[go: up one dir, main page]

CN119052803B - Application processing method and system under SIM card multichannel authentication - Google Patents

Application processing method and system under SIM card multichannel authentication Download PDF

Info

Publication number
CN119052803B
CN119052803B CN202411555676.7A CN202411555676A CN119052803B CN 119052803 B CN119052803 B CN 119052803B CN 202411555676 A CN202411555676 A CN 202411555676A CN 119052803 B CN119052803 B CN 119052803B
Authority
CN
China
Prior art keywords
sim card
channel
authentication
security capability
ssd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411555676.7A
Other languages
Chinese (zh)
Other versions
CN119052803A (en
Inventor
张�林
梁斌
程福兴
杨亮
曹德光
穆向宇
刘翔宇
崔岩
肖磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unicom Online Information Technology Co Ltd
Original Assignee
China Unicom Online Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unicom Online Information Technology Co Ltd filed Critical China Unicom Online Information Technology Co Ltd
Priority to CN202411555676.7A priority Critical patent/CN119052803B/en
Publication of CN119052803A publication Critical patent/CN119052803A/en
Application granted granted Critical
Publication of CN119052803B publication Critical patent/CN119052803B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)

Abstract

本发明涉及通信技术领域,具体公开了一种SIM卡多通道鉴权下应用处理方法及系统,在第三方业务APP对接时,通过多通道安全能力平台对SIM卡进行业务鉴权认证,并生成认证结果,这样可根据认证结果经网关与SIM卡建立安全通道模式,实现卡应用所属安全域SSD的安装以及密钥的注入,然后业务APP根据对SIM卡的SIM卡应用实现安装,本发明简化了SSD预置的流程,提高了数据安全性及操作便利性,不需要使用SIM卡上预置SSD且业务密钥同步卡商的方式,从而达到不需要卡商预置SSD的效果的同时能够保障业务安全,减低了初始密钥及分散规则的暴漏风险,更方便了业务APP这一侧的接入及使用。

The present invention relates to the field of communication technology, and specifically discloses an application processing method and system under multi-channel authentication of a SIM card. When a third-party service APP is connected, a service authentication is performed on the SIM card through a multi-channel security capability platform, and an authentication result is generated. In this way, a secure channel mode can be established through a gateway and a SIM card according to the authentication result, so that the installation of a security domain SSD to which the card application belongs and the injection of a key are realized, and then the service APP is installed according to the SIM card application of the SIM card. The present invention simplifies the SSD pre-installation process, improves data security and operation convenience, and does not need to use a method in which an SSD is pre-installed on a SIM card and a service key is synchronized with a card merchant, thereby achieving the effect of not requiring a card merchant to pre-install an SSD while ensuring service security, reducing the risk of exposure of an initial key and a dispersion rule, and making it more convenient for the service APP to access and use the service APP side.

Description

Application processing method and system under SIM card multichannel authentication
Technical Field
The invention relates to the technical field of communication, in particular to a method and a system for processing applications under multi-channel authentication of a SIM card.
Background
With the release of the super SIM card of the operator 5G, services based on SIM card security modules, such as digital identity, digital currency, industry 5G private network zero trust products, digital asset wallets, etc., all use the SIM card as a security module, and implement functions of key certificate storage, core key management, etc. of the services in various modes such as APP (Application)/H5 (HTML 5, markup language for constructing Web pages and Web applications)/SDK (Software Development Kit, i.e., software development kit).
Because of security concerns, as the SIM card owner, i.e. the operator, does not open access and operation rights under the primary security domain ISD (Investor-State Dispute Settlement, investor-national litigation system), the third party service parties are all docked in a delegated authorized mode, which results in that many third party service parties need to preset an auxiliary security domain SSD (Supplementary Security Domain, supplement the security domain) and an initial key before docking, and negotiate the key dispersion rules with the operator, and adopt a three-party injection mode (the operator, the service party, and the SIM card manufacturer), the operator also needs to preset an APP access rule file in the SIM card, and in particular, when the SIM card-based security module is applied for docking, the user access control and resource protection need to be finely managed ‌ in a delegation mode (DM mode, a flexible and safe rights management method is realized by means of roles, tokens, etc.), that is needed to provide the root key of the SSD and the key dispersion algorithm to the operator, the operator needs to preset the SSD on the SIM card after the operator, and then the operator performs docking, the card sender and test, which is also inconvenient for the operator to increase the initial key dispersion rules and risk leakage.
Disclosure of Invention
The invention aims to provide a method and a system for processing applications under multi-channel authentication of a SIM card, which are used for solving the defects in the prior art.
The invention provides a method for processing applications under multi-channel authentication of a SIM card, which comprises the following steps:
The service APP sends a SIM card application security request to the multichannel security capability platform;
The multichannel security capability platform carries out service authentication on the SIM card according to the SIM card application security request and generates an authentication result;
The multi-channel security capability platform establishes a security channel mode with the SIM card according to the authentication result, and sends an SSD downloading and installing instruction and key data to the SIM card;
The SIM card installs the security domain to which the card application belongs according to the SSD downloading and installing instruction, and performs key injection according to the key data, and returns an SSD installing result to the multichannel security capability platform after the completion;
And the multichannel security capability platform generates a feedback result according to the SSD installation result and sends the feedback result to the service APP, and the service APP installs the SIM card application of the SIM card according to the feedback result.
In an optional embodiment, the step of performing service authentication and authentication on the SIM card and generating an authentication result by the multi-channel security capability platform according to the SIM card application security request includes:
the multichannel security capability platform acquires corresponding authentication information according to the SIM card application security request, wherein the authentication information comprises SIM card application identifier information, APP installation package name, downloadable card application list and service APP access ID information;
Judging whether the authentication information is the same as preset information or not by the multi-channel security capability platform;
if the authentication information is the same as the preset information, an authentication result of successful authentication is generated.
In an alternative embodiment, the step of establishing a secure channel mode with the SIM card by the multi-channel security capability platform according to the authentication result includes:
The multichannel security capability platform encapsulates the data short message, encrypts the data short message and obtains an encrypted data message;
The multi-channel security capability platform sends the encrypted data message to the SIM card, the SIM card checks the encrypted data message, and after the checking is completed, a security channel mode for information interaction is established with the multi-channel security capability platform.
In an optional embodiment, after the step of verifying the encrypted data packet by the SIM card, the method further includes:
After the SIM card is checked, the https link is pulled up, and a secure channel mode based on https data interaction is established with the multi-channel secure capability platform.
In an optional implementation manner, the multi-channel security capability platform generates a feedback result according to the SSD installation result and sends the feedback result to the service APP, and the service APP installs the SIM card application of the SIM card according to the feedback result, including:
the multi-channel security capability platform generates a feedback result according to the SSD installation result, wherein the feedback result comprises an SSD channel verification instruction and a SIM card application card writing instruction stream;
The multi-channel security capability platform sends SSD channel checking instructions and SIM card application card writing instruction streams to a service APP;
The service APP checks the SSD channel of the SIM card according to the SSD channel checking instruction, and after the check is successful, the service APP performs card writing operation on the SIM card according to the SIM card application card writing instruction stream;
The SIM card generates a completion result according to card writing operation of the machine card instruction, and sends the completion result to the service APP so as to complete the SIM card application installation flow.
In an optional embodiment, in the step of establishing a secure channel mode with the SIM card according to the authentication result, the secure channel mode includes a data sms secure channel mode, a BIP secure channel mode, and a set card secure channel mode.
In an optional implementation manner, the multi-channel security capability platform sends an SSD downloading and installing instruction to the SIM card in a data short message security channel mode or a BIP security channel mode, and sends key data to the SIM card in a scattered injection mode;
And the service APP performs the operations of installing, downloading, updating and initializing functions on the SIM card application through the machine card channel.
The invention also provides an application processing system under the multi-channel authentication of the SIM card, which comprises a service APP, a multi-channel security capability platform and the SIM card;
The service APP is used for sending an SIM card application security request to the multichannel security capability platform;
The multichannel security capability platform is used for carrying out service authentication on the SIM card according to the SIM card application security request and generating an authentication result;
The multi-channel security capability platform is also used for establishing a security channel mode with the SIM card according to the authentication result and sending an SSD downloading and installing instruction and key data to the SIM card;
the SIM card is used for installing the security domain to which the card application belongs according to the SSD downloading and installing instruction, and injecting the key according to the key data, and returning an SSD installing result to the multichannel security capability platform after the completion;
The multi-channel security capability platform is further used for generating a feedback result according to the SSD installation result and sending the feedback result to the service APP, and the service APP is further used for installing the SIM card application of the SIM card according to the feedback result.
In an optional embodiment, the multi-channel security capability platform is configured to obtain corresponding authentication information according to the SIM card application security request, where the authentication information includes SIM card application identifier information, an APP installation package name, a downloadable card application list, and service APP access ID information;
the multi-channel security capability platform is also used for judging whether the authentication information is the same as the preset information;
if the authentication information is the same as the preset information, an authentication result of successful authentication is generated.
In an alternative embodiment, the multi-channel security capability platform is used for packaging the data short message and encrypting the data short message to obtain an encrypted data message;
the multi-channel security capability platform is also used for sending the encrypted data message to the SIM card, the SIM card verifies the encrypted data message, and after the verification is completed, a security channel mode for information interaction is established with the multi-channel security capability platform.
The embodiment of the invention has the following advantages:
According to the method and the system for processing the application under the multi-channel authentication of the SIM card, when the third party service APP is in butt joint, the multi-channel security capability platform is used for carrying out service authentication on the SIM card and generating the authentication result, so that a security channel mode can be established with the SIM card according to the authentication result, the installation of the SSD of the security domain to which the card application belongs and the injection of the secret key are realized, and then the service APP is installed according to the application of the SIM card to the SIM card.
Drawings
FIG. 1 is a flow chart of steps of an embodiment of an application processing method under SIM card multi-channel authentication of the present invention;
fig. 2 is a schematic structural diagram of an embodiment of an application processing system under SIM card multi-channel authentication according to the present invention.
Detailed Description
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
Referring to fig. 1 and 2, the present invention provides a method for processing applications under multi-channel authentication of a SIM card, where the method includes:
s1, a service APP sends an SIM card application security request to a multichannel security capability platform;
s2, the multi-channel security capability platform carries out service authentication on the SIM card according to the SIM card application security request and generates an authentication result;
s3, the multi-channel security capability platform establishes a security channel mode with the SIM card according to the authentication result, and sends an SSD downloading and installing instruction and key data to the SIM card;
S4, the SIM card installs the security domain to which the card application belongs according to the SSD downloading and installing instruction, and performs key injection according to the key data, and after the key injection is completed, an SSD installing result is returned to the multi-channel security capability platform;
S5, the multichannel security capability platform generates a feedback result according to the SSD installation result and sends the feedback result to the service APP, and the service APP installs the SIM card application of the SIM card according to the feedback result.
The multi-channel security capability platform belongs to an operator module, and further comprises a gateway and a SIM card, wherein the multi-channel security capability platform has security authentication capability for a third party service APP, the gateway provides an infrastructure for the operator to provide a short message access number and network access, the third party service APP is a service partner and realizes own service based on the SIM card as a security module, the SIM card is the operator SIM card, the security authentication is carried out by EAL4+ (including) and has the capability of resisting physical attacks, the security space such as multiple SSDs and multiple applications is supported in the card, the security module capability is provided, and the key data is a service key. When the third party service APP is in butt joint, the invention carries out service authentication on the SIM card through the multi-channel security capability platform and generates an authentication result, thus, a security channel mode can be established between the gateway and the SIM card according to the authentication result, the installation of the security domain SSD to which the card application belongs and the injection of the secret key are realized, and then the service APP is installed according to the application of the SIM card to the SIM card. The service APP initiates the installation/downloading of the SSD and the service key injection through the invocation of the multichannel security capability platform, so that the effect that the SSD Shang Yuzhi SSD is not needed is achieved, namely, the multichannel security capability platform is free of SSD installation mode and service key injection, the step that the service key and the disperse algorithm rule need to be preset to the SIM card manufacturer is avoided, the step that the service initial key needs to be transmitted to the SIM card manufacturer in the traditional mode is reduced, the service safety is guaranteed, the risk of exposing the initial key and the disperse rule is reduced, and the access and the use of the side of the service APP are more convenient.
In one embodiment, the step S2 of the multi-channel security capability platform performing service authentication and authentication on the SIM card according to the SIM card application security request and generating an authentication result includes:
s21, the multichannel security capability platform acquires corresponding authentication information according to the SIM card application security request, wherein the authentication information comprises SIM card application identifier information, APP installation package names, downloadable card application lists and service APP access ID information;
s22, the multichannel security capability platform judges whether the authentication information is the same as preset information;
s23, if the authentication information is the same as the preset information, generating an authentication result of successful authentication.
As described in the above steps S21-S23, the function of identifying and selecting a specific application program can be verified by the SIM card application identifier information, and the terminal devices such as the multi-channel security capability platform and the service APP can accurately find and operate the specific application on the SIM card by the SIM card application identifier information. In addition, the SIM card application identifier information also relates to data interaction between the SIM card and the multichannel security capability platform and service APP, and has important significance for maintaining the continuity and stability of communication. By checking the information of the APP installation package name, the downloadable card application list and the service APP access ID information, only legal users can be ensured to access the network, thereby protecting the security of the network and the privacy of the users. ‌ A
In one embodiment, the step S3 of establishing a secure channel mode with the SIM card by the multi-channel security capability platform according to the authentication result includes:
S31, the multichannel security capability platform encapsulates the data short message, encrypts the data short message and obtains an encrypted data message;
s32, the multi-channel security capability platform sends the encrypted data message to the SIM card, the SIM card verifies the encrypted data message, and after verification is completed, a security channel mode for information interaction is established with the multi-channel security capability platform.
And (3) packaging the GSM 0348 format data short message by the multichannel security capability platform, and completing the establishment of a security channel mode by adopting the encrypted message and carrying out data verification on the gateway and the SIM card by the multichannel security capability platform as described in the steps S31-S32.
In one embodiment, after the step S32 of verifying the encrypted data packet by the SIM card, the method further includes:
s321, after the SIM card is checked, the https link is pulled up, and a secure channel mode based on https data interaction is established with the multi-channel secure capability platform.
As described in the above step S321, the security channel mode may also be established by means of BIP (Bearer Independent Protocol ), specifically, the BIP security channel mode is a concept in the field of communication technology, and relates to communication management between the SIM card (subscriber identity module) and the user terminal (multi-channel security capability platform, service APP). BIP secure channel mode status management methods involve receiving and responding to commands and messages related to BIP channel status to ensure efficient management and maintenance of the channel, including receiving a first channel status management command sent by a UICC (Universal Integrated Circuit Card, i.e., universal integrated circuit card), and then sending a channel status response message to the UICC containing the current BIP channel status. After sending the channel state response message, the method further provides for sending a channel state event download command to the UICC containing the BIP channel state acquired at the current state provision period every predetermined state provision period. The method aims to solve the problem of low BIP channel maintenance efficiency and simplify BIP channel state management flow, in the embodiment, a multi-channel security capability platform firstly packages GSM0348 format data short messages, adopts encrypted messages, and after data verification is carried out between a gateway and a SIM card, https links are pulled up, a security channel mode based on a BIP mode is established with the multi-channel security capability platform, and data interaction can be completed in a https mode subsequently.
In one embodiment, the step S5 of generating, by the multi-channel security capability platform according to the SSD installation result, a feedback result and sending the feedback result to the service APP, where the service APP installs the SIM card application of the SIM card according to the feedback result includes:
s51, the multi-channel security capability platform generates a feedback result according to an SSD installation result, wherein the feedback result comprises an SSD channel verification instruction and an SIM card application card writing instruction stream;
S52, the multi-channel security capability platform sends SSD channel verification instructions and SIM card application card writing instruction streams to a service APP;
s53, the service APP checks the SSD channel of the SIM card according to the SSD channel checking instruction, and after the check is successful, the service APP performs card writing operation on the SIM card according to the SIM card application card writing instruction stream;
S54, the SIM card generates a completion result according to card writing operation of the machine card instruction, and the completion result is sent to the service APP so as to complete the SIM card application installation flow.
As described in the above steps S51-S54, when installing the SIM card application, the SIM card application is installed in the security domain SSD to which the card application belongs, and when the service APP interacts with the SIM card, the key verification needs to be performed through the security domain SSD to which the card application belongs, so that it can be ensured that the SIM card application of the third party service APP is safe and independent and cannot be accessed by other APPs.
In one embodiment, in the step of establishing a secure channel mode with the SIM card according to the authentication result, the secure channel mode includes a data sms secure channel mode, a BIP secure channel mode, and a set-card secure channel mode.
The multichannel security capability platform also comprises a security authentication processing module used for performing security authentication processing on the SIM card, an instruction packaging module used for packaging and issuing a card writing instruction stream and a data short message applied to the SIM card and judging a result of a response message returned by the SIM card, and a service authentication module used for performing authentication processing on access of a third party service APP, wherein the authentication processing module comprises an application AID, application data, an initial key, a dispersion algorithm and the like.
In one embodiment, the multi-channel security capability platform sends an SSD download installation instruction to the SIM card via the gateway in a data short message security channel mode or a BIP security channel mode, and sends key data to the SIM card in a decentralized injection manner, where the key data is decentralized injected into the SIM card.
And the service APP performs the operations of installing, downloading, updating and initializing functions on the SIM card application through the machine card channel.
‌ The invention also provides an application processing system under the multi-channel authentication of the SIM card, which comprises a service APP, a multi-channel security capability platform and the SIM card, wherein the multi-channel security capability platform and the SIM card interact information;
The service APP is used for sending an SIM card application security request to the multichannel security capability platform;
The multichannel security capability platform is used for carrying out service authentication on the SIM card according to the SIM card application security request and generating an authentication result;
The multi-channel security capability platform is also used for establishing a security channel mode with the SIM card according to the authentication result and sending an SSD downloading and installing instruction and key data to the SIM card;
the SIM card is used for installing the security domain to which the card application belongs according to the SSD downloading and installing instruction, and injecting the key according to the key data, and returning an SSD installing result to the multichannel security capability platform after the completion;
The multi-channel security capability platform is further used for generating a feedback result according to the SSD installation result and sending the feedback result to the service APP, and the service APP is further used for installing the SIM card application of the SIM card according to the feedback result.
In one embodiment, the multi-channel security capability platform is configured to obtain corresponding authentication information according to the SIM card application security request, where the authentication information includes SIM card application identifier information, an APP installation package name, a downloadable card application list, and service APP access ID information;
the multi-channel security capability platform is also used for judging whether the authentication information is the same as the preset information;
if the authentication information is the same as the preset information, an authentication result of successful authentication is generated.
In one embodiment, the multi-channel security capability platform is used for packaging the data short message and encrypting the data short message to obtain an encrypted data message;
the multi-channel security capability platform is also used for sending the encrypted data message to the SIM card, the SIM card verifies the encrypted data message, and after the verification is completed, a security channel mode for information interaction is established with the multi-channel security capability platform.
It should be noted that the foregoing detailed description is exemplary and is intended to provide further explanation of the application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular is intended to include the plural unless the context clearly indicates otherwise. Furthermore, it will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, steps, operations, devices, components, and/or groups thereof.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or otherwise described herein.
Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Spatially relative terms, such as "above," "upper" and "upper surface," "above" and the like, may be used herein for ease of description to describe one device or feature's spatial relationship to another device or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, elements described as "above" or "over" other devices or structures would then be oriented "below" or "beneath" the other devices or structures. Thus, the process is carried out, the exemplary term "above" may be included. Upper and lower. Two orientations below. The device may also be positioned in other different ways, such as rotated 90 degrees or at other orientations, and the spatially relative descriptors used herein interpreted accordingly.
In the above detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, like numerals typically identify like components unless context indicates otherwise. The illustrated embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented herein.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (6)

1.一种SIM卡多通道鉴权下应用处理方法,其特征在于,所述方法包括:1. A method for processing applications under SIM card multi-channel authentication, characterized in that the method comprises: 业务APP向多通道安全能力平台发送SIM卡应用安全请求;The business APP sends a SIM card application security request to the multi-channel security capability platform; 多通道安全能力平台根据所述SIM卡应用安全请求对SIM卡进行业务鉴权认证并生成认证结果;The multi-channel security capability platform performs service authentication on the SIM card according to the SIM card application security request and generates an authentication result; 多通道安全能力平台根据认证结果与SIM卡建立安全通道模式,并向SIM卡发送SSD下载安装指令及密钥数据;The multi-channel security capability platform establishes a secure channel mode with the SIM card based on the authentication result, and sends the SSD download and installation instructions and key data to the SIM card; SIM卡根据所述SSD下载安装指令进行卡应用所属安全域安装,并根据所述密钥数据进行密钥注入,完成后向多通道安全能力平台返回SSD安装结果;The SIM card installs the security domain to which the card application belongs according to the SSD download and installation instruction, and injects the key according to the key data, and returns the SSD installation result to the multi-channel security capability platform after completion; 多通道安全能力平台根据所述SSD安装结果生成反馈结果发送至业务APP,业务APP根据反馈结果对SIM卡的SIM卡应用进行安装;其中,The multi-channel security capability platform generates a feedback result based on the SSD installation result and sends it to the business APP, and the business APP installs the SIM card application of the SIM card based on the feedback result; wherein, 多通道安全能力平台根据所述SIM卡应用安全请求获取对应的鉴权信息,其中,鉴权信息包括SIM卡应用标识符信息、APP安装包名称、可下载卡应用列表、业务APP接入ID信息;The multi-channel security capability platform obtains corresponding authentication information according to the SIM card application security request, wherein the authentication information includes SIM card application identifier information, APP installation package name, downloadable card application list, and service APP access ID information; 多通道安全能力平台判断鉴权信息是否与预设信息相同;The multi-channel security capability platform determines whether the authentication information is the same as the preset information; 若鉴权信息与预设信息相同,生成鉴权认证成功的认证结果;If the authentication information is the same as the preset information, a successful authentication result is generated; 多通道安全能力平台封装数据短信,并对数据短信进行加密报文,得到加密数据报文;The multi-channel security capability platform encapsulates the data message and encrypts the data message to obtain an encrypted data message; 多通道安全能力平台将所述加密数据报文发送至SIM卡,SIM卡对所述加密数据报文进行校验,校验完成后,与多通道安全能力平台建立用于信息交互的安全通道模式。The multi-channel security capability platform sends the encrypted data message to the SIM card, and the SIM card verifies the encrypted data message. After the verification is completed, a secure channel mode for information interaction is established with the multi-channel security capability platform. 2.根据权利要求1所述的SIM卡多通道鉴权下应用处理方法,其特征在于,所述SIM卡对所述加密数据报文进行校验的步骤之后,还包括:2. The method for processing applications under SIM card multi-channel authentication according to claim 1, characterized in that after the step of the SIM card verifying the encrypted data message, it also includes: SIM卡校验完成后,拉起https链接,与多通道安全能力平台建立基于https数据交互的安全通道模式。After the SIM card verification is completed, the https link is pulled up to establish a secure channel mode based on https data interaction with the multi-channel security capability platform. 3.根据权利要求1所述的SIM卡多通道鉴权下应用处理方法,其特征在于,所述多通道安全能力平台根据所述SSD安装结果生成反馈结果发送至业务APP,业务APP根据反馈结果对SIM卡的SIM卡应用进行安装的步骤,包括:3. The method for processing applications under multi-channel authentication of a SIM card according to claim 1, characterized in that the multi-channel security capability platform generates a feedback result according to the SSD installation result and sends it to the business APP, and the business APP installs the SIM card application of the SIM card according to the feedback result, comprising: 多通道安全能力平台根据SSD安装结果生成反馈结果,其中,反馈结果包括SSD通道校验指令和SIM卡应用写卡指令流;The multi-channel security capability platform generates feedback results based on the SSD installation results, where the feedback results include SSD channel verification instructions and SIM card application write instruction flow; 多通道安全能力平台将SSD通道校验指令和SIM卡应用写卡指令流发送至业务APP;The multi-channel security capability platform sends the SSD channel verification instruction and the SIM card application write instruction stream to the business APP; 业务APP根据SSD通道校验指令对SIM卡的SSD通道进行校验,校验成功后,业务APP根据SIM卡应用写卡指令流对SIM卡进行机卡指令写卡操作;The service APP verifies the SSD channel of the SIM card according to the SSD channel verification instruction. After the verification is successful, the service APP performs the machine card instruction writing operation on the SIM card according to the SIM card application writing instruction flow; SIM卡根据机卡指令写卡操作生成完成结果,将完成结果发送至业务APP,以完成SIM卡应用安装流程。The SIM card generates a completion result according to the card writing operation of the machine card instruction, and sends the completion result to the business APP to complete the SIM card application installation process. 4.根据权利要求1所述的SIM卡多通道鉴权下应用处理方法,其特征在于,所述多通道安全能力平台根据认证结果与SIM卡建立安全通道模式的步骤中,安全通道模式包括数据短信安全通道模式、BIP安全通道模式、机卡安全通道模式。4. The method for processing applications under SIM card multi-channel authentication according to claim 1 is characterized in that, in the step of establishing a secure channel mode with the SIM card according to the authentication result, the secure channel mode includes a data SMS secure channel mode, a BIP secure channel mode, and a machine-card secure channel mode. 5.根据权利要求4所述的SIM卡多通道鉴权下应用处理方法,其特征在于,5. The method for processing applications under SIM card multi-channel authentication according to claim 4, characterized in that: 所述多通道安全能力平台在数据短信安全通道模式或BIP安全通道模式下,向SIM卡发送SSD下载安装指令,并以分散注入的方式向SIM卡发送密钥数据;The multi-channel security capability platform sends an SSD download and installation instruction to the SIM card in a data SMS security channel mode or a BIP security channel mode, and sends key data to the SIM card in a distributed injection manner; 业务APP经机卡通道对SIM卡应用进行安装、下载、更新及初始化功能的操作。The business APP installs, downloads, updates and initializes SIM card applications through the machine-card channel. 6.一种SIM卡多通道鉴权下应用处理系统,其特征在于,所述系统包括:业务APP、多通道安全能力平台和SIM卡;6. A SIM card multi-channel authentication application processing system, characterized in that the system includes: a business APP, a multi-channel security capability platform and a SIM card; 所述业务APP用于向多通道安全能力平台发送SIM卡应用安全请求;The service APP is used to send a SIM card application security request to the multi-channel security capability platform; 多通道安全能力平台用于根据所述SIM卡应用安全请求对SIM卡进行业务鉴权认证并生成认证结果;The multi-channel security capability platform is used to perform service authentication on the SIM card according to the SIM card application security request and generate an authentication result; 多通道安全能力平台还用于根据认证结果与SIM卡建立安全通道模式,并向SIM卡发送SSD下载安装指令及密钥数据;The multi-channel security capability platform is also used to establish a secure channel mode with the SIM card based on the authentication result, and send SSD download and installation instructions and key data to the SIM card; SIM卡用于根据所述SSD下载安装指令进行卡应用所属安全域安装,并根据所述密钥数据进行密钥注入,完成后向多通道安全能力平台返回SSD安装结果;The SIM card is used to install the security domain to which the card application belongs according to the SSD download and installation instruction, and to perform key injection according to the key data, and after completion, returns the SSD installation result to the multi-channel security capability platform; 多通道安全能力平台还用于根据所述SSD安装结果生成反馈结果发送至业务APP,业务APP还用于根据反馈结果对SIM卡的SIM卡应用进行安装;其中,The multi-channel security capability platform is also used to generate a feedback result based on the SSD installation result and send it to the business APP, and the business APP is also used to install the SIM card application of the SIM card based on the feedback result; wherein, 多通道安全能力平台用于根据所述SIM卡应用安全请求获取对应的鉴权信息,其中,鉴权信息包括SIM卡应用标识符信息、APP安装包名称、可下载卡应用列表、业务APP接入ID信息;The multi-channel security capability platform is used to obtain corresponding authentication information according to the SIM card application security request, wherein the authentication information includes SIM card application identifier information, APP installation package name, downloadable card application list, and service APP access ID information; 多通道安全能力平台还用于判断鉴权信息是否与预设信息相同;The multi-channel security capability platform is also used to determine whether the authentication information is the same as the preset information; 若鉴权信息与预设信息相同,生成鉴权认证成功的认证结果;If the authentication information is the same as the preset information, a successful authentication result is generated; 多通道安全能力平台用于封装数据短信,并对数据短信进行加密报文,得到加密数据报文;The multi-channel security capability platform is used to encapsulate data SMS and encrypt the data SMS to obtain encrypted data messages; 多通道安全能力平台还用于将所述加密数据报文发送至SIM卡,SIM卡对所述加密数据报文进行校验,校验完成后,与多通道安全能力平台建立用于信息交互的安全通道模式。The multi-channel security capability platform is also used to send the encrypted data message to the SIM card, and the SIM card verifies the encrypted data message. After the verification is completed, a secure channel mode for information interaction is established with the multi-channel security capability platform.
CN202411555676.7A 2024-11-04 2024-11-04 Application processing method and system under SIM card multichannel authentication Active CN119052803B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411555676.7A CN119052803B (en) 2024-11-04 2024-11-04 Application processing method and system under SIM card multichannel authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411555676.7A CN119052803B (en) 2024-11-04 2024-11-04 Application processing method and system under SIM card multichannel authentication

Publications (2)

Publication Number Publication Date
CN119052803A CN119052803A (en) 2024-11-29
CN119052803B true CN119052803B (en) 2025-03-04

Family

ID=93576245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411555676.7A Active CN119052803B (en) 2024-11-04 2024-11-04 Application processing method and system under SIM card multichannel authentication

Country Status (1)

Country Link
CN (1) CN119052803B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103747443A (en) * 2013-11-29 2014-04-23 厦门盛华电子科技有限公司 Multi-security domain device based on mobile phone user identification card and authentication method thereof
CN113490210A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Method and system for establishing auxiliary security domain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117997568A (en) * 2022-11-03 2024-05-07 天翼数字生活科技有限公司 Mobile terminal single sign-on authentication method and system
CN118828450A (en) * 2023-11-24 2024-10-22 中移动金融科技有限公司 Data processing method, device, equipment and computer readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103747443A (en) * 2013-11-29 2014-04-23 厦门盛华电子科技有限公司 Multi-security domain device based on mobile phone user identification card and authentication method thereof
CN113490210A (en) * 2021-06-17 2021-10-08 中国联合网络通信集团有限公司 Method and system for establishing auxiliary security domain

Also Published As

Publication number Publication date
CN119052803A (en) 2024-11-29

Similar Documents

Publication Publication Date Title
US8532301B2 (en) Key distribution method and system
CN112910826B (en) Initial configuration method and terminal equipment
US20200145409A1 (en) Internet of things (iot) device management
CN101729244B (en) Method and system for distributing key
CN104125565A (en) Method for realizing terminal authentication based on OMA DM, terminal and server
CN109756447A (en) A kind of safety certifying method and relevant device
JP2017050875A (en) Mobile device supporting multiple access control clients and corresponding method
KR101716067B1 (en) Method for mutual authentication between a terminal and a remote server by means of a third-party portal
WO2018209986A1 (en) Method and device for downloading euicc subscription data
WO2018129754A1 (en) Euicc configuration file management method and related device
WO2010051715A1 (en) Method, system and mobile terminal for distributing the initial key of security sub-domain of a smart card
WO2018107718A1 (en) Method and device for assigning number to intelligent card over air
CN116346978A (en) Terminal device and data processing method of terminal device
CN108235302A (en) The long-range signing management platform switching method and device, smart card, SM-SR of smart card
CN109583154A (en) A kind of system and method based on Web middleware access intelligent code key
CN101729246B (en) Method and system for distributing key
CN105812370B (en) Smart card processing method, device and system
CN110636491B (en) Service-oriented trusted execution module and communication method
CN119052803B (en) Application processing method and system under SIM card multichannel authentication
CN100488199C (en) Media issuing system and method
CN114584967B (en) Data management method, device, system and computer readable storage medium
CN103107881B (en) Access method, device and system of smart card
CN114513787A (en) Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal
WO2010051716A1 (en) Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card
CN101001176A (en) Method and system for equipment configuration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant