel settings for communication handover scenarios
CN114501416A (en) * 2020-10-26 2022-05-13 中移互联网有限公司 SIM card application processing method, device and device based on BIP gateway
CN115460193A (en) * 2021-06-08 2022-12-09 深圳市汇顶科技股份有限公司 Downloading method of third-party application, electronic equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1946203A (en) * 2006-11-09 2007-04-11 中国移动通信集团江苏有限公司 Method for realizing user identifying module service and application for specific group users
CN101321191A (en) * 2008-07-24 2008-12-10 大唐微电子技术有限公司 Subscriber Identity Module Service Issuing Terminal Based on Wireless Communication
CN103392319A (en) * 2010-12-30 2013-11-13 交互数字专利控股公司 Authentication and secure channel settings for communication handover scenarios
CN114501416A (en) * 2020-10-26 2022-05-13 中移互联网有限公司 SIM card application processing method, device and device based on BIP gateway
CN115460193A (en) * 2021-06-08 2022-12-09 深圳市汇顶科技股份有限公司 Downloading method of third-party application, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US20070186115A1 (en) Dynamic Password Authentication System and Method thereof
CN105516157B (en) Network information security input system and method based on independent encryption
CN116233832A (en) Verification information sending method and device
CN105306211B (en) A kind of identity identifying method of client software
CN106304074B (en) Auth method and system towards mobile subscriber
EP1804418A1 (en) A dynamic password authentication system and the method thereof
CN114826574B (en) Smart home security communication system and communication method
CN104486343A (en) Method and system for double-factor bidirectional authentication
CN111600718B (en) Digital certificate offline authentication system and method
CN104202736A (en) Mobile terminal short message end-to-end encryption method oriented to Android system
CN114567470A (en) SDK-based key splitting verification system and method under multiple systems
CN104917718A (en) Method and terminal for fast authentication of mobile terminal user and application server
CN112436936B (en) Cloud storage method and system with quantum encryption function
CN114866317B (en) Multi-party data security computing method, device, electronic equipment and storage medium
CN115766259A (en) Information one-way transmission method based on two-dimensional code image recognition technology
CN112054905B (en) Secure communication method and system of mobile terminal
CN105678542B (en) Payment service interaction method, payment terminal and payment cloud
CN119995873A (en) A method of integrating quantum encryption communication into law enforcement recorders
CN111563980B (en) Bluetooth lock key generation and authentication method
CN118803712A (en) SIM card application download method and system
CN111489462B (en) Personal Bluetooth key system
WO2024175747A1 (en) Virtual subscriber identity module distribution
CN112131597B (en) A method, device and intelligent device for generating encrypted information
CN105743859A (en) Method, device and system for authenticating light application
CN111489461B (en) Bluetooth key system for group

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination