CN114697954B - Method and system for realizing remote card writing by using equipment long connection - Google Patents
Method and system for realizing remote card writing by using equipment long connection Download PDFInfo
- Publication number
- CN114697954B CN114697954B CN202210318616.8A CN202210318616A CN114697954B CN 114697954 B CN114697954 B CN 114697954B CN 202210318616 A CN202210318616 A CN 202210318616A CN 114697954 B CN114697954 B CN 114697954B
- Authority
- CN
- China
- Prior art keywords
- terminal
- connection
- card
- server
- eid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000004891 communication Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0723—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method and a system for realizing remote card writing by using equipment long connection. The system comprises a server, a terminal and a smart card; the server comprises an OS-level message server and a business application server; the terminal comprises: terminal OS, terminal APP and terminal module; the terminal OS receives the message notification sent by the OS-level message server and forwards the message notification to the corresponding terminal APP, the terminal APP initiates an instruction request to the terminal module, the terminal module acquires the EID from the smart card and forwards the EID to the terminal APP, the terminal APP sends an HTTPS request to the service application server, receives the returned card execution instruction and forwards the card execution instruction to the terminal module, the terminal module sends the instruction to the smart card, the smart card and the terminal module establish a BIP channel, and the terminal module opens the BIP channel and establishes a remote HTTP connection with the server. The intelligent card does not depend on an operator data short message gateway or manual intervention, and the establishment of network connection is triggered by a message pushing mechanism through long connection.
Description
Technical Field
The invention relates to the field of intelligent card processing, in particular to a method and a system for realizing remote card writing by using equipment long connection.
Background
With the wide development of the application of the internet of things, a large amount of card making and issuing data requests are required to be determined in advance in the production link of the smart card, so that the operation and management cost is greatly increased, and as an efficient alternative solution, the remote card writing of the card making data to the security chip of the terminal equipment in an over-the-air mode through the HTTPS or a short message channel resource is realized by providing a background server, so that the service flexibility of card making and issuing can be realized, and then card opening and activating can be realized as required, thereby bringing great convenience to operators and service providers.
The remote card writing at the present stage is mainly realized by two modes and two air channels:
[ Consumer Consumer model ]: one is a remote card writing request that triggers a Pull (Pull) card opening data to a server by a user manually clicking on an Application (Application) of a terminal device. After establishing an HTTPS connection with the remote server and obtaining the card making data, the card making data is written to the smart card via an interactive interface program LPA (Local Profile Agent ) between the application and the card. (applicable scenes include scenes such as a mobile phone, a tablet, a wearable device, and the like);
[ M2M machine-to-machine (without human intervention) mode ]: a method for using network operator's SMS network resource to Push (Push) data command from platform side in data SMS mode to trigger card to build HTTP connection to server and obtain remote card making data is suitable for some processing scene without artificial site (such as ammeter, gas meter or intelligent household remote card writing), if HTTPS connection from terminal equipment to server can not be built by command, card making data can be directly issued to card end through SMS channel and executed to achieve remote card writing purpose.
In addition to the two main modes mentioned above (LPA procedure pulls card data through HTTPS or platform pushes card data through sms), there are some intermediate promiscuous modes in practical applications, such as: and the user sends a specified short message request from the terminal, and pulls the scene of card making data to the server through a short message channel.
In the two approaches at the present stage, the technical application scenes have advantages and disadvantages and also have respective limitations.
1. [ Consumer Consumer model ]: the remote card writing scene is triggered by clicking a corresponding button on the terminal equipment by a consumer, and the application range of the remote card writing scene is limited. Because this approach limits the triggering conditions for remote writing, manual interaction is necessary to complete the request, i.e. it limits that someone as a consumer is on site, and the terminal is a device with an operating screen control to enable the solution. ( Another: the same is true for the situation of pulling card making data by using a short message channel, the situation that the use situation is necessary to be manual operation intervention on site is limited )
2. [ M2M machine-to-machine (without human intervention) mode ]: the purpose of remotely pushing the short message from the platform side to the equipment terminal to realize remote card writing can be realized through pushing the short message, so that the problem of application scenes without manual work on site is solved, but the short message channel resource is necessarily required to be consumed through information pushing in a short message mode, and the short message charge is too high relative to the flow of GPRS. The data carrying capacity of the short message channel is smaller, and the short message channel is another disadvantage of the short message mode.
In summary, regardless of the approach adopted, there are limitations in triggering a remote card writing request in an application of the internet of things. Based on the method, the invention constructs a method for realizing remote card writing by using the long connection of the equipment.
Disclosure of Invention
The invention provides a system for realizing remote card writing by using equipment long connection, which comprises a server, a terminal and an intelligent card;
the server comprises an OS-level message server and a business application server; when a service application server needs to initiate a remote card writing to a terminal, sending a push message to the terminal OS through an OS-level message server, receiving a connection request initiated by a terminal APP, generating a connection instruction according to the connection request, and returning the connection instruction to the terminal; after establishing a communication channel with the smart card, sending a card writing instruction to the smart card;
the terminal comprises: terminal OS, terminal APP and terminal module; the terminal OS receives a message notification sent by the OS-level message server, forwards the message notification to a corresponding registered terminal APP, initiates an instruction request to the terminal module to establish a machine card connection after receiving the message, the terminal module acquires an EID from the smart card and forwards the EID to the terminal APP, the terminal APP sends a connection request to the service application server, receives a connection instruction returned by the service application server, forwards the connection instruction to the terminal module, the terminal module issues the connection instruction to the smart card, the smart card and the terminal module establish a BIP channel, and the terminal module opens the BIP channel and establishes a remote HTTPS connection with the service application server;
the intelligent card receives an EID acquisition instruction sent by the terminal module, returns current EID information to the terminal module, receives a connection instruction sent by the terminal module, and establishes a BIP channel with the terminal module according to the connection instruction.
The system for realizing remote card writing by using equipment long connection is characterized in that the server further comprises an APP-level message server, and when the service application server needs to initiate remote card writing to the terminal, the service application server sends push messages to the APP of the terminal through the APP-level message server and receives a connection request initiated by the APP of the terminal.
The system for realizing remote card writing by using equipment long connection is characterized in that APPID generated when the terminal installs the APP, the EID of the smart card and the user information are bound and stored in the service application server, and the message pushing request comprises the APPID.
The system for realizing remote card writing by using equipment long connection is characterized in that when the terminal APP is installed, a unique application identifier APPID is generated, and the application identifier APPID and initial intelligent card EID information are uploaded to a server to bind the terminal APP and the intelligent card.
The system for implementing remote card writing by using the long device connection as described above, wherein the connection request comprises an HTTPS request, an HTTP request, an FTP request and an SFTP request.
The invention also discloses a method for realizing remote card writing by using the equipment long connection, which comprises the following steps:
the service application server sends a message push request to the terminal OS through the OS-level message server;
the terminal OS forwards the message notice to the terminal APP, and after the terminal APP obtains the EID of the intelligent card by sending an instruction to the intelligent card through the terminal module, the terminal APP sends a connection request to the service application server;
the service application server connects the instruction according to the connection request, and returns the connection instruction to the terminal APP;
the terminal APP sends a connection instruction to the smart card through the terminal module;
the intelligent card establishes a BIP channel with the terminal module, the terminal module opens the BIP channel, and establishes a remote HTTP connection with the business application server;
and the business application server sends a card writing instruction to the intelligent card after establishing a communication channel with the intelligent card.
The method for realizing remote card writing by using equipment long connection comprises the steps that a terminal APP generates a connection request for acquiring connection parameter information according to the latest acquired current EID information and an application identifier APPID, and sends the request to a service application server; after receiving a connection request sent by a terminal APP, a service application server acquires APPID and EID from the connection request, generates unique connection parameter information by using the EID, assembles the unique connection parameter information into a connection instruction, and returns the connection instruction to the terminal APP.
The method for realizing remote card writing by using equipment long connection comprises the steps of acquiring APPID and EID from a connection request, and directly using the EID to generate unique connection parameter information if the EID stored in a server is the same as the EID in the connection request after the equipment long connection is used; if the EID stored in the server is different from the EID in the connection request, the card changing operation is indicated to occur, the stored EID is updated to the EID in the connection request, and the latest EID is used for generating unique connection parameter information.
The method for realizing remote card writing by using equipment long connection, as described above, wherein the generation of the connection parameter information specifically includes: and acquiring a corresponding algorithm and a key from a server memory according to the received EID, encrypting preset connection data to generate connection parameter information, assembling the connection parameter information into a card execution instruction, and returning an HTTPS response to the terminal APP.
The method for implementing remote card writing by using long equipment connection as described above, wherein in the process of establishing connection between the smart card and the service application server, further comprises: and the service application server and the intelligent card use a preset authentication mode to carry out identity authentication, and after the authentication is successful, the service application server sends service data to the intelligent card.
The method for realizing remote card writing by using the long equipment connection comprises the following specific operations that the business application server sends business data to the intelligent card:
s1, a service application server sends service data to an intelligent card through a remote HTTPS connection and a BIP channel;
s2, the intelligent card executes service data, and the execution result is sent to a service application server through a remote HTTPS connection and a BIP channel;
and S3, the service application server judges whether to continue to send other more service data according to the service logic, if no more service data need to be sent, the service application server returns an HTTPS response indicating the end of the service operation interaction request, and if the other service data are sent, the service application server returns to execute S1.
The beneficial effects achieved by the invention are as follows: and triggering the HTTPS connection scheme by using a message pushing mechanism on the terminal APP, wherein the smart card application can trigger the HTTPS connection with the background server without depending on an operator data short message gateway, and complete HTTPS handshake based on a BIP channel, thereby completing the establishment of network connection between the smart card and the server. On one hand, the triggering mode avoids the resource dependence on the short message gateway, thereby saving the cost and enhancing the reliability and stability of service triggering; on the other hand, the request is prevented from being triggered by manual intervention operation, so that the service popularization scene is wider, the service popularization scene is not limited to the manual field scene, and the convenience is enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a schematic diagram of a system for implementing remote card writing using a long device connection according to a first embodiment of the present invention;
fig. 2 is a flowchart of a method for implementing remote card writing by using a long device connection according to a second embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in FIG. 1, the invention provides a system for realizing remote card writing by using long equipment connection, which comprises a server, a terminal and a smart card.
The server includes an OS (operating system) level message server as a communication bridge between the service application server and the terminal before the server establishes a long connection with the smart card, and a service application server. When a service application server needs to initiate remote card writing to a terminal, a message pushing request is sent to the terminal through an OS-level message server, APPID generated when the terminal installs an APP, EID acquired from an intelligent card by the terminal and user information are bound and stored in the service application server, and the message pushing request comprises the APPID. In addition, before the server establishes long connection with the smart card, the server communicates with the terminal through the HTTPS channel in addition to the OS-level message server, and the server also communicates with the APP installed on the terminal directly, and the communication content is 7816 card execution instructions. After the server establishes long connection with the smart card, the server can directly communicate with the smart card through the terminal module, and service data is issued to the smart card through the terminal module.
In addition, the server can also comprise an APP-level message server, and when the service application server needs to initiate remote card writing to the terminal, the APP-level message server sends push messages to the terminal APP and receives connection requests initiated by the terminal APP;
the terminal comprises a terminal OS, a terminal APP and a terminal module, when the terminal APP is installed, an application identifier APPID is randomly generated according to the current hardware environment, and the application identifier APPID and initial intelligent card EID information stored in the terminal are uploaded to the server to bind the terminal APP and the intelligent card.
Before the smart card and the server are connected in a long way, the terminal OS is used as a communication bridge between the terminal and the server, receives a message notification sent by the OS-level message server, forwards the message notification to a corresponding registered terminal APP, and sends an instruction to the terminal APP to request the terminal module to establish the machine card connection after receiving the message, and the terminal module acquires current EID information from the smart card. It should be noted that the purpose of the EID information obtained again at this time is to ensure the latest EID of the current smart card, so as to avoid the failure of executing the later instruction due to the EID mismatch caused by the card changing operation.
After receiving current EID information returned by the smart card, the terminal module forwards the current EID information to the terminal APP, the terminal APP obtains APPID sent by the server and EID returned by the smart card at the moment, uses the APPID and the EID as parameter information for establishing connection with the service application server, directly sends an HTTPS request to the service application server, receives a card execution instruction issued by the service application server, forwards the card execution instruction to the terminal module, sends the card execution instruction to the smart card, and the smart card establishes a BIP channel according to the card execution instruction and the terminal module, and establishes remote HTTPS connection between the terminal module and the server. From this, carry out data interaction through long-range HTTPS connection between server and the terminal module, carry out data interaction through BIP passageway connection between terminal module and the smart card.
The intelligent card comprises an intelligent card operating system, an intelligent card application and an intelligent card memory, wherein the intelligent card operating system is in direct communication with the terminal module, the intelligent card operating system receives an EID acquisition instruction and a card execution instruction sent by the terminal module, the current EID information is acquired from the intelligent card memory after the EID acquisition instruction is received and returned to the terminal module, the instruction is forwarded to the intelligent card application after the card execution instruction is received, and a BIP channel is established between the execution instruction and the terminal module.
In this embodiment of the present application, the connection request sent by the terminal APP to the service application server is a device long connection, and may be an HTTP request, an FTP request, or an SFTP request, in addition to an HTTPS request.
Example two
As shown in fig. 2, the present invention provides a method for implementing remote card writing by using long connection of a device, which is applied to the system described in the first embodiment, and the method specifically includes:
step 210, the service application server sends a message push request to the terminal OS through the OS-level message server;
when the terminal APP is installed, an application identifier APPID is randomly generated according to the current hardware environment, the application identifier APPID and initial intelligent card EID information stored in the terminal are uploaded to a service application server to perform initial unique binding of the terminal APP and the intelligent card, and then if the intelligent card EID is changed, the binding relation stored in the service application server is updated in the operation process. When a service application server needs to initiate remote card writing to a terminal, the method specifically comprises the following steps: step 210-1, a service application server generates a message pushing request according to APPID, and forwards the message pushing request to an OS-level message server; step 210-2, the OS-level message server sends a message push request to the terminal OS.
Step 220, the terminal OS forwards a message notice to the terminal APP, the terminal APP initiates an instruction request to the terminal module to establish the machine card connection, and the terminal module sends an EID acquisition instruction to the smart card;
after receiving the message push request, the terminal OS acquires the APPID from the message push request, searches the corresponding terminal APP in the terminal, and forwards the message notification to the corresponding terminal APP.
Step 230, the smart card returns the stored current EID information to the terminal module according to the EID acquisition instruction;
because the EID mismatch caused by the card changing operation may occur, the later instruction execution fails, and therefore, when the remote card writing operation is performed, EID information needs to be obtained from the smart card again, so that the latest EID is ensured, and the EID stored in the terminal is updated.
Step 240, the terminal module forwards the obtained current EID information to the terminal APP, and the terminal APP sends an HTTPS request to the service application server;
and the terminal module generates an HTTPS request for acquiring the connection parameter information according to the latest acquired current EID information and the application identifier APPID, and sends the request to the service application server.
Step 250, the service application server generates a connection instruction according to the HTTPS request, and returns the connection instruction containing the connection parameter information to the terminal APP;
after receiving an HTTPS request sent by a terminal module, a service application server acquires an APPID and an EID from the HTTPS request, uses the APPID to search for the corresponding EID stored in the server, if the EID stored in the server is the same as the EID in the HTTPS request, the service application server indicates that no card exchange operation exists, directly uses the EID to generate unique connection parameter information, packages the unique connection parameter information into a smart card execution instruction data packet, returns an HTTPS response to a terminal APP, if the EID stored in the server is different from the EID in the HTTPS request, indicates that the card exchange operation occurs, updates the stored EID into the EID in the HTTPS request, uses the latest EID to generate the unique connection parameter information, packages the unique connection parameter information into the smart card execution instruction data packet, and returns the HTTPS response to the terminal APP;
the method specifically comprises the following steps of: and acquiring a corresponding algorithm and a key from a server memory according to the received EID, encrypting preset connection data (such as a service application server IP address), generating connection parameter information, assembling the connection parameter information into a 7816 card execution instruction, and returning an HTTPS response to the terminal APP.
Step 260, the terminal APP forwards the connection instruction to the terminal module, and the terminal module sends the connection instruction to the smart card;
step 270, the smart card establishes a BIP channel with the terminal module according to the connection parameter information in the connection instruction, informs the terminal module to open the BIP channel, and establishes a remote HTTPS connection with the service application server;
after the intelligent card informs the terminal module to open the BIP channel according to the connection parameter information, the terminal module opens the BIP channel and establishes remote HTTPS connection with the service application server, and communication data of the follow-up intelligent card and the server are transmitted through the terminal module directly without internal operation of the terminal.
In addition, in the process of establishing connection between the intelligent card and the service application server, the service application server needs to verify the identity of the intelligent card, so that the service application server and the intelligent card use a preset authentication mode to verify the identity, and after the verification is successful, the service application server sends service data to the intelligent card; the method specifically comprises the following substeps:
s1, a service application server and an intelligent card carry out identity verification in a preset authentication mode, service data are assembled into card execution instructions after verification is successful, and the service data are sent to the intelligent card through remote HTTPS connection and a BIP channel;
the preset authentication mode comprises, but is not limited to, authentication by using one or more modes such as a PSK pre-shared key mode, a certificate chain authentication mode, a public-private key asymmetric key mode and the like;
the PSK pre-sharing key mode specifically comprises the following steps: the method comprises the steps that a shared symmetric key is prefabricated in advance on a smart card and a service application server, then the smart card terminal is associated through a PSKID, a PSKID value is sent to the service application server in the process of needing handshake authentication, the service application server finds the associated key corresponding to the smart card according to the PSKID, and verification is completed through the associated key and random numbers generated in the handshake process. The certificate chain mode is specifically as follows: the intelligent card is pre-provided with a card certificate, the certificate is issued by a factory EUM, the EUM factory certificate is issued by a third party CI, and meanwhile, the service application server certificate is also issued by the third party CI, so that the identity validity check is achieved by mutually exchanging certificates in the process of handshaking and authenticating identities, and the certificates are under the same CI certificate chain. The public and private key mode is specifically as follows: the public key and the private key special for the intelligent card exist on the intelligent card, the public key and the private key special for the service application server also exist on the service application server, and in the process of handshaking authentication identity, the protection key required for encrypting transmission of the service sensitive data is calculated through negotiation by using the public key of the opposite party and the private key of the opposite party and using an ECC elliptic curve algorithm, so that the encryption transmission of the follow-up sensitive data is realized.
Taking a PSK pre-sharing key mode as an example, the service application server and the smart card use a preset authentication mode to carry out identity verification, and the method specifically comprises the following steps: (1) the intelligent card sends ClientHello information to a service application server for key exchange, wherein the ClientHello information comprises a TLS version number, a client random number, a session ID, an encryption algorithm and PSKID extension information; (2) the service application server finds corresponding associated key information according to the PSKID, encrypts the ServerHello information and then sends the ServerHello information to the intelligent card, wherein the ServerHello information comprises a server random number, a selected encryption algorithm and PSKID expansion information encrypted by the corresponding key, and the service application server generates a session key according to the client random number, the server random number and a agreed key algorithm for later service data transmission; (3) the smart card also finds the preset associated key to verify the encryption information returned by the service application server according to the PSKID, and generates a session key according to the client random number, the server random number and the agreed key algorithm for later service data transmission. The smart card is thereby successfully authenticated with the service application server.
S2, the intelligent card executes service data, and the execution result is sent to a service application server through a remote HTTPS connection and a BIP channel;
and S3, the service application server judges whether to continue to send other more service data according to the service logic, if no more service data need to be sent, an HTTPS response is returned (for example, 204 is a status code) to indicate that the service operation interaction request is ended and no subsequent data need to be sent. If there are other traffic data transmissions, execution returns to S1.
By adopting the technical scheme, the following technical effects can be achieved:
(1) By utilizing long connection of an operating system level, the message can be pushed to the APP application program of the terminal equipment from a remote Profile server, so that manual intervention operation required in the prior art can be avoided.
(2) The terminal APP establishes an HTTPS channel to acquire configuration address information of the Profile, and the configuration address information is determined by pushing the content in the message, so that the method has greater flexibility compared with the prior art in which the terminal APP directly accesses the Profile by a mode of prefabricating a default address.
(3) Through the card writing data obtained from the Profile server, the smart card establishes a BIP channel in the process of executing the card instruction, establishes HTTPS connection with the server, obtains card making data through the channel, and does not need to pass through the terminal APP. The mode has greater security and simplicity due to encryption and decryption operations related to card instructions.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.
Claims (11)
1. The system for realizing remote card writing by using equipment long connection is characterized by comprising a server, a terminal and an intelligent card;
the server comprises an OS-level message server and a business application server; when a service application server needs to initiate a remote card writing to a terminal, sending a push message to the terminal OS through an OS-level message server, receiving a connection request initiated by a terminal APP, generating a connection instruction according to the connection request, and returning the connection instruction to the terminal; after establishing a communication channel with the smart card, sending a card writing instruction to the smart card;
the terminal comprises: terminal OS, terminal APP and terminal module; the terminal OS receives a message notification sent by the OS-level message server, forwards the message notification to a corresponding registered terminal APP, initiates an instruction request to the terminal module to establish a machine card connection after receiving the message, the terminal module acquires an EID from the smart card and forwards the EID to the terminal APP, the terminal APP sends a connection request to the service application server, receives a connection instruction returned by the service application server, forwards the connection instruction to the terminal module, the terminal module issues the connection instruction to the smart card, the smart card and the terminal module establish a BIP channel, and the terminal module opens the BIP channel and establishes a remote HTTPS connection with the service application server;
the intelligent card receives an EID acquisition instruction sent by the terminal module, returns current EID information to the terminal module, receives a connection instruction sent by the terminal module, and establishes a BIP channel with the terminal module according to the connection instruction.
2. The system for implementing remote card writing by using equipment long connection as claimed in claim 1, wherein the server further comprises an APP application level message server, and the service application server sends a push message to the APP application of the terminal through the APP application level message server when the remote card writing needs to be initiated to the terminal, and receives a connection request initiated by the APP of the terminal.
3. The system for implementing remote card writing by using long connection of equipment as claimed in claim 1, wherein the service application server binds and stores the APPID generated when the terminal installs the APP, the EID of the smart card, and the user information, and the message push request includes the APPID.
4. The system for implementing remote card writing by using long equipment connection according to claim 1, wherein when the terminal APP is installed, a unique application identifier APPID is generated, and the application identifier APPID and initial smart card EID information are uploaded to a server for binding the terminal APP and the smart card.
5. The system for implementing remote card writing using long device connection according to claim 1, wherein the connection request comprises HTTPS request, HTTP request, FTP request, SFTP request.
6. A method for implementing remote card writing using a long device connection, comprising:
the service application server sends a message push request to the terminal OS through the OS-level message server;
the terminal OS forwards the message notice to the terminal APP, and after the terminal APP obtains the EID of the intelligent card by sending an instruction to the intelligent card through the terminal module, the terminal APP sends a connection request to the service application server;
the service application server connects the instruction according to the connection request, and returns the connection instruction to the terminal APP;
the terminal APP sends a connection instruction to the smart card through the terminal module;
the intelligent card establishes a BIP channel with the terminal module, the terminal module opens the BIP channel, and establishes a remote HTTP connection with the business application server;
and the business application server sends a card writing instruction to the intelligent card after establishing a communication channel with the intelligent card.
7. The method for implementing remote card writing by using equipment long connection as claimed in claim 6, wherein the terminal APP generates a connection request for obtaining connection parameter information according to the latest obtained current EID information and the application identifier APPID, and sends the request to the service application server; after receiving a connection request sent by a terminal APP, a service application server acquires APPID and EID from the connection request, generates unique connection parameter information by using the EID, assembles the unique connection parameter information into a connection instruction, and returns the connection instruction to the terminal APP.
8. The method for implementing remote card writing by long connection of equipment according to claim 7, wherein after obtaining the APPID and the EID from the connection request, if the EID stored in the server is identical to the EID in the connection request, it indicates that there is no card changing operation, and the unique connection parameter information is generated directly using the EID; if the EID stored in the server is different from the EID in the connection request, the card changing operation is indicated to occur, the stored EID is updated to the EID in the connection request, and the latest EID is used for generating unique connection parameter information.
9. The method for implementing remote card writing by using long device connection according to claim 7 or 8, wherein the generating of the connection parameter information is specifically: and acquiring a corresponding algorithm and a key from a server memory according to the received EID, encrypting preset connection data to generate connection parameter information, assembling the connection parameter information into a card execution instruction, and returning an HTTPS response to the terminal APP.
10. The method for implementing remote card writing using long device connection as set forth in claim 6, wherein in the process of establishing a connection between the smart card and the service application server, further comprising: and the service application server and the intelligent card use a preset authentication mode to carry out identity authentication, and after the authentication is successful, the service application server sends service data to the intelligent card.
11. The method for implementing remote card writing by using long connection of equipment as claimed in claim 10, wherein the specific operation of the service application server for sending service data to the smart card is as follows:
s1, a service application server sends service data to an intelligent card through a remote HTTPS connection and a BIP channel;
s2, the intelligent card executes service data, and the execution result is sent to a service application server through a remote HTTPS connection and a BIP channel;
and S3, the service application server judges whether to continue to send other more service data according to the service logic, if no more service data need to be sent, the service application server returns an HTTPS response indicating the end of the service operation interaction request, and if the other service data are sent, the service application server returns to execute S1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318616.8A CN114697954B (en) | 2022-03-29 | 2022-03-29 | Method and system for realizing remote card writing by using equipment long connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318616.8A CN114697954B (en) | 2022-03-29 | 2022-03-29 | Method and system for realizing remote card writing by using equipment long connection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697954A CN114697954A (en) | 2022-07-01 |
| CN114697954B true CN114697954B (en) | 2024-03-26 |
Family
ID=82140706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210318616.8A Active CN114697954B (en) | 2022-03-29 | 2022-03-29 | Method and system for realizing remote card writing by using equipment long connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697954B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117354784A (en) * | 2023-09-20 | 2024-01-05 | 中移互联网有限公司 | Card application management method, device and system of super SIM card |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103533535A (en) * | 2013-11-06 | 2014-01-22 | 广州森锐电子科技有限公司 | Remote mobile phone card-writing system and card-writing method |
| EP2712220A1 (en) * | 2012-09-25 | 2014-03-26 | Eastcompeace Technology Co. Ltd | Telecom smart card, air writing card system and air writing card method |
| CN108684033A (en) * | 2018-05-22 | 2018-10-19 | 北京大唐智能卡技术有限公司 | A kind of card writing method and device of terminal device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724315B (en) * | 2012-06-21 | 2016-06-08 | 惠州Tcl云创科技有限公司 | The remote-operated method and system of smart card are realized based on smart card web page server |
-
2022
- 2022-03-29 CN CN202210318616.8A patent/CN114697954B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2712220A1 (en) * | 2012-09-25 | 2014-03-26 | Eastcompeace Technology Co. Ltd | Telecom smart card, air writing card system and air writing card method |
| CN103533535A (en) * | 2013-11-06 | 2014-01-22 | 广州森锐电子科技有限公司 | Remote mobile phone card-writing system and card-writing method |
| CN108684033A (en) * | 2018-05-22 | 2018-10-19 | 北京大唐智能卡技术有限公司 | A kind of card writing method and device of terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697954A (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107580790B (en) | Method and apparatus for providing a profile | |
| CN108028758B (en) | Method and apparatus for downloading profiles in a communication system | |
| CN107873137B (en) | Techniques for managing profiles in a communication system | |
| CN103765842B (en) | Connect and for transmitting the method for packet, equipment and system safely for setting up end-by-end security | |
| CN111052777A (en) | Method and apparatus for supporting inter-device profile transfer in a wireless communication system | |
| KR20160124648A (en) | Method and apparatus for downloading and installing a profile | |
| US20010016907A1 (en) | Security protocol structure in application layer | |
| KR20190004499A (en) | Apparatus and methods for esim device and server to negociate digital certificates | |
| CN111406397B (en) | Method and apparatus for managing events in a communication system | |
| GB2575433A (en) | Automatic client device registration | |
| CN105359480A (en) | Key establishment for constrained resource devices | |
| CN110247803B (en) | Protocol optimization architecture and method for network management protocol SNMPv3 | |
| WO2008035183A2 (en) | Method, server and mobile station for transfering data from the server to the mobile station. | |
| CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
| CN114697954B (en) | Method and system for realizing remote card writing by using equipment long connection | |
| CN110505619A (en) | A kind of data transmission method in eSIM Remote configuration | |
| CN107211265A (en) | The safety interacting method and device of a kind of terminal room | |
| EP3769551B1 (en) | Method and apparatus for negotiating euicc version | |
| CN109862526A (en) | Document transmission method, device, computer equipment and storage medium | |
| CN112822216A (en) | Authentication method for binding of Internet of things sub-equipment | |
| CN106789344B (en) | Data transmission method, system, CDN network and client | |
| CN115567195A (en) | Secure communication method, client, server, terminal and network side equipment | |
| CN112804676A (en) | Autonomous number issuing method and system based on eSIM M2M | |
| EP4094174B1 (en) | A method for securely diversifying a generic application stored in a secure processor of a terminal | |
| US12034870B2 (en) | Method for securely diversifying a generic application stored in a secure processor of a terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |