KEY DISTRIBUTION METHOD AND SYSTEM
First Claim
1. A key distribution method comprising:
- a card issuer management platform informing a supplementary security domain corresponding to an application provider of generating in a smart card a public/private key pair including a public key and a private key, receiving the public key returned from the supplementary security domain, importing a Trust Point'"'"'s public key for external authentication into the supplementary security domain, and transmitting the information of the supplementary security domain and the public key to an application provider management platform;
the application provider management platform receiving the information of the supplementary security domain and the public key from the card issuer management platform, and selecting the supplementary security domain of the smart card through a service terminal according to the information of the supplementary security domain and the public key; and
the application provider management platform informing the supplementary security domain of regenerating a public key and a private key, generating a supplementary security domain certificate according to the regenerated public key which is returned from the supplementary security domain, and achieving key distribution to the supplementary security domain by transmitting the supplementary security domain certificate to the supplementary security domain.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses a key distribution method and system, the method includes: a card issuer management platform informing a supplementary security domain corresponding to an application provider of generating in a smart card a public/private key pair including a public key and a private key, receiving the public key returned from the supplementary security domain, importing a public key for trust point for external authentication into the supplementary security domain, and transmitting the information of the supplementary security domain and the public key to the application provider management platform; the application provider management platform receiving the information of the supplementary security domain and the public key from the card issuer management platform, and selecting the supplementary security domain of the smart card by a service terminal according to the information of the supplementary security domain and the public key; the application provider management platform informing the supplementary security domain of regenerating a public key and a private key, generating a supplementary security domain certificate according to the regenerated public key which is returned from the supplementary security domain, and achieving the supplementary security domain key distribution by transmitting the supplementary security domain certificate to the supplementary security domain. The present invention can improve the security of the supplementary security domain key distribution.
-
Citations
10 Claims
-
1. A key distribution method comprising:
-
a card issuer management platform informing a supplementary security domain corresponding to an application provider of generating in a smart card a public/private key pair including a public key and a private key, receiving the public key returned from the supplementary security domain, importing a Trust Point'"'"'s public key for external authentication into the supplementary security domain, and transmitting the information of the supplementary security domain and the public key to an application provider management platform; the application provider management platform receiving the information of the supplementary security domain and the public key from the card issuer management platform, and selecting the supplementary security domain of the smart card through a service terminal according to the information of the supplementary security domain and the public key; and the application provider management platform informing the supplementary security domain of regenerating a public key and a private key, generating a supplementary security domain certificate according to the regenerated public key which is returned from the supplementary security domain, and achieving key distribution to the supplementary security domain by transmitting the supplementary security domain certificate to the supplementary security domain. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A key distribution system, comprising:
-
a card issuer management platform which comprises; a creating module, configured to create a supplementary security domain corresponding to an application provider in a smart card; a first informing module, configured to inform the supplementary security domain of generating in the smart card a public/private key pair including a public key and a private key; a first receiving module, configured to receive the public key returned from the supplementary security domain; an importing module, configured to import a Trust Point'"'"'s public key for external authentication into the supplementary security domain; a first transmitting module, configured to transmit the information of the supplementary security domain and the public key to an application provider management platform after performing the importing step; the application provider management platform which comprises; a second receiving module, configured to receive the information of the supplementary security domain and the public key from the card issuer management platform; a selecting module, configured to select the supplementary security domain of the smart card by a service terminal according to the information of the supplementary security domain and the public key; a second informing module, configured to inform the supplementary security domain of regenerating a public key and a private key; a generating module, configured to generate a supplementary security domain certificate according to the regenerated public key which is returned from the supplementary security domain; a second transmitting module, configured to transmit the supplementary security domain certificate to the supplementary security domain through a service terminal to achieve the supplementary security domain key distribution; the service terminal, configured to establish communications with the smart card through a reading and writing device, and to establish a connection between the smart card and the application provider management platform; the smart card, located in a mobile terminal, and comprising the supplementary security domain, wherein the supplementary security domain, configured to generate a public/private key pair, and to return the public key to the card issuer management platform through the service terminal, to regenerate a public key and a private key in the case that the application provider management platform informing the supplementary security domain of regenerating a public key and a private key, to return the regenerated public key to the application provider management platform, and to receive the supplementary security domain certificate sent by the application provider management platform. - View Dependent Claims (8, 9, 10)
-
Specification