CN101742481B - Method and system for distributing secondary security domain initial keys of smart card and mobile terminal - Google Patents

Method and system for distributing secondary security domain initial keys of smart card and mobile terminal Download PDF

Info

Publication number
CN101742481B
CN101742481B CN2008101770164A CN200810177016A CN101742481B CN 101742481 B CN101742481 B CN 101742481B CN 2008101770164 A CN2008101770164 A CN 2008101770164A CN 200810177016 A CN200810177016 A CN 200810177016A CN 101742481 B CN101742481 B CN 101742481B
Authority
CN
China
Prior art keywords
card
management platform
security domain
service terminal
smart card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008101770164A
Other languages
Chinese (zh)
Other versions
CN101742481A (en
Inventor
余万涛
马景旺
贾倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2008101770164A priority Critical patent/CN101742481B/en
Priority to PCT/CN2009/073485 priority patent/WO2010051713A1/en
Publication of CN101742481A publication Critical patent/CN101742481A/en
Application granted granted Critical
Publication of CN101742481B publication Critical patent/CN101742481B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a method and a system for distributing secondary security domain initial keys of a smart card. The system comprises the smart card having an electronic payment application function, a card distributor management platform and a service terminal, wherein the smart card communicates with the card distributor management platform through the service terminal; and the card distributor management platform is used for distributing the secondary security domain initial keys to the smart card through the service terminal. The method and the system solve the problems in safely importing the secondary security domain initial keys generated by the card distributor management platform into a secondary security domain after card issuance when the security domain is established by aiming at the condition of symmetric keys so as to realize the safe distribution of the secondary security domain initial keys.

Description

Smart card from security domain initial key distribution method and system, portable terminal
Technical field
The present invention relates to the electronic payment of mobile terminal technology, relate in particular to smart card from security domain initial key distribution method and system, portable terminal.
Background technology
IC-card particularly non-contact IC card has been widely used in the fields such as public transport, gate inhibition, doit electronic payment through the development of more than ten years.Meanwhile, mobile phone experiences more than 20 year developing rapidly, is substantially popularized in the resident, brings very large facility for people's work and life.And there is integrated multi-purpose trend in the function of mobile phone from strength to strength.With mobile phone and the combination of non-contact IC card technique, mobile phone is applied to the E-Payment field, can further enlarge the scope of application of mobile phone, and it is convenient to bring for people's life, exists wide application prospect.
Near-field communication technology (Near Field Communication, NFC) be a kind of the short distance wireless communication technology that works in 13.56MHz, merge differentiation by radio frequency discrimination RFID (Radio Frequency Identification) technology and interconnection technique.After the integrated NFC technology of the mobile communication terminals such as mobile phone, can simulate non-contact IC card, be used for the relevant application of paying by mails.Realize on the mobile communication terminal that this scheme need to increase NFC analog front-end chip and NFC antenna in terminal, and use the smart card of supporting E-Payment.
For realizing the mobile electronic payment based on the NFC technology, need to set up the electronic payment of mobile terminal system, realize the management based on the electronic payment of mobile terminal of NFC by this system, comprise: the distribution of smart card, pay download, the installation and individualized of application by mails, the safety of application etc. is paid in employing correlation technique and management strategy realization by mails.
Usually adopt many application frameworks of global platform GP (Global Platform) standard based on the business framework of the electronic payment of mobile terminal system of NFC technology, under this framework, supporting the smart card of Global Platform standard to refer to IC chip or the smart card that meets global platform calliper model (Global Platform Card Specification) V2.1.1/V2.2, can be client identification module (Subscriber Identity Model)/universal mobile telecommunications system client identification module (UMTSSubscriber Identity Module UMTS) for the SIM/USIM card on physical form, pluggable intelligent memory card or be integrated in IC chip on the portable terminal.
If the electronic payment of mobile terminal system based on near-field communication (NFC) technology supports the GP2.1.1 standard, the safe lane agreement need to be supported SCP02 (based on symmetric key), if the electronic payment of mobile terminal system based on the near-field communication technology supports the GP2.2 standard, the safe lane agreement need to be supported SCP02 (based on symmetric key) and SCP10 (based on unsymmetrical key), and card publisher, application provider can select according to the security strategy demand.
Generally speaking, based on the portable terminal of NFC closely electronic fare payment system mainly have the portable terminal of paying the application function smart card by mails by card distributor management platform, one or more application providers management platform and support and form.
On the smart card of supporting Global Platform standard, a plurality of application can be installed, in order to realize paying by mails the safety of application, smart card is separated into several independently security domains, guaranteeing a plurality of application isolation and independence each other, each application provider's management security domain and application, application data etc. separately.
Security domain is that the outer entity of card comprises card publisher and the application provider representative on card, and they comprise for the key of supporting the running of safe lane agreement and smart card Content Management.Security domain comprises main security domain and from security domain etc.Main security domain is the compulsory card representing of card publisher on smart card, and a smart card only comprises a main security domain.But be card publisher or the application provider additional card selection representing on smart card from security domain.
The key of security domain generates with card publisher or the application provider of distribution by this security domain of management and is responsible for, and this has guaranteed can coexist as on the same card from different application supplier's application and data.The key of security domain comprises main security domain key, from the security domain initial key with from security domain key.Main security domain key and generated by the card distributor management platform from the security domain initial key is generated by card distributor management platform or the application provider management platform of management from security domain from security domain key.
Before will paying the application download by mails and being installed to smart card, need to create first from security domain for this application at smart card, the establishment of slave security domain of intelligent card is finished by the card distributor management platform.After smart card distribution, when creating slave security domain of intelligent card, from the security domain initial key must by the card distributor management platform by secure way import on the smart card from security domain.
Relevant with the specific implementation of SNA from the distribution procedure of security domain initial key.For the security management and the download of paying application, installation etc. of realizing smart card, smart card needs communicate by letter with card distributor management platform and application provider's management platform foundation.Smart card can be set up with management platform by service terminal and communicate by letter.Service terminal is the equipment that can read and write smart card, such as POS machine of linking to each other with computer etc.When using service terminal, for the situation of symmetric key, how will block the distributor management platform generation from security domain initial key safety import on the smart card from security domain, be the problem that electronic payment of mobile terminal need to solve.
Summary of the invention
The technical problem to be solved in the present invention provide a kind of smart card from security domain initial key distribution method and system, portable terminal, with will block that distributor management platform generates from the importing to from security domain of security domain initial key safety, thereby realize secure distribution from the security domain initial key.
In order to solve the problems of the technologies described above, smart card from security domain initial key distribution method, the method movement-based terminal electronic payment system realizes, this system comprises having smart card, card distributor management platform and the service terminal of paying application function by mails, and described smart card is an autonomous device or is installed on the portable terminal; Described smart card communicates by described service terminal and described card distributor management platform, and described card distributor management platform will be distributed to described smart card from the security domain initial key by described service terminal.
Further, the method comprises: (a) user submits to described card distributor management platform and uses download request; (b) after described card distributor management platform is received and used download request information, set up safe lane between described card distributor management platform and the described smart card master security domain; (c) described card distributor management platform creates from security domain and generates from the security domain initial key, via described service terminal the security domain initial key is imported to described slave security domain of intelligent card by the safe lane of setting up.
Further, the user triggers by described smart card programs or described service terminal client-side program and uses download request in the step (a), comprise smartcard identification information, application identities and application provider's identity information in the described application download request, step (b) afterwards, step (c) before, also comprise: described card distributor management platform is according to described smartcard identification information, application identities and application provider's identity information, perhaps according to intelligent card state information, judge whether to create from security domain.
Further, the process that step (b) is set up safe lane comprises: (b1) described card distributor management platform and smart card master security domain are recognized each other card via described service terminal, and the described card process of recognizing each other is finished between described card distributor management platform and described smart card master security domain via described service terminal; (b2) set up the interim conversation key between described card distributor management platform and the described smart card master security domain, thereby set up safe lane.
Further, described service terminal is transmitted by card publisher service terminal for card publisher service terminal, the interactive information between described card distributor management platform and described smart card; Perhaps, described service terminal is application provider's service terminal, message from described card distributor management platform to described smart card is transmitted by application provider's management platform and application provider's service terminal successively, and the message that snaps into described card distributor management platform from described intelligence is transmitted by application provider's service terminal and application provider's management platform successively.
In order to solve the problems of the technologies described above, the present invention also provide a kind of smart card from security domain initial key dissemination system, this system comprises having smart card, card distributor management platform and the service terminal of paying application function by mails; Described smart card communicates by described service terminal and described card distributor management platform; Described card distributor management platform is used for will being distributed to described smart card from the security domain initial key by described service terminal.
Further, described smart card, also be used for providing to described card distributor management platform submitting the support of using download request to, recognize each other card and set up the interim conversation key with the card distributor management platform, be used for also that deciphering obtains from the security domain initial key, and to carrying out initialization from security domain; Described card distributor management platform, also be used for recognizing each other card and setting up the interim conversation key with described smart card master security domain, also be used for judging whether to set up from security domain according to using download request or intelligent card state information, and set up from security domain, generate and to the smart card distribution from the security domain initial key.
Further, described service terminal is used for the interactive information between described card distributor management platform and described smart card is transmitted for card publisher service terminal; Perhaps;
Described service terminal is application provider's service terminal, and described system also comprises application provider's management platform; Described application provider service terminal is used for receiving the message of described application provider management platform transmission and being transmitted to described smart card; Also be used for receiving the message of described smart card transmission and being transmitted to described application provider management platform; Described application provider management platform is used for receiving the message of described card distributor management platform transmission and being transmitted to described application provider service terminal; Also be used for receiving the message of described application provider service terminal transmission and being transmitted to described card distributor management platform.
Further, described smart card is an autonomous device or is installed on the portable terminal.
The present invention also provides a kind of portable terminal, described portable terminal comprises having the smart card of paying application function by mails, the initial key of described slave security domain of intelligent card by the distribution of card publisher service terminal, perhaps passes through application provider's management platform and application provider's service terminal distribution by the card distributor management platform.
The present invention can solve behind hair fastener, for the situation of symmetric key, when creating from security domain, with the card distributor management platform generate from the importing to from security domain of security domain initial key safety, thereby realize secure distribution from the security domain initial key.
Description of drawings
Fig. 1 is based on the electronic payment of mobile terminal system architecture schematic diagram of near-field communication technology among the present invention;
Fig. 2 is undertaken from the schematic flow sheet of security domain initial key distribution by card publisher service terminal among the embodiment one among the present invention;
Fig. 3 is undertaken from the schematic flow sheet of security domain initial key distribution by application provider's service terminal among the embodiment two among the present invention.
Embodiment
As shown in Figure 1, the electronic payment of mobile terminal system comprises among the present invention: application provider's management platform, the card distributor management platform, application provider's management platform, service terminal (comprising card publisher service terminal and application provider's service terminal), portable terminal and have the E-Payment application function smart card, the smart card in the native system can be installed on the portable terminal.In other embodiments, this system also can not comprise portable terminal, and this moment, this smart card was an autonomous device.
Described smart card is supported Global Platform Card Specification V2.1.1/V2.2 standard; Having the smart card of paying application function by mails can be directly be connected with card distributor management platform or application provider's management platform by card publisher service terminal and application provider service terminal and is connected, when having the smart card of paying application function by mails when being installed on the portable terminal, portable terminal can be connected with the application provider management platform with the card distributor management platform respectively by card publisher's service terminal or application provider's service terminal.
Described smart card can be installed on the portable terminal, described smart card and described portable terminal can be supported the OTA function, portable terminal can link to each other with the OTA server by mobile communications network, and the OTA server is connected with the application provider management platform with the card distributor management platform respectively.
The card distributor management platform, be responsible for distribution and the management of smart card, resource and life cycle, key, certificate to smart card manage, be responsible for the establishment from security domain, and with other security domain interactive application data, comprising creating from security domain, recognize each other card and set up the interim conversation key with described smart card, and generate from security domain initial key and new for security domain key.With regard to specific implementation, the card distributor management platform can comprise card management system, AMS, key management system, certificate management system, application provider's management system etc., wherein certificate management system uses in the situation of unsymmetrical key supporting, certificate management system is connected CA with card issuing merchant certification authority) system connects;
Application provider's management platform, be responsible for paying by mails providing and management function of using, various service applications is provided, and carry out safety management to corresponding with it on the smart card from security domain, described application key from security domain, certificate, data etc. are controlled, the function such as secure download, installation of application is provided.Comprising recognizing each other card and set up the interim conversation key with described smart card, and generate new for security domain key.With regard to specific implementation, application provider's management platform can comprise AMS, key management system, certificate management system, wherein certificate management system uses in the situation of unsymmetrical key supporting, certificate management system is connected CA with certification authority of application provider) system connects.
The card distributor management platform can provide by service terminal separately the relevant service of paying by mails with the application provider management platform: participate in processing and pay subscriber information management by mails, participate in the download of using from establishment and key distribution, the E-Payment of security domain and pay individualizing of application etc. by mails.Can connect (such as private line access) by safety between application provider's management platform and the card distributor management platform communicates.
Described smart card can be installed on the described portable terminal, is used for communicating by portable terminal and service terminal and described card distributor management platform, also can directly communicate by service terminal and described card distributor management platform; Also be used for providing to described card distributor management platform submitting the support of using download request to, recognize each other card and set up the interim conversation key with the card distributor management platform, be used for also that deciphering obtains from the security domain initial key, and to carrying out initialization from security domain;
Card publisher service terminal is by the management of card distributor management platform; Be used for the interactive information between described card distributor management platform and described smart card is transmitted.
Application provider's service terminal is by application provider's management platform management; Be used for receiving the message of described application provider management platform transmission and being transmitted to described smart card; Also be used for receiving the message of described smart card transmission and being transmitted to described application provider management platform.
The present invention is based on electronic payment of mobile terminal system architecture shown in Figure 1 is that example is described, but is not limited to electronic payment of mobile terminal system architecture shown in Figure 1.
As shown in Figure 2, among the embodiment one, the card distributor management platform, specifically may further comprise the steps to smart card distribution security territory initial key by card publisher service terminal:
Step 201, the user triggers to use by card publisher's service terminal client-side program or smart card programs and downloads application, and submit to application to download to the card distributor management platform and apply for, use to download and apply for comprising the information such as intelligent card subscriber identifying information, application identities and application provider's identity;
Step 202, the card distributor management platform sends the SELECT command message via card publisher service terminal to smart card, selects main security domain;
Step 203, smart card is submitted the SELECT command response via card publisher service terminal to the card distributor management platform;
Step 204, card distributor management platform and smart card master security domain are set up the SCP02 safe lane via card publisher service terminal;
Described card distributor management platform starts the card of recognizing each other of described card distributor management platform and described smart card master security domain, finish recognize each other card after, set up the interim conversation key between card distributor management platform and the smart card master security domain, thereby set up safe lane.This interim conversation key can be followed GlobalPlatform Card Specification V2.1.1/V2.2 standard and set up, and also can set up by other method;
The described card process of recognizing each other is finished between described card distributor management platform and described smart card master security domain via card publisher service terminal.
Step 205, card distributor management platform judge whether to need to create from security domain, if do not need to create from security domain, then stop from the security domain constructive process; If need to create from security domain, then continue to carry out subsequent step;
Described card distributor management platform, judges whether to create from security domain perhaps by modes such as intelligent card state information according to information such as described smart card ICCID information, application identities and application provider's identity.
Intelligent card state information is obtained from smart card master security domain by the card distributor management platform.
Step 206, the card distributor management platform sends the INSTALL order via card publisher service terminal to smart card;
Step 207, smart card is submitted the INSTALL command response via card publisher service terminal to the card distributor management platform;
Step 208, the card distributor management platform generates initial key, by the PUTKEY order, sends from the security domain initial key to smart card master security domain via card publisher service terminal;
Step 209, smart card master security domain receives behind the security domain initial key, with receive from the initialization of security domain initial key from security domain;
Step 210, smart card master security domain sends the PUTKEY command response via card publisher service terminal to the card distributor management platform, finishes from security domain initial key distribution procedure.
Interactive information among the embodiment one between card distributor management platform and smart card is transmitted by card publisher service terminal; In embodiment two, message from the card distributor management platform to smart card is transmitted by application provider's management platform and application provider's service terminal successively, and the message that snaps into the card distributor management platform from intelligence is transmitted by application provider's service terminal and application provider's management platform successively.As shown in Figure 3, among the embodiment two, distribution specifically may further comprise the steps from the method for security domain initial key:
Step 301, the user triggers to use by application provider's service terminal client-side program or smart card programs and downloads application, and submit to application to download via application provider's management platform to the card distributor management platform and apply for, use to download and apply for comprising the information such as intelligent card subscriber identifying information, application identities and application provider's identity;
Step 302, the card distributor management platform sends the SELECT command message via application provider's management platform and application provider's service terminal to smart card, selects main security domain;
Step 303, smart card is submitted the SELECT command response via application provider's service terminal and application provider's management platform to the card distributor management platform;
Step 304, card distributor management platform and smart card master security domain are set up the SCP02 safe lane via application provider's management platform and application provider's service terminal;
Described card distributor management platform starts the card of recognizing each other of described card distributor management platform and described smart card master security domain, finish recognize each other card after, set up the interim conversation key between card distributor management platform and the smart card master security domain, thereby set up safe lane.This interim conversation key can be followed GlobalPlatform Card Specification V2.1.1/V2.2 standard and set up, and also can set up by other method;
The described card process of recognizing each other is finished between described card distributor management platform and described smart card master security domain via application provider's management platform and application provider's service terminal.
Step 305, card distributor management platform judge whether to need to create from security domain, if do not need to create from security domain, then stop from the security domain constructive process; If need to create from security domain, then continue to carry out subsequent step;
Described card distributor management platform, judges whether to create from security domain perhaps by modes such as intelligent card state information according to information such as described smart card ICCID information, application identities and application provider's identity.
Intelligent card state information is obtained from smart card master security domain by the card distributor management platform.
Step 306, the card distributor management platform sends the INSTALL order via application provider's management platform and application provider's service terminal to smart card;
Step 307, smart card is submitted the INSTALL command response via application provider's service terminal and application provider's management platform to the card distributor management platform;
Step 308, the card distributor management platform is ordered by PUTKEY, sends from the security domain initial key to smart card master security domain via application provider's management platform and application provider's service terminal;
Step 309, smart card master security domain receives behind the security domain initial key, with receive from the initialization of security domain initial key from security domain;
Step 310, smart card master security domain sends the PUTKEY command response via application provider's service terminal and application provider's management platform to the card distributor management platform, finishes from security domain initial key distribution procedure.
Initial key of slave security domain of intelligent card distribution method of the present invention and system, can solve behind hair fastener, situation for symmetric key, when creating from security domain, with the card distributor management platform generate from the importing to from security domain of security domain initial key safety, thereby realize secure distribution from the security domain initial key.
The present invention also can have other various embodiments; in the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making according to the present invention various corresponding changes and distortion, and these change and be out of shape the protection range that all should belong to the appended claim of the present invention accordingly.

Claims (8)

1. smart card from security domain initial key distribution method, it is characterized in that, the method movement-based terminal electronic payment system realizes, this system comprises having smart card, card distributor management platform and the service terminal of paying application function by mails, and described smart card is an autonomous device or is installed on the portable terminal; Described smart card communicates by described service terminal and described card distributor management platform, and described card distributor management platform will be distributed to described smart card from the security domain initial key by described service terminal; The method comprises:
(a) user triggers by smart card programs or service terminal client-side program and uses download request, and to described card distributor management platform submission application download request, comprise smartcard identification information, application identities and application provider's identity information in the described application download request;
(b) after described card distributor management platform is received and used download request information, set up safe lane between described card distributor management platform and the described smart card master security domain;
(c) described card distributor management platform creates from security domain and generates from the security domain initial key, via described service terminal the security domain initial key is imported to described slave security domain of intelligent card by the safe lane of setting up.
2. the method for claim 1 is characterized in that,
Step (b) afterwards, step (c) also comprises before: described card distributor management platform is according to described smartcard identification information, application identities and application provider's identity information perhaps according to intelligent card state information, judge whether to create from security domain.
3. the method for claim 1 is characterized in that,
The process that step (b) is set up safe lane comprises: (b1) described card distributor management platform and smart card master security domain are recognized each other card via described service terminal, and the described card process of recognizing each other is finished between described card distributor management platform and described smart card master security domain via described service terminal; (b2) set up the interim conversation key between described card distributor management platform and the described smart card master security domain, thereby set up safe lane.
4. such as each described method in the claims 1 to 3, it is characterized in that,
Described service terminal is transmitted by card publisher service terminal for card publisher service terminal, the interactive information between described card distributor management platform and described smart card; Perhaps, described service terminal is application provider's service terminal, message from described card distributor management platform to described smart card is transmitted by application provider's management platform and application provider's service terminal successively, and the message that snaps into described card distributor management platform from described intelligence is transmitted by application provider's service terminal and application provider's management platform successively.
Smart card from security domain initial key dissemination system, it is characterized in that this system comprises having smart card, card distributor management platform and the service terminal of paying application function by mails;
Described smart card communicates by described service terminal and described card distributor management platform; Also be used for providing to described card distributor management platform submitting the support of using download request to, recognize each other card and set up the interim conversation key with the card distributor management platform, be used for also that deciphering obtains from the security domain initial key, and to carrying out initialization from security domain;
Described card distributor management platform is used for will being distributed to described smart card from the security domain initial key by described service terminal; Also be used for recognizing each other card and setting up the interim conversation key with described smart card master security domain, also be used for judging whether to set up from security domain according to using download request or intelligent card state information, and set up from security domain, generate and to the smart card distribution from the security domain initial key.
6. system as claimed in claim 5 is characterized in that,
Described service terminal is used for the interactive information between described card distributor management platform and described smart card is transmitted for card publisher service terminal; Perhaps;
Described service terminal is application provider's service terminal, and described system also comprises application provider's management platform;
Described application provider service terminal is used for receiving the message of described application provider management platform transmission and being transmitted to described smart card; Also be used for receiving the message of described smart card transmission and being transmitted to described application provider management platform;
Described application provider management platform is used for receiving the message of described card distributor management platform transmission and being transmitted to described application provider service terminal; Also be used for receiving the message of described application provider service terminal transmission and being transmitted to described card distributor management platform.
7. such as claim 5 or 6 described systems, it is characterized in that,
Described smart card is an autonomous device or is installed on the portable terminal.
8. one kind is adopted the as claimed in claim 1 portable terminal from security domain initial key distribution method of smart card, described portable terminal comprises having the smart card of paying application function by mails, it is characterized in that, the initial key of described slave security domain of intelligent card by the distribution of card publisher service terminal, perhaps passes through application provider's management platform and application provider's service terminal distribution by the card distributor management platform.
CN2008101770164A 2008-11-10 2008-11-10 Method and system for distributing secondary security domain initial keys of smart card and mobile terminal Active CN101742481B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2008101770164A CN101742481B (en) 2008-11-10 2008-11-10 Method and system for distributing secondary security domain initial keys of smart card and mobile terminal
PCT/CN2009/073485 WO2010051713A1 (en) 2008-11-10 2009-08-25 Method, system and mobile terminal for distributing the initial key of security sub-domain of a smart card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101770164A CN101742481B (en) 2008-11-10 2008-11-10 Method and system for distributing secondary security domain initial keys of smart card and mobile terminal

Publications (2)

Publication Number Publication Date
CN101742481A CN101742481A (en) 2010-06-16
CN101742481B true CN101742481B (en) 2013-03-20

Family

ID=42152476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101770164A Active CN101742481B (en) 2008-11-10 2008-11-10 Method and system for distributing secondary security domain initial keys of smart card and mobile terminal

Country Status (2)

Country Link
CN (1) CN101742481B (en)
WO (1) WO2010051713A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101916388B (en) * 2010-07-27 2013-06-05 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
CN105991530A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction system
CN105991529A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method and system
CN105790938B (en) * 2016-05-23 2019-02-19 中国银联股份有限公司 Safe unit key generation system and method based on credible performing environment
CN107493167B (en) * 2016-06-13 2021-01-29 广州江南科友科技股份有限公司 Terminal key distribution system and terminal key distribution method thereof
CN113490211B (en) * 2021-06-17 2023-03-24 中国联合网络通信集团有限公司 Auxiliary security domain establishing method, SM-SR and system
CN113490210B (en) * 2021-06-17 2023-03-24 中国联合网络通信集团有限公司 Method and system for establishing auxiliary security domain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7194438B2 (en) * 2004-02-25 2007-03-20 Nokia Corporation Electronic payment schemes in a mobile environment for short-range transactions
US7628322B2 (en) * 2005-03-07 2009-12-08 Nokia Corporation Methods, system and mobile device capable of enabling credit card personalization using a wireless network
US7469151B2 (en) * 2006-09-01 2008-12-23 Vivotech, Inc. Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities
CN101140649A (en) * 2007-10-22 2008-03-12 中兴通讯股份有限公司 Method and system for realizing electric commerce by mobile phones integrating RFID chip mobile phones

Also Published As

Publication number Publication date
WO2010051713A1 (en) 2010-05-14
CN101742481A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
CN101742480B (en) Method and system for distributing initial key of slave security domain of intelligent card and mobile terminal
CN101729502B (en) Method and system for distributing key
CN101729503B (en) Method and system for distributing key
CN101742481B (en) Method and system for distributing secondary security domain initial keys of smart card and mobile terminal
CN102469081B (en) Method, equipment and system for operating smart card
CN101739756B (en) Method for generating secrete key of smart card
CN101729244B (en) Method and system for distributing key
CN101742478A (en) Method and system for updating and distributing key of slave security domain of intelligent card and mobile terminal
CN101866463A (en) eNFC terminal, eNFC intelligent card and communication method thereof
CN101917216A (en) System and method for realizing safe mobile application by adopting Bluetooth intelligent card
CN103366140A (en) Card writing method and card writing device based on NFC (Near Field Communication)
CN104915829A (en) Application interaction method and application interaction device based on NFC technology
WO2010096991A1 (en) An application downloading system and method
CN202444629U (en) System for carrying out card operation by using mobile terminal
CN102932788A (en) Mobile phone-based identity identification and near-field payment method
CN104392190A (en) Virtual card substantiating method and device through mobile terminal equipment
CN108665269A (en) A kind of method and device being traded using mobile device
CN101729246B (en) Method and system for distributing key
CN101729243B (en) Method and system for updating key
CN102892096B (en) System, method, business operation support system (BOSS) and equipment for realizing account recharge
CN109858580A (en) A kind of exchange method of graphic code, electronic equipment and storage device
CN101742479A (en) Method and system for updating and distributing smart card secondary security domain keys and mobile terminal
CN101729245B (en) Method and system for distributing key
TWI643148B (en) Mobile device, method, computer program product, and distribution system thereof for configuring ticket co-branded credit card based on coding technology
KR101771546B1 (en) Method for payment using mobile fintech

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant