摘要 |
<p>This invention discloses a key distribution method and system. The method includes: notifying, by an application provider management platform, a supplementary security domain of an application provider that is set on a smart card and corresponds to the application provider management platform to generate a public/private key pair including a public cryptographic key and a private cryptographic key; receiving, by the application provider management platform, the public cryptographic key from the supplementary security domain of the application provider that has been encrypted by the public key of the application provider obtained in advance and has been signed by a Controlling Authority Security Domain (CASD) on the smart card through a card issuer management platform; authenticating, by the application provider management platform, a signature and using the private key of the application provider to perform decryption to obtain the public cryptographic key; and sending, by the application provider management platform, a trust point's public key used for external authentication and a certificate of the supplementary security domain of the application provider to the supplementary security domain of the application provider after the trust point's public key and the certificate have been encrypted by the public cryptographic key of the supplementary security domain of the application provider and the encrypted data have been signed by the private key of the application provider, to complete distribution of a key of the supplementary security domain.</p> |