省级移动公司多安全域多应用管理平台的设计与实现
|
摘要
在现代生活中,智能卡的应用非常广泛。但由于种类繁多,它们在给我们带来方便的同时也带来许多麻烦。为了满足多卡集成为一卡的市场需求,中国移动推出了它的多应用卡:中国移动多安全域多应用卡(China Mobile Security and Multi-Space Application Card,简称CMS2AC)。CMS2AC拥有无线射频功能,能够实现现场支付、电子票、VIP身份卡等相对复杂的应用。伴随CMS2AC的推出,移动公司的多应用平台的建设已经是必然的趋势。
多应用平台的建设存在许多困难和特殊需求。从国内市场看,单应用卡、STK卡、多应用卡并存,需要统一接入管理;从应用开发商角度来说,希望自主管理卡上自己的应用,并会对多应用集成环境中安全问题特别在意;从运营商的角度,还需要考虑如何能最大限度的利用原有OTA平台,减少投入,扩大市场占有率。
针对这些问题和需求,本文做了以下工作:1)首先分析了CMS2AC卡的关键技术,包括CMS2AC的管理技术,安全策略和安全通道技术。通过安全管理和安全信道技术说明了CMS2AC卡的安全性。2)在分析了平台需求和大致功能的基础上,完成了平台的框架设计和模块划分,在此基础上设计并实现了多应用平台。3)详细描述了(U)SIM卡应用模块的主要流程设计,开发过程和实现方式。4)最后简单说明了CMS2AC OTA模块和通信模块的主要功能:密钥管理与更新,传输通道的选择与实现,与短信网关和OTA3平台相关的接口实现。
In modern life, the smart card application is very popular. But as a result of various kinds, they bring us a lot of trouble while they are very convenient. In order to satisfying the multi-card integration demand of the market, China Mobile launched its multi-application card:the Chinese mobile multi-domain multi-application card (China Mobile Security and Multi-Space Application Card, referred to as CMS2AC). CMS2AC has wireless radio frequency function, and it can realize relative complicated applications, such as the payment, electronic ticket, VIP identity card and so on. With CMS2AC's launching, China Mobile's multi-application platform construction is an inevitable trend.
There are many difficulties and special needs in the construction of multi-application platform. From the perspective of the domestic market, single application cards, STK cards and multi-application cards coexist, and they need to be unified managed; from the perspective of application developers, they wish to manage the card applications by themselves, and they care about the security of the integrated multi-application environment; from the perspective of operators, they need to consider how to maximize the use of the original OTA platform, reducing investment and expanding market share.
For these problems and needs, this paper makes the following work:1) Analyzing the key technologies of the CMS2AC card, including the management technology, safety strategies and secure channel technology in CMS2AC, illustrating the security of CMS2AC through the security management and secure channel technology.2) On the basis of the platform requirements and approximate analysis, completing the platform framework design and module division, and the design and implementation of the multi-application platform.3) A detailed description of the (U) SIM card application modules process design, the development process, and the method of implementation.4) Finally, a brief description of the main functions of the CMS2AC OTA module and the communication module:CMS2AC interface implementation:key management and update, transmission channel choice and implementation, and SMS gateway and OTA3platform related interface implementation.
多应用平台的建设存在许多困难和特殊需求。从国内市场看,单应用卡、STK卡、多应用卡并存,需要统一接入管理;从应用开发商角度来说,希望自主管理卡上自己的应用,并会对多应用集成环境中安全问题特别在意;从运营商的角度,还需要考虑如何能最大限度的利用原有OTA平台,减少投入,扩大市场占有率。
针对这些问题和需求,本文做了以下工作:1)首先分析了CMS2AC卡的关键技术,包括CMS2AC的管理技术,安全策略和安全通道技术。通过安全管理和安全信道技术说明了CMS2AC卡的安全性。2)在分析了平台需求和大致功能的基础上,完成了平台的框架设计和模块划分,在此基础上设计并实现了多应用平台。3)详细描述了(U)SIM卡应用模块的主要流程设计,开发过程和实现方式。4)最后简单说明了CMS2AC OTA模块和通信模块的主要功能:密钥管理与更新,传输通道的选择与实现,与短信网关和OTA3平台相关的接口实现。
In modern life, the smart card application is very popular. But as a result of various kinds, they bring us a lot of trouble while they are very convenient. In order to satisfying the multi-card integration demand of the market, China Mobile launched its multi-application card:the Chinese mobile multi-domain multi-application card (China Mobile Security and Multi-Space Application Card, referred to as CMS2AC). CMS2AC has wireless radio frequency function, and it can realize relative complicated applications, such as the payment, electronic ticket, VIP identity card and so on. With CMS2AC's launching, China Mobile's multi-application platform construction is an inevitable trend.
There are many difficulties and special needs in the construction of multi-application platform. From the perspective of the domestic market, single application cards, STK cards and multi-application cards coexist, and they need to be unified managed; from the perspective of application developers, they wish to manage the card applications by themselves, and they care about the security of the integrated multi-application environment; from the perspective of operators, they need to consider how to maximize the use of the original OTA platform, reducing investment and expanding market share.
For these problems and needs, this paper makes the following work:1) Analyzing the key technologies of the CMS2AC card, including the management technology, safety strategies and secure channel technology in CMS2AC, illustrating the security of CMS2AC through the security management and secure channel technology.2) On the basis of the platform requirements and approximate analysis, completing the platform framework design and module division, and the design and implementation of the multi-application platform.3) A detailed description of the (U) SIM card application modules process design, the development process, and the method of implementation.4) Finally, a brief description of the main functions of the CMS2AC OTA module and the communication module:CMS2AC interface implementation:key management and update, transmission channel choice and implementation, and SMS gateway and OTA3platform related interface implementation.
引文
[1]李作为基于STK卡的移动交易业务模式研究,计算机工程与应用,2003.10
[2]何杰GP多应用管理系统的研究和实现[学位论文],华中科技大学,2009,05
[3]董威多应用智能卡新技术研究[学位论文]北京邮电大学,2008.05
[4]曾勇军基于MAC的ELF文件执行安全性的提高计算机工程,2006.¨
[5]董威,杨义先一种跨行业多应用智能卡系统模型及实现,计算机工程,2007.04
[6]刘崇岩,毛志刚智能卡的研究与发展,微处理器,2000,05
[7]余文功Web服务组合中的特征交互问题动态检测方法研究[学位论文],中国石油大学,2010-05-01
[8]Wolfgang Rankl, Wolfgang Effing, Handbuch der Chipkarten 3.Auflage,2002,12
[9]William, Cryptography and Network Security Principles and Practices, Third Edition, 2004,08
[10]3GPPTS31.111 Teehnieal SPecifieation Group Terminal USIM ApplicationTookit USAT,Release6
[11]Global Platform The standard for smart card infrastructure v2.22006.05
[12]孟子山基于GP规范的JAVA卡管理系统[学位论文],北京邮电大学,2011,01
[13]张海涛智能卡应用安全管理平台[学位论文],北京邮电大学,2008,03
[14]陈文杨安全的JavaSIM卡空中下载机制的研究与实现[学位论文],北京邮电大学,2006,03
[15]秦保安动态多应用智能卡中的卡操作系统研究及实现[学位沦文],华中科技大学,2005,04
[16]林宇基于Java Card技术的SIM应用平台的研究[学位论文],北京邮电大学,2004,03
[17]曹乐平,李伟章SIM卡与基于STK的S1M卡业务,产品与市场,2005,07
[18]毛颖奇,郁振康STK卡OTA(空中下载)技术的实现与应用,江苏通信技术,2003,07
[19]董威,杨义先基于JavaSIM卡的GlobalPlatform安全技术研究,北京邮电大学学报,2006,07
[20]刘宏梅王黎明平庆瑞多应用卡多会话管理的研究与实现,中国高校科技与产业化,2008,07
[21]柴洪峰智能卡多应用操作系统的发展趋势及研究,计算机应用与软件,2012,02
[22]STK卡梦网短信业务菜单OTA下载实现方案(三阶段)v2.O
[23]中国移动(U)SIM卡多安全域多应用管理技术规范
[24]宋士安基于Struts+Hibernate的SCIP系统设计与实现,计算机技术与发展,2011.12
[25]王明华JavaUSIM卡安全计算研究[学位论文],北京邮电大学,2006,05
[26]杨洋OTA下载服务整体解决方案的研究[学位论文],北京邮电大学,2006,03
[27]郑琦OTA业务下载平台的设计与实现[学位论文],西南交通大学,2010.06
[28]周珺MULTOS卡虚拟机及编译器的研究及实现[学位论文],华中科技大学,2005.10
[29]宋进朝中国移动集团发展战略研究[学位论文],北京邮电大学,2008,10
[30]付艳华“SIM密宝”增值业务支撑系统的设计与实现[学位论文],北京邮电大学,2012,01
[2]何杰GP多应用管理系统的研究和实现[学位论文],华中科技大学,2009,05
[3]董威多应用智能卡新技术研究[学位论文]北京邮电大学,2008.05
[4]曾勇军基于MAC的ELF文件执行安全性的提高计算机工程,2006.¨
[5]董威,杨义先一种跨行业多应用智能卡系统模型及实现,计算机工程,2007.04
[6]刘崇岩,毛志刚智能卡的研究与发展,微处理器,2000,05
[7]余文功Web服务组合中的特征交互问题动态检测方法研究[学位论文],中国石油大学,2010-05-01
[8]Wolfgang Rankl, Wolfgang Effing, Handbuch der Chipkarten 3.Auflage,2002,12
[9]William, Cryptography and Network Security Principles and Practices, Third Edition, 2004,08
[10]3GPPTS31.111 Teehnieal SPecifieation Group Terminal USIM ApplicationTookit USAT,Release6
[11]Global Platform The standard for smart card infrastructure v2.22006.05
[12]孟子山基于GP规范的JAVA卡管理系统[学位论文],北京邮电大学,2011,01
[13]张海涛智能卡应用安全管理平台[学位论文],北京邮电大学,2008,03
[14]陈文杨安全的JavaSIM卡空中下载机制的研究与实现[学位论文],北京邮电大学,2006,03
[15]秦保安动态多应用智能卡中的卡操作系统研究及实现[学位沦文],华中科技大学,2005,04
[16]林宇基于Java Card技术的SIM应用平台的研究[学位论文],北京邮电大学,2004,03
[17]曹乐平,李伟章SIM卡与基于STK的S1M卡业务,产品与市场,2005,07
[18]毛颖奇,郁振康STK卡OTA(空中下载)技术的实现与应用,江苏通信技术,2003,07
[19]董威,杨义先基于JavaSIM卡的GlobalPlatform安全技术研究,北京邮电大学学报,2006,07
[20]刘宏梅王黎明平庆瑞多应用卡多会话管理的研究与实现,中国高校科技与产业化,2008,07
[21]柴洪峰智能卡多应用操作系统的发展趋势及研究,计算机应用与软件,2012,02
[22]STK卡梦网短信业务菜单OTA下载实现方案(三阶段)v2.O
[23]中国移动(U)SIM卡多安全域多应用管理技术规范
[24]宋士安基于Struts+Hibernate的SCIP系统设计与实现,计算机技术与发展,2011.12
[25]王明华JavaUSIM卡安全计算研究[学位论文],北京邮电大学,2006,05
[26]杨洋OTA下载服务整体解决方案的研究[学位论文],北京邮电大学,2006,03
[27]郑琦OTA业务下载平台的设计与实现[学位论文],西南交通大学,2010.06
[28]周珺MULTOS卡虚拟机及编译器的研究及实现[学位论文],华中科技大学,2005.10
[29]宋进朝中国移动集团发展战略研究[学位论文],北京邮电大学,2008,10
[30]付艳华“SIM密宝”增值业务支撑系统的设计与实现[学位论文],北京邮电大学,2012,01