CN103259654A - Intelligent card management system based on satellite communication service - Google Patents
Intelligent card management system based on satellite communication service Download PDFInfo
- Publication number
- CN103259654A CN103259654A CN2012101393244A CN201210139324A CN103259654A CN 103259654 A CN103259654 A CN 103259654A CN 2012101393244 A CN2012101393244 A CN 2012101393244A CN 201210139324 A CN201210139324 A CN 201210139324A CN 103259654 A CN103259654 A CN 103259654A
- Authority
- CN
- China
- Prior art keywords
- smart card
- user
- satellite
- rdss
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an intelligent card management system based on a satellite communication service and belongs to the technical field of satellite communication services. The intelligent card management system comprises a subscriber machine, an intelligent card and a card control system, wherein the intelligent card is arranged in the subscriber machine, the intelligent card is provided with a radio determination satellite service (RDSS) system authentication program and an RDSS authentication key and completes decryption processing of a radio navigation satellite system (RNSS) navigation text enhancing information and generating of an RDSS authentication code, the card control system is installed on a personal computer (PC) and comprises a client side program and a read-write card device, and the card control system provides safety access to the intelligent card for a user and conducts refrigeration, updating and application through the internet. The intelligent card management system can conduct effective protecting of user information safety on user identity and avoids loss of satellite communication resources through management of the intelligent card and the card control system.
Description
Technical field
The invention belongs to the satellite communications services technical field, relate in particular to a kind of smart card management system based on the satellite communication business.
Background technology
NAVSTAR is occupied important position in the development of the national economy, be important component part and the propelling strength that IT application in the national economy is built, being the important foundation facility of building national information systems, is the guardian technique support system that is directly connected to national security and economic development.Satellite navigation (GNSS) application industry that with GPS is representative progressively becomes a global new high-tech industry.
Become the main business of satellite communication towards the satellite communications services of civilian users.Existing satelline radio-navigation systems RNSS textual information and satellite radio detection service RDSS(Radio Determination Satellite Service, the satellite radio detection service) processing mode of authentication code, the satellite side is encrypted radio navigation system RNSS textual information often, then the radio navigation system RNSS textual information of encrypting is sent to subscriber computer, carry out authentication by subscriber computer by the RDSS authentication code again, be decrypted by the radio navigation system RNSS textual information to encryption according to the mode with the satellite agreement.
Though adopt the public key cryptography system between satellite side and the subscriber computer, still there are some problems in fail safe.At first, the irrelevant probability that causes key to be broken of key and timeliness increases greatly; Secondly, whether subscriber computer is legal can't confirm, causes malicious user might use satellite service.At the problem that present satelline radio-navigation systems RNSS textual information processing mode exists, the present invention proposes a kind of smart card management system based on the satellite communication business.
Summary of the invention
The objective of the invention is to, a kind of smart card management system based on the satellite communication business is provided, be used for solving the problem that present satelline radio-navigation systems RNSS textual information processing mode exists.
Technical scheme of the present invention is that a kind of smart card management system based on the satellite communication business is characterized in that this system comprises subscriber computer, smart card and control system;
Described smart card places in the subscriber computer, and smart card is equipped with RDSS system authentication program and RDSS authenticate key, finishes the RNSS navigation message and strengthens the decryption processing of information and the generation of RDSS authentication code;
Described control system is installed on the PC, comprises client-side program and read-write card equipment, registers, upgrades and apply for for the user provides to the secure access of smart card and by the Internet.
Described decryption processing function is specially: subscriber computer receives the navigation message enhancing information that satellite transmits; Smart card disperses to produce work at present Ageing Treatment parameter according to user's Ageing Treatment parameter, navigation message enhancing information is decrypted processing, and the navigation message enhancing information after will deciphering is transferred to subscriber computer.
The generation of described authentication code is specially: subscriber computer sends location or communication request to smart card; Smart card calls RDSS system authentication program and RDSS authenticate key and produces authentication code, and authentication code is committed to satellite navigation system carries out authentication, if user identity is legal, satellite navigation system sends location or communication data to subscriber computer; Otherwise satellite navigation system does not send location or communication data.
Described RDSS authenticate key upgrades or the artificial regeneration of satellite user management system by the control system is autonomous.
Described user's Ageing Treatment parameter is upgraded or the artificial regeneration of satellite user management system by the control system is autonomous.
Described smart card adopts the encapsulation of COB card or paster encapsulation.
Described smart card is loaded with chip operating system.
The present invention can carry out effectively user's identity by the management of smart card and control system, and the user's of protection information security has been avoided the satellite communication resource loss.
Description of drawings
Fig. 1 forms schematic diagram for user smart card;
Fig. 2 is the smart card workflow.
Embodiment
Below in conjunction with accompanying drawing, preferred embodiment is elaborated.Should be emphasized that following explanation only is exemplary, rather than in order to limit the scope of the invention and to use.
The smart card management system is made up of smart card and control system two parts, offers authorized user.
User smart card is assemblied in subscriber computer inside, finishes decryption processing function and RDSS authentication code generation function that the RNSS navigation message strengthens information.User smart card is after the navigation message that receives the subscriber computer transmission strengthens the information ciphertext, disperse to produce work at present Ageing Treatment parameter according to user's Ageing Treatment parameter, navigation message enhancing information is decrypted processing, the enhancing information after the deciphering is returned to subscriber computer.User smart card carries out authentication processing to service request behind service requests such as the RDSS location that receives the subscriber computer transmission, communication.User smart card can receive the user management control command and finish deletion and other processing to sensitive datas such as Ageing Treatment parameters according to command content.User smart card can be reminded user's Ageing Treatment parameter user that is down to the wire, user's denial of service that user's Ageing Treatment parameter is exceeded the time limit; To disabled user's denial of service and return error message.User smart card adapting card control terminal, support is applied on the net user's Ageing Treatment parameter by the computer that connects the Internet and is upgraded.
One, RNSS modular system workflow
The satellite enhancement service is based upon the civilian users management system on the basis that strengthens the information encryption processing, Message Processing Subsystem receives that the processing to be encrypted that satellite navigation system sends strengthens information, in designated treatment in the time, tupe according to appointment also uses the Ageing Treatment parameter that sets in advance that enhancing information is encrypted processing, and result is returned satellite navigation system.By satellite navigation system via satellite link strengthen information distributing after with encryption and give user terminal.User terminal receives to be encrypted enhancing information and it is passed in the embedded user smart card of user terminal, and user smart card calls inner decryption processing program and uses inner Ageing Treatment parameter of preserving to finish encrypting the decryption processing of enhancing information.
RDSS mode user terminal equipment uses user smart card as the carrier of RDSS system authentication program and RDSS authenticate key, and the user calls RDSS system authentication program at every turn and uses the RDSS authenticate key to produce the legitimacy of authentication code proof self identity when system submits service request to.Satellite navigation system is confirmed user identity by the authentication code in the service request, only validated user is returned the service request result.
Two, RDSS modular system workflow
RDSS mode user terminal equipment uses user smart card as the carrier of RDSS system authentication program and RDSS authenticate key, and the user calls RDSS system authentication program at every turn and uses the RDSS authenticate key to produce the legitimacy of authentication code proof self identity when system submits service request to.Satellite navigation system is confirmed user identity by the authentication code in the service request, only validated user is returned the service request result.
Three, parameter is upgraded workflow
Parameter is upgraded the renewal distribution mainly comprise user's Ageing Treatment parameter and RDSS authenticate key: after the user registration success or original Ageing Treatment parameter, RDSS authenticate key to after date, wish that according to the user time limit that obtains enhancement service is distributed to the user with user's Ageing Treatment parameter of appointment or the RDSS authenticate key of following one-period.The user obtains Ageing Treatment parameter or RDSS system authentication parameter safely by the mode of system's artificial regeneration or online self-service renewal, writes in the user smart card.
1. system's artificial regeneration
The user carries user smart card, to satellite civilian users management system subscriber card administrative center, fill in relevant undated parameter application, comprise the information such as time of wishing to obtain enhancement service, behind auditing flow, finish the distribute work of specifying Ageing Treatment parameter, RDSS of following one-period system authentication parameter by center registration card writer.
Under special circumstances, satellite civilian users management system can be according to user's application, with the Ageing Treatment parameter via satellite link send to the terminal of designated user, receive parameter and write user smart card, flow process such as figure below by terminal security.
2. online self-service renewal
User smart card adapting card control terminal, insert the PC that connects the Internet, the user fills in the user by the relevant WEB page and wishes useful life and send the user to upgrade application, user management subsystem audit application and with the Ageing Treatment parameter of appointment, RDSS system authentication parameter by connecting the Internet PC, card control terminal or user terminal safe transfer and write user smart card.
Smart card is embedded in the subscriber computer and uses, finish the work such as interpretation process, user's Ageing Treatment parameter and the renewal of RDSS system authentication parameter, the public and private key generation of user RSA, user management control of enhancing information, smart card can adopt the different packing forms of the encapsulation of COB card or paster encapsulation, to satisfy the different demands of polytype subscriber computer.
Smartcard internal loads special chip operating system (Card OS is hereinafter to be referred as COS), makes up the secure file management system, and the concrete processing application program of operation realizes business function on this basis.Handle application program and comprised master control scheduler module, RNSS interpretation process module, user's Ageing Treatment parameter dispersion treatment module, RDSS system authentication processing module, online parameter is upgraded the Revest-Shamir-Adleman Algorithm (RSA) authentication processing module.Smart card is formed as shown in Figure 1.
Smart card is realized safe access control, safe handling processes such as data management as unified carrier and the operation platform of file, data, parameter and algorithm.
COS and secure file management system provide computing safeguard protections such as operational data RAM outage disappearance, the generation of computing interfere information; The visit of user's sensitive traffic data is provided the safety protecting mechanism such as safe read-write, limiting operation, out of order storage, unique smart card serial number of file and data.User's sensitive traffic data have comprised sensitive datas such as private key for user, user's Ageing Treatment parameter, RDSS system authentication parameter.
The card control system is made up of the client-side program in the online computer and read-write card equipment, and major function is also can carry out the register update application by the Internet for the user provides to the secure access of smart card.For the smart card of the encapsulation of COB cassette and two kinds of packing forms of paster encapsulation, the card control system provides different access modes respectively.COB cassette packaging smart card can directly take out the back and insert the card control system from subscriber computer, being responsible for smart card by the card control system provides power supply and clock to communicate.For the paster packaging smart card that is welded in subscriber computer, can be finished and the communicating by letter of smart card by the standard data interface of subscriber computer by the card control system.Read-write card equipment adopts general-purpose interface (USB or RS232) to communicate by letter with the online main frame.
The smart card workflow:
After smart card powered on, subscriber computer/card control system should send reset signal to smart card.Smart card horizontal reset operation sends reset answer to subscriber computer, and operation just can be instructed normally to smart card by subscriber computer/card control system.The workflow of smart card is as shown in Figure 2:
1. after smart card resets; subscriber computer/card control system should send self-checking command to card earlier; smart card uses the user to authenticate according to the internal authentication password to operating personnel; if authentication is not passed through or the self check mistake; return the self check error message, if logical authentication self check simultaneously is correct, then return the self check correct information; and the key parameter of storage inside is separated protection operate, program enters the application program control section.
2. after the smart card self check finishes, need carry out data initialization, calculate the work limitation parameter by the current system time of sending into simultaneously; If the timeliness mark in the time judgement is invalid, then control program is not dispatched and is strengthened information interpretation module and the operation of RDSS system authentication module and work.
3. the user of smart card authenticates and in use is divided into 2 kinds of situations: application for registration and parameter are upgraded, and the handling process of both of these case is discrepant.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (7)
1. the smart card management system based on the satellite communication business is characterized in that this system comprises subscriber computer, smart card and control system;
Described smart card places in the subscriber computer, and smart card is equipped with RDSS system authentication program and RDSS authenticate key, finishes the RNSS navigation message and strengthens the decryption processing of information and the generation of RDSS authentication code;
Described control system is installed on the PC, comprises client-side program and read-write card equipment, registers, upgrades and apply for for the user provides to the secure access of smart card and by the Internet.
2. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that described decryption processing function is specially: the navigation message enhancing information that subscriber computer reception satellite transmits; Smart card disperses to produce work at present Ageing Treatment parameter according to user's Ageing Treatment parameter, navigation message enhancing information is decrypted processing, and the navigation message enhancing information after will deciphering is transferred to subscriber computer.
3. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that the generation of described authentication code is specially: subscriber computer sends location or communication request to smart card; Smart card calls RDSS system authentication program and RDSS authenticate key and produces authentication code, and authentication code is committed to satellite navigation system carries out authentication, if user identity is legal, satellite navigation system sends location or communication data to subscriber computer; Otherwise satellite navigation system does not send location or communication data.
4. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that described RDSS authenticate key upgrades or the artificial regeneration of satellite user management system by the control system is autonomous.
5. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that described user's Ageing Treatment parameter is by the autonomous renewal of control system or the artificial regeneration of satellite user management system.
6. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that described smart card adopts the encapsulation of COB card or paster encapsulation.
7. a kind of smart card management system based on the satellite communication business according to claim 1 is characterized in that described smart card is loaded with chip operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139324.4A CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210139324.4A CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103259654A true CN103259654A (en) | 2013-08-21 |
| CN103259654B CN103259654B (en) | 2016-06-29 |
Family
ID=48963372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210139324.4A Active CN103259654B (en) | 2012-05-07 | 2012-05-07 | A kind of smart card administrative system based on satellite communications services |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103259654B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780394A (en) * | 2014-01-23 | 2014-05-07 | 北京邮电大学 | Access authentication and certification scheme applicable to satellite DCS |
| CN107241133A (en) * | 2017-06-14 | 2017-10-10 | 华安星科(北京)信息技术有限公司 | A kind of soft card user terminal device of the Big Dipper and system |
| CN110826667A (en) * | 2019-11-05 | 2020-02-21 | 深圳市远东华强导航定位有限公司 | Beidou RD smart card remote card reading method |
| CN111049567A (en) * | 2019-11-21 | 2020-04-21 | 北京天海达科技有限公司 | Implementation method of Beidou user card validity period management mode |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN101106564A (en) * | 2006-12-31 | 2008-01-16 | 泰州苏源集团科电有限公司 | A multi-function intelligent card network management system and method |
| WO2011157554A1 (en) * | 2010-06-15 | 2011-12-22 | The European Union, Represented By The European Commission | Method of providing an authenticable time-and-location indication |
-
2012
- 2012-05-07 CN CN201210139324.4A patent/CN103259654B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN101106564A (en) * | 2006-12-31 | 2008-01-16 | 泰州苏源集团科电有限公司 | A multi-function intelligent card network management system and method |
| WO2011157554A1 (en) * | 2010-06-15 | 2011-12-22 | The European Union, Represented By The European Commission | Method of providing an authenticable time-and-location indication |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780394A (en) * | 2014-01-23 | 2014-05-07 | 北京邮电大学 | Access authentication and certification scheme applicable to satellite DCS |
| CN103780394B (en) * | 2014-01-23 | 2017-11-10 | 北京邮电大学 | A kind of access authentication and certificate scheme suitable for satellite data acquisition system |
| CN107241133A (en) * | 2017-06-14 | 2017-10-10 | 华安星科(北京)信息技术有限公司 | A kind of soft card user terminal device of the Big Dipper and system |
| CN110826667A (en) * | 2019-11-05 | 2020-02-21 | 深圳市远东华强导航定位有限公司 | Beidou RD smart card remote card reading method |
| CN110826667B (en) * | 2019-11-05 | 2023-03-14 | 深圳市远东华强导航定位有限公司 | Beidou RD smart card remote card reading method |
| CN111049567A (en) * | 2019-11-21 | 2020-04-21 | 北京天海达科技有限公司 | Implementation method of Beidou user card validity period management mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103259654B (en) | 2016-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7299364B2 (en) | Method and system to maintain application data secure and authentication token for use therein | |
| US7302571B2 (en) | Method and system to maintain portable computer data secure and authentication token for use therein | |
| CN102222049B (en) | Manage from the easily extensible of encrypted memory device | |
| EP2656270B1 (en) | Tamper proof location services | |
| CN101426012B (en) | Software module management device | |
| CN102523089B (en) | Secondary credentials for batch system | |
| CN103597494A (en) | Method and device for managing digital usage rights of documents | |
| CN103003822A (en) | Domain-authenticated control of platform resources | |
| EP3706019B1 (en) | Hardware-enforced access protection | |
| JP2011028688A (en) | Information processing apparatus, program and information processing system | |
| EP3780484A1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
| CN112187931A (en) | Session management method, device, computer equipment and storage medium | |
| CN102143158A (en) | Data anti-leakage method based on trusted platform module (TPM) | |
| CN103152425A (en) | Safety management system for mobile device based on cloud technology | |
| CN103154965A (en) | Method, secure device, system and computer program product for securely managing user access to a file system | |
| CN103259654A (en) | Intelligent card management system based on satellite communication service | |
| CN109587142A (en) | A kind of the data safety AM access module and equipment of service-oriented stream | |
| CN103136485A (en) | Method of realizing computer safety and computer | |
| CN104579681A (en) | Identity authentication system for mutual-trust application systems | |
| US20200028829A1 (en) | Security unit for an iot device and method for running one or more applications for the secured exchange of data with one or more servers which provide web services | |
| CN109739875B (en) | Method, device and system for underwriting | |
| CN103260157A (en) | User management system based on satellite communication services and application method thereof | |
| US20190007396A1 (en) | Method and arrangement for authorising an action on a self-service system | |
| JP2007179357A (en) | Method for installing computer program | |
| CN100446016C (en) | System for realizing data security protecting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220112 Address after: 101399 room 1115, 6 Anfu street, Houshayu Town, Shunyi District, Beijing Patentee after: Jiaoxin Beidou Technology Co.,Ltd. Patentee after: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER Address before: 100011 rear body of Chaoyang District foreign and foreign embassy in Beijing Patentee before: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230328 Address after: 100011 No. 1, back of Andingmen Waiguan, Chaoyang District, Beijing Patentee after: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER Address before: 101399 room 1115, 6 Anfu street, Houshayu Town, Shunyi District, Beijing Patentee before: Jiaoxin Beidou Technology Co.,Ltd. Patentee before: CHINA TRANSPORT TELECOMMUNICATIONS AND INFORMATION CENTER |
|
| TR01 | Transfer of patent right |