In the related art, Near Field Communication (NFC) is a short-distance wireless communication technology working in 13.56 MHz, evolving from convergence of Radio Frequency Identification (RFID) technology and interconnection technology. A mobile communication terminal such as a mobile phone can achieve the simulation of non-contact IC card by integrating NFC technology for the applications to the field related to electronic payment. Further, the realization of the solution on a mobile communication terminal requires addition of NFC analog front-end chip and NFC antenna on the terminal, and use of smart card which supports electronic payment.
With development of more than ten years, IC card, especially a non-contact IC card, has been widely used in the fields such as public transport, access control, and electronic micropayment. Meanwhile, after rapid development of more than twenty years, mobile phones are popularized, and bring forth great convenience to people's work and life. Thus, equipping mobile phones with the non-contact IC card technology and using mobile phones in the electronic payment field will expand the application field of mobile phones, and brings more convenience to people's life. Thus, the prospect of the application of mobile phones is very promising.
In the related art, in order to achieve mobile electronic payment based on the NFC technology, it is required to establish a mobile terminal electronic payment system, and to realize management on mobile terminal electronic payment through the system, wherein the mobile terminal electronic payment system includes: issuance of a smart card, download, installation, and individuation of electronic payment application, and use of related art and management strategies to achieve the security of electronic payment.
Security domains are representatives of off-card entities including card issuers and application providers on a card, and include cryptographic keys supporting operation of Secure Channel Protocol and card content management. The security domains are responsible for their own key management, which ensures the coexistence of application and data from different application providers on the same card. When a key of a security domain uses non-symmetric key system, the keys and the certificate in the security domain need to include: a public key and a private key of the security domain, a certificate of the security domain, and a Trust Point's public key for verifying certificates of off-card entities.
The security domain of an application provider on the smart card is a supplementary security domain. Before the electronic payment application of the application provider is downloaded to be installed to a smart card, it is required to firstly use an issuer security domain of the smart card owned by a card issuer to create a supplementary security domain of the application provider, and then set a key for the supplementary security domain.
Since the key of a security domain is confidential data, reliable and safe methods and technologies need to be used to import the related key and certificate into a supplementary security domain, to achieve safe distribution of key in the supplementary security domain, wherein, the establishment of the supplementary security domain needs to be established by a issuer security domain of a smart card with an instruction from a card issuer management platform, and after the supplementary security domain has been created, the initial keys of the supplementary security domain can be set and distributed by the card issuer management platform.
After the supplementary security domain has been created, the card issuer management platform can inform a application provider management platform of generating a public/private key pair and a certificate of the supplementary security domain; and after the application provider management platform generates the public/private key pair and the certificate of the supplementary security domain, the card issuer management platform transmits the public/private key pair and the certificate of the supplementary security domain to the supplementary security domain through the issuer security domain of the smart card, thereby, the key distribution of the supplementary security domain is completed.
In these circumstances, the card issuer management platform can obtain the transmitted key data of the security domain when it is in charge of the transmission of the key data, and may perform operations on the supplementary security domain using the obtained key, which will threat the security of electronic payment application of the application provider. Therefore, there is an urgent need for a technical solution to solve the problem of insecurity in key distribution of the supplementary security domain.