Key distribution method and system

摘要

The present invention discloses a key distribution method and system, and the method includes: a card issuer management platform generating initial keys of a supplementary security domain corresponding to an application provider, importing the initial keys and a Trust Point's public key for external authentication to the supplementary security domain, and sending the information of the supplementary security domain and the initial keys to the application provider management platform (202); the application provider management platform receiving the information of the supplementary security domain and the initial keys, and selecting the supplementary security domain of the smart card by a service terminal according to the information of the supplementary security domain and the initial keys (204); the application provider management platform generating a public key and a private key of the supplementary security domain as well as a certificate of the supplementary security domain, and encrypting the public key and the private key as well as the certificate of the supplementary security domain and then sending them to the supplementary security domain (206). Through the above processing, the security of the key distribution for the supplementary security domain can be improved.

主权项

1. A key distribution method, comprising:
a card issuer management platform generating initial keys of a supplementary security domain corresponding to an application provider, importing the initial keys and a root public key trusted for external authentication to the supplementary security domain, and sending information of the supplementary security domain and the initial keys to an application provider management platform; the application provider management platform receiving the information of the supplementary security domain and the initial keys, and selecting the supplementary security domain of an intelligent card by a service terminal according to the information of the supplementary security domain and the initial keys; the application provider management platform generating a public key and a private key of the supplementary security domain as well as a certificate of the supplementary security domain, and encrypting the public key and the private key as well as the certificate of the supplementary security domain and then sending them to the supplementary security domain, wherein the processing of the card issuer management platform generating initial keys comprises: the application provider management platform judging, through the service terminal, whether a supplementary security domain corresponding to the application provider exists in the intelligent card; if it is determined to be yes, the supplementary security domain of the application provider has existed in the intelligent card, and security domain creation and key distribution no longer being performed; if no, the application provider management platform creating, through the card issuer management platform, the supplementary security domain in the intelligent card, and the card issuer management platform generating the initial keys, wherein the processing of the application provider management platform creating the supplementary security domain in the intelligent card through the card issuer management platform comprises: the card issuer management platform communicating with the intelligent card through the application provider management platform, selecting an issuer security domain of the intelligent card and establishing a secure channel with the issuer security domain; the card issuer management platform informing, through the secure channel, the issuer security domain of creating the supplementary security domain corresponding to the application provider; the issuer security domain creating the supplementary security domain in the intelligent card.