[go: up one dir, main page]

WO2010051716A1 - Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card - Google Patents

Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card Download PDF

Info

Publication number
WO2010051716A1
WO2010051716A1 PCT/CN2009/073492 CN2009073492W WO2010051716A1 WO 2010051716 A1 WO2010051716 A1 WO 2010051716A1 CN 2009073492 W CN2009073492 W CN 2009073492W WO 2010051716 A1 WO2010051716 A1 WO 2010051716A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
management platform
security domain
service terminal
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2009/073492
Other languages
French (fr)
Chinese (zh)
Inventor
余万涛
马景旺
贾倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2010051716A1 publication Critical patent/WO2010051716A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains

Definitions

  • the present invention relates to mobile terminal electronic payment technology based on NFC (Near Field Communication Technology), and in particular to a smart card slave security key update distribution method, system and mobile terminal.
  • NFC Near Field Communication Technology
  • NFC Near Field Communication
  • 1356MHz a short-range wireless communication technology operating at 13.56MHz
  • mobile communication terminals such as mobile phones can simulate contactless IC cards for related applications of electronic payment.
  • Implementing this solution on a mobile communication terminal requires adding an NFC analog front end chip and an NFC antenna to the terminal, and using a smart card that supports electronic payment.
  • IC cards especially non-contact IC cards
  • mobile phones have experienced rapid development for more than 20 years, and have been widely popular among residents, bringing great convenience to people's work and life.
  • the capabilities of mobile phones are becoming more powerful and there is a tendency to integrate more features.
  • Combining mobile phones with non-contact IC card technology mobile phones used in the field of electronic payment will further expand the use of mobile phones, bring convenience to people's lives, and have broad application prospects.
  • the business framework of the mobile payment system for mobile terminals based on NFC technology usually adopts the multi-application framework of the Global Platform (Global Platform) specification.
  • the smart card supporting the Global Platform specification refers to the Global Platform Card Specification V2.1.1/
  • the IC chip or smart card specified by V2.2 can be SIM/USIM card in physical form, ie Customer Identity Model ( Subscriber Identity Model) / Universal Mobile Telecommunications System Customer Identification Module (UMTS), a pluggable smart memory card or an IC chip integrated on a mobile terminal.
  • the secure channel protocol needs to support SCP02 (based on symmetric key), if the mobile terminal electronic payment system based on near field communication technology supports GP2.2
  • SCP02 based on symmetric key
  • SCP10 based on asymmetric key
  • application providers can choose according to security policy requirements.
  • an NFC-based mobile terminal short-range electronic payment system mainly consists of a card issuer management platform, an application provider management platform, and a mobile terminal supporting a smart card with an electronic payment application function, and multiple application providers may exist in the system. Management platform.
  • multiple applications can be installed on the smart card supporting the Global Platform specification.
  • the smart card is divided into several independent security domains to ensure the isolation and independence of multiple applications. Manage their respective security domains as well as applications, application data, and more.
  • Security domains include primary and secondary security domains.
  • the primary security domain is the card issuer's mandatory card representation on the smart card.
  • the security domain is represented by a card issuer or application provider on an additional optional card on the smart card.
  • the generation, distribution, and update of the security domain key is the responsibility of the card issuer or application provider that manages the security domain, which ensures that applications and data from different application providers can coexist on the same card.
  • the keys for the security domain include the primary security domain key, the security domain initial key, and the secondary security domain key.
  • the primary security domain key and the slave security domain initial key are generated by the card issuer management platform, from the security domain key by the pipe
  • the key is updated to the key used by the electronic payment application, ie updated from the secure domain key used by the electronic payment application.
  • the secure domain key used by the electronic payment application has a certain life cycle, the update from the secure domain key must be completed before the end of the secure domain key life cycle.
  • the update distribution process from the secure domain key used by the electronic payment application is related to the specific implementation of the system network architecture.
  • the smart card In order to realize the security management of the smart card and the downloading and installation of the electronic payment application, the smart card needs to establish communication with the card issuer management platform and the application provider management platform. While establishing communication, how to realize the security update distribution of the smart card from the security domain key is a problem that needs to be solved for the electronic payment of the mobile terminal.
  • the present invention provides a smart card slave security key update distribution method, system and mobile terminal for secure key update and distribution of a smart card from a security domain.
  • the present invention provides a mobile terminal electronic payment system, the system comprising a smart card, a service terminal and a management platform having an electronic payment application function, wherein
  • the smart card is configured to communicate with the management platform through a service terminal;
  • the management platform is configured to distribute the updated smart card slave security domain key to the smart card via the service terminal.
  • the management platform is further configured to establish a secure communication channel with the smart card, perform mutual authentication with the smart card by the service terminal, establish a temporary session key, and generate a new smart card slave security domain key;
  • the service terminal is configured to transmit communication data of the smart card and the management platform
  • the smart card is further configured to establish a connection with the service terminal, perform mutual authentication with the management platform by the service terminal, receive a smart card key from the security domain distributed by the management platform, and update the smart card from the security domain key.
  • the management platform and the service terminal are respectively a card issuer management platform and a card issuer service terminal, or are respectively an application provider management platform and an application provider service terminal.
  • the smart card is a standalone device or is installed on the mobile terminal. Further, in the system, the management platform distributes the updated smart card from the security domain to the smart card through the service terminal when the smart card expires from the security domain or needs to be forced to update or the smart card user downloads the application. key.
  • the present invention also provides a method for updating and distributing a smart card from a security domain key.
  • the method establishes a communication between the smart card and the management platform by the service terminal to implement the update distribution of the smart card from the security domain key.
  • the method includes:
  • the management platform establishes a secure communication channel with the smart card through the service terminal;
  • step (a) includes:
  • the management platform initiates mutual authentication with the smart card from the security domain, and the service terminal completes mutual authentication between the management platform and the smart card from the security domain;
  • the management platform establishes a temporary session key with the smart card from the security domain to establish a secure communication channel.
  • the method further includes: when the smart card expires from the security domain key or needs to be forced to update or the smart card user downloads the application, the management platform initiates the smart card from the security domain key update distribution process.
  • the management platform and the service terminal respectively refer to a card issuer management platform and a card issuer service terminal, or an application provider management platform and an application provider service terminal,
  • the method when the management platform refers to an application provider management platform, the method further includes: before the step (a): The card issuer management platform creates a slave security domain and generates a slave security domain initial key on the smart card; the card issuer management platform sends the created basic information and the initial key of the security domain to the application provider management platform .
  • the present invention also provides a mobile terminal, the mobile terminal comprising a smart card having an electronic payment application function, the smart card is distributed from a security domain key by an application provider management platform through an application provider service terminal, or by a card issuer
  • the management platform is distributed through the card issuer business terminal.
  • the smart card slave security key update method, system and mobile terminal provided by the invention can solve the situation that after the card is issued, for the symmetric key, the user downloads the update or needs to be forced to update due to security reasons or due to the security domain key
  • a new slave security domain key is generated, and the new slave security domain key is sent to the smart card from the secure domain through the secure communication channel to update the security domain key.
  • FIG. 1 is a schematic diagram of an architecture of a mobile terminal electronic payment system based on the near field communication technology of the present invention
  • FIG. 2 is a slave security domain managed by a card issuer, and the present invention is based on a card issuer service terminal.
  • FIG. 3 is a schematic diagram of a slave security domain initial key update distribution process based on an application provider service terminal for a slave security domain managed by an application provider;
  • FIG. 4 is a schematic diagram of a process for updating and distributing a security domain key based on a card issuer service terminal caused by a card expiration or forced update for a slave security zone managed by a card issuer;
  • FIG. 5 is a schematic diagram of a process for updating and distributing a secure domain key based on an application provider service terminal due to key expiration or forced update for the slave security zone managed by the application provider.
  • the present invention is described by taking the architecture of the mobile terminal electronic payment system shown in FIG. 1 as an example, but It is not limited to the mobile terminal electronic payment system architecture shown in FIG.
  • FIG. 1 shows an electronic payment system for a mobile terminal of the present invention, including an application provider management platform, a card issuer management platform, an application provider service terminal, a card issuer service terminal, a mobile terminal, and a smart card, and the smart card is installed on the mobile terminal.
  • the system may also not include a mobile terminal, and the smart card is a separate device.
  • the application provider management platform and the card issuer management platform are collectively referred to as a management platform, and the application provider service terminal and the card issuer service terminal are collectively referred to as a service terminal.
  • the smart card supports the Global Platform Card Specification V2.1.1/V2.2 specification; the smart card having the electronic payment application function can be directly installed on the mobile terminal through the card issuer service terminal and the smart card of the application provider payment application function, the mobile terminal
  • the utility model may be connected through a card issuing commercial station for mutual authentication with the management smart card from the management platform of the security domain, and receiving the slave security domain key distributed by the management platform, updating the security domain key, the mutual authentication process and The security domain key distribution is implemented by the application provider service terminal or the card issuer service terminal.
  • the card issuer business terminal is managed by the card issuer management platform, and the smart card communicates with the card issuer management platform through the mobile terminal and the card issuer service terminal or directly through the card issuer service terminal;
  • the application provider service terminal by the application provider Management platform management, the smart card communicates with the application provider management platform through the mobile terminal and the application provider service terminal or directly through the application provider service terminal;
  • the card issuer management platform is responsible for the issuance and management of smart cards, manages the resources and lifecycles of the smart cards, keys, and certificates, and is responsible for creating security domains and interacting with other security domains, including creating secure domains. Mutual authentication with the smart card and establishment of a temporary session key, and generation of a security domain initial key and a new slave security domain key.
  • the card issuer management platform may include a card management system, an application management system, a key management system, a certificate management system, an application provider management system, etc., wherein the certificate management system supports an asymmetric key.
  • CA certificate management system and card issuer certification authority
  • application provider management platform responsible for the provision and management functions of electronic payment applications, provide various business applications, and carry out the corresponding security domain on the smart card Security management, controlling the application key, certificate, data, and the like of the security domain, and providing functions such as secure downloading and installation of the application. This includes mutual authentication with the smart card and establishment of a temporary session key, and generation of a new slave security domain key.
  • the application provider management platform may include an application management system, a key management system, and a certificate management system, wherein the certificate management system is used in the case of supporting asymmetric keys, a certificate management system, and an application provider certification authority.
  • CA Application provider certification authority
  • the card issuer management platform and the application provider management platform can provide electronic payment related services through their respective service terminals: participate in the management of electronic payment user information management, participate in the creation of secure domains and key distribution, download of electronic payment applications, and electronic Personalization of payment applications, etc.
  • Communication between the application provider management platform and the card issuer management platform can be via a secure channel such as a dedicated line connection.
  • the following describes the mobile terminal electronic payment system architecture shown in FIG. 1 as an example, but is not limited to the mobile terminal electronic payment system architecture shown in FIG. 1, and illustrates the smart card key update distribution method of the smart card of the present invention:
  • the smart card associated with the electronic payment application needs to be updated from the initial key of the security domain to the secondary security key.
  • Step si the card issuer management platform creates a smart card from the security domain.
  • the card issuer management platform can create a security domain based on the application information related to the application download.
  • the application information related to the application download can include the smart card ICCID information, the application identifier, and the application provider identity information.
  • the application information is sent by the user to the card issuer management platform through the card issuer service terminal, or sent by the user to the application provider provider management platform through the application provider service terminal, and submitted to the card issuer management platform according to the application information. Domain creation request.
  • Step s2 according to the smart card, different initial key update methods are obtained from different security platform management platforms.
  • the card issuer management platform After the smart card is created from the security domain, if it is managed by the application provider management platform from the security domain, the card issuer management platform will base information from the security domain (the security domain includes the smart card from the security domain identification information) and the initial The key is sent to the application provider management platform, which will The vendor management platform updates the initial key from the security domain;
  • the card issuer management platform updates the initial key from the secure domain for the specifically downloaded electronic payment application.
  • the card issuer management platform or the application provider management platform and the smart card are mutually authenticated from the security domain and a secure communication channel is established.
  • a smart card slave security zone managed by the card issuer management platform, the mutual authentication process being completed between the card issuer management platform and the smart card via the card issuer service terminal.
  • a smart card slave security zone managed by the application provider management platform, the mutual authentication process being completed between the application provider management platform and the smart card via the application provider service terminal.
  • the card issuer management platform or the application provider management platform establishes a temporary session key with the smart card from the security domain, and the temporary session key may follow the Global Platform Card Specification V2.1.1/ The V2.2 specification is established and can also be established by other methods; the temporary session key is used for communication encryption between the card issuer management platform or the application provider management platform and the smart card from the security domain.
  • the secure communication channel established between the smart cards, and the new slave security domain key generated by the card issuer management platform or the application provider management platform is imported to the smart card via the card issuer service terminal or the application provider service terminal.
  • the domain that completes the security update distribution from the security domain key is imported to the smart card via the card issuer service terminal or the application provider service terminal.
  • the card issuer management platform may be managed by the smart card from the secure domain. Forced update of the currently used slave security domain key with the provider management platform.
  • the specific update method includes:
  • the card issuer management platform or the application provider management platform and the smart card from the security domain are activated according to the slave security domain key currently being used.
  • Mutual authentication and establishment of a secure communication channel For the slave security domain managed by the card issuer, the mutual authentication process is completed between the card issuer management platform and the smart card via the card issuer service terminal.
  • the mutual authentication process can be completed between the application provider management platform and the smart card via the application provider service terminal.
  • the smart card establishes a temporary session key from the security domain.
  • the temporary session key can be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or can be established by other methods. Encryption of all i or between communications.
  • the new slave security domain key is imported to the smart card from the security domain via the card issuer service terminal or the application provider service terminal, and the security update distribution from the security domain key is completed.
  • FIG. 2 and FIG. 3 relate to the update distribution of the security domain initial key
  • FIG. 4 relates to the key expiration or forced update. Distribute from the update of the security domain key.
  • FIG. 2 is a flow diagram of a slave domain security key initial key update distribution process for a security-based card-issued business terminal managed by a card issuer in accordance with the present invention.
  • the steps of the slave security issuer based on the card issuer service terminal based on the security issue initial key update distribution process include:
  • Step 201 The card issuer management platform sends a SELECT command message to the smart card via the card issuer service end according to the initial key from the security domain, and selects the slave security domain;
  • Step 203 The card issuer management platform establishes a secure communication channel from the security domain via the card issuer service terminal and the smart card, for example, establishing a SCP02 secure channel;
  • the method for establishing a secure communication channel is as follows: The card issuer management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session secret
  • the key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed by the card issuer service terminal on the card issuer management platform and the smart card from the security domain Completed between.
  • Step 204 The card issuer management platform generates a new slave security domain key.
  • Step 205 The card issuer management platform sends a new slave security domain key to the smart card from the security domain via the card issuer service terminal through the PUTKEY command.
  • Step 206 After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the slave domain initial key.
  • Step 207 The smart card sends a PUTKEY command response from the security domain to the card issuer management platform via the card issuer service terminal, and ends the update process of the slave security initial key.
  • the card issuer management platform further includes the step of creating a smart card from the security domain according to the user application downloading request, and issuing the smart card from the security domain initial key to the slave smart card from the security domain.
  • FIG. 3 is a schematic diagram of a slave security provider initial key update distribution process for a secure domain based application provider service terminal managed by an application provider according to the present invention.
  • the process of updating the initial key update process of the security domain based on the application provider service terminal managed by the application provider includes:
  • Step 301 The user triggers an application download application through an application provider service terminal client program or a card program, and submits an application download application to the application provider management platform, where the application download application includes smart card identification information (ICCID), etc.; request information, in the request The message includes application provider identity information (ASP-ID) and smart card identification. Information (ICCID), etc.;
  • ICCID smart card identification information
  • Step 303 The card issuer management platform verifies the slave security domain creation request information and determines whether the request is allowed. The card issuer management platform determines whether the slave security zone is created through the application provider management platform.
  • the card issuer management platform determines that the slave security domain does not need to be created according to the smart card identification information and the application provider identity in the creation request information, the slave security domain creation process is terminated; otherwise, the subsequent steps are continued;
  • Step 304 The card issuer management platform sends a SELECT command message to the smart card via the application provider management platform and the application providing business terminal to select the primary security domain.
  • Step 305 The smart card submits a SELECT command response message to the card issuer management platform via the application provider service terminal and the application provider management platform;
  • Step 306 The card issuer management platform establishes a secure communication channel with the smart card master security domain via the application provider management platform and the application provider service terminal, such as establishing a SCP02 secure channel;
  • the method for establishing a secure communication channel is: mutual authentication between the card issuer management platform and the smart card primary security domain, and after mutual authentication, a temporary session key is established for communication encryption between the two, the temporary session is dense.
  • the key may be established in accordance with the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed on the card issuer management platform via an application provider management platform, an application provider service terminal, and The smart card is completed from between security domains.
  • Step 307 The card issuer management platform sends an INSTALL command to the smart card via the application provider management platform and the application providing business terminal;
  • Step 308 The smart card submits an INSTALL command response to the card issuer management platform via the application provider service terminal and the application provider management platform;
  • Step 309 The card issuer management platform generates an initial key from the security domain
  • Step 310 The card issuer management platform sends the slave security domain initial key to the smart card primary security domain via the application provider management platform and the application provider service terminal through the PUTKEY command.
  • Step 311 After receiving the slave security key, the smart card primary security domain initializes the slave security domain with the received slave security domain initial key.
  • Step 312 The smart card master security domain sends a PUTKEY command response to the card issuer management platform via the application provider service terminal and the application provider management platform; the information and the slave security domain initial key;
  • the slave security domain basic information includes a smart card identification information from the security domain.
  • Step 314 The application provider management platform adds the slave security domain related information to the database.
  • Step 315 The application provider management platform sends the SELECT command message to the smart card via the application provider service terminal, and selects the slave security domain.
  • Step 316 The smart card submits a SELECT command response to the application provider key management system via the application provider service terminal.
  • Step 317 The application provider management platform establishes a secure communication channel from the security domain via the application provider service terminal and the smart card, such as establishing a SCP02 secure channel;
  • the method for establishing a secure communication channel is as follows: The application provider management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session is dense.
  • the key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed on the application provider management platform and the smart card from the security domain via the application provider service terminal Completed between.
  • Step 318 The application provider management platform generates a new slave security domain key.
  • Step 319 The application provider management platform sends a new slave security domain key from the security domain to the smart card via the application providing the business terminal through the PUTKEY command.
  • Step 320 After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the slave domain initial key.
  • Step 321 The smart card sends a PUTKEY command response from the security domain to the application provider management platform via the application provider service terminal, and ends the slave domain security distribution process.
  • FIG. 4 is a schematic diagram of a slave security issuer key-based update distribution process based on a card issuer service terminal due to key expiration or forced update for a card issuer managed in accordance with the present invention.
  • the step of updating the distribution process of the slave security issuer key based on the card issuer service terminal due to the key expiration or forced update includes:
  • Step 401 The card issuer management platform sends the smart card to the smart card via the card issuer service terminal. SELECT command message, select from the security domain;
  • Step 402 The smart card submits a SELECT command response to the card issuer management platform via the card issuer service terminal.
  • Step 403 The card issuer management platform establishes a secure communication channel from the security domain via the card issuer service terminal and the smart card, for example, establishing a SCP02 secure channel;
  • the method for establishing a secure communication channel is as follows: The card issuer management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session secret
  • the key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed by the card issuer service terminal on the card issuer management platform and the smart card from the security domain Completed between.
  • Step 404 The card issuer management platform generates a new slave security domain key.
  • Step 405 The card issuer management platform sends a new slave security domain key from the security domain to the smart card via the card issuer service terminal by using the PUTKEY command.
  • Step 406 After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the smart card from the security domain key.
  • Step 407 The smart card sends a PUTKEY command response from the security domain to the card issuer management platform via the card issuer service terminal, and ends the security domain key update process.
  • Figure 5 is a diagram showing the process of updating a distribution process from a secure domain key based on an application provider service terminal due to key expiration or forced update for a secure domain managed by an application provider in accordance with the present invention.
  • the process of updating the distribution process from the secure domain key based on the application provider service terminal due to key expiration or forced update includes:
  • Step 501 The application provider management platform sends a SELECT command message to the smart card via the application provider service terminal, and selects a secondary security domain.
  • Step 502 The smart card submits to the application provider management platform via the application provider service terminal.
  • Step 503 The application provider management platform establishes an SCP02 secure channel from the security domain via the application provider service terminal and the smart card;
  • the method for establishing a secure communication channel is: application provider management platform and smart card from security domain After mutual authentication, mutual authentication is established, and a temporary session key is established for communication encryption between the two.
  • the temporary session key can be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or Established by other methods; the mutual authentication process is completed between the application provider management platform and the smart card from the security domain via an application provider service terminal.
  • Step 504 The application provider management platform generates a new slave security domain key.
  • Step 505 The application provider management platform sends a new slave security domain key to the smart card from the security domain by using the PUTKEY command, the command carrying the new slave security domain key, and the application provider service terminal;
  • Step 506 After receiving the new slave security domain key from the security domain, the smart card completes the update operation from the security domain key.
  • Step 507 The smart card sends a PUTKEY command response from the security domain to the application provider management platform via the application provider service terminal, and ends the security domain key update process.
  • the smart card from the security domain key update method, system and mobile terminal can solve the situation for the symmetric key, the card issuer management platform via the card issuer service terminal, or the application provider management platform via the application provider service terminal
  • the security key is securely imported from the security card from the security domain, and the smart card is distributed from the security domain key security update.
  • the smart card slave security key update method, system and mobile terminal provided by the invention can solve the situation that after the card is issued, for the symmetric key, when the security update is required for security reasons or because the security domain key expires and needs to be updated , generating a new slave security domain key, and sending the new slave security domain key to the smart card from the secure domain through a secure communication channel to update the security domain key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for updating and distributing the secondary security domain key of a smart card, corresponding system and mobile terminal are provided by the invention. Therein, the system includes a smart card which has electronic payment application function, a service terminal, a management platform. The smart card is an unattached equipment or installed into a mobile terminal, the smart card communicates to the management platform by the service terminal, the management platform distributes the secondary security domain key of the smart card to the smart card by the service terminal. The method can achieve that the secondary security domain key of the smart card is updated and distributed safely, by the communication between the smart card and the management platform which is established by the service terminal.

Description

一种智能卡从安全域密钥更新分发方法、 系统及移动终端  Smart card from security domain key update distribution method, system and mobile terminal

技术领域 Technical field

本发明涉及基于 NFC ( Near Field Communication, 近场通信技术) 的移 动终端电子支付技术, 特别地, 涉及一种智能卡从安全域密钥更新分发方法、 系统及移动终端。  The present invention relates to mobile terminal electronic payment technology based on NFC (Near Field Communication Technology), and in particular to a smart card slave security key update distribution method, system and mobile terminal.

背景技术 Background technique

近场通信技术(Near Field Communication, NFC )是工作于 13.56MHz的 一种近距离无线通信技术, 由 RFID技术及互连技术融合演变而来。 手机等 移动通信终端集成 NFC技术后, 可以模拟非接触式 IC卡, 用于电子支付的 有关应用。移动通信终端上实现该方案需要在终端上增加 NFC模拟前端芯片 和 NFC天线, 并使用支持电子支付的智能卡。  Near Field Communication (NFC) is a short-range wireless communication technology operating at 13.56MHz, which is a fusion of RFID technology and interconnection technology. After integrating NFC technology, mobile communication terminals such as mobile phones can simulate contactless IC cards for related applications of electronic payment. Implementing this solution on a mobile communication terminal requires adding an NFC analog front end chip and an NFC antenna to the terminal, and using a smart card that supports electronic payment.

IC卡特别是非接触式 IC卡经过十多年的发展, 已经被广泛应用于公交、 门禁、 小额电子支付等领域。 与此同时, 手机经历 20多年的迅速发展, 在居 民中基本得到普及, 给人们的工作及生活带来很大的便利。 手机的功能越来 越强大, 并存在集成更多功能的趋势。 将手机和非接触式 IC卡技术结合, 手 机应用于电子支付领域, 会进一步扩大手机的使用范围, 给人们的生活带来 便捷, 存在着广阔的应用前景。  IC cards, especially non-contact IC cards, have been widely used in public transportation, access control, and small-scale electronic payment after more than ten years of development. At the same time, mobile phones have experienced rapid development for more than 20 years, and have been widely popular among residents, bringing great convenience to people's work and life. The capabilities of mobile phones are becoming more powerful and there is a tendency to integrate more features. Combining mobile phones with non-contact IC card technology, mobile phones used in the field of electronic payment will further expand the use of mobile phones, bring convenience to people's lives, and have broad application prospects.

为实现基于 NFC技术的移动电子支付,需要建立移动终端电子支付系统, 通过该系统实现对基于 NFC的移动终端电子支付的管理, 包括: 智能卡的发 行, 电子支付应用的下载、 安装和个人化, 釆用相关技术和管理策略实现电 子支付应用的安全等。  In order to realize mobile electronic payment based on NFC technology, it is necessary to establish a mobile payment electronic payment system, and implement management of electronic payment for NFC-based mobile terminals, including: distribution of smart cards, downloading, installation and personalization of electronic payment applications, Use related technologies and management strategies to achieve security of electronic payment applications.

基于 NFC 技术的移动终端电子支付系统的业务框架通常釆用 Global Platform (全球平台)规范的多应用框架, 在该框架下, 支持 Global Platform 规范的智能卡指的是符合 Global Platform Card Specification V2.1.1/V2.2 (全球 平台卡规范版本 2.1.1/2.2, GP2.1.1或 GP2.2 )规范的 IC芯片或智能卡, 从物 理形式上可以为 SIM/USIM卡, 即客户识别模块( Subscriber Identity Model ) /通用移动通信系统客户识别模块 (UMTS Subscriber Identity Module UMTS), 可插拔的智能存储卡或者集成在移动终端上的 IC芯片。 The business framework of the mobile payment system for mobile terminals based on NFC technology usually adopts the multi-application framework of the Global Platform (Global Platform) specification. Under this framework, the smart card supporting the Global Platform specification refers to the Global Platform Card Specification V2.1.1/ The IC chip or smart card specified by V2.2 (Global Platform Card Specification Version 2.1.1/2.2, GP2.1.1 or GP2.2) can be SIM/USIM card in physical form, ie Customer Identity Model ( Subscriber Identity Model) / Universal Mobile Telecommunications System Customer Identification Module (UMTS), a pluggable smart memory card or an IC chip integrated on a mobile terminal.

如果基于近场通信(NFC )技术的移动终端电子支付系统支持 GP2丄 1 规范, 安全通道协议需要支持 SCP02 (基于对称密钥) , 如果基于近场通信 技术的移动终端电子支付系统支持 GP2.2 规范, 安全通道协议需要支持 SCP02 (基于对称密钥)和 SCP10 (基于非对称密钥) , 卡片发行商、 应用 提供商可以根据安全策略需求进行选择。  If the mobile terminal electronic payment system based on Near Field Communication (NFC) technology supports the GP2丄1 specification, the secure channel protocol needs to support SCP02 (based on symmetric key), if the mobile terminal electronic payment system based on near field communication technology supports GP2.2 The specification, secure channel protocol needs to support SCP02 (based on symmetric key) and SCP10 (based on asymmetric key), card issuers, application providers can choose according to security policy requirements.

一般情况下,基于 NFC的移动终端近距离电子支付系统主要由卡片发行 商管理平台、 应用提供商管理平台和支持具有电子支付应用功能智能卡的移 动终端组成, 该系统中可以存在多个应用提供商管理平台。  In general, an NFC-based mobile terminal short-range electronic payment system mainly consists of a card issuer management platform, an application provider management platform, and a mobile terminal supporting a smart card with an electronic payment application function, and multiple application providers may exist in the system. Management platform.

在支持 Global Platform规范的智能卡上可以安装多个应用, 为了实现电 子支付应用的安全, 智能卡被分隔为若干个独立的安全域, 以保证多个应用 相互之间的隔离以及独立性, 各个应用提供商管理各自的安全域以及应用、 应用数据等。  Multiple applications can be installed on the smart card supporting the Global Platform specification. In order to realize the security of the electronic payment application, the smart card is divided into several independent security domains to ensure the isolation and independence of multiple applications. Manage their respective security domains as well as applications, application data, and more.

用于支持安全通道协议运作以及智能卡内容管理的密钥。 安全域包括主安全 域和从安全域等。 主安全域是卡发行商在智能卡上的强制的卡上代表。 从安 全域是卡发行商或应用提供商在智能卡上的附加的可选卡上代表。 A key used to support secure channel protocol operation and smart card content management. Security domains include primary and secondary security domains. The primary security domain is the card issuer's mandatory card representation on the smart card. The security domain is represented by a card issuer or application provider on an additional optional card on the smart card.

安全域密钥的生成、 分发与更新由管理该安全域的卡发行商或应用提供 商负责,这保证了来自不同应用提供者的应用和数据可以共存于同一个卡上。 安全域的密钥包括主安全域密钥、 从安全域初始密钥和从安全域密钥。 主安 全域密钥和从安全域初始密钥由卡发行商管理平台生成, 从安全域密钥由管  The generation, distribution, and update of the security domain key is the responsibility of the card issuer or application provider that manages the security domain, which ensures that applications and data from different application providers can coexist on the same card. The keys for the security domain include the primary security domain key, the security domain initial key, and the secondary security domain key. The primary security domain key and the slave security domain initial key are generated by the card issuer management platform, from the security domain key by the pipe

在将电子支付应用下载并安装到智能卡之前, 需要在智能卡上为该应用 先创建从安全域。 智能卡从安全域的创建是由卡发行商管理平台完成的。 在 智能卡发行后, 创建智能卡从安全域时, 从安全域初始密钥必须由卡发行商 管理平台通过安全途径导入到智能卡上的从安全域。 Before downloading and installing an electronic payment application to a smart card, you need to create a secondary security domain for the application on the smart card. The creation of a smart card from a secure domain is done by the card issuer management platform. After the smart card is issued, when the smart card is created from the secure domain, the initial key from the secure domain must be imported by the card issuer management platform to the secure domain on the smart card.

从安全域创建完成后, 在下载电子支付应用时, 需要将从安全域初始密 钥更新为电子支付应用使用的密钥, 即更新为电子支付应用使用的从安全域 密钥。 电子支付应用所使用的从安全域密钥具有一定的生命周期时, 必须在 从安全域密钥生命周期结束之前完成从安全域密钥的更新。 另外, 也可能由 于安全原因需要强制更新电子支付应用使用的从安全域密钥。 从安全域密钥 作为机密数据, 在密钥更新过程中需要釆取可靠及安全的方法将有关密钥导 入到智能卡从安全域, 以实现从安全域密钥的安全更新分发。 After the security domain is created, when you download the electronic payment application, you need to initialize the security domain from the security domain. The key is updated to the key used by the electronic payment application, ie updated from the secure domain key used by the electronic payment application. When the secure domain key used by the electronic payment application has a certain life cycle, the update from the secure domain key must be completed before the end of the secure domain key life cycle. In addition, it may be necessary to forcibly update the slave security domain key used by the electronic payment application for security reasons. From the security domain key as confidential data, in the key update process, it is necessary to take a reliable and secure method to import the relevant key into the smart card from the security domain to implement security update distribution from the security domain key.

电子支付应用所使用的从安全域密钥的更新分发过程与系统网络架构的 具体实现方式有关。 为了实现智能卡的安全性管理和电子支付应用的下载、 安装等,智能卡需要和卡发行商管理平台以及应用提供商管理平台建立通信。 在建立通信的同时, 如何实现智能卡从安全域密钥的安全更新分发, 是移动 终端电子支付需要解决的一个问题。  The update distribution process from the secure domain key used by the electronic payment application is related to the specific implementation of the system network architecture. In order to realize the security management of the smart card and the downloading and installation of the electronic payment application, the smart card needs to establish communication with the card issuer management platform and the application provider management platform. While establishing communication, how to realize the security update distribution of the smart card from the security domain key is a problem that needs to be solved for the electronic payment of the mobile terminal.

发明内容 Summary of the invention

为了解决现有技术问题, 本发明提供一种智能卡从安全域密钥更新分发 方法、 系统及移动终端, 以对智能卡从安全域进行安全的密钥更新和分发。  In order to solve the prior art problem, the present invention provides a smart card slave security key update distribution method, system and mobile terminal for secure key update and distribution of a smart card from a security domain.

本发明提供一种移动终端电子支付系统, 所述系统包括具有电子支付应 用功能的智能卡、 业务终端及管理平台, 其中,  The present invention provides a mobile terminal electronic payment system, the system comprising a smart card, a service terminal and a management platform having an electronic payment application function, wherein

所述智能卡设置成通过业务终端与所述管理平台进行通信;  The smart card is configured to communicate with the management platform through a service terminal;

所述管理平台设置成通过所述业务终端向所述智能卡分发更新的智能卡 从安全域密钥。  The management platform is configured to distribute the updated smart card slave security domain key to the smart card via the service terminal.

进一步地, 所述系统中,  Further, in the system,

所述管理平台还设置成与所述智能卡建立安全通信信道, 通过所述业务 终端与所述智能卡进行互认证, 建立临时会话密钥, 以及生成新的智能卡从 安全域密钥;  The management platform is further configured to establish a secure communication channel with the smart card, perform mutual authentication with the smart card by the service terminal, establish a temporary session key, and generate a new smart card slave security domain key;

所述业务终端设置成传输智能卡与管理平台的通讯数据;  The service terminal is configured to transmit communication data of the smart card and the management platform;

所述智能卡还设置成与所述业务终端建立连接, 通过所述业务终端与所 述管理平台进行互认证, 接收所述管理平台分发的智能卡从安全域密钥, 以 及更新智能卡从安全域密钥; 所述管理平台和业务终端分别为卡发行商管理平台和卡发行商业务终 端, 或者分别为应用提供商管理平台和应用提供商业务终端。 The smart card is further configured to establish a connection with the service terminal, perform mutual authentication with the management platform by the service terminal, receive a smart card key from the security domain distributed by the management platform, and update the smart card from the security domain key. ; The management platform and the service terminal are respectively a card issuer management platform and a card issuer service terminal, or are respectively an application provider management platform and an application provider service terminal.

进一步地, 所述系统中, 所述智能卡为一独立设备或安装在移动终端上。 进一步地, 所述系统中, 所述管理平台是在智能卡从安全域密钥到期或 需要强制更新或智能卡用户下载应用时, 通过所述业务终端向所述智能卡分 发更新的智能卡从安全域密钥。  Further, in the system, the smart card is a standalone device or is installed on the mobile terminal. Further, in the system, the management platform distributes the updated smart card from the security domain to the smart card through the service terminal when the smart card expires from the security domain or needs to be forced to update or the smart card user downloads the application. key.

本发明还提供一种智能卡从安全域密钥更新分发方法, 所述方法通过业 务终端建立智能卡与管理平台的通信, 以实现智能卡从安全域密钥的更新分 发, 所述方法包括:  The present invention also provides a method for updating and distributing a smart card from a security domain key. The method establishes a communication between the smart card and the management platform by the service terminal to implement the update distribution of the smart card from the security domain key. The method includes:

( a )管理平台通过业务终端建立与智能卡之间的安全通信信道;  (a) The management platform establishes a secure communication channel with the smart card through the service terminal;

( b )所述管理平台生成新的智能卡从安全域密钥;  (b) the management platform generates a new smart card slave security domain key;

( c )所述管理平台将所述新的智能卡从安全域密钥通过所述安全通信信 道分发给所述智能卡;  (c) said management platform distributing said new smart card from said secure domain key to said smart card via said secure communication channel;

( d )所述智能卡完成从安全域密钥更新。  (d) The smart card completes the update from the secure domain key.

进一步地, 所述方法中, 所述步骤(a ) 包括:  Further, in the method, the step (a) includes:

( al ) 所述管理平台启动与智能卡从安全域之间的互认证, 通所述业务 终端完成所述管理平台与所述智能卡从安全域之间的互认证;  (al) the management platform initiates mutual authentication with the smart card from the security domain, and the service terminal completes mutual authentication between the management platform and the smart card from the security domain;

( a2 ) 所述管理平台与所述智能卡从安全域之间建立临时会话密钥, 从 而建立安全通信信道。  (a2) The management platform establishes a temporary session key with the smart card from the security domain to establish a secure communication channel.

进一步地, 所述方法还包括: 当智能卡从安全域密钥到期或需要强制更 新或者智能卡用户下载应用时, 所述管理平台发起智能卡从安全域密钥更新 分发流程。  Further, the method further includes: when the smart card expires from the security domain key or needs to be forced to update or the smart card user downloads the application, the management platform initiates the smart card from the security domain key update distribution process.

进一步地, 所述方法中, 所述管理平台和业务终端分别指卡发行商管理 平台和卡发行商业务终端, 或者指应用提供商管理平台和应用提供商业务终 端,  Further, in the method, the management platform and the service terminal respectively refer to a card issuer management platform and a card issuer service terminal, or an application provider management platform and an application provider service terminal,

进一步地, 所述方法中, 当所述管理平台指应用提供商管理平台时, 所 述方法在所述步骤(a )之前还包括: 卡发行商管理平台在智能卡上创建从安全域及生成从安全域初始密钥; 所述卡发行商管理平台将创建的从安全域的基本信息和初始密钥发送给 所述应用提供商管理平台。 Further, in the method, when the management platform refers to an application provider management platform, the method further includes: before the step (a): The card issuer management platform creates a slave security domain and generates a slave security domain initial key on the smart card; the card issuer management platform sends the created basic information and the initial key of the security domain to the application provider management platform .

本发明还提供一种移动终端, 所述移动终端包括具有电子支付应用功能 的智能卡, 所述智能卡从安全域的密钥由应用提供商管理平台通过应用提供 商业务终端分发, 或者由卡发行商管理平台通过卡发行商业务终端分发。  The present invention also provides a mobile terminal, the mobile terminal comprising a smart card having an electronic payment application function, the smart card is distributed from a security domain key by an application provider management platform through an application provider service terminal, or by a card issuer The management platform is distributed through the card issuer business terminal.

本发明提出的智能卡从安全域密钥更新方法、 系统及移动终端, 可以解 决在发卡后, 针对对称密钥的情况, 在用户下载更新或者由于安全原因需要 强制更新或者由于从安全域密钥到期需要更新时, 生成新的从安全域密钥, 并通过安全通信通道将该新的从安全域密钥发送给智能卡从安全域, 以更新 从安全域密钥。  The smart card slave security key update method, system and mobile terminal provided by the invention can solve the situation that after the card is issued, for the symmetric key, the user downloads the update or needs to be forced to update due to security reasons or due to the security domain key When the period needs to be updated, a new slave security domain key is generated, and the new slave security domain key is sent to the smart card from the secure domain through the secure communication channel to update the security domain key.

附图概述 BRIEF abstract

图 1是本发明基于近场通信技术的移动终端电子支付系统架构示意图; 图 2是针对卡发行商管理的从安全域, 本发明基于卡发行商业务终端的 从安全域初始密钥更新分发流程示意图;  1 is a schematic diagram of an architecture of a mobile terminal electronic payment system based on the near field communication technology of the present invention; FIG. 2 is a slave security domain managed by a card issuer, and the present invention is based on a card issuer service terminal. Schematic diagram

图 3是针对应用提供商管理的从安全域, 本发明基于应用提供商业务终 端的从安全域初始密钥更新分发流程示意图;  3 is a schematic diagram of a slave security domain initial key update distribution process based on an application provider service terminal for a slave security domain managed by an application provider;

图 4是本发明针对卡发行商管理的从安全域, 由于密钥到期或强制更新 引起的基于卡发行商业务终端的从安全域密钥更新分发流程示意图;  4 is a schematic diagram of a process for updating and distributing a security domain key based on a card issuer service terminal caused by a card expiration or forced update for a slave security zone managed by a card issuer;

图 5是本发明针对应用提供商管理的从安全域, 由于密钥到期或强制更 新引起的基于应用提供商业务终端的从安全域密钥更新分发流程示意图。  FIG. 5 is a schematic diagram of a process for updating and distributing a secure domain key based on an application provider service terminal due to key expiration or forced update for the slave security zone managed by the application provider.

本发明的较佳实施方式 Preferred embodiment of the invention

为使本发明的目的、 技术方案及优点更加清楚明白, 以下参照附图并举 较佳实例, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings and preferred embodiments.

本发明以基于图 1所示的移动终端电子支付系统架构为例进行描述, 但 不限于图 1所示移动终端电子支付系统架构。 The present invention is described by taking the architecture of the mobile terminal electronic payment system shown in FIG. 1 as an example, but It is not limited to the mobile terminal electronic payment system architecture shown in FIG.

图 1示出了本发明移动终端电子支付系统, 包括应用提供商管理平台、 卡发行商管理平台、 应用提供商业务终端、 卡发行商业务终端、 移动终端和 智能卡, 智能卡安装在移动终端上, 该系统也可以不包含移动终端, 此时智 能卡为一独立设备。 应用提供商管理平台和卡发行商管理平台统称为管理平 台, 应用提供商业务终端和卡发行商业务终端统称为业务终端。  1 shows an electronic payment system for a mobile terminal of the present invention, including an application provider management platform, a card issuer management platform, an application provider service terminal, a card issuer service terminal, a mobile terminal, and a smart card, and the smart card is installed on the mobile terminal. The system may also not include a mobile terminal, and the smart card is a separate device. The application provider management platform and the card issuer management platform are collectively referred to as a management platform, and the application provider service terminal and the card issuer service terminal are collectively referred to as a service terminal.

所述智能卡支持 Global Platform Card Specification V2.1.1/V2.2规范; 具 有电子支付应用功能的智能卡可以直接通过卡发行商业务终端和应用提供商 支付应用功能的智能卡安装在移动终端上时, 移动终端可以通过卡发行商业 台连接, 用于与管理智能卡从安全域的管理平台进行互认证, 以及接收所述 管理平台分发的从安全域密钥, 更新从安全域密钥, 所述互认证过程及从安 全域密钥分发均通过所述应用提供商业务终端或卡发行商业务终端实现。  The smart card supports the Global Platform Card Specification V2.1.1/V2.2 specification; the smart card having the electronic payment application function can be directly installed on the mobile terminal through the card issuer service terminal and the smart card of the application provider payment application function, the mobile terminal The utility model may be connected through a card issuing commercial station for mutual authentication with the management smart card from the management platform of the security domain, and receiving the slave security domain key distributed by the management platform, updating the security domain key, the mutual authentication process and The security domain key distribution is implemented by the application provider service terminal or the card issuer service terminal.

卡发行商业务终端, 由卡发行商管理平台管理, 智能卡通过移动终端及 卡发行商业务终端或直接通过卡发行商业务终端与卡发行商管理平台通信; 应用提供商业务终端, 由应用提供商管理平台管理, 智能卡通过移动终 端及应用提供商业务终端或直接通过应用提供商业务终端与应用提供商管理 平台通信;  The card issuer business terminal is managed by the card issuer management platform, and the smart card communicates with the card issuer management platform through the mobile terminal and the card issuer service terminal or directly through the card issuer service terminal; the application provider service terminal, by the application provider Management platform management, the smart card communicates with the application provider management platform through the mobile terminal and the application provider service terminal or directly through the application provider service terminal;

卡发行商管理平台, 负责智能卡的发行和管理, 对智能卡的资源和生命 周期、 密钥、 证书进行管理, 负责从安全域的创建, 并与其他安全域交互应 用数据, 其中包括创建从安全域, 与所述智能卡进行互认证及建立临时会话 密钥, 以及生成从安全域初始密钥和新的从安全域密钥。 就具体实现而言, 卡发行商管理平台可以包括卡片管理系统、 应用管理系统、 密钥管理系统、 证书管理系统、 应用提供商管理系统等, 其中证书管理系统在支持非对称密 钥的情况下使用, 证书管理系统和卡片发行商认证机构 (CA ) 系统连接; 应用提供商管理平台, 负责电子支付应用的提供和管理功能, 提供各种 业务应用, 并对智能卡上与其对应的从安全域进行安全管理, 对所述从安全 域的应用密钥、 证书、 数据等进行控制, 提供应用的安全下载、 安装等功能。 其中包括与所述智能卡进行互认证及建立临时会话密钥, 以及生成新的从安 全域密钥。 就具体实现而言, 应用提供商管理平台可以包括应用管理系统、 密钥管理系统、 证书管理系统, 其中证书管理系统在支持非对称密钥的情况 下使用, 证书管理系统和应用提供商认证机构 (CA ) 系统连接。 The card issuer management platform is responsible for the issuance and management of smart cards, manages the resources and lifecycles of the smart cards, keys, and certificates, and is responsible for creating security domains and interacting with other security domains, including creating secure domains. Mutual authentication with the smart card and establishment of a temporary session key, and generation of a security domain initial key and a new slave security domain key. For specific implementation, the card issuer management platform may include a card management system, an application management system, a key management system, a certificate management system, an application provider management system, etc., wherein the certificate management system supports an asymmetric key. Use, certificate management system and card issuer certification authority (CA) system connection; application provider management platform, responsible for the provision and management functions of electronic payment applications, provide various business applications, and carry out the corresponding security domain on the smart card Security management, controlling the application key, certificate, data, and the like of the security domain, and providing functions such as secure downloading and installation of the application. This includes mutual authentication with the smart card and establishment of a temporary session key, and generation of a new slave security domain key. For specific implementation, the application provider management platform may include an application management system, a key management system, and a certificate management system, wherein the certificate management system is used in the case of supporting asymmetric keys, a certificate management system, and an application provider certification authority. (CA) System connection.

卡发行商管理平台和应用提供商管理平台可以通过各自的业务终端提供 电子支付有关服务: 参与处理电子支付用户信息管理, 参与从安全域的创建 和密钥分发、 电子支付应用的下载、 以及电子支付应用的个人化等。 应用提 供商管理平台和卡发行商管理平台之间可以通过安全信道(如专线连接)进 行通信。  The card issuer management platform and the application provider management platform can provide electronic payment related services through their respective service terminals: participate in the management of electronic payment user information management, participate in the creation of secure domains and key distribution, download of electronic payment applications, and electronic Personalization of payment applications, etc. Communication between the application provider management platform and the card issuer management platform can be via a secure channel such as a dedicated line connection.

以下结合图 1所示的移动终端电子支付系统架构为例进行描述, 但不限 于图 1所示移动终端电子支付系统架构, 对本发明智能卡从安全域密钥更新 分发方法进行说明:  The following describes the mobile terminal electronic payment system architecture shown in FIG. 1 as an example, but is not limited to the mobile terminal electronic payment system architecture shown in FIG. 1, and illustrates the smart card key update distribution method of the smart card of the present invention:

从安全域的密钥更新主要涉及两种:  There are two main types of key updates from the security domain:

一、 用户下载电子支付应用时, 需要将与该电子支付应用关联的智能卡 从安全域的初始密钥更新为从安全域密钥。  1. When the user downloads the electronic payment application, the smart card associated with the electronic payment application needs to be updated from the initial key of the security domain to the secondary security key.

步骤 si , 卡发行商管理平台创建智能卡从安全域。  Step si, the card issuer management platform creates a smart card from the security domain.

卡发行商管理平台可以根据与应用下载有关的申请信息在智能卡上创建 从安全域, 与应用下载有关的申请信息可以包含智能卡 ICCID信息、 应用标 识及应用提供商身份信息等。 该申请信息由用户通过卡发行商业务终端发送 给卡发行商管理平台, 或者由用户通过应用提供商业务终端发送给应用提供 提供商管理平台根据所述申请信息向卡发行商管理平台提交从安全域创建请 求。  The card issuer management platform can create a security domain based on the application information related to the application download. The application information related to the application download can include the smart card ICCID information, the application identifier, and the application provider identity information. The application information is sent by the user to the card issuer management platform through the card issuer service terminal, or sent by the user to the application provider provider management platform through the application provider service terminal, and submitted to the card issuer management platform according to the application information. Domain creation request.

步骤 s2, 根据该智能卡从安全域的管理平台不同釆取不同的初始密钥更 新方法。  Step s2, according to the smart card, different initial key update methods are obtained from different security platform management platforms.

智能卡从安全域创建完成后, 如果从安全域由应用提供商管理平台进行 管理, 卡发行商管理平台将从安全域基本信息 (该从安全域基本信息中包括 智能卡从安全域标识信息)和初始密钥发送给应用提供商管理平台, 从而将 供商管理平台更新从安全域的初始密钥; After the smart card is created from the security domain, if it is managed by the application provider management platform from the security domain, the card issuer management platform will base information from the security domain (the security domain includes the smart card from the security domain identification information) and the initial The key is sent to the application provider management platform, which will The vendor management platform updates the initial key from the security domain;

如果智能卡从安全域由卡发行商管理平台进行管理, 由卡发行商管理平 台针对具体下载的电子支付应用更新从安全域的初始密钥。  If the smart card is managed from the secure domain by the card issuer management platform, the card issuer management platform updates the initial key from the secure domain for the specifically downloaded electronic payment application.

进行更新时, 包含如下步骤: 根据智能卡从安全域初始密钥等信息, 启动卡发行商管理平台或应用提供商 管理平台与智能卡从安全域的互认证并建立安全通信信道。 针对卡发行商管 理平台管理的智能卡从安全域, 所述互认证过程经由所述卡发行商业务终端 在所述卡发行商管理平台和所述智能卡之间完成。 针对应用提供商管理平台 管理的智能卡从安全域, 所述互认证过程经由所述应用提供商业务终端在所 述应用提供商管理平台和所述智能卡之间完成。 完成互认证后, 所述卡发行 商管理平台或所述应用提供商管理平台与所述智能卡从安全域之间建立临时 会话密钥, 该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2规范建立, 也可以通过其它方法建立; 该临时会话密钥用于卡发 行商管理平台或应用提供商管理平台和智能卡从安全域之间的通信加密。  When the update is performed, the following steps are included: According to the smart card from the security domain initial key and the like, the card issuer management platform or the application provider management platform and the smart card are mutually authenticated from the security domain and a secure communication channel is established. A smart card slave security zone managed by the card issuer management platform, the mutual authentication process being completed between the card issuer management platform and the smart card via the card issuer service terminal. A smart card slave security zone managed by the application provider management platform, the mutual authentication process being completed between the application provider management platform and the smart card via the application provider service terminal. After the mutual authentication is completed, the card issuer management platform or the application provider management platform establishes a temporary session key with the smart card from the security domain, and the temporary session key may follow the Global Platform Card Specification V2.1.1/ The V2.2 specification is established and can also be established by other methods; the temporary session key is used for communication encryption between the card issuer management platform or the application provider management platform and the smart card from the security domain.

述智能卡之间建立的安全通信信道, 将卡发行商管理平台或应用提供商管理 平台生成的新的从安全域密钥经由卡发行商业务终端或应用提供商业务终端 导入到所述智能卡从安全域, 完成从安全域密钥的安全更新分发。 The secure communication channel established between the smart cards, and the new slave security domain key generated by the card issuer management platform or the application provider management platform is imported to the smart card via the card issuer service terminal or the application provider service terminal. The domain that completes the security update distribution from the security domain key.

二、 由于密钥到期或强制更新进行的从安全域密钥更新分发 一指定生命周期时, 必须由管理该智能卡从安全域的卡发行商管理平台或应 用提供商管理平台在当前使用的从安全域密钥的生命周期结束之前对该当前 使用的从安全域密钥进行更新;  Second, due to key expiration or forced update to perform a specified lifecycle from the security domain key update distribution, it must be managed by the smart card from the security domain of the card issuer management platform or the application provider management platform in the current use of the slave The currently used slave security domain key is updated before the end of the life cycle of the security domain key;

当由于安全原因需要更新智能卡从安全域关联的电子支付应用当前使用 的从安全域密钥时, 可以由管理该智能卡从安全域的卡发行商管理平台或应 用提供商管理平台对该当前使用的从安全域密钥进行强制更新。 When it is necessary to update the smart domain key currently used by the smart card associated with the smart card for security reasons, the card issuer management platform may be managed by the smart card from the secure domain. Forced update of the currently used slave security domain key with the provider management platform.

具体更新方法包含:  The specific update method includes:

当从安全域密钥到期或由于安全原因强制更新从安全域密钥时, 根据当 前正在使用的从安全域密钥, 启动卡发行商管理平台或应用提供商管理平台 与智能卡从安全域的互认证并建立安全通信信道。 针对卡发行商管理的从安 全域, 所述互认证过程经由卡发行商业务终端在所述卡发行商管理平台和所 述智能卡之间完成。 针对应用提供商管理的从安全域, 所述互认证过程可以 经由所述应用提供商业务终端在所述应用提供商管理平台和所述智能卡之间 完成。 述智能卡从安全域之间建立临时会话密钥, 该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2规范建立, 也可以通过其它方法建立。 全 i或之间的通信加密。  When the security domain key expires or the security domain key is forced to be updated, the card issuer management platform or the application provider management platform and the smart card from the security domain are activated according to the slave security domain key currently being used. Mutual authentication and establishment of a secure communication channel. For the slave security domain managed by the card issuer, the mutual authentication process is completed between the card issuer management platform and the smart card via the card issuer service terminal. For a secondary security zone managed by an application provider, the mutual authentication process can be completed between the application provider management platform and the smart card via the application provider service terminal. The smart card establishes a temporary session key from the security domain. The temporary session key can be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or can be established by other methods. Encryption of all i or between communications.

新的从安全域密钥经由所述卡发行商业务终端或应用提供商业务终端导入到 所述智能卡从安全域, 完成从安全域密钥的安全更新分发。 The new slave security domain key is imported to the smart card from the security domain via the card issuer service terminal or the application provider service terminal, and the security update distribution from the security domain key is completed.

下面通过实例进一步说明本发明智能卡从安全域密钥更新方法, 其中, 图 2, 图 3涉及从安全域初始密钥的更新分发, 图 4, 图 5涉及因为密钥到期 或者强制更新引起的从安全域密钥的更新分发。  The smart card slave security key update method of the present invention is further illustrated by an example. FIG. 2 and FIG. 3 relate to the update distribution of the security domain initial key, FIG. 4, FIG. 5 relates to the key expiration or forced update. Distribute from the update of the security domain key.

图 2是根据本发明的, 针对卡发行商管理的从安全域的基于卡发行商业 务终端的从安全域初始密钥更新分发流程示意图。 如图 2所示, 针对卡发行 商管理的基于卡发行商业务终端的从安全域初始密钥更新分发流程步骤包 括:  2 is a flow diagram of a slave domain security key initial key update distribution process for a security-based card-issued business terminal managed by a card issuer in accordance with the present invention. As shown in FIG. 2, the steps of the slave security issuer based on the card issuer service terminal based on the security issue initial key update distribution process include:

步骤 201 : 卡发行商管理平台根据从安全域初始密钥, 经由卡发行商业 务端向智能卡发送 SELECT命令报文, 选择从安全域; 步骤 202 : 智能卡经由卡发行商业务终端向卡发行商管理平台提交 SELECT命令响应报文; Step 201: The card issuer management platform sends a SELECT command message to the smart card via the card issuer service end according to the initial key from the security domain, and selects the slave security domain; Step 202: The smart card submits a SELECT command response message to the card issuer management platform via the card issuer service terminal.

步骤 203: 卡发行商管理平台经由卡发行商业务终端与智能卡从安全域 建立安全通信信道, 比如建立 SCP02安全信道;  Step 203: The card issuer management platform establishes a secure communication channel from the security domain via the card issuer service terminal and the smart card, for example, establishing a SCP02 secure channel;

建立安全通信信道的方法为: 卡发行商管理平台与智能卡从安全域之间 进行互认证, 进行互认证后, 建立起临时会话密钥, 用于两者之间的通信加 密, 该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2 规范建立, 也可以通过其它方法建立; 所述互认证过程经由卡发行商业务终 端在所述卡发行商管理平台和所述智能卡从安全域之间完成。  The method for establishing a secure communication channel is as follows: The card issuer management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session secret The key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed by the card issuer service terminal on the card issuer management platform and the smart card from the security domain Completed between.

步骤 204: 卡发行商管理平台生成新的从安全域密钥;  Step 204: The card issuer management platform generates a new slave security domain key.

步骤 205: 卡发行商管理平台通过 PUTKEY命令, 经由卡发行商业务终 端向智能卡从安全域发送新的从安全域密钥;  Step 205: The card issuer management platform sends a new slave security domain key to the smart card from the security domain via the card issuer service terminal through the PUTKEY command.

步骤 206: 智能卡从安全域接收到新的从安全域密钥后, 完成对从安全 域初始密钥的更新操作;  Step 206: After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the slave domain initial key.

步骤 207: 智能卡从安全域经由卡发行商业务终端向卡发行商管理平台 发送 PUTKEY命令响应, 结束对从安全域初始密钥的更新过程。  Step 207: The smart card sends a PUTKEY command response from the security domain to the card issuer management platform via the card issuer service terminal, and ends the update process of the slave security initial key.

上述步骤 201之前, 还包含卡发行商管理平台根据用户应用下载申请建 立智能卡从安全域, 并下发智能卡从安全域初始密钥给从智能卡从安全域的 步骤。  Before the foregoing step 201, the card issuer management platform further includes the step of creating a smart card from the security domain according to the user application downloading request, and issuing the smart card from the security domain initial key to the slave smart card from the security domain.

图 3是根据本发明的, 针对应用提供商管理的从安全域的基于应用提供 商业务终端的从安全域初始密钥更新分发流程示意图。 如图 3所示, 针对应 用提供商管理的从安全域的基于应用提供商业务终端的从安全域初始密钥更 新分发流程步骤包括:  3 is a schematic diagram of a slave security provider initial key update distribution process for a secure domain based application provider service terminal managed by an application provider according to the present invention. As shown in FIG. 3, the process of updating the initial key update process of the security domain based on the application provider service terminal managed by the application provider includes:

步骤 301 : 用户通过应用提供商业务终端客户端程序或卡片程序触发应 用下载申请, 并向应用提供商管理平台提交应用下载申请, 应用下载申请包 含智能卡标识信息 (ICCID )等; 请求信息, 在请求报文中包括应用提供商身份信息 (ASP-ID )和智能卡标识 信息 (ICCID )等; Step 301: The user triggers an application download application through an application provider service terminal client program or a card program, and submits an application download application to the application provider management platform, where the application download application includes smart card identification information (ICCID), etc.; request information, in the request The message includes application provider identity information (ASP-ID) and smart card identification. Information (ICCID), etc.;

步骤 303: 卡发行商管理平台验证该从安全域创建请求信息, 并确定是 否允许该请求。 卡发行商管理平台判断是否通过应用提供商管理平台创建从 安全域。  Step 303: The card issuer management platform verifies the slave security domain creation request information and determines whether the request is allowed. The card issuer management platform determines whether the slave security zone is created through the application provider management platform.

如果卡发行商管理平台根据该创建请求信息中的智能卡标识信息和应用 提供商身份等判断不需要创建从安全域, 则终止从安全域创建过程, 否则, 继续执行后续步骤;  If the card issuer management platform determines that the slave security domain does not need to be created according to the smart card identification information and the application provider identity in the creation request information, the slave security domain creation process is terminated; otherwise, the subsequent steps are continued;

步骤 304: 卡发行商管理平台经由应用提供商管理平台、 应用提供商业 务终端向智能卡发送 SELECT命令报文, 选择主安全域;  Step 304: The card issuer management platform sends a SELECT command message to the smart card via the application provider management platform and the application providing business terminal to select the primary security domain.

步骤 305: 智能卡经由应用提供商业务终端和应用提供商管理平台向卡 发行商管理平台提交 SELECT命令响应报文;  Step 305: The smart card submits a SELECT command response message to the card issuer management platform via the application provider service terminal and the application provider management platform;

步骤 306: 卡发行商管理平台与智能卡主安全域经由应用提供商管理平 台和应用提供商业务终端建立安全通信信道, 如建立 SCP02安全信道;  Step 306: The card issuer management platform establishes a secure communication channel with the smart card master security domain via the application provider management platform and the application provider service terminal, such as establishing a SCP02 secure channel;

建立安全通信信道的方法为: 卡发行商管理平台与智能卡主安全域之间 进行互认证, 进行互认证后, 建立起临时会话密钥, 用于两者之间的通信加 密, 该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2 规范建立, 也可以通过其它方法建立; 所述互认证过程经由应用提供商管理 平台、 应用提供商业务终端在所述卡发行商管理平台和所述智能卡从安全域 之间完成。  The method for establishing a secure communication channel is: mutual authentication between the card issuer management platform and the smart card primary security domain, and after mutual authentication, a temporary session key is established for communication encryption between the two, the temporary session is dense. The key may be established in accordance with the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed on the card issuer management platform via an application provider management platform, an application provider service terminal, and The smart card is completed from between security domains.

步骤 307: 卡发行商管理平台经由应用提供商管理平台和应用提供商业 务终端向智能卡发送 INSTALL命令;  Step 307: The card issuer management platform sends an INSTALL command to the smart card via the application provider management platform and the application providing business terminal;

步骤 308: 智能卡经由应用提供商业务终端和应用提供商管理平台向卡 发行商管理平台提交 INSTALL命令响应;  Step 308: The smart card submits an INSTALL command response to the card issuer management platform via the application provider service terminal and the application provider management platform;

步骤 309: 卡发行商管理平台生成从安全域初始密钥;  Step 309: The card issuer management platform generates an initial key from the security domain;

步骤 310: 卡发行商管理平台通过 PUTKEY命令, 经由应用提供商管理 平台和应用提供商业务终端向智能卡主安全域发送从安全域初始密钥;  Step 310: The card issuer management platform sends the slave security domain initial key to the smart card primary security domain via the application provider management platform and the application provider service terminal through the PUTKEY command.

步骤 311 : 智能卡主安全域接收到从安全域初始密钥后, 用接收到的从 安全域初始密钥初始化从安全域; 步骤 312: 智能卡主安全域经由应用提供商业务终端和应用提供商管理 平台向卡发行商管理平台发送 PUTKEY命令响应; 信息及从安全域初始密钥; Step 311: After receiving the slave security key, the smart card primary security domain initializes the slave security domain with the received slave security domain initial key. Step 312: The smart card master security domain sends a PUTKEY command response to the card issuer management platform via the application provider service terminal and the application provider management platform; the information and the slave security domain initial key;

其中, 该从安全域基本信息中包括智能卡从安全域标识信息。  The slave security domain basic information includes a smart card identification information from the security domain.

步骤 314: 应用提供商管理平台在数据库中添加从安全域相关信息; 步骤 315: 应用提供商管理平台经由应用提供商业务终端向智能卡发送 SELECT命令报文, 选择从安全域;  Step 314: The application provider management platform adds the slave security domain related information to the database. Step 315: The application provider management platform sends the SELECT command message to the smart card via the application provider service terminal, and selects the slave security domain.

步骤 316: 智能卡经由应用提供商业务终端向应用提供商密钥管理系统 提交 SELECT命令响应;  Step 316: The smart card submits a SELECT command response to the application provider key management system via the application provider service terminal.

步骤 317: 应用提供商管理平台经由应用提供商业务终端与智能卡从安 全域建立安全通信信道, 如建立 SCP02安全信道;  Step 317: The application provider management platform establishes a secure communication channel from the security domain via the application provider service terminal and the smart card, such as establishing a SCP02 secure channel;

建立安全通信信道的方法为: 应用提供商管理平台与智能卡从安全域之 间进行互认证, 进行互认证后, 建立起临时会话密钥, 用于两者之间的通信 加密,该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2 规范建立, 也可以通过其它方法建立; 所述互认证过程经由应用提供商业务 终端在所述应用提供商管理平台和所述智能卡从安全域之间完成。  The method for establishing a secure communication channel is as follows: The application provider management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session is dense. The key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed on the application provider management platform and the smart card from the security domain via the application provider service terminal Completed between.

步骤 318: 应用提供商管理平台生成新的从安全域密钥;  Step 318: The application provider management platform generates a new slave security domain key.

步骤 319: 应用提供商管理平台通过 PUTKEY命令, 经由应用提供商业 务终端向智能卡从安全域发送新的从安全域密钥;  Step 319: The application provider management platform sends a new slave security domain key from the security domain to the smart card via the application providing the business terminal through the PUTKEY command.

步骤 320: 智能卡从安全域接收到新的从安全域密钥后, 完成对从安全 域初始密钥的更新操作;  Step 320: After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the slave domain initial key.

步骤 321 : 智能卡从安全域经由应用提供商业务终端向应用提供商管理 平台发送 PUTKEY命令响应, 结束从安全域密钥分发过程。  Step 321: The smart card sends a PUTKEY command response from the security domain to the application provider management platform via the application provider service terminal, and ends the slave domain security distribution process.

图 4是根据本发明的, 针对卡发行商管理的从安全域, 由于密钥到期或 强制更新引起的基于卡发行商业务终端的从安全域密钥更新分发流程示意 图。 如图 4所示, 针对卡发行商管理的从安全域, 由于密钥到期或强制更新 引起的基于卡发行商业务终端的从安全域密钥更新分发流程步骤包括:  4 is a schematic diagram of a slave security issuer key-based update distribution process based on a card issuer service terminal due to key expiration or forced update for a card issuer managed in accordance with the present invention. As shown in FIG. 4, for the slave security layer managed by the card issuer, the step of updating the distribution process of the slave security issuer key based on the card issuer service terminal due to the key expiration or forced update includes:

步骤 401、 卡发行商管理平台经由卡发行商业务终端向智能卡发送 SELECT命令报文, 选择从安全域; Step 401: The card issuer management platform sends the smart card to the smart card via the card issuer service terminal. SELECT command message, select from the security domain;

步骤 402、 智能卡经由卡发行商业务终端向卡发行商管理平台提交 SELECT命令响应;  Step 402: The smart card submits a SELECT command response to the card issuer management platform via the card issuer service terminal.

步骤 403、 卡发行商管理平台经由卡发行商业务终端与智能卡从安全域 建立安全通信信道, 如建立 SCP02安全信道;  Step 403: The card issuer management platform establishes a secure communication channel from the security domain via the card issuer service terminal and the smart card, for example, establishing a SCP02 secure channel;

建立安全通信信道的方法为: 卡发行商管理平台与智能卡从安全域之间 进行互认证, 进行互认证后, 建立起临时会话密钥, 用于两者之间的通信加 密, 该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2 规范建立, 也可以通过其它方法建立; 所述互认证过程经由卡发行商业务终 端在所述卡发行商管理平台和所述智能卡从安全域之间完成。  The method for establishing a secure communication channel is as follows: The card issuer management platform and the smart card perform mutual authentication from the security domain, and after mutual authentication, establish a temporary session key for communication encryption between the two, the temporary session secret The key may be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is performed by the card issuer service terminal on the card issuer management platform and the smart card from the security domain Completed between.

步骤 404、 卡发行商管理平台生成新的从安全域密钥;  Step 404: The card issuer management platform generates a new slave security domain key.

步骤 405、 卡发行商管理平台通过 PUTKEY命令, 经由卡发行商业务终 端向智能卡从安全域发送新的从安全域密钥;  Step 405: The card issuer management platform sends a new slave security domain key from the security domain to the smart card via the card issuer service terminal by using the PUTKEY command.

步骤 406、 智能卡从安全域接收到新从安全域密钥后, 完成智能卡从安 全域密钥的更新操作;  Step 406: After receiving the new slave security domain key from the security domain, the smart card completes the update operation of the smart card from the security domain key.

步骤 407、 智能卡从安全域经由卡发行商业务终端向卡发行商管理平台 发送 PUTKEY命令响应, 结束从安全域密钥更新过程。  Step 407: The smart card sends a PUTKEY command response from the security domain to the card issuer management platform via the card issuer service terminal, and ends the security domain key update process.

图 5是根据本发明的, 针对应用提供商管理的从安全域, 由于密钥到期 或强制更新引起的基于应用提供商业务终端的从安全域密钥更新分发流程示 意图。 如图 5所示, 针对应用提供商管理的从安全域, 由于密钥到期或强制 更新引起的基于应用提供商业务终端的从安全域密钥更新分发流程步骤包 括:  Figure 5 is a diagram showing the process of updating a distribution process from a secure domain key based on an application provider service terminal due to key expiration or forced update for a secure domain managed by an application provider in accordance with the present invention. As shown in FIG. 5, for the slave security zone managed by the application provider, the process of updating the distribution process from the secure domain key based on the application provider service terminal due to key expiration or forced update includes:

步骤 501、 应用提供商管理平台经由应用提供商业务终端向智能卡发送 SELECT命令报文, 选择从安全域;  Step 501: The application provider management platform sends a SELECT command message to the smart card via the application provider service terminal, and selects a secondary security domain.

步骤 502、 智能卡经由应用提供商业务终端向应用提供商管理平台提交 Step 502: The smart card submits to the application provider management platform via the application provider service terminal.

SELECT命令响应; SELECT command response;

步骤 503、 应用提供商管理平台经由应用提供商业务终端与智能卡从安 全域建立 SCP02安全信道;  Step 503: The application provider management platform establishes an SCP02 secure channel from the security domain via the application provider service terminal and the smart card;

建立安全通信信道的方法为: 应用提供商管理平台与智能卡从安全域之 间进行互认证, 进行互认证后, 建立起临时会话密钥, 用于两者之间的通信 加密,该临时会话密钥可以遵循 Global Platform Card Specification V2.1.1/V2.2 规范建立, 也可以通过其它方法建立; 所述互认证过程经由应用提供商业务 终端在所述应用提供商管理平台和所述智能卡从安全域之间完成。 The method for establishing a secure communication channel is: application provider management platform and smart card from security domain After mutual authentication, mutual authentication is established, and a temporary session key is established for communication encryption between the two. The temporary session key can be established according to the Global Platform Card Specification V2.1.1/V2.2 specification, or Established by other methods; the mutual authentication process is completed between the application provider management platform and the smart card from the security domain via an application provider service terminal.

步骤 504、 应用提供商管理平台生成新的从安全域密钥;  Step 504: The application provider management platform generates a new slave security domain key.

步骤 505、 应用提供商管理平台通过 PUTKEY命令, 命令中携带新的从 安全域密钥, 经由应用提供商业务终端向智能卡从安全域发送新的从安全域 密钥;  Step 505: The application provider management platform sends a new slave security domain key to the smart card from the security domain by using the PUTKEY command, the command carrying the new slave security domain key, and the application provider service terminal;

步骤 506、 智能卡从安全域接收到新从安全域密钥后, 完成从安全域密 钥的更新操作;  Step 506: After receiving the new slave security domain key from the security domain, the smart card completes the update operation from the security domain key.

步骤 507、 智能卡从安全域经由应用提供商业务终端向应用提供商管理 平台发送 PUTKEY命令响应, 结束从安全域密钥更新过程。  Step 507: The smart card sends a PUTKEY command response from the security domain to the application provider management platform via the application provider service terminal, and ends the security domain key update process.

本发明智能卡从安全域密钥更新方法、 系统及移动终端, 可以解决针对 对称密钥的情况, 由卡发行商管理平台经卡发行商业务终端, 或应用提供商 管理平台经应用提供商业务终端将从安全域密钥安全导入智能卡从安全域, 实现智能卡从安全域密钥的安全更新分发。  The smart card from the security domain key update method, system and mobile terminal can solve the situation for the symmetric key, the card issuer management platform via the card issuer service terminal, or the application provider management platform via the application provider service terminal The security key is securely imported from the security card from the security domain, and the smart card is distributed from the security domain key security update.

本发明还可有其他多种实施例,在不背离本发明精神及其实质的情况下 , 应的改变和变形都应属于本发明所附的权利要求的保护范围。  The invention may be embodied in a variety of other embodiments without departing from the spirit and scope of the invention.

工业实用性 Industrial applicability

本发明提出的智能卡从安全域密钥更新方法、 系统及移动终端, 可以解 决在发卡后, 针对对称密钥的情况, 在由于安全原因需要强制更新或者由于 从安全域密钥到期需要更新时, 生成新的从安全域密钥, 并通过安全通信通 道将该新的从安全域密钥发送给智能卡从安全域, 以更新从安全域密钥。  The smart card slave security key update method, system and mobile terminal provided by the invention can solve the situation that after the card is issued, for the symmetric key, when the security update is required for security reasons or because the security domain key expires and needs to be updated , generating a new slave security domain key, and sending the new slave security domain key to the smart card from the secure domain through a secure communication channel to update the security domain key.

Claims

权 利 要 求 书 Claim 1、 一种移动终端电子支付系统, 所述系统包括: 具有电子支付应用功能 的智能卡、 业务终端及管理平台, 其中,  A mobile terminal electronic payment system, the system comprising: a smart card, a service terminal and a management platform having an electronic payment application function, wherein 所述智能卡设置成通过所述业务终端与所述管理平台进行通信; 所述管理平台设置成通过所述业务终端向所述智能卡分发更新的智能卡 从安全域密钥。  The smart card is configured to communicate with the management platform through the service terminal; the management platform is configured to distribute the updated smart card slave security domain key to the smart card through the service terminal. 2、 如权利要求 1所述的系统, 其中,  2. The system of claim 1 wherein 所述管理平台还设置成与所述智能卡建立安全通信信道, 通过所述业务 终端与所述智能卡进行互认证, 建立临时会话密钥, 以及生成新的智能卡从 安全域密钥;  The management platform is further configured to establish a secure communication channel with the smart card, perform mutual authentication with the smart card by the service terminal, establish a temporary session key, and generate a new smart card slave security domain key; 所述业务终端设置成传输智能卡与管理平台的通讯数据;  The service terminal is configured to transmit communication data of the smart card and the management platform; 所述智能卡还设置成与所述业务终端建立连接, 通过所述业务终端与所 述管理平台进行互认证, 通过所述业务终端接收所述管理平台分发的智能卡 从安全域密钥, 以及更新从安全域密钥;  The smart card is further configured to establish a connection with the service terminal, perform mutual authentication with the management platform by using the service terminal, and receive, by the service terminal, a smart card distributed by the management platform from a security domain key, and update Security domain key; 所述管理平台和业务终端分别为卡发行商管理平台和卡发行商业务终 端, 或者所述管理平台和业务终端分别为应用提供商管理平台和应用提供商 业务终端。  The management platform and the service terminal are respectively a card issuer management platform and a card issuer service terminal, or the management platform and the service terminal are an application provider management platform and an application provider service terminal, respectively. 3、 如权利要求 1或 2所述的系统, 其中, 所述智能卡为一独立设备或安 装在移动终端上。  3. The system of claim 1 or 2, wherein the smart card is a standalone device or is installed on the mobile terminal. 4、 如权利要求 1或 2所述的系统, 其中, 所述管理平台是在智能卡从安 全域密钥到期或需要强制更新或智能卡用户下载应用时, 通过所述业务终端 向所述智能卡分发更新的智能卡从安全域密钥。  The system according to claim 1 or 2, wherein the management platform distributes to the smart card through the service terminal when the smart card expires from the security domain key or needs to be forced to update or the smart card user downloads the application. Update the smart card from the secure domain key. 5、一种智能卡从安全域密钥更新分发方法, 所述方法通过业务终端建立 智能卡与管理平台的通信, 以实现智能卡从安全域密钥的更新分发, 所述方 法包括:  A method for updating and distributing a smart card from a security domain key, wherein the method establishes communication between the smart card and the management platform through the service terminal, so as to implement update distribution of the smart card from the security domain key, the method includes: ( a )管理平台通过业务终端建立与智能卡之间的安全通信信道;  (a) The management platform establishes a secure communication channel with the smart card through the service terminal; ( b )所述管理平台生成新的智能卡从安全域密钥; ( C )所述管理平台将所述新的智能卡从安全域密钥通过所述安全通信信 道分发给所述智能卡; 以及 (b) the management platform generates a new smart card slave security domain key; (C) said management platform distributing said new smart card from said secure domain key to said smart card over said secure communication channel; ( d )所述智能卡完成从安全域密钥更新。  (d) The smart card completes the update from the secure domain key. 6、 如权利要求 5所述的方法, 其中, 所述步骤(a ) 包括:  6. The method according to claim 5, wherein the step (a) comprises: ( al ) 启动所述管理平台与智能卡从安全域之间的互认证, 通过所述业 务终端完成所述管理平台与所述智能卡从安全域之间的互认证;  (al) initiating mutual authentication between the management platform and the smart card from the security domain, and completing mutual authentication between the management platform and the smart card from the security domain by using the service terminal; ( a2 ) 所述管理平台与所述智能卡从安全域之间建立临时会话密钥, 从 而建立安全通信信道。  (a2) The management platform establishes a temporary session key with the smart card from the security domain to establish a secure communication channel. 7、 如权利要求 5所述的方法, 其中, 所述方法在所述步骤(a )之前还 包括:  7. The method according to claim 5, wherein the method further comprises: before the step (a): 当智能卡从安全域密钥到期或需要强制更新时或智能卡用户下载应用 时, 所述管理平台发起智能卡从安全域密钥更新分发流程。  When the smart card expires from the security domain key or needs to be forced to update or the smart card user downloads the application, the management platform initiates the smart card to update the distribution process from the secure domain key. 8、 如权利要求 5至 7中任一项所述的方法, 其中,  8. The method according to any one of claims 5 to 7, wherein 所述管理平台和业务终端分别指卡发行商管理平台和卡发行商业务终 端, 或者所述管理平台和业务终端分别指指应用提供商管理平台和应用提供 商业务终端。  The management platform and the service terminal respectively refer to a card issuer management platform and a card issuer service terminal, or the management platform and the service terminal respectively refer to an application provider management platform and an application provider service terminal. 9、 如权利要求 8所述的方法, 其中, 当所述管理平台指应用提供商管理 平台时, 所述方法在所述步骤(a )之前还包括:  The method according to claim 8, wherein, when the management platform refers to an application provider management platform, the method further includes: before the step (a): 卡发行商管理平台在智能卡上创建从安全域及生成从安全域初始密钥; 所述卡发行商管理平台将创建的从安全域的基本信息和初始密钥发送给 所述应用提供商管理平台。  The card issuer management platform creates a slave security domain and generates a slave security domain initial key on the smart card; the card issuer management platform sends the created basic information and the initial key of the security domain to the application provider management platform . 10、 一种移动终端, 所述移动终端包括具有电子支付应用功能的智能卡, 其中, 所述智能卡从安全域的密钥由应用提供商管理平台通过应用提供商业 务终端分发, 或者由卡发行商管理平台通过卡发行商业务终端分发。  10. A mobile terminal, the mobile terminal comprising a smart card having an electronic payment application function, wherein the smart card is distributed from a security domain key by an application provider management platform through an application provider service terminal, or by a card issuer The management platform is distributed through the card issuer business terminal.
PCT/CN2009/073492 2008-11-10 2009-08-25 Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card Ceased WO2010051716A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810177014A CN101742479A (en) 2008-11-10 2008-11-10 Smart card sub-security domain key updating and distributing method and system and mobile terminal
CN200810177014.5 2008-11-10

Publications (1)

Publication Number Publication Date
WO2010051716A1 true WO2010051716A1 (en) 2010-05-14

Family

ID=42152479

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073492 Ceased WO2010051716A1 (en) 2008-11-10 2009-08-25 Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card

Country Status (2)

Country Link
CN (2) CN105303377B (en)
WO (1) WO2010051716A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491558A (en) * 2020-11-26 2021-03-12 湖南中育至诚数字科技有限公司 Data writing method, system and storage medium of multi-application chip card

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108605220B (en) * 2016-02-25 2021-02-23 华为技术有限公司 Application processing method and device for embedded universal integrated circuit card
CN113490210B (en) * 2021-06-17 2023-03-24 中国联合网络通信集团有限公司 Method and system for establishing auxiliary security domain
CN115827001B (en) * 2022-11-16 2025-08-19 中国联合网络通信集团有限公司 Smart card sector management method and system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025278A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
EP1431862A2 (en) * 2002-12-18 2004-06-23 Activcard Ireland Limited Uniform framework for security tokens
WO2005076204A1 (en) * 2004-02-09 2005-08-18 Hismartech Co., Ltd. Smart card for containing plural issuer security domain and method for installing plural issuer security domain in a smart card
KR100562255B1 (en) * 2004-09-21 2006-03-22 에스케이 텔레콤주식회사 How to Initialize Keys in the Security Domain
WO2007052116A1 (en) * 2005-11-02 2007-05-10 Nokia Corporation Method and apparatus for initializing a secure element in a wireless terminal .
WO2007105104A2 (en) * 2006-03-15 2007-09-20 Actividentity Inc. Method and system for storing a key in a remote security module
CN101073098A (en) * 2004-12-07 2007-11-14 皇家飞利浦电子股份有限公司 System and method for application management on multi-application smart cards
CN101164086A (en) * 2005-03-07 2008-04-16 诺基亚公司 Method, system and mobile device for enabling credit card personalization using wireless networks
CN101295394A (en) * 2007-04-23 2008-10-29 美国通宝科技有限公司 Method and apparatus for providing electronic commerce and mobile commerce
CN101370248A (en) * 2007-08-15 2009-02-18 中国移动通信集团公司 Key update method, third-party server and system for activating third-party applications
CN101374153A (en) * 2007-08-23 2009-02-25 中国移动通信集团公司 Method for safely activating third-party applications, third-party server, terminal and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083792A (en) * 2007-06-27 2007-12-05 浙江省电信有限公司 PHS non-contact card small amount payment system for public transport system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025278A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
EP1431862A2 (en) * 2002-12-18 2004-06-23 Activcard Ireland Limited Uniform framework for security tokens
WO2005076204A1 (en) * 2004-02-09 2005-08-18 Hismartech Co., Ltd. Smart card for containing plural issuer security domain and method for installing plural issuer security domain in a smart card
KR100562255B1 (en) * 2004-09-21 2006-03-22 에스케이 텔레콤주식회사 How to Initialize Keys in the Security Domain
CN101073098A (en) * 2004-12-07 2007-11-14 皇家飞利浦电子股份有限公司 System and method for application management on multi-application smart cards
CN101164086A (en) * 2005-03-07 2008-04-16 诺基亚公司 Method, system and mobile device for enabling credit card personalization using wireless networks
WO2007052116A1 (en) * 2005-11-02 2007-05-10 Nokia Corporation Method and apparatus for initializing a secure element in a wireless terminal .
WO2007105104A2 (en) * 2006-03-15 2007-09-20 Actividentity Inc. Method and system for storing a key in a remote security module
CN101295394A (en) * 2007-04-23 2008-10-29 美国通宝科技有限公司 Method and apparatus for providing electronic commerce and mobile commerce
CN101370248A (en) * 2007-08-15 2009-02-18 中国移动通信集团公司 Key update method, third-party server and system for activating third-party applications
CN101374153A (en) * 2007-08-23 2009-02-25 中国移动通信集团公司 Method for safely activating third-party applications, third-party server, terminal and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GLOBAL PLATFORM CARD SPECIFICATION 2.2, 31 March 2006 (2006-03-31) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491558A (en) * 2020-11-26 2021-03-12 湖南中育至诚数字科技有限公司 Data writing method, system and storage medium of multi-application chip card

Also Published As

Publication number Publication date
CN105303377A (en) 2016-02-03
CN101742479A (en) 2010-06-16
CN105303377B (en) 2019-10-29

Similar Documents

Publication Publication Date Title
WO2010051715A1 (en) Method, system and mobile terminal for distributing the initial key of security sub-domain of a smart card
JP5508428B2 (en) Key distribution method and system
CN101729502B (en) Method and system for distributing key
CN101742478B (en) Method and system for updating and distributing key of slave security domain of intelligent card and mobile terminal
CN101729244B (en) Method and system for distributing key
JP5513527B2 (en) Application download system and application download method
US8781131B2 (en) Key distribution method and system
WO2010096991A1 (en) An application downloading system and method
WO2010045823A1 (en) Cryptographic-key updating method and system
WO2018107718A1 (en) Method and device for assigning number to intelligent card over air
CN101742481B (en) Method and system for distributing secondary security domain initial keys of smart card and mobile terminal
WO2010051710A1 (en) Method for generating smart card secret key
CN112533211B (en) Certificate updating method and system of eSIM card and storage medium
CN202696901U (en) Mobile terminal identity authentication system based on digital certificate
WO2018107723A1 (en) Method and device for switching remote subscription management platform for intelligent card, intelligent card, and sm-sr
CN101729246B (en) Method and system for distributing key
WO2010051716A1 (en) Method, system and mobile terminal for updating and distributing the secondary security domain key of smart card
CN101729245B (en) Key distribution method and system
CN119052803B (en) Application processing method and system under SIM card multichannel authentication
CN113079503A (en) Method and system for remotely downloading authentication application certificate

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09824371

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09824371

Country of ref document: EP

Kind code of ref document: A1