[go: up one dir, main page]

CN108875396B - File operation method, USIM card, terminal and readable storage medium - Google Patents

File operation method, USIM card, terminal and readable storage medium Download PDF

Info

Publication number
CN108875396B
CN108875396B CN201810690814.0A CN201810690814A CN108875396B CN 108875396 B CN108875396 B CN 108875396B CN 201810690814 A CN201810690814 A CN 201810690814A CN 108875396 B CN108875396 B CN 108875396B
Authority
CN
China
Prior art keywords
file
access condition
content
terminal
usim card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810690814.0A
Other languages
Chinese (zh)
Other versions
CN108875396A (en
Inventor
刘煜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201810690814.0A priority Critical patent/CN108875396B/en
Publication of CN108875396A publication Critical patent/CN108875396A/en
Application granted granted Critical
Publication of CN108875396B publication Critical patent/CN108875396B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明提供的文件操作方法、USIM卡、终端及可读存储介质,通过接收终端发送的文件操作指令,文件操作指令包括目标文件标识和操作内容;当根据目标文件标识确定目标文件的操作权限为条件允许访问时,根据预设的访问条件文件中获取该目标文件的访问条件,生成并向终端返回包括目标文件的访问条件的响应消息;接收终端发送的文件操作结果指示,并在文件操作结果指示为允许操作时执行操作内容;其中,文件操作结果消息是终端根据访问条件和操作内容确定生成的。本发明通过增设条件允许访问的操作权限,从而有效扩展了终端与USIM之间的操作机制,在满足对USIM的文件的操作需求的同时也能更好避免了其带来的风险。

Figure 201810690814

In the file operation method, USIM card, terminal and readable storage medium provided by the present invention, by receiving the file operation instruction sent by the terminal, the file operation instruction includes the target file identifier and the operation content; when the operation authority of the target file is determined according to the target file identifier as When the access condition is allowed, the access condition of the target file is obtained according to the preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal; Indicates that the operation content is executed when the operation is allowed; wherein, the file operation result message is determined and generated by the terminal according to the access condition and the operation content. The present invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority that allows access by the conditions, and can better avoid the risks brought by it while satisfying the operation requirements of the USIM files.

Figure 201810690814

Description

File operation method, USIM card, terminal and readable storage medium
Technical Field
The present invention relates to data processing technologies, and in particular, to a file operating method, a USIM card, a terminal, and a readable storage medium.
Background
A Universal Subscriber Identity Module (USIM) card file system is an important component of a USIM card, and can be used to organize, store and operate all data in a memory of the USIM card, so as to conveniently and quickly search for files. Generally, a terminal interacts with a USIM file system to implement operations on files in a USIM card.
In the prior art, in order to guarantee the normal and necessary security of file data in a system USIM card, access control must be adopted for files, and therefore, the operation authority of a target file needs to be authenticated before a terminal operates the files.
However, the conventional operation authority can only authenticate the terminal identity, that is, the operation authority of the terminal is judged by using an authentication method such as a PIN code, so that the terminal is allowed or forbidden to operate files in the USIM card. However, such a file manipulation method cannot manipulate complex file access logic. For example, for a write operation of a certain file, data writing except for specific content is allowed, and the file access logic cannot be realized by adopting the existing file operation method. Therefore, a new file operation method is needed to extend the file access control mechanism.
Disclosure of Invention
In order to solve the problem that the file operation method in the prior art cannot realize the operation of complex file access logic, the invention provides a file operation method, a USIM card, a terminal and a readable storage medium.
In one aspect, the present invention provides a file operation method, including:
receiving a file operation instruction sent by a terminal, wherein the file operation instruction comprises a target file identifier and operation content;
when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, the access condition of the target file is obtained according to a preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal;
receiving a file operation result indication sent by a terminal, and executing the operation content when the file operation result indication is allowed to operate; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content.
In an alternative embodiment, the indication of the result of the file operation includes one of allowing the operation, disallowing the operation, and allowing the modified operation;
correspondingly, the file operation method further comprises the following steps:
when a file operation result indication sent by a terminal is received and the file operation result indication is that operation is not allowed, operation is not executed on a target file;
and when a file operation result indication sent by a terminal is received and the file operation result indication allows the operation after modification, executing the modified operation content carried in the file operation result indication, wherein the modified operation content is obtained by modifying the operation content by the terminal according to the access condition.
In one aspect, the present invention further provides a file operating method, including:
sending a file operation instruction to a USIM card, wherein the file operation instruction comprises a target file identifier and operation content;
receiving a response message returned by the USIM card, wherein the response message is generated by acquiring the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is a condition to allow access according to the target file identifier;
and judging whether the operation content meets the access condition, and sending a file operation result instruction for indicating permission of operation to the USIM card when the operation content meets the access condition so that the USIM card executes the operation content according to the file operation result instruction.
In an optional implementation manner, after the determining whether the operation content satisfies the access condition, the method further includes:
if the operation content does not meet the access condition, judging whether the operation content can be modified according to the access condition;
when the operation content can be modified, generating a file operation result indication for indicating that the modified operation is allowed, carrying the modified operation content in the file operation result indication, and sending the modified operation content to the USIM card so that the USIM card can execute the modified operation content according to the operation indication which is allowed to be modified in the file operation result indication;
and when the operation content cannot be modified, generating a file operation result instruction for indicating that the operation is not allowed, and sending the file operation result instruction to the USIM card so that the USIM card does not execute the operation on the target file according to the operation not allowed in the file operation result instruction.
In one aspect, the present invention provides a USIM card, including:
the first communication module is used for receiving a file operation instruction sent by a terminal, wherein the file operation instruction comprises a target file identifier and operation content;
the first processing module is used for acquiring the access condition of the target file according to a preset access condition file and generating and returning a response message including the access condition of the target file to the terminal when the operation authority of the target file is determined to be the condition allowing access according to the target file identification;
the first communication module is also used for receiving a file operation result indication sent by the terminal;
the first processing module is further configured to execute the operation content when the file operation result indicates that the operation is allowed; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content.
In an alternative embodiment, the indication of the result of the file operation includes one of allowing the operation, disallowing the operation, and allowing the modified operation;
correspondingly, the first processing module is specifically configured to:
when a file operation result indication sent by a terminal is received and the file operation result indication is that operation is not allowed, operation is not executed on a target file;
and when a file operation result indication sent by a terminal is received and the file operation result indication allows the operation after modification, executing the modified operation content carried in the file operation result indication, wherein the modified operation content is obtained by modifying the operation content by the terminal according to the access condition.
In one aspect, the present invention provides a terminal, including:
the second communication module is used for sending a file operation instruction to the USIM card, wherein the file operation instruction comprises a target file identifier and operation content; the USIM card is also used for receiving a response message returned by the USIM card, wherein the response message is generated by obtaining the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is the condition to allow access according to the target file identifier;
and the second processing module is used for judging whether the operation content meets the access condition or not, and sending a file operation result instruction for indicating permission of operation to the USIM card through the second communication module when the operation content meets the access condition so that the USIM card can execute the operation content according to the file operation result instruction.
In an optional implementation manner, after determining whether the operation content satisfies the access condition, the second processing module is further configured to:
if the operation content does not meet the access condition, judging whether the operation content can be modified according to the access condition;
when the operation content can be modified, generating a file operation result indication for indicating that the modified operation is allowed, carrying the modified operation content in the file operation result indication, and sending the modified operation content to the USIM card through the second communication module, so that the USIM card can execute the modified operation content according to the operation indication which is allowed to be modified in the file operation result indication;
and when the operation content cannot be modified, generating a file operation result instruction for indicating that the operation is not allowed, and sending the file operation result instruction to the USIM card through the second communication module, so that the USIM card does not execute the operation on the target file according to the operation not allowed in the file operation result instruction.
In one aspect, the present invention provides a USIM card, including: a memory, a processor, and a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method as previously described.
In one aspect, a terminal includes: a memory, a processor, and a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method as previously described.
In one aspect, a readable storage medium has stored thereon a computer program which is processed to be executed to implement the method as previously described.
In one aspect, a readable storage medium has stored thereon a computer program which is processed to be executed to implement the method as previously described.
According to the file operation method, the USIM card, the terminal and the readable storage medium, the file operation instruction sent by the terminal is received, and the file operation instruction comprises the target file identifier and the operation content; when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, the access condition of the target file is obtained according to a preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal; receiving a file operation result indication sent by a terminal, and executing the operation content when the file operation result indication is allowed to operate; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Drawings
Fig. 1 is a schematic flowchart of a file operating method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a file operating method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a USIM card according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a USIM card according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
The USIM file system is an important component of the USIM card, and can be used to organize, store and operate all data in the memory of the USIM card, thereby realizing convenient and fast file search. Generally, a terminal interacts with a USIM file system to implement operations on files in a USIM card, which include but are not limited to: creating files, selecting files, deleting files, reading and writing files and the like.
In the prior art, in order to guarantee the normal and necessary security of file data in a system USIM card, access control must be adopted for files, and therefore, the operation authority of a target file needs to be authenticated before a terminal operates the files. In particular, for common operations such as read, write update, activation, deactivation, etc., corresponding operation permissions, which are allowed, not allowed, permitted by PIN permission, and permitted by ADM permission, are generally set for each type of operation of each file.
However, the conventional operation authority can only authenticate the terminal identity, that is, the operation authority of the terminal is judged by using an authentication method such as a PIN code, so that the terminal is allowed or forbidden to operate files in the USIM card. However, such a file manipulation method cannot manipulate complex file access logic. For example, for a write operation of a certain file, data writing except for specific content is allowed, and the file access logic cannot be realized by adopting the existing file operation method. Therefore, a new file operation method is needed to extend the file access control mechanism.
In order to solve the problem that the file operation method in the prior art cannot realize the operation of complex file access logic, the invention provides a file operation method, a USIM card, a terminal and a readable storage medium.
Fig. 1 is a schematic flowchart of a file operating method according to an embodiment of the present invention.
As shown in fig. 1, the file operation method includes:
step 101, receiving a file operation instruction sent by a terminal, wherein the file operation instruction comprises a target file identifier and operation content.
And 102, when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, acquiring the access condition of the target file according to a preset access condition file, and generating and returning a response message including the access condition of the target file to the terminal.
And 103, receiving a file operation result indication sent by the terminal, and executing the operation content when the file operation result indication is permission to operate.
Wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content.
It should be noted that the execution main body of the file operation method provided by the present invention may be specifically a USIM card, and the USIM card may be used to store user identity information and personal data, ensure security of accessing a mobile network service, and may utilize necessary functions and data. The USIM card can be connected with the terminal in a mode of being inserted into a card slot of the terminal and performs data interaction.
In this embodiment, the terminal transmits a file operation command to the USIM card under the control of the user, and it is known that the file operation command includes the identification of the target file to be operated and the operation content of the current operation. And when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, acquiring the access condition of the target file according to a preset access condition file, and generating and returning a response message including the access condition of the target file to the terminal.
Specifically, each file stored in the USIM card is distinguished by different file identifiers, and when the USIM card receives a file operation instruction sent by a terminal, it can find the target file of the operation through the target file identifier. The operation content records the operation type and/or operation command of the current operation, where the operation type includes, but is not limited to, the aforementioned read, write, update, activate, deactivate, etc., and the operation command may be, for example, an update command in an update operation, etc.
Meanwhile, the USIM card is also stored with operation authorities corresponding to the files in an associated manner, and on the basis of the existing permission, non-permission, PIN authority permission and ADM authority permission, a new type of operation authority, namely conditional permission access, is added in the USIM card, wherein the operation authority is used for indicating that the USIM card is only operated. After the USIM card learns the operation authority of the target file according to the target file identifier, when the operation authority of the target file is currently allowed, disallowed, allowed by the PIN authority and allowed by the ADM authority, the USIM card operates the target file according to the current operation mode, which is not limited in the present invention. And when the USIM card knows that the operation authority of the target file is the condition to allow access, the USIM card calls a preset access condition file, acquires the access condition of the target file and generates a response message comprising the access condition, which is different from the prior art. The access condition file is preset, and includes access conditions corresponding to each target file, where the access conditions include, but are not limited to, the byte length of the operation command, the description content of each byte of the operation command, and the like.
And after the USIM card generates a response message, the USIM card returns the response message to the terminal, and at the moment, the terminal judges the operation content according to the response message and generates a corresponding file operation result instruction. Specifically, the terminal may determine whether the operation content satisfies the access condition according to the access condition in the received response message, and obtain one of file operation result indications of allowing the operation, disallowing the operation, and allowing the modified operation. And then, the terminal sends the obtained file operation result indication to the USIM card so that the USIM card can execute operation content corresponding to the file operation result indication. Further, when the file operation result sent by the USIM card receiving terminal indicates that the operation is allowed, it will execute the received operation content; when the file operation result sent by the USIM card receiving terminal indicates that the operation is not allowed, the operation is not executed on the target file; and when the file operation result indication sent by the USIM card receiving terminal allows the operation after modification, executing the operation content after modification carried in the file operation result indication, wherein the operation content after modification is obtained by modifying the operation content by the terminal according to the access condition.
According to the file operation method provided by the embodiment of the invention, a file operation instruction sent by a terminal is received, wherein the file operation instruction comprises a target file identifier and operation content; when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, the access condition of the target file is obtained according to a preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal; receiving a file operation result indication sent by a terminal, and executing the operation content when the file operation result indication is allowed to operate; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Fig. 2 is a flowchart illustrating a file operating method according to a second embodiment of the present invention.
As shown in fig. 2, the file operation method includes:
step 201, sending a file operation instruction to a USIM card, wherein the file operation instruction comprises a target file identifier and operation content;
step 202, receiving a response message returned by the USIM card, where the response message is generated by obtaining an access condition of a target file from a preset access condition file when the USIM card determines that the operation authority of the target file is a condition to allow access according to the target file identifier;
step 203, determining whether the operation content meets the access condition, and sending a file operation result instruction for instructing permission of operation to the USIM card when the operation content meets the access condition, so that the USIM card executes the operation content according to the file operation result instruction.
It should be noted that the executing main body of the file operating method provided by the present invention may specifically be a terminal, and a USIM card capable of performing data interaction with the terminal may be arranged in the terminal, and the USIM card may be used to store user identity information and personal data, ensure the security of accessing a mobile network service, and may utilize necessary functions and data. Meanwhile, the terminal performs related file operation on the file in the USIM card.
In this embodiment, the terminal transmits a file operation command to the USIM card under the control of the user, and it is known that the file operation command includes the identification of the target file to be operated and the operation content of the current operation. And then, the terminal receives a response message returned by the USIM card, wherein the response message is generated by acquiring the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is the condition allowing access according to the target file identifier.
Specifically, the terminal may send different file operation instructions to the USIM card under the control of the user, where the file operation instructions need to include a target file identifier and operation content of the current operation. The files are stored in the USIM card and are distinguished by the file identifiers, so that when the USIM card receives a file operation instruction sent by a terminal, the USIM card can find the target file of the operation through the target file identifier. The operation content records the operation type and/or operation command of the current operation, where the operation type includes, but is not limited to, the aforementioned read, write, update, activate, deactivate, etc., and the operation command may be, for example, an update command in an update operation, etc. Meanwhile, the USIM card is also stored with operation authorities corresponding to the files in an associated manner, and on the basis of the existing permission, non-permission, PIN authority permission and ADM authority permission, a new type of operation authority, namely conditional permission access, is added. After the USIM card learns the operation authority of the target file according to the target file identifier, when the operation authority of the target file is currently allowed, disallowed, allowed by the PIN authority and allowed by the ADM authority, the USIM card operates the target file according to the current operation mode, which is not limited in the present invention. And when the USIM card knows that the operation authority of the target file is the condition to allow access, the USIM card calls a preset access condition file, acquires the access condition of the target file and generates a response message comprising the access condition, which is different from the prior art. The access condition file is preset, and includes access conditions corresponding to each target file, where the access conditions include, but are not limited to, the byte length of the operation command, the description content of each byte of the operation command, and the like.
And then, after the USIM card generates a response message, the terminal receives the response message returned by the USIM card, and at the moment, the terminal judges the operation content according to the response message and generates a corresponding file operation result instruction. Specifically, the terminal may determine whether the operation content satisfies the access condition according to the access condition in the received response message, and obtain one of a file operation result indication of allowing the operation, disallowing the operation, and allowing the modified operation, and then the terminal sends the obtained file operation result indication to the USIM card, so that the USIM card executes the operation content corresponding to the file operation result indication.
Further, after the terminal determines whether the operation content meets the access condition, when the terminal determines that the operation content meets the access condition, the terminal sends a file operation result indication for indicating permission of operation to the USIM card, so that the USIM card executes the received operation content according to the file operation result indication. Correspondingly, when the terminal determines that the operation content does not meet the access condition, whether the operation content can be modified according to the access condition is judged, and when the operation content cannot be modified, the terminal generates a file operation result indication for indicating that the operation is not allowed and sends the file operation result indication to the USIM card so that the USIM card does not execute the operation on the target file according to the operation which is not allowed in the file operation result indication; and when the operation content is determined to be modified, the terminal generates a file operation result indication for indicating that the modified operation is allowed, and sends the modified operation content and the file operation result indication to the USIM card together, so that the USIM card executes the modified operation content according to the operation indication allowing the modification in the file operation result indication.
It should be noted that, in the present application, the sending and receiving of the file operation result indication are realized by an event download command.
In the file operation method provided by the second embodiment of the present invention, a file operation instruction is sent to the USIM card, where the file operation instruction includes a target file identifier and operation content; receiving a response message returned by the USIM card, wherein the response message is generated by acquiring the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is a condition to allow access according to the target file identifier; and judging whether the operation content meets the access condition, and sending a file operation result instruction for indicating permission of operation to the USIM card when the operation content meets the access condition so that the USIM card executes the operation content according to the file operation result instruction. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Fig. 3 is a schematic structural diagram of a USIM card according to a third embodiment of the present invention, and as shown in fig. 3, the USIM card includes:
the first communication module 10 is configured to receive a file operation instruction sent by a terminal, where the file operation instruction includes a target file identifier and operation content;
a first processing module 11, configured to, when it is determined that the operation permission of the target file is conditional access permission according to the target file identifier, obtain an access condition of the target file according to a preset access condition file, and generate and return a response message including the access condition of the target file to the terminal;
the first communication module 10 is further configured to receive a file operation result indication sent by the terminal;
the first processing module 11 is further configured to execute the operation content when the file operation result indicates that the operation is allowed; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content.
In an alternative embodiment, the file operation result indication is one of an indication of allowing operation, disallowing operation, and allowing modified operation;
correspondingly, the first processing module 10 is specifically configured to:
if the file operation result indicates that the operation is allowed, executing the operation content;
if the file operation result indicates that the operation is not allowed, the operation is not executed on the target file;
and if the file operation result indicates that the modified operation is allowed, executing the modified operation content carried in the file operation result indication, wherein the modified operation content is obtained by modifying the operation content by the terminal according to the access condition.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and corresponding beneficial effects of the system described above may refer to the corresponding process in the foregoing method embodiments, and are not described herein again.
According to the USIM card provided by the third embodiment of the invention, a file operation instruction sent by a terminal is received, wherein the file operation instruction comprises a target file identifier and operation content; when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, the access condition of the target file is obtained according to a preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal; receiving a file operation result indication sent by a terminal, and executing the operation content when the file operation result indication is allowed to operate; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Fig. 4 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention. As shown in fig. 4, the terminal includes:
the second communication module 20 is configured to send a file operation instruction to the USIM card, where the file operation instruction includes a target file identifier and operation content; the USIM card is also used for receiving a response message returned by the USIM card, wherein the response message is generated by obtaining the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is the condition to allow access according to the target file identifier;
the second processing module 21 is configured to determine whether the operation content meets the access condition, and send a file operation result indication used for indicating that an operation is allowed to be performed to the USIM card through the second communication module when the operation content meets the access condition, so that the USIM card executes the operation content according to the file operation result indication.
In an optional implementation manner, after determining whether the operation content satisfies the access condition, the second processing module 21 is further configured to:
if the operation content does not meet the access condition, judging whether the operation content can be modified according to the access condition;
when the operation content can be modified, generating a file operation result indication for indicating that the modified operation is allowed, and carrying the modified operation content in the file operation result indication and sending the modified operation content to the USIM card through the second communication module 20, so that the USIM card executes the modified operation content according to the operation indication allowing the modification in the file operation result indication;
when the operation content cannot be modified, a file operation result indication for indicating that the operation is not allowed is generated and sent to the USIM card through the second communication module 20, so that the USIM card does not execute the operation on the target file according to the operation not allowed in the file operation result indication.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and corresponding beneficial effects of the system described above may refer to the corresponding process in the foregoing method embodiments, and are not described herein again.
In the terminal provided by the fourth embodiment of the present invention, a file operation instruction is sent to the USIM card, where the file operation instruction includes a target file identifier and operation content; receiving a response message returned by the USIM card, wherein the response message is generated by acquiring the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is a condition to allow access according to the target file identifier; and judging whether the operation content meets the access condition, and sending a file operation result instruction for indicating permission of operation to the USIM card when the operation content meets the access condition so that the USIM card executes the operation content according to the file operation result instruction. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Fig. 5 is a schematic structural diagram of a USIM card according to a fifth embodiment of the present invention. As shown in fig. 5, the USIM card includes:
a memory 51, a processor 52 and a computer program stored on the memory 51 and executable on the processor 52, wherein the processor 52 executes the method of the first embodiment when executing the computer program.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and corresponding beneficial effects of the system described above may refer to the corresponding process in the foregoing method embodiments, and are not described herein again.
According to the USIM card provided by the fifth embodiment of the invention, the file operation instruction sent by the terminal is received, and the file operation instruction comprises the target file identifier and the operation content; when the operation authority of the target file is determined to be the condition allowing access according to the target file identification, the access condition of the target file is obtained according to a preset access condition file, and a response message including the access condition of the target file is generated and returned to the terminal; receiving a file operation result indication sent by a terminal, and executing the operation content when the file operation result indication is allowed to operate; wherein the file operation result message is determined and generated by the terminal according to the access condition and the operation content. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Fig. 6 is a schematic structural diagram of a terminal according to a sixth embodiment of the present invention. As shown in fig. 6, the terminal includes:
a memory 61, a processor 62 and a computer program stored on the memory 61 and executable on the processor 62, the processor 62 executing the method of the second embodiment when executing the computer program.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and corresponding beneficial effects of the system described above may refer to the corresponding process in the foregoing method embodiments, and are not described herein again.
According to the terminal provided by the sixth embodiment of the invention, a file operation instruction is sent to the USIM card, and the file operation instruction comprises a target file identifier and operation content; receiving a response message returned by the USIM card, wherein the response message is generated by acquiring the access condition of the target file from a preset access condition file when the USIM card determines that the operation authority of the target file is a condition to allow access according to the target file identifier; and judging whether the operation content meets the access condition, and sending a file operation result instruction for indicating permission of operation to the USIM card when the operation content meets the access condition so that the USIM card executes the operation content according to the file operation result instruction. Particularly aiming at the problems that the access control of the current terminal to the USIM file is simpler and the more complex operation requirements cannot be realized, the invention effectively expands the operation mechanism between the terminal and the USIM by adding the operation authority allowing the access according to the condition, and can better avoid the risks brought by the operation requirement of the USIM file while meeting the operation requirement.
Finally, the present invention also provides a readable storage medium, which includes a computer program stored thereon, and the computer program is processed and executed to implement the method of the first embodiment.
The invention also provides a readable storage medium comprising a computer program stored thereon, the computer program being processed and executed to implement the method of embodiment two.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1.一种文件操作方法,其特征在于,包括:1. a file operation method, is characterized in that, comprises: 接收终端发送的文件操作指令,所述文件操作指令包括目标文件标识和操作内容;receiving a file operation instruction sent by the terminal, where the file operation instruction includes a target file identifier and operation content; 当根据所述目标文件标识确定目标文件的操作权限为条件允许访问时,根据预设的访问条件文件中获取该目标文件的访问条件,生成并向所述终端返回包括所述目标文件的访问条件的响应消息,所述访问条件包括操作命令的字节长度、操作命令的每个字节的描述内容;When it is determined according to the target file identifier that the operation authority of the target file is the condition allowing access, the access condition of the target file is obtained according to the preset access condition file, and the access condition including the target file is generated and returned to the terminal. The response message, the access condition includes the byte length of the operation command, the description content of each byte of the operation command; 接收终端发送的文件操作结果指示,并在所述文件操作结果指示为允许操作时执行所述操作内容;其中,所述文件操作结果指示是所述终端根据访问条件和所述操作内容确定生成的;Receive the file operation result indication sent by the terminal, and execute the operation content when the file operation result indication is to allow the operation; wherein, the file operation result indication is determined and generated by the terminal according to the access condition and the operation content ; 根据预设的访问条件文件中获取所述目标文件的访问条件,所述访问条件是根据操作内容确定的;Obtain the access condition of the target file according to the preset access condition file, and the access condition is determined according to the operation content; 所述文件操作结果指示包括允许操作、不允许操作和允许修改后操作其中的一种;The file operation result indication includes one of permitted operation, not permitted operation and permitted modified operation; 相应的,所述文件操作方法,还包括:Correspondingly, the file operation method further includes: 在接收终端发送的文件操作结果指示,且所述文件操作结果指示为不允许操作时,不对目标文件执行操作;When receiving the file operation result indication sent by the terminal, and the file operation result indication is that the operation is not allowed, do not perform the operation on the target file; 在接收终端发送的文件操作结果指示,且所述文件操作结果指示为允许修改后操作时,执行携带在所述文件操作结果指示中的修改后的操作内容,所述修改后操作内容是所述终端根据所述访问条件对所述操作内容修改获得的。When the file operation result indication sent by the terminal is received, and the file operation result indicates that the modified operation is allowed, execute the modified operation content carried in the file operation result indication, and the modified operation content is the obtained by the terminal modifying the operation content according to the access condition. 2.一种文件操作方法其特征在于,包括:2. a file operation method is characterized in that, comprises: 向USIM卡发送文件操作指令,所述文件操作指令包括目标文件标识和操作内容;Send a file operation instruction to the USIM card, where the file operation instruction includes a target file identifier and operation content; 接收所述USIM卡返回的响应消息,所述响应消息是所述USIM卡在根据所述目标文件标识确定目标文件的操作权限为条件允许访问时,根据预设的访问条件文件中获取该目标文件的访问条件生成的,所述访问条件包括操作命令的字节长度、操作命令的每个字节的描述内容;Receive a response message returned by the USIM card, where the response message is that the USIM card obtains the target file according to a preset access condition file when the operating authority of the target file is determined according to the target file identifier as conditional permission to access The access condition is generated, and the access condition includes the byte length of the operation command, the description content of each byte of the operation command; 判断所述操作内容是否满足所述访问条件,并在所述操作内容满足所述访问条件时,向所述USIM卡发送用于指示允许操作的文件操作结果指示,以供所述USIM卡根据所述文件操作结果指示执行所述操作内容;Determine whether the operation content satisfies the access condition, and when the operation content satisfies the access condition, send to the USIM card a file operation result indication for instructing the permitted operation, so that the USIM card can perform the operation according to the access condition. The operation result of the description file indicates the execution of the operation content; 根据预设的访问条件文件中获取所述目标文件的访问条件,所述访问条件是根据操作内容确定的;Obtain the access condition of the target file according to the preset access condition file, and the access condition is determined according to the operation content; 所述判断所述操作内容是否满足所述访问条件之后还包括:After the judging whether the operation content satisfies the access condition, the method further includes: 若所述操作内容不满足所述访问条件,则判断是否能够根据所述访问条件对所述操作内容进行修改;If the operation content does not meet the access condition, determine whether the operation content can be modified according to the access condition; 当能对所述操作内容进行修改时,生成用于指示允许修改后操作的文件操作结果指示,并将修改后的操作内容携带在所述文件操作结果指示中发送至所述USIM卡,以供所述USIM卡根据所述文件操作结果指示中的允许修改后操作指示执行所述修改后的操作内容;When the operation content can be modified, a file operation result indication for indicating that the modified operation is allowed is generated, and the modified operation content is carried in the file operation result indication and sent to the USIM card for use in the USIM card. The USIM card executes the modified operation content according to the allowed modified operation instruction in the file operation result instruction; 当不能对所述操作内容进行修改时,生成用于指示不允许操作的文件操作结果指示并发送至所述USIM卡,以供所述USIM卡根据所述文件操作结果指示中的不允许操作,不对目标文件执行操作。When the content of the operation cannot be modified, a file operation result instruction indicating that the operation is not allowed is generated and sent to the USIM card, so that the USIM card can perform the unallowable operation according to the file operation result instruction, No operation is performed on the object file. 3.一种USIM卡,其特征在于,包括:3. a USIM card, is characterized in that, comprises: 第一通信模块,用于接收终端发送的文件操作指令,所述文件操作指令包括目标文件标识和操作内容;a first communication module, configured to receive a file operation instruction sent by the terminal, where the file operation instruction includes a target file identifier and operation content; 第一处理模块,用于当根据所述目标文件标识确定目标文件的操作权限为条件允许访问时,根据预设的访问条件文件中获取该目标文件的访问条件,生成并向所述终端返回包括所述目标文件的访问条件的响应消息,所述访问条件包括操作命令的字节长度、操作命令的每个字节的描述内容;The first processing module is configured to obtain the access condition of the target file according to the preset access condition file when it is determined according to the target file identifier that the operation authority of the target file is a condition allowing access, and generate and return to the terminal including The response message of the access condition of the target file, the access condition includes the byte length of the operation command, the description content of each byte of the operation command; 第一通信模块,还用于接收终端发送的文件操作结果指示;The first communication module is further configured to receive the file operation result indication sent by the terminal; 所述第一处理模块,还用于在所述文件操作结果指示为允许操作时执行所述操作内容;其中,所述文件操作结果指示是所述终端根据访问条件和所述操作内容确定生成的;The first processing module is further configured to execute the operation content when the file operation result indicates that the operation is allowed; wherein, the file operation result indication is determined and generated by the terminal according to the access condition and the operation content ; 根据预设的访问条件文件中获取所述目标文件的访问条件,所述访问条件是根据操作内容确定的;Obtain the access condition of the target file according to the preset access condition file, and the access condition is determined according to the operation content; 所述文件操作结果指示包括允许操作、不允许操作和允许修改后操作其中的一种;The file operation result indication includes one of allowed operation, disallowed operation and allowed modified operation; 相应的,第一处理模块具体用于:Correspondingly, the first processing module is specifically used for: 在接收终端发送的文件操作结果指示,且所述文件操作结果指示为不允许操作时,不对目标文件执行操作;When receiving the file operation result indication sent by the terminal, and the file operation result indication is that the operation is not allowed, do not perform the operation on the target file; 在接收终端发送的文件操作结果指示,且所述文件操作结果指示为允许修改后操作时,执行携带在所述文件操作结果指示中的修改后的操作内容,所述修改后操作内容是所述终端根据所述访问条件对所述操作内容修改获得的。When the file operation result indication sent by the terminal is received, and the file operation result indicates that the modified operation is allowed, execute the modified operation content carried in the file operation result indication, and the modified operation content is the obtained by the terminal modifying the operation content according to the access condition. 4.一种终端,其特征在于,包括:4. A terminal, characterized in that, comprising: 第二通信模块,用于向USIM卡发送文件操作指令,所述文件操作指令包括目标文件标识和操作内容;还用于接收所述USIM卡返回的响应消息,所述响应消息是所述USIM卡在根据所述目标文件标识确定目标文件的操作权限为条件允许访问时,根据预设的访问条件文件中获取该目标文件的访问条件生成的,所述访问条件包括操作命令的字节长度、操作命令的每个字节的描述内容;The second communication module is configured to send a file operation instruction to the USIM card, where the file operation instruction includes a target file identifier and operation content; and is further configured to receive a response message returned by the USIM card, where the response message is the USIM card When it is determined according to the target file identifier that the operation authority of the target file is conditional access, it is generated according to the access condition obtained from the preset access condition file, and the access condition includes the byte length of the operation command, the operation The description content of each byte of the command; 第二处理模块,用于判断所述操作内容是否满足所述访问条件,并在所述操作内容满足所述访问条件时,通过所述第二通信模块向所述USIM卡发送用于指示允许操作的文件操作结果指示,以供所述USIM卡根据所述文件操作结果指示执行所述操作内容;A second processing module, configured to judge whether the operation content satisfies the access condition, and when the operation content satisfies the access condition, send an instruction to allow the operation to the USIM card through the second communication module The file operation result indication, for the USIM card to perform the operation content according to the file operation result indication; 根据预设的访问条件文件中获取所述目标文件的访问条件,所述访问条件是根据操作内容确定的;Obtain the access condition of the target file according to the preset access condition file, and the access condition is determined according to the operation content; 所述第二处理模块在判断所述操作内容是否满足所述访问条件之后还用于:After judging whether the operation content satisfies the access condition, the second processing module is further configured to: 若所述操作内容不满足所述访问条件,则判断是否能够根据所述访问条件对所述操作内容进行修改;If the operation content does not meet the access condition, determine whether the operation content can be modified according to the access condition; 当能对所述操作内容进行修改时,生成用于指示允许修改后操作的文件操作结果指示,并将修改后的操作内容携带在所述文件操作结果指示中通过所述第二通信模块发送至所述USIM卡,以供所述USIM卡根据所述文件操作结果指示中的允许修改后操作指示执行所述修改后的操作内容;When the operation content can be modified, a file operation result indication indicating that the modified operation is allowed is generated, and the modified operation content is carried in the file operation result indication and sent to the file via the second communication module. The USIM card, for the USIM card to execute the modified operation content according to the operation instruction after allowing modification in the file operation result instruction; 当不能对所述操作内容进行修改时,生成用于指示不允许操作的文件操作结果指示并通过所述第二通信模块发送至所述USIM卡,以供所述USIM卡根据所述文件操作结果指示中的不允许操作,不对目标文件执行操作。When the operation content cannot be modified, a file operation result indication indicating that the operation is not allowed is generated and sent to the USIM card through the second communication module, so that the USIM card can use the file operation result according to the file operation result. The operation is not allowed in the instruction, and no operation is performed on the target file. 5.一种USIM卡,其特征在于,包括:存储器、处理器以及计算机程序;5. A USIM card, comprising: a memory, a processor and a computer program; 其中,所述计算机程序存储在所述存储器中,并被配置为由所述处理器执行以实现如权利要求1所述的方法。wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method of claim 1 . 6.一种终端,其特征在于,包括:存储器、处理器以及计算机程序;6. A terminal, comprising: a memory, a processor and a computer program; 其中,所述计算机程序存储在所述存储器中,并被配置为由所述处理器执行以实现如权利要求2所述的方法。wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method of claim 2. 7.一种可读存储介质,其特征在于,其上存储有计算机程序,所述计算机程序被处理执行以实现如权利要求1所述的方法。7 . A readable storage medium, characterized in that a computer program is stored thereon, and the computer program is processed and executed to implement the method according to claim 1 . 8.一种可读存储介质,其特征在于,其上存储有计算机程序,所述计算机程序被处理执行以实现如权利要求2所述的方法。8. A readable storage medium, characterized in that a computer program is stored thereon, and the computer program is processed and executed to implement the method according to claim 2.
CN201810690814.0A 2018-06-28 2018-06-28 File operation method, USIM card, terminal and readable storage medium Active CN108875396B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810690814.0A CN108875396B (en) 2018-06-28 2018-06-28 File operation method, USIM card, terminal and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810690814.0A CN108875396B (en) 2018-06-28 2018-06-28 File operation method, USIM card, terminal and readable storage medium

Publications (2)

Publication Number Publication Date
CN108875396A CN108875396A (en) 2018-11-23
CN108875396B true CN108875396B (en) 2022-02-15

Family

ID=64296535

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810690814.0A Active CN108875396B (en) 2018-06-28 2018-06-28 File operation method, USIM card, terminal and readable storage medium

Country Status (1)

Country Link
CN (1) CN108875396B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113918835B (en) * 2020-07-09 2025-09-09 Tcl科技集团股份有限公司 Item reminding method, system, terminal equipment and storage medium
CN113242543B (en) * 2021-05-14 2023-06-23 中国联合网络通信集团有限公司 USIM-based application control method, USIM, terminal and medium
CN113505090B (en) * 2021-06-22 2023-09-01 中国联合网络通信集团有限公司 Access control method and access control device
CN113449327B (en) * 2021-08-31 2022-02-22 统信软件技术有限公司 File access control system and method and computing device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039480A (en) * 2007-04-11 2007-09-19 重庆重邮信科(集团)股份有限公司 Method for accessing quickly USIM card basic document of user terminal
CN101583204A (en) * 2009-06-03 2009-11-18 中兴通讯股份有限公司 Method and system for realizing managing universal combined circuit card multiple application files
CN104144405A (en) * 2013-05-10 2014-11-12 中国电信股份有限公司 Remote user card file managing method and system
US8965925B2 (en) * 2007-11-13 2015-02-24 International Business Machines Corporation Access controls

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156841A (en) * 2011-04-08 2011-08-17 中国电子技术标准化研究所 Access control method for file in active electronic tag

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039480A (en) * 2007-04-11 2007-09-19 重庆重邮信科(集团)股份有限公司 Method for accessing quickly USIM card basic document of user terminal
US8965925B2 (en) * 2007-11-13 2015-02-24 International Business Machines Corporation Access controls
CN101583204A (en) * 2009-06-03 2009-11-18 中兴通讯股份有限公司 Method and system for realizing managing universal combined circuit card multiple application files
CN104144405A (en) * 2013-05-10 2014-11-12 中国电信股份有限公司 Remote user card file managing method and system

Also Published As

Publication number Publication date
CN108875396A (en) 2018-11-23

Similar Documents

Publication Publication Date Title
CN108875396B (en) File operation method, USIM card, terminal and readable storage medium
KR102107277B1 (en) System and method for anti-fishing or anti-ransomware application
US10645568B2 (en) Carrier configuration processing method, device and system, and computer storage medium
US20160044498A1 (en) Host device coupled to a mobile phone and method of operating the same
US20150302185A1 (en) Method and apparatus for account intercommunication among apps
CN103455349B (en) Method and device for application program to access smart card
KR102036411B1 (en) Securing of the loading of data into a nonvolatile memory of a secure element
TW201447759A (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
CN117113412A (en) Controlling access to application data
CN110602216A (en) Method and device for using single account by multiple terminals, cloud server and storage medium
US9430638B2 (en) Authentication method, authentication apparatus and authentication device
KR20180019494A (en) A primary device, an accessory device, and methods for processing operations on the primary device and the accessory device
JP6923582B2 (en) Information processing equipment, information processing methods, and programs
KR20140045571A (en) Binding a removable module to an access terminal
CN106484796B (en) File management method, file management device and mobile terminal
CN109195157B (en) Application management method, device and terminal
US9607176B2 (en) Secure copy and paste of mobile app data
CN109977692B (en) Data processing method and device, storage medium and electronic equipment
CN114580005B (en) Data access method, computer device and readable storage medium
US9363290B2 (en) Access control information generating system
WO2025082483A1 (en) Data encryption method, data decryption method, data encryption and decryption system, electronic device, and medium
CN107305608A (en) The management method and device of terminal device
US10531296B2 (en) Method for loading a subscription into an embedded security element of a mobile terminal
CN105825247B (en) A kind of card reader and data transmission method
US20220216987A1 (en) Device and method for managing shared digital key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant